Skip to content

Commit

Permalink
feat: sensitive outputs fixes #759
Browse files Browse the repository at this point in the history
  • Loading branch information
@jakeyheath
jakeyheath committed Nov 23, 2022
1 parent 5bfe160 commit 88c89f1
Show file tree
Hide file tree
Showing 7 changed files with 278 additions and 140 deletions.
12 changes: 8 additions & 4 deletions apply/apply.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/chanzuckerberg/fogg/util"
getter "github.com/hashicorp/go-getter"
"github.com/hashicorp/hcl2/hclwrite"
"github.com/hashicorp/terraform-config-inspect/tfconfig"
"github.com/sirupsen/logrus"
"github.com/spf13/afero"
)
Expand Down Expand Up @@ -547,7 +548,7 @@ type moduleData struct {
ModuleName string
ModuleSource string
Variables []string
Outputs []string
Outputs []*tfconfig.Output
}

func applyModuleInvocation(
Expand Down Expand Up @@ -583,11 +584,14 @@ func applyModuleInvocation(
}
}
sort.Strings(variables)
outputs := make([]string, 0)

outputs := make([]*tfconfig.Output, 0)
for _, o := range moduleConfig.Outputs {
outputs = append(outputs, o.Name)
outputs = append(outputs, o)
}
sort.Strings(outputs)
sort.Slice(outputs, func(i, j int) bool {
return outputs[i].Name < outputs[j].Name
})

moduleName := ""
if inModuleName != nil {
Expand Down
5 changes: 3 additions & 2 deletions templates/templates/module-invocation/outputs.tf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@

{{ $outer := . -}}
{{- range .Outputs -}}
output "{{.}}" {
value = module.{{$outer.ModuleName}}.{{.}}
output "{{.Name}}" {
value = module.{{$outer.ModuleName}}.{{.Name}}
sensitive = {{.Sensitive}}
}

{{end}}
12 changes: 8 additions & 4 deletions testdata/tfe_config/terraform/tfe/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,19 +2,23 @@
# Make improvements in fogg, so that everyone can benefit.

output "database_name" {
value = module.aws-aurora-postgres.database_name
value = module.aws-aurora-postgres.database_name
sensitive = false
}

output "endpoint" {
value = module.aws-aurora-postgres.endpoint
value = module.aws-aurora-postgres.endpoint
sensitive = false
}

output "port" {
value = module.aws-aurora-postgres.port
value = module.aws-aurora-postgres.port
sensitive = false
}

output "reader_endpoint" {
value = module.aws-aurora-postgres.reader_endpoint
value = module.aws-aurora-postgres.reader_endpoint
sensitive = false
}


129 changes: 86 additions & 43 deletions testdata/v2_full_yaml/terraform/envs/prod/vpc/outputs.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,175 +2,218 @@
# Make improvements in fogg, so that everyone can benefit.

output "database_subnet_group" {
value = module.prod-vpc.database_subnet_group
value = module.prod-vpc.database_subnet_group
sensitive = false
}

output "database_subnets" {
value = module.prod-vpc.database_subnets
value = module.prod-vpc.database_subnets
sensitive = false
}

output "database_subnets_cidr_blocks" {
value = module.prod-vpc.database_subnets_cidr_blocks
value = module.prod-vpc.database_subnets_cidr_blocks
sensitive = false
}

output "default_network_acl_id" {
value = module.prod-vpc.default_network_acl_id
value = module.prod-vpc.default_network_acl_id
sensitive = false
}

output "default_route_table_id" {
value = module.prod-vpc.default_route_table_id
value = module.prod-vpc.default_route_table_id
sensitive = false
}

output "default_security_group_id" {
value = module.prod-vpc.default_security_group_id
value = module.prod-vpc.default_security_group_id
sensitive = false
}

output "default_vpc_cidr_block" {
value = module.prod-vpc.default_vpc_cidr_block
value = module.prod-vpc.default_vpc_cidr_block
sensitive = false
}

output "default_vpc_default_network_acl_id" {
value = module.prod-vpc.default_vpc_default_network_acl_id
value = module.prod-vpc.default_vpc_default_network_acl_id
sensitive = false
}

output "default_vpc_default_route_table_id" {
value = module.prod-vpc.default_vpc_default_route_table_id
value = module.prod-vpc.default_vpc_default_route_table_id
sensitive = false
}

output "default_vpc_default_security_group_id" {
value = module.prod-vpc.default_vpc_default_security_group_id
value = module.prod-vpc.default_vpc_default_security_group_id
sensitive = false
}

output "default_vpc_enable_dns_hostnames" {
value = module.prod-vpc.default_vpc_enable_dns_hostnames
value = module.prod-vpc.default_vpc_enable_dns_hostnames
sensitive = false
}

output "default_vpc_enable_dns_support" {
value = module.prod-vpc.default_vpc_enable_dns_support
value = module.prod-vpc.default_vpc_enable_dns_support
sensitive = false
}

output "default_vpc_id" {
value = module.prod-vpc.default_vpc_id
value = module.prod-vpc.default_vpc_id
sensitive = false
}

output "default_vpc_instance_tenancy" {
value = module.prod-vpc.default_vpc_instance_tenancy
value = module.prod-vpc.default_vpc_instance_tenancy
sensitive = false
}

output "default_vpc_main_route_table_id" {
value = module.prod-vpc.default_vpc_main_route_table_id
value = module.prod-vpc.default_vpc_main_route_table_id
sensitive = false
}

output "elasticache_subnet_group" {
value = module.prod-vpc.elasticache_subnet_group
value = module.prod-vpc.elasticache_subnet_group
sensitive = false
}

output "elasticache_subnet_group_name" {
value = module.prod-vpc.elasticache_subnet_group_name
value = module.prod-vpc.elasticache_subnet_group_name
sensitive = false
}

output "elasticache_subnets" {
value = module.prod-vpc.elasticache_subnets
value = module.prod-vpc.elasticache_subnets
sensitive = false
}

output "elasticache_subnets_cidr_blocks" {
value = module.prod-vpc.elasticache_subnets_cidr_blocks
value = module.prod-vpc.elasticache_subnets_cidr_blocks
sensitive = false
}

output "igw_id" {
value = module.prod-vpc.igw_id
value = module.prod-vpc.igw_id
sensitive = false
}

output "nat_ids" {
value = module.prod-vpc.nat_ids
value = module.prod-vpc.nat_ids
sensitive = false
}

output "nat_public_ips" {
value = module.prod-vpc.nat_public_ips
value = module.prod-vpc.nat_public_ips
sensitive = false
}

output "natgw_ids" {
value = module.prod-vpc.natgw_ids
value = module.prod-vpc.natgw_ids
sensitive = false
}

output "private_route_table_ids" {
value = module.prod-vpc.private_route_table_ids
value = module.prod-vpc.private_route_table_ids
sensitive = false
}

output "private_subnets" {
value = module.prod-vpc.private_subnets
value = module.prod-vpc.private_subnets
sensitive = false
}

output "private_subnets_cidr_blocks" {
value = module.prod-vpc.private_subnets_cidr_blocks
value = module.prod-vpc.private_subnets_cidr_blocks
sensitive = false
}

output "public_route_table_ids" {
value = module.prod-vpc.public_route_table_ids
value = module.prod-vpc.public_route_table_ids
sensitive = false
}

output "public_subnets" {
value = module.prod-vpc.public_subnets
value = module.prod-vpc.public_subnets
sensitive = false
}

output "public_subnets_cidr_blocks" {
value = module.prod-vpc.public_subnets_cidr_blocks
value = module.prod-vpc.public_subnets_cidr_blocks
sensitive = false
}

output "redshift_subnet_group" {
value = module.prod-vpc.redshift_subnet_group
value = module.prod-vpc.redshift_subnet_group
sensitive = false
}

output "redshift_subnets" {
value = module.prod-vpc.redshift_subnets
value = module.prod-vpc.redshift_subnets
sensitive = false
}

output "redshift_subnets_cidr_blocks" {
value = module.prod-vpc.redshift_subnets_cidr_blocks
value = module.prod-vpc.redshift_subnets_cidr_blocks
sensitive = false
}

output "vgw_id" {
value = module.prod-vpc.vgw_id
value = module.prod-vpc.vgw_id
sensitive = false
}

output "vpc_cidr_block" {
value = module.prod-vpc.vpc_cidr_block
value = module.prod-vpc.vpc_cidr_block
sensitive = false
}

output "vpc_enable_dns_hostnames" {
value = module.prod-vpc.vpc_enable_dns_hostnames
value = module.prod-vpc.vpc_enable_dns_hostnames
sensitive = false
}

output "vpc_enable_dns_support" {
value = module.prod-vpc.vpc_enable_dns_support
value = module.prod-vpc.vpc_enable_dns_support
sensitive = false
}

output "vpc_endpoint_dynamodb_id" {
value = module.prod-vpc.vpc_endpoint_dynamodb_id
value = module.prod-vpc.vpc_endpoint_dynamodb_id
sensitive = false
}

output "vpc_endpoint_dynamodb_pl_id" {
value = module.prod-vpc.vpc_endpoint_dynamodb_pl_id
value = module.prod-vpc.vpc_endpoint_dynamodb_pl_id
sensitive = false
}

output "vpc_endpoint_s3_id" {
value = module.prod-vpc.vpc_endpoint_s3_id
value = module.prod-vpc.vpc_endpoint_s3_id
sensitive = false
}

output "vpc_endpoint_s3_pl_id" {
value = module.prod-vpc.vpc_endpoint_s3_pl_id
value = module.prod-vpc.vpc_endpoint_s3_pl_id
sensitive = false
}

output "vpc_id" {
value = module.prod-vpc.vpc_id
value = module.prod-vpc.vpc_id
sensitive = false
}

output "vpc_instance_tenancy" {
value = module.prod-vpc.vpc_instance_tenancy
value = module.prod-vpc.vpc_instance_tenancy
sensitive = false
}

output "vpc_main_route_table_id" {
value = module.prod-vpc.vpc_main_route_table_id
value = module.prod-vpc.vpc_main_route_table_id
sensitive = false
}


Loading

0 comments on commit 88c89f1

Please sign in to comment.