Skip to content
This repository was archived by the owner on Nov 20, 2024. It is now read-only.

Support sensitive output (fixes #107) #131

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Support sensitive output (fixes #107) #131

wants to merge 1 commit into from

Conversation

jtyr
Copy link
Contributor

@jtyr jtyr commented Apr 11, 2022
edited
Loading

Community Note

  • Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

This PR is adding support for sensitive outputs. This closes the issue #107. The bellow Workspace resource been tested with this Terraform module. This PR needs to be rebased once the PR #129 is merged to remove most of the changes in the CRD.

apiVersion: app.terraform.io/v1alpha1
kind: Workspace
metadata:
  name: test
spec:
  module:
    source: app.terraform.io/jtyr/test/tfco
    version: 0.0.4
  organization: jtyr
  outputs:
    - key: string
      moduleOutputName: string
    - key: int
      moduleOutputName: int
    - key: float
      moduleOutputName: float
    - key: bool
      moduleOutputName: bool
    - key: "null"
      moduleOutputName: "null"
    - key: list
      moduleOutputName: list
    - key: map
      moduleOutputName: map
    - key: password
      moduleOutputName: password
      sensitive: true
    - key: sensitive
      moduleOutputName: sensitive
      sensitive: true
  omitNamespacePrefix: true
  secretsMountPath: /tmp/secrets
  variables:
    - key: "null"
      value: null value 1

The resulting test-outputs secret then contains those outputs:

$ kubectl get secret -o yaml test-outputs | yq e '.data' -
bool: dHJ1ZQ==
float: MS4yMw==
int: MTIz
list: WyJmb28iLCJiYXIiXQ==
map: eyJiYXIiOiJ4eXoiLCJmb28iOiJhYmMifQ==
"null": Im51bGwgdmFsdWUgMSI=
password: eyJpZCI6Im5vbmUiLCJrZWVwZXJzIjpudWxsLCJsZW5ndGgiOjE2LCJsb3dlciI6dHJ1ZSwibWluX2xvd2VyIjowLCJtaW5fbnVtZXJpYyI6MCwibWluX3NwZWNpYWwiOjAsIm1pbl91cHBlciI6MCwibnVtYmVyIjp0cnVlLCJvdmVycmlkZV9zcGVjaWFsIjoiISMkJSYqKCktXz0rW117fTw+Oj8iLCJyZXN1bHQiOiJaM2k/OlpiUSNSem1Qd2s8Iiwic3BlY2lhbCI6dHJ1ZSwidXBwZXIiOnRydWV9
sensitive: IlNFTlNJVElWRSBURVNUIg==
string: IkhlbGxvIHdvcmxkIg==

As you can see, the password and sensitive outputs are visible in the resulting secret thanks to the sensitive: true set in the Workspace resource.

Release note for CHANGELOG:

Added support for sensitive outputs

@jtyr jtyr force-pushed the jtyr-sensitive branch from 03a9d23 to 6e2ac89 Compare July 5, 2022 09:02
@jtyr
Copy link
Contributor Author

jtyr commented Jul 5, 2022

This PR is rebased now.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jtyr