github.com/pulumi/terraform@v1.4.0/pkg/command/jsonformat/differ/sensitive.go (about)

     1  package differ
     2  
     3  import (
     4  	"github.com/zclconf/go-cty/cty"
     5  
     6  	"github.com/pulumi/terraform/pkg/command/jsonformat/computed"
     7  	"github.com/pulumi/terraform/pkg/command/jsonformat/computed/renderers"
     8  	"github.com/pulumi/terraform/pkg/command/jsonprovider"
     9  	"github.com/pulumi/terraform/pkg/plans"
    10  )
    11  
    12  type CreateSensitiveRenderer func(computed.Diff, bool, bool) computed.DiffRenderer
    13  
    14  func (change Change) checkForSensitiveType(ctype cty.Type) (computed.Diff, bool) {
    15  	return change.checkForSensitive(renderers.Sensitive, func(value Change) computed.Diff {
    16  		return value.ComputeDiffForType(ctype)
    17  	})
    18  }
    19  
    20  func (change Change) checkForSensitiveNestedAttribute(attribute *jsonprovider.NestedType) (computed.Diff, bool) {
    21  	return change.checkForSensitive(renderers.Sensitive, func(value Change) computed.Diff {
    22  		return value.computeDiffForNestedAttribute(attribute)
    23  	})
    24  }
    25  
    26  func (change Change) checkForSensitiveBlock(block *jsonprovider.Block) (computed.Diff, bool) {
    27  	return change.checkForSensitive(renderers.SensitiveBlock, func(value Change) computed.Diff {
    28  		return value.ComputeDiffForBlock(block)
    29  	})
    30  }
    31  
    32  func (change Change) checkForSensitive(create CreateSensitiveRenderer, computedDiff func(value Change) computed.Diff) (computed.Diff, bool) {
    33  	beforeSensitive := change.isBeforeSensitive()
    34  	afterSensitive := change.isAfterSensitive()
    35  
    36  	if !beforeSensitive && !afterSensitive {
    37  		return computed.Diff{}, false
    38  	}
    39  
    40  	// We are still going to give the change the contents of the actual change.
    41  	// So we create a new Change with everything matching the current value,
    42  	// except for the sensitivity.
    43  	//
    44  	// The change can choose what to do with this information, in most cases
    45  	// it will just be ignored in favour of printing `(sensitive value)`.
    46  
    47  	value := Change{
    48  		BeforeExplicit:     change.BeforeExplicit,
    49  		AfterExplicit:      change.AfterExplicit,
    50  		Before:             change.Before,
    51  		After:              change.After,
    52  		Unknown:            change.Unknown,
    53  		BeforeSensitive:    false,
    54  		AfterSensitive:     false,
    55  		ReplacePaths:       change.ReplacePaths,
    56  		RelevantAttributes: change.RelevantAttributes,
    57  	}
    58  
    59  	inner := computedDiff(value)
    60  
    61  	action := inner.Action
    62  
    63  	sensitiveStatusChanged := beforeSensitive != afterSensitive
    64  
    65  	// nullNoOp is a stronger NoOp, where not only is there no change happening
    66  	// but the before and after values are not explicitly set and are both
    67  	// null. This will override even the sensitive state changing.
    68  	nullNoOp := change.Before == nil && !change.BeforeExplicit && change.After == nil && !change.AfterExplicit
    69  
    70  	if action == plans.NoOp && sensitiveStatusChanged && !nullNoOp {
    71  		// Let's override this, since it means the sensitive status has changed
    72  		// rather than the actual content of the value.
    73  		action = plans.Update
    74  	}
    75  
    76  	return computed.NewDiff(create(inner, beforeSensitive, afterSensitive), action, change.ReplacePaths.Matches()), true
    77  }
    78  
    79  func (change Change) isBeforeSensitive() bool {
    80  	if sensitive, ok := change.BeforeSensitive.(bool); ok {
    81  		return sensitive
    82  	}
    83  	return false
    84  }
    85  
    86  func (change Change) isAfterSensitive() bool {
    87  	if sensitive, ok := change.AfterSensitive.(bool); ok {
    88  		return sensitive
    89  	}
    90  	return false
    91  }