sanitize

package

v0.14.0 Latest Latest Go to latest Published: May 25, 2022 License: MPL-2.0 Imports: 5 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/terraform-json

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func SanitizeChange(old *tfjson.Change, replaceWith interface{}) (*tfjson.Change, error)
func SanitizePlan(old *tfjson.Plan) (*tfjson.Plan, error)
func SanitizePlanVariables(old map[string]*tfjson.PlanVariable, configs map[string]*tfjson.ConfigVariable, ...) (map[string]*tfjson.PlanVariable, error)
func SanitizePlanWithValue(old *tfjson.Plan, replaceWith interface{}) (*tfjson.Plan, error)
func SanitizeStateModule(old *tfjson.StateModule, resourceChanges []*tfjson.ResourceChange, ...) (*tfjson.StateModule, error)
func SanitizeStateOutputs(old map[string]*tfjson.StateOutput, replaceWith interface{}) (map[string]*tfjson.StateOutput, error)
type SanitizeStateModuleChangeMode

Constants ¶

View Source

const DefaultSensitiveValue = "REDACTED_SENSITIVE"

Variables ¶

View Source

var NilPlanError = errors.New("nil plan supplied")

Functions ¶

func SanitizeChange ¶

func SanitizeChange(old *tfjson.Change, replaceWith interface{}) (*tfjson.Change, error)

SanitizeChange traverses a Change and replaces all values at the particular locations marked by BeforeSensitive AfterSensitive with the value supplied as replaceWith.

A new change is issued.

func SanitizePlan ¶

func SanitizePlan(old *tfjson.Plan) (*tfjson.Plan, error)

SanitizePlan sanitizes the entirety of a Plan, replacing sensitive values with the default value in DefaultSensitiveValue.

See SanitizePlanWithValue for full detail on the where replacement takes place.

func SanitizePlanVariables ¶

func SanitizePlanVariables(
	old map[string]*tfjson.PlanVariable,
	configs map[string]*tfjson.ConfigVariable,
	replaceWith interface{},
) (map[string]*tfjson.PlanVariable, error)

SanitizePlanVariables traverses a map of PlanVariable and replaces any sensitive values with the value supplied in replaceWith. configs should be the map of ConfigVariables from the root module (so Plan.Config.RootModule.Variables).

A new copy of the PlanVariable map is returned.

func SanitizePlanWithValue ¶

func SanitizePlanWithValue(old *tfjson.Plan, replaceWith interface{}) (*tfjson.Plan, error)

SanitizePlanWithValue sanitizes the entirety of a Plan to the best of its ability, depending on the provided metadata on sensitive values. These are found in:

* ResourceChanges: Sanitized based on BeforeSensitive and AfterSensitive fields.

* Variables: Based on variable config data found in the root module of the Config.

* PlannedValues: Sanitized based on the values found in AfterSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.

* PriorState: Sanitized based on the values found in BeforeSensitive in ResourceChanges. Outputs are sanitized according to the appropriate sensitivity flags provided for the output.

* OutputChanges: Sanitized based on the values found in BeforeSensitive and AfterSensitive. This generally means that any sensitive output will have OutputChange fully obfuscated as the BeforeSensitive and AfterSensitive in outputs are opaquely the same.

Sensitive values are replaced with the value supplied with replaceWith. A copy of the Plan is returned.

func SanitizeStateModule ¶

func SanitizeStateModule(
	old *tfjson.StateModule,
	resourceChanges []*tfjson.ResourceChange,
	mode SanitizeStateModuleChangeMode,
	replaceWith interface{},
) (*tfjson.StateModule, error)

SanitizeStateModule traverses a StateModule, consulting the supplied ResourceChange set for resources to determine whether or not particular values should be obfuscated.

Use mode to supply the SanitizeStateModuleChangeMode that represents what sensitive field should be consulted to determine whether or not the value should be obfuscated:

* SanitizeStateModuleChangeModeBefore for before_sensitive * SanitizeStateModuleChangeModeAfter for after_sensitive

Sensitive values are replaced with the supplied replaceWith value. A new state module tree is issued.

func SanitizeStateOutputs ¶

func SanitizeStateOutputs(old map[string]*tfjson.StateOutput, replaceWith interface{}) (map[string]*tfjson.StateOutput, error)

SanitizeStateOutputs scans the supplied map of StateOutputs and replaces any values of outputs marked as Sensitive with the value supplied in replaceWith.

A new copy of StateOutputs is returned.

Types ¶

type SanitizeStateModuleChangeMode ¶

type SanitizeStateModuleChangeMode string

const (
	SanitizeStateModuleChangeModeBefore SanitizeStateModuleChangeMode = "before_sensitive"
	SanitizeStateModuleChangeModeAfter  SanitizeStateModuleChangeMode = "after_sensitive"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL