From 00dc5e0843a93c962ba9a61ddae4e5492f3d8e0d Mon Sep 17 00:00:00 2001 From: Kazuma Watanabe Date: Sun, 9 Apr 2023 16:31:53 +0000 Subject: [PATCH] Fix internal marshal error of sensitive value --- opa/conversion.go | 6 ++++++ opa/conversion_test.go | 15 +++++++++++++++ opa/test_runner.go | 6 ++---- opa/test_runner_test.go | 3 +-- 4 files changed, 24 insertions(+), 6 deletions(-) diff --git a/opa/conversion.go b/opa/conversion.go index b139275..ff1061b 100644 --- a/opa/conversion.go +++ b/opa/conversion.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/hcl/v2/hclsyntax" "github.com/open-policy-agent/opa/types" "github.com/terraform-linters/tflint-plugin-sdk/hclext" + "github.com/terraform-linters/tflint-plugin-sdk/terraform/lang/marks" "github.com/terraform-linters/tflint-plugin-sdk/tflint" "github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty/convert" @@ -293,6 +294,11 @@ func exprToJSON(expr hcl.Expression, tyMap map[string]cty.Type, path string, run } return ret, err } + if marks.Contains(value, marks.Sensitive) { + ret["unknown"] = true + ret["sensitive"] = true + return ret, nil + } if !value.IsWhollyKnown() { ret["unknown"] = true return ret, nil diff --git a/opa/conversion_test.go b/opa/conversion_test.go index f5f35a4..3531fb4 100644 --- a/opa/conversion_test.go +++ b/opa/conversion_test.go @@ -582,6 +582,21 @@ func TestExprToJSON(t *testing.T) { }, source: `variable "foo" { sensitive = true }`, }, + { + name: "composite sensitive", + input: parse("[var.foo]"), + ty: cty.String, + want: map[string]any{ + "unknown": true, + "sensitive": true, + "range": map[string]any{ + "filename": "main.tf", + "start": map[string]int{"line": 1, "column": 1, "byte": 0}, + "end": map[string]int{"line": 1, "column": 10, "byte": 9}, + }, + }, + source: `variable "foo" { sensitive = true }`, + }, { name: "invalid type", input: hcl.StaticExpr(cty.StringVal("foo"), hcl.Range{Filename: "main.tf", Start: hcl.InitialPos, End: hcl.InitialPos}), diff --git a/opa/test_runner.go b/opa/test_runner.go index 39fdfa9..ab6ea91 100644 --- a/opa/test_runner.go +++ b/opa/test_runner.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/hcl/v2/hclparse" "github.com/terraform-linters/tflint-plugin-sdk/hclext" "github.com/terraform-linters/tflint-plugin-sdk/terraform/addrs" + "github.com/terraform-linters/tflint-plugin-sdk/terraform/lang/marks" "github.com/terraform-linters/tflint-plugin-sdk/tflint" "github.com/zclconf/go-cty/cty" "github.com/zclconf/go-cty/cty/gocty" @@ -97,7 +98,7 @@ func (r *testRunner) GetModuleContent(schema *hclext.BodySchema, _ *tflint.GetMo return content, nil } -var sensitiveMark = cty.NewValueMarks("sensitive") +var sensitiveMark = cty.NewValueMarks(marks.Sensitive) // EvaluateExpr returns a value of the passed expression. // Not expected to reflect anything other than cty.Value. @@ -124,9 +125,6 @@ func (r *testRunner) EvaluateExpr(expr hcl.Expression, ret interface{}, _ *tflin if diags.HasErrors() { return diags } - if val.IsMarked() { - return tflint.ErrSensitive - } return gocty.FromCtyValue(val, ret) } diff --git a/opa/test_runner_test.go b/opa/test_runner_test.go index ccffcf9..cfb0617 100644 --- a/opa/test_runner_test.go +++ b/opa/test_runner_test.go @@ -9,7 +9,6 @@ import ( "github.com/hashicorp/hcl/v2" "github.com/hashicorp/hcl/v2/hclsyntax" "github.com/terraform-linters/tflint-plugin-sdk/hclext" - "github.com/terraform-linters/tflint-plugin-sdk/tflint" "github.com/zclconf/go-cty/cty" ) @@ -236,7 +235,7 @@ variable "instance_type" { sensitive = true }`, expr: parse("var.instance_type"), - err: tflint.ErrSensitive, + want: `cty.StringVal("t2.micro").Mark(marks.Sensitive)`, }, }