Merge bd744ad into backport/brandonc/nested_attr_sensitive/repeatedly-tidy-doe

Author: The Terraform Team

internal/command/console_test.go

@@ -172,8 +172,8 @@ func TestConsole_variables(t *testing.T) {
 	commands := map[string]string{
 		"var.foo\n":          "\"bar\"\n",
 		"var.snack\n":        "\"popcorn\"\n",
-		"var.secret_snack\n": "(sensitive)\n",
-		"local.snack_bar\n":  "[\n  \"popcorn\",\n  (sensitive),\n]\n",
+		"var.secret_snack\n": "(sensitive value)\n",
+		"local.snack_bar\n":  "[\n  \"popcorn\",\n  (sensitive value),\n]\n",
 	}
 
 	args := []string{}

internal/command/format/diff.go

@@ -274,7 +274,10 @@ type blockBodyDiffResult struct {
 	skippedBlocks     int
 }
 
-const forcesNewResourceCaption = " [red]# forces replacement[reset]"
+const (
+	forcesNewResourceCaption = " [red]# forces replacement[reset]"
+	sensitiveCaption         = "(sensitive value)"
+)
 
 // writeBlockBodyDiff writes attribute or block differences
 // and returns true if any differences were found and written
@@ -416,7 +419,7 @@ func (p *blockBodyDiffPrinter) writeAttrDiff(name string, attrS *configschema.At
 	p.buf.WriteString(" = ")
 
 	if attrS.Sensitive {
-		p.buf.WriteString("(sensitive)")
+		p.buf.WriteString(sensitiveCaption)
 		if p.pathForcesNewResource(path) {
 			p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
 		}
@@ -459,7 +462,8 @@ func (p *blockBodyDiffPrinter) writeNestedAttrDiff(
 	// Then schema of the attribute itself can be marked sensitive, or the values assigned
 	sensitive := attrWithNestedS.Sensitive || old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive)
 	if sensitive {
-		p.buf.WriteString(" = (sensitive)")
+		p.buf.WriteString(" = ")
+		p.buf.WriteString(sensitiveCaption)
 
 		if p.pathForcesNewResource(path) {
 			p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
@@ -742,7 +746,7 @@ func (p *blockBodyDiffPrinter) writeNestedBlockDiffs(name string, blockS *config
 
 	// If either the old or the new value is marked,
 	// Display a special diff because it is irrelevant
-	// to list all obfuscated attributes as (sensitive)
+	// to list all obfuscated attributes as (sensitive value)
 	if old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive) {
 		p.writeSensitiveNestedBlockDiff(name, old, new, indent, blankBefore, path)
 		return 0
@@ -1025,7 +1029,7 @@ func (p *blockBodyDiffPrinter) writeNestedBlockDiff(name string, label *string,
 func (p *blockBodyDiffPrinter) writeValue(val cty.Value, action plans.Action, indent int) {
 	// Could check specifically for the sensitivity marker
 	if val.HasMark(marks.Sensitive) {
-		p.buf.WriteString("(sensitive)")
+		p.buf.WriteString(sensitiveCaption)
 		return
 	}
 
@@ -1193,7 +1197,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
 	// values are known and non-null.
 	if old.IsKnown() && new.IsKnown() && !old.IsNull() && !new.IsNull() && typesEqual {
 		if old.HasMark(marks.Sensitive) || new.HasMark(marks.Sensitive) {
-			p.buf.WriteString("(sensitive)")
+			p.buf.WriteString(sensitiveCaption)
 			if p.pathForcesNewResource(path) {
 				p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
 			}
@@ -1564,7 +1568,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
 				case plans.Create, plans.NoOp:
 					v := new.Index(kV)
 					if v.HasMark(marks.Sensitive) {
-						p.buf.WriteString("(sensitive)")
+						p.buf.WriteString(sensitiveCaption)
 					} else {
 						p.writeValue(v, action, indent+4)
 					}
@@ -1574,7 +1578,7 @@ func (p *blockBodyDiffPrinter) writeValueDiff(old, new cty.Value, indent int, pa
 					p.writeValueDiff(oldV, newV, indent+4, path)
 				default:
 					if oldV.HasMark(marks.Sensitive) || newV.HasMark(marks.Sensitive) {
-						p.buf.WriteString("(sensitive)")
+						p.buf.WriteString(sensitiveCaption)
 					} else {
 						p.writeValueDiff(oldV, newV, indent+4, path)
 					}

internal/command/format/diff_test.go

@@ -411,11 +411,11 @@ new line
 			ExpectedOutput: `  # test_instance.example will be created
   + resource "test_instance" "example" {
       + conn_info = {
-          + password = (sensitive)
+          + password = (sensitive value)
           + user     = "not-secret"
         }
       + id        = (known after apply)
-      + password  = (sensitive)
+      + password  = (sensitive value)
     }
 `,
 		},
@@ -3048,7 +3048,7 @@ func TestResourceChange_nestedSet(t *testing.T) {
 			ExpectedOutput: `  # test_instance.example will be created
   + resource "test_instance" "example" {
       + ami   = "ami-AFTER"
-      + disks = (sensitive)
+      + disks = (sensitive value)
       + id    = "i-02ae66f368e8518a9"
 
       + root_block_device {
@@ -3146,7 +3146,7 @@ func TestResourceChange_nestedSet(t *testing.T) {
       ~ ami   = "ami-BEFORE" -> "ami-AFTER"
       # Warning: this attribute value will be marked as sensitive and will not
       # display in UI output after applying this change.
-      ~ disks = (sensitive)
+      ~ disks = (sensitive value)
         id    = "i-02ae66f368e8518a9"
 
       + root_block_device {
@@ -3197,7 +3197,7 @@ func TestResourceChange_nestedSet(t *testing.T) {
       ~ ami   = "ami-BEFORE" -> "ami-AFTER"
       # Warning: this attribute value will be marked as sensitive and will not
       # display in UI output after applying this change. The value is unchanged.
-      ~ disks = (sensitive)
+      ~ disks = (sensitive value)
         id    = "i-02ae66f368e8518a9"
     }
 `,
@@ -3965,7 +3965,7 @@ func TestResourceChange_nestedMap(t *testing.T) {
       ~ ami   = "ami-BEFORE" -> "ami-AFTER"
       ~ disks = {
           + "disk_a" = {
-              + mount_point = (sensitive)
+              + mount_point = (sensitive value)
               + size        = "50GB"
             },
         }
@@ -5728,18 +5728,18 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
 			},
 			ExpectedOutput: `  # test_instance.example will be created
   + resource "test_instance" "example" {
-      + ami        = (sensitive)
+      + ami        = (sensitive value)
       + id         = "i-02ae66f368e8518a9"
       + list_field = [
           + "hello",
-          + (sensitive),
+          + (sensitive value),
           + "!",
         ]
       + map_key    = {
           + "breakfast" = 800
-          + "dinner"    = (sensitive)
+          + "dinner"    = (sensitive value)
         }
-      + map_whole  = (sensitive)
+      + map_whole  = (sensitive value)
 
       + nested_block_list {
           # At least one attribute in this block is (or was) sensitive,
@@ -5882,29 +5882,29 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
   ~ resource "test_instance" "example" {
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change.
-      ~ ami         = (sensitive)
+      ~ ami         = (sensitive value)
         id          = "i-02ae66f368e8518a9"
       ~ list_field  = [
             # (1 unchanged element hidden)
             "friends",
-          - (sensitive),
+          - (sensitive value),
           + ".",
         ]
       ~ map_key     = {
           # Warning: this attribute value will no longer be marked as sensitive
           # after applying this change.
-          ~ "dinner"    = (sensitive)
+          ~ "dinner"    = (sensitive value)
             # (1 unchanged element hidden)
         }
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change.
-      ~ map_whole   = (sensitive)
+      ~ map_whole   = (sensitive value)
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change.
-      ~ some_number = (sensitive)
+      ~ some_number = (sensitive value)
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change.
-      ~ special     = (sensitive)
+      ~ special     = (sensitive value)
 
       # Warning: this block will no longer be marked as sensitive
       # after applying this change.
@@ -6007,18 +6007,18 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
         id         = "i-02ae66f368e8518a9"
       ~ list_field = [
           - "hello",
-          + (sensitive),
+          + (sensitive value),
             "friends",
         ]
       ~ map_key    = {
           ~ "breakfast" = 800 -> 700
           # Warning: this attribute value will be marked as sensitive and will not
           # display in UI output after applying this change.
-          ~ "dinner"    = (sensitive)
+          ~ "dinner"    = (sensitive value)
         }
       # Warning: this attribute value will be marked as sensitive and will not
       # display in UI output after applying this change.
-      ~ map_whole  = (sensitive)
+      ~ map_whole  = (sensitive value)
 
       # Warning: this block will be marked as sensitive and will not
       # display in UI output after applying this change.
@@ -6143,15 +6143,15 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
       ~ ami        = (sensitive value)
         id         = "i-02ae66f368e8518a9"
       ~ list_field = [
-          - (sensitive),
-          + (sensitive),
+          - (sensitive value),
+          + (sensitive value),
             "friends",
         ]
       ~ map_key    = {
-          ~ "dinner"    = (sensitive)
+          ~ "dinner"    = (sensitive value)
             # (1 unchanged element hidden)
         }
-      ~ map_whole  = (sensitive)
+      ~ map_whole  = (sensitive value)
 
       ~ nested_block_map {
           # At least one attribute in this block is (or was) sensitive,
@@ -6289,29 +6289,29 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
   ~ resource "test_instance" "example" {
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change. The value is unchanged.
-      ~ ami         = (sensitive)
+      ~ ami         = (sensitive value)
         id          = "i-02ae66f368e8518a9"
       ~ list_field  = [
             # (1 unchanged element hidden)
             "friends",
-          - (sensitive),
+          - (sensitive value),
           + "!",
         ]
       ~ map_key     = {
           # Warning: this attribute value will no longer be marked as sensitive
           # after applying this change. The value is unchanged.
-          ~ "dinner"    = (sensitive)
+          ~ "dinner"    = (sensitive value)
             # (1 unchanged element hidden)
         }
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change. The value is unchanged.
-      ~ map_whole   = (sensitive)
+      ~ map_whole   = (sensitive value)
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change. The value is unchanged.
-      ~ some_number = (sensitive)
+      ~ some_number = (sensitive value)
       # Warning: this attribute value will no longer be marked as sensitive
       # after applying this change. The value is unchanged.
-      ~ special     = (sensitive)
+      ~ special     = (sensitive value)
 
       # Warning: this block will no longer be marked as sensitive
       # after applying this change.
@@ -6410,17 +6410,17 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
 			},
 			ExpectedOutput: `  # test_instance.example will be destroyed
   - resource "test_instance" "example" {
-      - ami        = (sensitive) -> null
+      - ami        = (sensitive value) -> null
       - id         = "i-02ae66f368e8518a9" -> null
       - list_field = [
           - "hello",
-          - (sensitive),
+          - (sensitive value),
         ] -> null
       - map_key    = {
           - "breakfast" = 800
-          - "dinner"    = (sensitive)
+          - "dinner"    = (sensitive value)
         } -> null
-      - map_whole  = (sensitive) -> null
+      - map_whole  = (sensitive value) -> null
 
       - nested_block_set {
           # At least one attribute in this block is (or was) sensitive,
@@ -6492,7 +6492,7 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
 			),
 			ExpectedOutput: `  # test_instance.example must be replaced
 -/+ resource "test_instance" "example" {
-      ~ ami = (sensitive) # forces replacement
+      ~ ami = (sensitive value) # forces replacement
         id  = "i-02ae66f368e8518a9"
 
       ~ nested_block_set { # forces replacement
@@ -6524,7 +6524,7 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
 			),
 			ExpectedOutput: `  # test_instance.example must be replaced
 -/+ resource "test_instance" "example" {
-      ~ ami = (sensitive) # forces replacement
+      ~ ami = (sensitive value) # forces replacement
         id  = "i-02ae66f368e8518a9"
     }
 `,
@@ -6567,7 +6567,7 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
 			ExpectedOutput: `  # test_instance.example must be replaced
 -/+ resource "test_instance" "example" {
       ~ conn_info = { # forces replacement
-          ~ password = (sensitive)
+          ~ password = (sensitive value)
             # (1 unchanged attribute hidden)
         }
         id        = "i-02ae66f368e8518a9"
@@ -6824,7 +6824,7 @@ func TestOutputChanges(t *testing.T) {
 			},
 			`
   ~ a = 1 -> 2
-  ~ b = (sensitive)
+  ~ b = (sensitive value)
   ~ c = false -> true`,
 		},
 	}

internal/repl/format.go

@@ -18,7 +18,7 @@ func FormatValue(v cty.Value, indent int) string {
 		return "(known after apply)"
 	}
 	if v.HasMark(marks.Sensitive) {
-		return "(sensitive)"
+		return "(sensitive value)"
 	}
 	if v.IsNull() {
 		ty := v.Type()

internal/repl/format_test.go

@@ -171,8 +171,8 @@ EOT_`,
 			`toset([])`,
 		},
 		{
-			cty.StringVal("sensitive value").Mark(marks.Sensitive),
-			"(sensitive)",
+			cty.StringVal("a sensitive value").Mark(marks.Sensitive),
+			"(sensitive value)",
 		},
 	}
 

website/docs/language/expressions/function-calls.mdx

@@ -63,11 +63,11 @@ the `keys()` function will result in a list that is sensitive:
 ```shell
 > local.baz
 {
-  "a" = (sensitive)
+  "a" = (sensitive value)
   "b" = "dog"
 }
 > keys(local.baz)
-(sensitive)
+(sensitive value)
 ```
 
 ## When Terraform Calls Functions

website/docs/language/expressions/references.mdx

@@ -292,7 +292,7 @@ Note that unlike `count`, splat expressions are _not_ directly applicable to res
 
 When defining the schema for a resource type, a provider developer can mark
 certain attributes as _sensitive_, in which case Terraform will show a
-placeholder marker `(sensitive)` instead of the actual value when rendering
+placeholder marker `(sensitive value)` instead of the actual value when rendering
 a plan involving that attribute.
 
 A provider attribute marked as sensitive behaves similarly to an

website/docs/language/functions/nonsensitive.mdx

@@ -91,11 +91,11 @@ the local value `mixed_content`, with a valid JSON string assigned to
 
 ```
 > var.mixed_content_json
-(sensitive)
+(sensitive value)
 > local.mixed_content
-(sensitive)
+(sensitive value)
 > local.mixed_content["password"]
-(sensitive)
+(sensitive value)
 > nonsensitive(local.mixed_content["username"])
 "zqb"
 > nonsensitive("clear")