sanitize

package
v2.0.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2024 License: MPL-2.0 Imports: 3 Imported by: 0

Documentation

Index

Constants

View Source
const DefaultSensitiveValue = "REDACTED_SENSITIVE"

Variables

View Source
var NilPlanError = errors.New("nil plan supplied")

Functions

func SanitizeChange

func SanitizeChange(result *tfjson.Change, replaceWith interface{})

SanitizeChange traverses a Change and replaces all values at the particular locations marked by BeforeSensitive AfterSensitive with the value supplied as replaceWith.

func SanitizeConfigOutputs

func SanitizeConfigOutputs(outputs map[string]*tfjson.ConfigOutput, replaceWith interface{})

SanitizeConfigOutputs sanitises the constant_value from the expression of the outputs.

func SanitizeConfigVariables

func SanitizeConfigVariables(result map[string]*tfjson.ConfigVariable, replaceWith interface{})

SanitizeConfigVariables sanitizes the variables config.

func SanitizePlan

func SanitizePlan(result *tfjson.Plan) error

SanitizePlan sanitizes the entirety of a Plan, replacing sensitive values with the default value in DefaultSensitiveValue.

See SanitizePlanWithValue for full detail on the where replacement takes place.

func SanitizePlanVariables

func SanitizePlanVariables(
	result map[string]*tfjson.PlanVariable,
	configs map[string]*tfjson.ConfigVariable,
	replaceWith interface{},
)

SanitizePlanVariables traverses a map of PlanVariable and replaces any sensitive values with the value supplied in replaceWith. configs should be the map of ConfigVariables from the root module (so Plan.Config.RootModule.Variables).

func SanitizePlanWithValue

func SanitizePlanWithValue(result *tfjson.Plan, replaceWith interface{}) error

SanitizePlanWithValue sanitizes the entirety of a Plan to the best of its ability, depending on the provided metadata on sensitive values. These are found in:

* ResourceChanges: Sanitized based on BeforeSensitive and AfterSensitive fields.

* Variables: Based on variable config data found in the root module of the Config.

* PlannedValues: Sanitized based on the values found in AfterSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.

* PriorState: Sanitized based on the values found in BeforeSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.

* OutputChanges: Sanitized based on the values found in BeforeSensitive and AfterSensitive. This generally means that any sensitive output will have OutputChange fully obfuscated as the BeforeSensitive and AfterSensitive in outputs are opaquely the same.

Sensitive values are replaced with the value supplied with replaceWith.

func SanitizeProviderConfig

func SanitizeProviderConfig(result *tfjson.ProviderConfig, replaceWith interface{})

SanitizeProviderConfig sanitises the constant_value from expressions of the provider_config to the value set in replaceWith parameter.

func SanitizeProviderConfigs

func SanitizeProviderConfigs(result map[string]*tfjson.ProviderConfig, replaceWith interface{})

SanitizeProviderConfigs sanitises the constant_value from expressions of the provider_configs to the value set in replaceWith parameter.

func SanitizeStateModule

func SanitizeStateModule(
	result *tfjson.StateModule,
	resourceChanges []*tfjson.ResourceChange,
	mode SanitizeStateModuleChangeMode,
	replaceWith interface{},
)

SanitizeStateModule traverses a StateModule, consulting the supplied ResourceChange set for resources to determine whether or not particular values should be obfuscated.

Use mode to supply the SanitizeStateModuleChangeMode that represents what sensitive field should be consulted to determine whether or not the value should be obfuscated:

* SanitizeStateModuleChangeModeBefore for before_sensitive * SanitizeStateModuleChangeModeAfter for after_sensitive

Sensitive values are replaced with the supplied replaceWith value.

func SanitizeStateOutputs

func SanitizeStateOutputs(result map[string]*tfjson.StateOutput, replaceWith interface{})

SanitizeStateOutputs scans the supplied map of StateOutputs and replaces any values of outputs marked as Sensitive with the value supplied in replaceWith.

Types

type SanitizeStateModuleChangeMode

type SanitizeStateModuleChangeMode string
const (
	SanitizeStateModuleChangeModeBefore SanitizeStateModuleChangeMode = "before_sensitive"
	SanitizeStateModuleChangeModeAfter  SanitizeStateModuleChangeMode = "after_sensitive"
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL