github.com/terraform-linters/tflint@v0.51.2-0.20240520175844-3750771571b6/terraform/lang/funcs/sensitive.go

github.com/terraform-linters/tflint@v0.51.2-0.20240520175844-3750771571b6/terraform/lang/funcs/sensitive.go (about)

     1  // Copyright (c) HashiCorp, Inc.
     2  // SPDX-License-Identifier: BUSL-1.1
     3  
     4  package funcs
     5  
     6  import (
     7  	"github.com/terraform-linters/tflint-plugin-sdk/terraform/lang/marks"
     8  	"github.com/zclconf/go-cty/cty"
     9  	"github.com/zclconf/go-cty/cty/function"
    10  )
    11  
    12  // SensitiveFunc returns a value identical to its argument except that
    13  // Terraform will consider it to be sensitive.
    14  var SensitiveFunc = function.New(&function.Spec{
    15  	Params: []function.Parameter{
    16  		{
    17  			Name:             "value",
    18  			Type:             cty.DynamicPseudoType,
    19  			AllowUnknown:     true,
    20  			AllowNull:        true,
    21  			AllowMarked:      true,
    22  			AllowDynamicType: true,
    23  		},
    24  	},
    25  	Type: func(args []cty.Value) (cty.Type, error) {
    26  		// This function only affects the value's marks, so the result
    27  		// type is always the same as the argument type.
    28  		return args[0].Type(), nil
    29  	},
    30  	Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
    31  		val, _ := args[0].Unmark()
    32  		return val.Mark(marks.Sensitive), nil
    33  	},
    34  })
    35  
    36  // NonsensitiveFunc takes a sensitive value and returns the same value without
    37  // the sensitive marking, effectively exposing the value.
    38  var NonsensitiveFunc = function.New(&function.Spec{
    39  	Params: []function.Parameter{
    40  		{
    41  			Name:             "value",
    42  			Type:             cty.DynamicPseudoType,
    43  			AllowUnknown:     true,
    44  			AllowNull:        true,
    45  			AllowMarked:      true,
    46  			AllowDynamicType: true,
    47  		},
    48  	},
    49  	Type: func(args []cty.Value) (cty.Type, error) {
    50  		// This function only affects the value's marks, so the result
    51  		// type is always the same as the argument type.
    52  		return args[0].Type(), nil
    53  	},
    54  	Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) {
    55  		v, m := args[0].Unmark()
    56  		delete(m, marks.Sensitive) // remove the sensitive marking
    57  		return v.WithMarks(m), nil
    58  	},
    59  })
    60  
    61  var IssensitiveFunc = function.New(&function.Spec{
    62  	Params: []function.Parameter{{
    63  		Name:             "value",
    64  		Type:             cty.DynamicPseudoType,
    65  		AllowUnknown:     true,
    66  		AllowNull:        true,
    67  		AllowMarked:      true,
    68  		AllowDynamicType: true,
    69  	}},
    70  	Type: func(args []cty.Value) (cty.Type, error) {
    71  		return cty.Bool, nil
    72  	},
    73  	Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) {
    74  		s := args[0].HasMark(marks.Sensitive)
    75  		return cty.BoolVal(s), nil
    76  	},
    77  })
    78  
    79  func Sensitive(v cty.Value) (cty.Value, error) {
    80  	return SensitiveFunc.Call([]cty.Value{v})
    81  }
    82  
    83  func Nonsensitive(v cty.Value) (cty.Value, error) {
    84  	return NonsensitiveFunc.Call([]cty.Value{v})
    85  }
    86  
    87  func Issensitive(v cty.Value) (cty.Value, error) {
    88  	return IssensitiveFunc.Call([]cty.Value{v})
    89  }