jprdonnelly/opentf
1
0
Fork 0
mirror of https://github.com/opentffoundation/opentf.git synced 2025-12-25 01:00:16 -05:00
Code Issues Packages Projects Releases Wiki Activity

Handle static variable secret flag (#2045)

Browse Source 
Signed-off-by: Christian Mesh <christianmesh1@gmail.com>
This commit is contained in:
Christian Mesh
2024-10-03 10:46:58 -04:00
committed by GitHub
parent 8638b815dc
commit 0d1e6cd5f0
8 changed files with 95 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
internal/encryption/keyprovider.go
View File

@@ -14,6 +14,7 @@ import (
"github.com/opentofu/opentofu/internal/configs"
"github.com/opentofu/opentofu/internal/encryption/config"
"github.com/opentofu/opentofu/internal/lang"
"github.com/opentofu/opentofu/internal/lang/marks"
"github.com/hashicorp/hcl/v2"
"github.com/hashicorp/hcl/v2/gohcl"
@@ -187,6 +188,14 @@ func (e *targetBuilder) setupKeyProvider(cfg config.KeyProviderConfig, stack []c
return diags
}
// gohcl does not handle marks, we need to remove the sensitive marks from any input variables
// We assume that the entire configuration in the encryption block should be treated as sensitive
for key, sv := range evalCtx.Variables {
if marks.Contains(sv, marks.Sensitive) {
evalCtx.Variables[key], _ = sv.UnmarkDeep()
}
}
// Initialize the Key Provider
decodeDiags := gohcl.DecodeBody(cfg.Body, evalCtx, keyProviderConfig)
diags = append(diags, decodeDiags...)