Documentation ¶
Index ¶
- Constants
- Variables
- func SanitizeChange(old *tfjson.Change, replaceWith interface{}) (*tfjson.Change, error)
- func SanitizePlan(old *tfjson.Plan) (*tfjson.Plan, error)
- func SanitizePlanVariables(old map[string]*tfjson.PlanVariable, configs map[string]*tfjson.ConfigVariable, ...) (map[string]*tfjson.PlanVariable, error)
- func SanitizePlanWithValue(old *tfjson.Plan, replaceWith interface{}) (*tfjson.Plan, error)
- func SanitizeStateModule(old *tfjson.StateModule, resourceChanges []*tfjson.ResourceChange, ...) (*tfjson.StateModule, error)
- func SanitizeStateOutputs(old map[string]*tfjson.StateOutput, replaceWith interface{}) (map[string]*tfjson.StateOutput, error)
- type SanitizeStateModuleChangeMode
Constants ¶
const DefaultSensitiveValue = "REDACTED_SENSITIVE"
Variables ¶
var NilPlanError = errors.New("nil plan supplied")
Functions ¶
func SanitizeChange ¶
SanitizeChange traverses a Change and replaces all values at the particular locations marked by BeforeSensitive AfterSensitive with the value supplied as replaceWith.
A new change is issued.
func SanitizePlan ¶
SanitizePlan sanitizes the entirety of a Plan, replacing sensitive values with the default value in DefaultSensitiveValue.
See SanitizePlanWithValue for full detail on the where replacement takes place.
func SanitizePlanVariables ¶
func SanitizePlanVariables( old map[string]*tfjson.PlanVariable, configs map[string]*tfjson.ConfigVariable, replaceWith interface{}, ) (map[string]*tfjson.PlanVariable, error)
SanitizePlanVariables traverses a map of PlanVariable and replaces any sensitive values with the value supplied in replaceWith. configs should be the map of ConfigVariables from the root module (so Plan.Config.RootModule.Variables).
A new copy of the PlanVariable map is returned.
func SanitizePlanWithValue ¶
SanitizePlanWithValue sanitizes the entirety of a Plan to the best of its ability, depending on the provided metadata on sensitive values. These are found in:
* ResourceChanges: Sanitized based on BeforeSensitive and AfterSensitive fields.
* Variables: Based on variable config data found in the root module of the Config.
* PlannedValues: Sanitized based on the values found in AfterSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.
* PriorState: Sanitized based on the values found in BeforeSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.
* OutputChanges: Sanitized based on the values found in BeforeSensitive and AfterSensitive. This generally means that any sensitive output will have OutputChange fully obfuscated as the BeforeSensitive and AfterSensitive in outputs are opaquely the same.
Sensitive values are replaced with the value supplied with replaceWith. A copy of the Plan is returned.
func SanitizeStateModule ¶
func SanitizeStateModule( old *tfjson.StateModule, resourceChanges []*tfjson.ResourceChange, mode SanitizeStateModuleChangeMode, replaceWith interface{}, ) (*tfjson.StateModule, error)
SanitizeStateModule traverses a StateModule, consulting the supplied ResourceChange set for resources to determine whether or not particular values should be obfuscated.
Use mode to supply the SanitizeStateModuleChangeMode that represents what sensitive field should be consulted to determine whether or not the value should be obfuscated:
* SanitizeStateModuleChangeModeBefore for before_sensitive * SanitizeStateModuleChangeModeAfter for after_sensitive
Sensitive values are replaced with the supplied replaceWith value. A new state module tree is issued.
func SanitizeStateOutputs ¶
func SanitizeStateOutputs(old map[string]*tfjson.StateOutput, replaceWith interface{}) (map[string]*tfjson.StateOutput, error)
SanitizeStateOutputs scans the supplied map of StateOutputs and replaces any values of outputs marked as Sensitive with the value supplied in replaceWith.
A new copy of StateOutputs is returned.
Types ¶
type SanitizeStateModuleChangeMode ¶
type SanitizeStateModuleChangeMode string
const ( SanitizeStateModuleChangeModeBefore SanitizeStateModuleChangeMode = "before_sensitive" SanitizeStateModuleChangeModeAfter SanitizeStateModuleChangeMode = "after_sensitive" )