mirror of
https://github.com/hashicorp/terraform-provider-helm.git
synced 2026-06-09 08:32:16 -04:00
287bffcbfd
When using set_sensitive in the helm provider, the actual values deployed to
Kubernetes were incorrectly replaced with the string '(sensitive value)' instead
of the real sensitive value.
Root cause:
The logValues() function was using maps.Clone() which only creates a shallow
copy. Since Helm values are nested maps (e.g., {'configmap': {'foo': 'test'}}),
the inner maps were shared between the original and clone. When cloakSetValues()
modified the 'cloned' map to mask sensitive values for logging, it was actually
modifying the original map that was then passed to Helm for deployment.
Fix:
- Implemented deepCloneMap() function that recursively clones nested maps
- Updated logValues() to use deepCloneMap instead of maps.Clone
- Updated setReleaseAttributes() to use deepCloneMap for consistency
- Removed unused 'maps' import
This ensures sensitive values are properly masked in logs and Terraform state
display while the actual values are correctly deployed to Kubernetes.
Fixes the issue where ConfigMaps would contain '(sensitive value)' instead of
the actual sensitive data when using set_sensitive blocks.
This commit also adds a regression test for this case.
Co-authored-by: John Houston <jhouston@hashicorp.com>
|
||
|---|---|---|
| .. | ||
| charts | ||
| manifest_json | ||
| oci_registry | ||
| .gitingore | ||