upstream/terraform
1
0
Fork 0
mirror of https://github.com/hashicorp/terraform.git synced 2026-02-18 18:29:44 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

standardize on marks.Has
Some checks are pending
build / Determine intended Terraform version (push) Waiting to run
Details
build / Determine Go toolchain version (push) Waiting to run
Details
build / Generate release metadata (push) Blocked by required conditions
Details
build / Build for freebsd_386 (push) Blocked by required conditions
Details
build / Build for linux_386 (push) Blocked by required conditions
Details
build / Build for openbsd_386 (push) Blocked by required conditions
Details
build / Build for windows_386 (push) Blocked by required conditions
Details
build / Build for darwin_amd64 (push) Blocked by required conditions
Details
build / Build for freebsd_amd64 (push) Blocked by required conditions
Details
build / Build for linux_amd64 (push) Blocked by required conditions
Details
build / Build for openbsd_amd64 (push) Blocked by required conditions
Details
build / Build for solaris_amd64 (push) Blocked by required conditions
Details
build / Build for windows_amd64 (push) Blocked by required conditions
Details
build / Build for freebsd_arm (push) Blocked by required conditions
Details
build / Build for linux_arm (push) Blocked by required conditions
Details
build / Build for darwin_arm64 (push) Blocked by required conditions
Details
build / Build for linux_arm64 (push) Blocked by required conditions
Details
build / Build for windows_arm64 (push) Blocked by required conditions
Details
build / Build Docker image for linux_386 (push) Blocked by required conditions
Details
build / Build Docker image for linux_amd64 (push) Blocked by required conditions
Details
build / Build Docker image for linux_arm (push) Blocked by required conditions
Details
build / Build Docker image for linux_arm64 (push) Blocked by required conditions
Details
build / Build e2etest for linux_386 (push) Blocked by required conditions
Details
build / Build e2etest for windows_386 (push) Blocked by required conditions
Details
build / Build e2etest for darwin_amd64 (push) Blocked by required conditions
Details
build / Build e2etest for linux_amd64 (push) Blocked by required conditions
Details
build / Build e2etest for windows_amd64 (push) Blocked by required conditions
Details
build / Build e2etest for linux_arm (push) Blocked by required conditions
Details
build / Build e2etest for darwin_arm64 (push) Blocked by required conditions
Details
build / Build e2etest for linux_arm64 (push) Blocked by required conditions
Details
build / Run e2e test for linux_386 (push) Blocked by required conditions
Details
build / Run e2e test for windows_386 (push) Blocked by required conditions
Details
build / Run e2e test for darwin_amd64 (push) Blocked by required conditions
Details
build / Run e2e test for linux_amd64 (push) Blocked by required conditions
Details
build / Run e2e test for windows_amd64 (push) Blocked by required conditions
Details
build / Run e2e test for linux_arm (push) Blocked by required conditions
Details
build / Run e2e test for linux_arm64 (push) Blocked by required conditions
Details
build / Run terraform-exec test for linux amd64 (push) Blocked by required conditions
Details
Quick Checks / Unit Tests (push) Waiting to run
Details
Quick Checks / Race Tests (push) Waiting to run
Details
Quick Checks / End-to-end Tests (push) Waiting to run
Details
Quick Checks / Code Consistency Checks (push) Waiting to run
Details

Browse source
This commit is contained in:
Daniel Schmidt 2025-10-09 12:37:21 +02:00
parent 2657a4daec
commit 2714cfde69
12 changed files with 23 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
internal/command/format/object_id.go
View file

@ -34,7 +34,7 @@ func ObjectValueID(obj cty.Value) (k, v string) {
case atys["id"] == cty.String:
v := obj.GetAttr("id")
if v.HasMark(marks.Sensitive) {
if marks.Has(v, marks.Sensitive) {
break
}
v, _ = v.Unmark()
@ -47,7 +47,7 @@ func ObjectValueID(obj cty.Value) (k, v string) {
// "name" isn't always globally unique, but if there isn't also an
// "id" then it _often_ is, in practice.
v := obj.GetAttr("name")
if v.HasMark(marks.Sensitive) {
if marks.Has(v, marks.Sensitive) {
break
}
v, _ = v.Unmark()
@ -91,7 +91,7 @@ func ObjectValueName(obj cty.Value) (k, v string) {
case atys["name"] == cty.String:
v := obj.GetAttr("name")
if v.HasMark(marks.Sensitive) {
if marks.Has(v, marks.Sensitive) {
break
}
v, _ = v.Unmark()
@ -102,7 +102,7 @@ func ObjectValueName(obj cty.Value) (k, v string) {
case atys["tags"].IsMapType() && atys["tags"].ElementType() == cty.String:
tags := obj.GetAttr("tags")
if tags.IsNull() || !tags.IsWhollyKnown() || tags.HasMark(marks.Sensitive) {
if tags.IsNull() || !tags.IsWhollyKnown() || marks.Has(tags, marks.Sensitive) {
break
}
tags, _ = tags.Unmark()
@ -110,7 +110,7 @@ func ObjectValueName(obj cty.Value) (k, v string) {
switch {
case tags.HasIndex(cty.StringVal("name")).RawEquals(cty.True):
v := tags.Index(cty.StringVal("name"))
if v.HasMark(marks.Sensitive) {
if marks.Has(v, marks.Sensitive) {
break
}
v, _ = v.Unmark()
@ -121,7 +121,7 @@ func ObjectValueName(obj cty.Value) (k, v string) {
case tags.HasIndex(cty.StringVal("Name")).RawEquals(cty.True):
// AWS-style naming convention
v := tags.Index(cty.StringVal("Name"))
if v.HasMark(marks.Sensitive) {
if marks.Has(v, marks.Sensitive) {
break
}
v, _ = v.Unmark()

2
internal/command/jsonstate/state.go
View file

@ -537,7 +537,7 @@ func marshalResources(resources map[string]*states.Resource, module addrs.Module
}
func SensitiveAsBool(val cty.Value) cty.Value {
if val.HasMark(marks.Sensitive) {
if marks.Has(val, marks.Sensitive) {
return cty.True
}

6
internal/command/views/json/diagnostic.go
View file

@ -346,7 +346,7 @@ func NewDiagnostic(diag tfdiags.Diagnostic, sources map[string][]byte) *Diagnost
}
}
switch {
case val.HasMark(marks.Sensitive) && val.HasMark(marks.Ephemeral):
case marks.Has(val, marks.Sensitive) && marks.Has(val, marks.Ephemeral):
// We only mention the combination of sensitive and ephemeral
// values if the diagnostic we're rendering is explicitly
// marked as being caused by sensitive and ephemeral values,
@ -357,7 +357,7 @@ func NewDiagnostic(diag tfdiags.Diagnostic, sources map[string][]byte) *Diagnost
}
value.Statement = "has an ephemeral, sensitive value"
case val.HasMark(marks.Sensitive):
case marks.Has(val, marks.Sensitive):
// We only mention a sensitive value if the diagnostic
// we're rendering is explicitly marked as being
// caused by sensitive values, because otherwise
@ -370,7 +370,7 @@ func NewDiagnostic(diag tfdiags.Diagnostic, sources map[string][]byte) *Diagnost
// in order to minimize the chance of giving away
// whatever was sensitive about it.
value.Statement = "has a sensitive value"
case val.HasMark(marks.Ephemeral):
case marks.Has(val, marks.Ephemeral):
if !includeEphemeral {
continue Traversals
}

2
internal/lang/funcs/sensitive.go
View file

@ -71,7 +71,7 @@ var IssensitiveFunc = function.New(&function.Spec{
},
Impl: func(args []cty.Value, retType cty.Type) (cty.Value, error) {
switch v := args[0]; {
case v.HasMark(marks.Sensitive):
case marks.Has(v, marks.Sensitive):
return cty.True, nil
case !v.IsKnown():
return cty.UnknownVal(cty.Bool), nil

4
internal/lang/funcs/sensitive_test.go
View file

@ -69,7 +69,7 @@ func TestSensitive(t *testing.T) {
t.Fatalf("unexpected error: %s", err)
}
if !got.HasMark(marks.Sensitive) {
if !marks.Has(got, marks.Sensitive) {
t.Errorf("result is not marked sensitive")
}
@ -152,7 +152,7 @@ func TestNonsensitive(t *testing.T) {
t.Fatalf("unexpected error: %s", err)
}
if got.HasMark(marks.Sensitive) {
if marks.Has(got, marks.Sensitive) {
t.Errorf("result is still marked sensitive")
}
wantRaw, _ := test.Input.Unmark()

4
internal/repl/format.go
View file

@ -20,10 +20,10 @@ func FormatValue(v cty.Value, indent int) string {
if !v.IsKnown() {
return "(known after apply)"
}
if v.HasMark(marks.Sensitive) {
if marks.Has(v, marks.Sensitive) {
return "(sensitive value)"
}
if v.HasMark(marks.Ephemeral) {
if marks.Has(v, marks.Ephemeral) {
return "(ephemeral value)"
}
if v.IsNull() {

2
internal/stacks/stackruntime/internal/stackeval/for_each.go
View file

@ -46,7 +46,7 @@ func evaluateForEachExpr(ctx context.Context, expr hcl.Expression, phase EvalPha
invalidForEachDetail := fmt.Sprintf("The for_each expression must produce either a map of any type or a set of strings. The keys of the map or the set elements will serve as unique identifiers for multiple instances of this %s.", callerDiagName)
const sensitiveForEachDetail = "Sensitive values, or values derived from sensitive values, cannot be used as for_each arguments. If used, the sensitive value could be exposed as a resource instance key."
switch {
case result.Value.HasMark(marks.Sensitive):
case marks.Has(result.Value, marks.Sensitive):
// Sensitive values are not allowed as for_each arguments because
// they could be exposed as resource instance keys.
// TODO: This should have Extra: tdiagnosticCausedBySensitive(true),

4
internal/terraform/eval_count.go
View file

@ -52,7 +52,7 @@ func evaluateCountExpression(expr hcl.Expression, ctx EvalContext, allowUnknown
}
// Ephemeral values are not allowed in count expressions.
if countVal.HasMark(marks.Ephemeral) {
if marks.Has(countVal, marks.Ephemeral) {
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Invalid count argument",
@ -87,7 +87,7 @@ func evaluateCountExpressionValue(expr hcl.Expression, ctx EvalContext) (cty.Val
return nullCount, diags
}
if countVal.HasMark(marks.Ephemeral) {
if marks.Has(countVal, marks.Ephemeral) {
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Invalid count argument",

4
internal/terraform/eval_for_each.go
View file

@ -263,7 +263,7 @@ func (ev *forEachEvaluator) ensureNotEphemeral(forEachVal cty.Value) tfdiags.Dia
// Ephemeral values are not allowed because instance keys persist from
// plan to apply and between plan/apply rounds, whereas ephemeral values
// do not.
if forEachVal.HasMark(marks.Ephemeral) {
if marks.Has(forEachVal, marks.Ephemeral) {
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Invalid for_each argument",
@ -315,7 +315,7 @@ func (ev *forEachEvaluator) validateResourceOrActionForEach(forEachVal cty.Value
if blocktype == "action" {
msg = "an action"
}
if forEachVal.HasMark(marks.Sensitive) {
if marks.Has(forEachVal, marks.Sensitive) {
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Invalid for_each argument",

2
internal/terraform/eval_import.go
View file

@ -241,7 +241,7 @@ func parseImportToKeyExpression(expr hcl.Expression, keyData instances.Repetitio
return idx, diags
}
if val.HasMark(marks.Sensitive) {
if marks.Has(val, marks.Sensitive) {
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: "Invalid index expression",

2
internal/terraform/expressions.go
View file

@ -116,7 +116,7 @@ func (e *ExprEvaluator[T, U]) evaluateExpr(ctx EvalContext, expression hcl.Expre
Extra: diagnosticCausedByUnknown(true),
})
return val, diags
case val.HasMark(marks.Ephemeral) && !e.allowEphemeral:
case marks.Has(val, marks.Ephemeral) && !e.allowEphemeral:
diags = diags.Append(&hcl.Diagnostic{
Severity: hcl.DiagError,
Summary: fmt.Sprintf("Invalid %q argument", e.argName),

2
internal/tfdiags/format.go
View file

@ -150,7 +150,7 @@ func FormatValueStr(val cty.Value) (string, error) {
val, err := cty.Transform(val, func(path cty.Path, val cty.Value) (cty.Value, error) {
// If a value is sensitive or ephemeral or unknown, we redact it, otherwise
// we return the value as is.
if val.HasMark(marks.Sensitive) || val.HasMark(marks.Ephemeral) || !val.IsKnown() {
if marks.Has(val, marks.Sensitive) || marks.Has(val, marks.Ephemeral) || !val.IsKnown() {
return cty.StringVal(CompactValueStr(val)), nil
}
return val, nil