ephemeral: support write-only attributes #36031
Conversation
DanielMSchmidt
force-pushed
the
TF-18617
branch
2 times, most recently
from
2b388e8
to
be31c29
Compare
|
The equivalence tests will be updated. Please verify the changes here. |
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
be31c29
to
2adec4b
Compare
|
The equivalence tests will be updated. Please verify the changes here. |
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
2adec4b
to
90a9119
Compare
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
90a9119
to
625b207
Compare
|
The equivalence tests will be updated. Please verify the changes here. |
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
625b207
to
ead805d
Compare
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
ead805d
to
9f0ce65
Compare
|
The equivalence tests will be updated. Please verify the changes here. |
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
9f0ce65
to
3cd2fad
Compare
DanielMSchmidt
force-pushed
the
TF-18617
branch
from
3cd2fad
to
2149025
Compare
|
The equivalence tests will be updated. Please verify the changes here. |
| @@ -1180,6 +1181,10 @@ func (n *NodeAbstractResourceInstance) plan( | |||
| } | |||
| } | |||
|
|
|||
| // We don't need ephemeral values anymore since the value has been planned | |||
| ephemeralValuePaths, _ := marks.PathsWithMark(unmarkedPaths, marks.Ephemeral) | |||
| plannedNewVal = ephemeral.RemoveEphemeralValues(plannedNewVal) | |||
There was a problem hiding this comment.
Provider cannot send back ephemeral values, so we should not just be blindly removing the values here. If they did somehow exist, that would be an error.
| @@ -388,6 +394,10 @@ type ChangeSrc struct { | |||
| // the serialized change. | |||
| BeforeSensitivePaths, AfterSensitivePaths []cty.Path | |||
|
|
|||
| // BeforeWriteOnlyPaths and AfterWriteOnlyPaths are paths for any values | |||
| // in Before or After (respectively) that are considered to be write-only. | |||
| BeforeWriteOnlyPaths, AfterWriteOnlyPaths []cty.Path | |||
There was a problem hiding this comment.
write-only paths are statically known in the schema, is this intended to track if one was set or not? If so there are no AfterWriteOnlyPaths, because the provider must not return any write-only values.
There was a problem hiding this comment.
I was under the impression we need to track where ephemeral values have been set. If e.g. a provider changes the schema between two runs these paths might be different for the last state vs the next state, so I thought we would need to track both.
I'm also fine with not tracking them for now at all and taking a second look at it if we find we need them, currently I am also not really clear on the problem they are solving.
There was a problem hiding this comment.
They can't change during a run, so before and after here would always match. I don't think we want to go down the path of tracking if something was set on a previous run though (at least for now), the semantics of that get really messy and don't really have any bearing on the API itself. From what I can see, the only reason to track this here is to help format the diff for the user.
|
|
||
| // AttrWriteOnlyPaths is an array of paths to mark as ephemeral coming out of | ||
| // state, or to save as write_only paths when saving state | ||
| AttrWriteOnlyPaths []cty.Path |
There was a problem hiding this comment.
ephemeral can't go into or out of state, so there should be no reason to track the marked paths
| "sensitive_attributes": []interface{}{}, | ||
| "schema_version": 0.0, | ||
| "sensitive_attributes": []interface{}{}, | ||
| "write_only_attributes": []interface{}{}, |
There was a problem hiding this comment.
remote-state is all about outputs, so there can't be anything write-only
TODO:
This PR aims on building baseline support for write-only attributes, so attributes that can be set to ephemeral values and can not be read / referenced. These attributes are hidden from the state.
Fixes TF-18617
Target Release
1.11.x
Draft CHANGELOG entry
NEW FEATURES