You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bugconfirmeda Terraform Core team member has reproduced this issueexplaineda Terraform Core team member has described the root cause of this issue in codev1.6Issues (primarily bugs) reported against v1.6 releases
Terraform v1.6.4-dev
on darwin_arm64
Your version of Terraform is out of date! The latest version
is 1.6.5. You can update by downloading from https://www.terraform.io/downloads.html
I originally encountered this bug inside a larger Terraform codebase that is using Terraform version 1.3.5 and Vault provider version 3.11. There the issue is present for all vault_generic_secret resources, however, since the resources have already been applied, the data value is already known and sensitive_values look different in that case:
Thanks for the report! I can reproduce this behaviour, which as you point out is incorrect.
I think the root cause is that Terraform is inconsistently marking resource values which the provider schema defines as sensitive (as opposed to those which are sensitive due to either input variable sensitivity, or the sensitive() function). This trickles down to the JSON plan output, which also inconsistently applies these marks—only for resource_changes at present. I believe that we shouldn't need to rely on the provider schema at the JSON plan output level, and instead should expect values in the plan always to have sensitive marks where appropriate.
alisdair
added
the
explained
a Terraform Core team member has described the root cause of this issue in code
label
Nov 29, 2023
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
bugconfirmeda Terraform Core team member has reproduced this issueexplaineda Terraform Core team member has described the root cause of this issue in codev1.6Issues (primarily bugs) reported against v1.6 releases
Terraform Version
Terraform v1.6.4-dev on darwin_arm64 Your version of Terraform is out of date! The latest version is 1.6.5. You can update by downloading from https://www.terraform.io/downloads.html
Terraform Configuration Files
Debug Output
https://gist.github.com/sysedwinistrator/6c146fc3904a266d691330929aafa673
Expected Behavior
sensitive_values
should look like this:According to @alisdair (link to comment),
{}
does NOT mean the value is sensitive for an object, and onlytrue
means that the value sensitive:Actual Behavior
sensitive_values
is incorrect:data
(computed value, apparently only available after apply) should be listed undersensitive_values
with valuetrue
(instead of{}
data_json
should also be listed undersensitive_values
, with the value beingtrue
JSON Plan:
Steps to Reproduce
Additional Context
I originally encountered this bug inside a larger Terraform codebase that is using Terraform version 1.3.5 and Vault provider version 3.11. There the issue is present for all
vault_generic_secret
resources, however, since the resources have already been applied, thedata
value is already known and sensitive_values look different in that case:References
No response
The text was updated successfully, but these errors were encountered: