From 01fd3d32a4f0a9e6229ccb1985ce4ffe10824cb0 Mon Sep 17 00:00:00 2001 From: Joao C Costa Date: Sat, 9 Sep 2023 10:49:24 +0100 Subject: [PATCH 1/4] Proposing fix to #31693 (not always possible to apply nonsensitive) https://github.com/hashicorp/terraform/issues/31693 --- internal/lang/funcs/sensitive.go | 3 --- 1 file changed, 3 deletions(-) diff --git a/internal/lang/funcs/sensitive.go b/internal/lang/funcs/sensitive.go index a08481762952..97703a4f1326 100644 --- a/internal/lang/funcs/sensitive.go +++ b/internal/lang/funcs/sensitive.go @@ -52,9 +52,6 @@ var NonsensitiveFunc = function.New(&function.Spec{ return args[0].Type(), nil }, Impl: func(args []cty.Value, retType cty.Type) (ret cty.Value, err error) { - if args[0].IsKnown() && !args[0].HasMark(marks.Sensitive) { - return cty.DynamicVal, function.NewArgErrorf(0, "the given value is not sensitive, so this call is redundant") - } v, m := args[0].Unmark() delete(m, marks.Sensitive) // remove the sensitive marking return v.WithMarks(m), nil From 65ab2e1578b6a1e73404552e23f2e8bec4ef4789 Mon Sep 17 00:00:00 2001 From: Joao C Costa Date: Sat, 9 Sep 2023 10:55:17 +0100 Subject: [PATCH 2/4] hashicorp#31693 not always possible to apply nonsensitive updated documentation --- website/docs/language/functions/nonsensitive.mdx | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/website/docs/language/functions/nonsensitive.mdx b/website/docs/language/functions/nonsensitive.mdx index 7518eb2aa03f..9270ded8b363 100644 --- a/website/docs/language/functions/nonsensitive.mdx +++ b/website/docs/language/functions/nonsensitive.mdx @@ -73,8 +73,8 @@ due to an inappropriate call to `nonsensitive` in your module, that's a bug in your module and not a bug in Terraform itself. **Use this function sparingly and only with due care.** -`nonsensitive` will return an error if you pass a value that isn't marked -as sensitive, because such a call would be redundant and potentially confusing +`nonsensitive` will no longer return an error if you pass a value that isn't marked +as sensitive, even though such a call may be redundant and potentially confusing or misleading to a future maintainer of your module. Use `nonsensitive` only after careful consideration and with definite intent. From 026c3b9ed97180db0ae2107f68cd6fd8951c5e62 Mon Sep 17 00:00:00 2001 From: Joao C Costa Date: Mon, 11 Sep 2023 22:05:52 +0100 Subject: [PATCH 3/4] Update sensitive_test.go Fixing tests --- internal/lang/funcs/sensitive_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/lang/funcs/sensitive_test.go b/internal/lang/funcs/sensitive_test.go index 8d510cd8a1da..96e647d05348 100644 --- a/internal/lang/funcs/sensitive_test.go +++ b/internal/lang/funcs/sensitive_test.go @@ -130,16 +130,16 @@ func TestNonsensitive(t *testing.T) { ``, }, - // Passing a value that is already non-sensitive is an error, - // because this function should always be used with specific - // intention, not just as a "make everything visible" hammer. + // Passing a value that is already non-sensitive is not an error, + // as this function may be used with specific to ensure that all + // values are indeed non-sensitive { cty.NumberIntVal(1), - `the given value is not sensitive, so this call is redundant`, + ``, }, { cty.NullVal(cty.String), - `the given value is not sensitive, so this call is redundant`, + ``, }, // Unknown values may become sensitive once they are known, so we From b8f76d4007666f25028eb7bed8302d44473940c4 Mon Sep 17 00:00:00 2001 From: Joao C Costa Date: Tue, 7 Nov 2023 17:58:46 +0000 Subject: [PATCH 4/4] Corrections as per https://github.com/hashicorp/terraform/pull/33856#discussion_r1330042125 --- website/docs/language/functions/nonsensitive.mdx | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/website/docs/language/functions/nonsensitive.mdx b/website/docs/language/functions/nonsensitive.mdx index 9270ded8b363..c25ba18432ab 100644 --- a/website/docs/language/functions/nonsensitive.mdx +++ b/website/docs/language/functions/nonsensitive.mdx @@ -73,10 +73,8 @@ due to an inappropriate call to `nonsensitive` in your module, that's a bug in your module and not a bug in Terraform itself. **Use this function sparingly and only with due care.** -`nonsensitive` will no longer return an error if you pass a value that isn't marked -as sensitive, even though such a call may be redundant and potentially confusing -or misleading to a future maintainer of your module. Use `nonsensitive` only -after careful consideration and with definite intent. +`nonsensitive` will make no changes to values that aren't marked as sensitive, even though such a call may be redundant and potentially confusing. +Use `nonsensitive` only after careful consideration and with definite intent. Consider including a comment adjacent to your call to explain to future maintainers what makes the usage safe and thus what invariants they must take