command/jsonplan: Add sensitive value mapping data

Similar to `after_unknown`, `before_sensitive` and `after_sensitive` are values with similar structure to `before` and `after` which encode the presence of sensitive values in a planned change. These should be used to obscure sensitive values from human-readable output. These values follow the same structure as the `before` and `after` values, replacing sensitive values with `true`, and non-sensitive values with `false`. Following the `after_unknown` precedent, we omit non-sensitive `false` values for object attributes/map values, to make serialization more compact. One difference from `after_unknown` is that a sensitive complex value (collection or structural type) is replaced with `true`. If the complex value itself is sensitive, all of its contents should be obscured.
2026-03-25 14:00:21 -04:00 · 2021-03-25 11:41:49 -04:00
parent a12c413b84
commit e27aacebf9
13 changed files with 495 additions and 27 deletions
--- a/command/testdata/show-json/basic-create/output.json
+++ b/command/testdata/show-json/basic-create/output.json
@@ -83,7 +83,9 @@
                },
                "after": {
                    "ami": "bar"
-                }
+                },
+                "after_sensitive": {},
+                "before_sensitive": false
            }
        },
        {
@@ -103,7 +105,9 @@
                },
                "after": {
                    "ami": "bar"
-                }
+                },
+                "after_sensitive": {},
+                "before_sensitive": false
            }
        },
        {
@@ -123,7 +127,9 @@
                },
                "after": {
                    "ami": "bar"
-                }
+                },
+                "after_sensitive": {},
+                "before_sensitive": false
            }
        }
    ],