Documentation ¶
Index ¶
- Constants
- Variables
- func SanitizeChange(result *tfjson.Change, replaceWith interface{})
- func SanitizeConfigOutputs(outputs map[string]*tfjson.ConfigOutput, replaceWith interface{})
- func SanitizeConfigVariables(result map[string]*tfjson.ConfigVariable, replaceWith interface{})
- func SanitizePlan(result *tfjson.Plan) error
- func SanitizePlanVariables(result map[string]*tfjson.PlanVariable, ...)
- func SanitizePlanWithValue(result *tfjson.Plan, replaceWith interface{}) error
- func SanitizeProviderConfig(result *tfjson.ProviderConfig, replaceWith interface{})
- func SanitizeProviderConfigs(result map[string]*tfjson.ProviderConfig, replaceWith interface{})
- func SanitizeStateModule(result *tfjson.StateModule, resourceChanges []*tfjson.ResourceChange, ...)
- func SanitizeStateOutputs(result map[string]*tfjson.StateOutput, replaceWith interface{})
- type SanitizeStateModuleChangeMode
Constants ¶
const DefaultSensitiveValue = "REDACTED_SENSITIVE"
Variables ¶
var NilPlanError = errors.New("nil plan supplied")
Functions ¶
func SanitizeChange ¶
func SanitizeChange(result *tfjson.Change, replaceWith interface{})
SanitizeChange traverses a Change and replaces all values at the particular locations marked by BeforeSensitive AfterSensitive with the value supplied as replaceWith.
func SanitizeConfigOutputs ¶
func SanitizeConfigOutputs(outputs map[string]*tfjson.ConfigOutput, replaceWith interface{})
SanitizeConfigOutputs sanitises the constant_value from the expression of the outputs.
func SanitizeConfigVariables ¶
func SanitizeConfigVariables(result map[string]*tfjson.ConfigVariable, replaceWith interface{})
SanitizeConfigVariables sanitizes the variables config.
func SanitizePlan ¶
func SanitizePlan(result *tfjson.Plan) error
SanitizePlan sanitizes the entirety of a Plan, replacing sensitive values with the default value in DefaultSensitiveValue.
See SanitizePlanWithValue for full detail on the where replacement takes place.
func SanitizePlanVariables ¶
func SanitizePlanVariables( result map[string]*tfjson.PlanVariable, configs map[string]*tfjson.ConfigVariable, replaceWith interface{}, )
SanitizePlanVariables traverses a map of PlanVariable and replaces any sensitive values with the value supplied in replaceWith. configs should be the map of ConfigVariables from the root module (so Plan.Config.RootModule.Variables).
func SanitizePlanWithValue ¶
func SanitizePlanWithValue(result *tfjson.Plan, replaceWith interface{}) error
SanitizePlanWithValue sanitizes the entirety of a Plan to the best of its ability, depending on the provided metadata on sensitive values. These are found in:
* ResourceChanges: Sanitized based on BeforeSensitive and AfterSensitive fields.
* Variables: Based on variable config data found in the root module of the Config.
* PlannedValues: Sanitized based on the values found in AfterSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.
* PriorState: Sanitized based on the values found in BeforeSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.
* OutputChanges: Sanitized based on the values found in BeforeSensitive and AfterSensitive. This generally means that any sensitive output will have OutputChange fully obfuscated as the BeforeSensitive and AfterSensitive in outputs are opaquely the same.
Sensitive values are replaced with the value supplied with replaceWith.
func SanitizeProviderConfig ¶
func SanitizeProviderConfig(result *tfjson.ProviderConfig, replaceWith interface{})
SanitizeProviderConfig sanitises the constant_value from expressions of the provider_config to the value set in replaceWith parameter.
func SanitizeProviderConfigs ¶
func SanitizeProviderConfigs(result map[string]*tfjson.ProviderConfig, replaceWith interface{})
SanitizeProviderConfigs sanitises the constant_value from expressions of the provider_configs to the value set in replaceWith parameter.
func SanitizeStateModule ¶
func SanitizeStateModule( result *tfjson.StateModule, resourceChanges []*tfjson.ResourceChange, mode SanitizeStateModuleChangeMode, replaceWith interface{}, )
SanitizeStateModule traverses a StateModule, consulting the supplied ResourceChange set for resources to determine whether or not particular values should be obfuscated.
Use mode to supply the SanitizeStateModuleChangeMode that represents what sensitive field should be consulted to determine whether or not the value should be obfuscated:
* SanitizeStateModuleChangeModeBefore for before_sensitive * SanitizeStateModuleChangeModeAfter for after_sensitive
Sensitive values are replaced with the supplied replaceWith value.
func SanitizeStateOutputs ¶
func SanitizeStateOutputs(result map[string]*tfjson.StateOutput, replaceWith interface{})
SanitizeStateOutputs scans the supplied map of StateOutputs and replaces any values of outputs marked as Sensitive with the value supplied in replaceWith.
Types ¶
type SanitizeStateModuleChangeMode ¶
type SanitizeStateModuleChangeMode string
const ( SanitizeStateModuleChangeModeBefore SanitizeStateModuleChangeMode = "before_sensitive" SanitizeStateModuleChangeModeAfter SanitizeStateModuleChangeMode = "after_sensitive" )