Fix internal marshal error of sensitive value (#40)

terraform-linters · Apr 9, 2023 · 5fcaa10 · 5fcaa10
1 parent b5fb9a6
commit 5fcaa10
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 6 deletions.
diff --git a/opa/conversion.go b/opa/conversion.go
@@ -10,6 +10,7 @@ import (
 	"github.com/hashicorp/hcl/v2/hclsyntax"
 	"github.com/open-policy-agent/opa/types"
 	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
+	"github.com/terraform-linters/tflint-plugin-sdk/terraform/lang/marks"
 	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
 	"github.com/zclconf/go-cty/cty"
 	"github.com/zclconf/go-cty/cty/convert"
@@ -293,6 +294,11 @@ func exprToJSON(expr hcl.Expression, tyMap map[string]cty.Type, path string, run
 		}
 		return ret, err
 	}
+	if marks.Contains(value, marks.Sensitive) {
+		ret["unknown"] = true
+		ret["sensitive"] = true
+		return ret, nil
+	}
 	if !value.IsWhollyKnown() {
 		ret["unknown"] = true
 		return ret, nil

diff --git a/opa/conversion_test.go b/opa/conversion_test.go
@@ -582,6 +582,21 @@ func TestExprToJSON(t *testing.T) {
 			},
 			source: `variable "foo" { sensitive = true }`,
 		},
+		{
+			name:  "composite sensitive",
+			input: parse("[var.foo]"),
+			ty:    cty.String,
+			want: map[string]any{
+				"unknown":   true,
+				"sensitive": true,
+				"range": map[string]any{
+					"filename": "main.tf",
+					"start":    map[string]int{"line": 1, "column": 1, "byte": 0},
+					"end":      map[string]int{"line": 1, "column": 10, "byte": 9},
+				},
+			},
+			source: `variable "foo" { sensitive = true }`,
+		},
 		{
 			name:  "invalid type",
 			input: hcl.StaticExpr(cty.StringVal("foo"), hcl.Range{Filename: "main.tf", Start: hcl.InitialPos, End: hcl.InitialPos}),

diff --git a/opa/test_runner.go b/opa/test_runner.go
@@ -8,6 +8,7 @@ import (
 	"github.com/hashicorp/hcl/v2/hclparse"
 	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
 	"github.com/terraform-linters/tflint-plugin-sdk/terraform/addrs"
+	"github.com/terraform-linters/tflint-plugin-sdk/terraform/lang/marks"
 	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
 	"github.com/zclconf/go-cty/cty"
 	"github.com/zclconf/go-cty/cty/gocty"
@@ -97,7 +98,7 @@ func (r *testRunner) GetModuleContent(schema *hclext.BodySchema, _ *tflint.GetMo
 	return content, nil
 }
 
-var sensitiveMark = cty.NewValueMarks("sensitive")
+var sensitiveMark = cty.NewValueMarks(marks.Sensitive)
 
 // EvaluateExpr returns a value of the passed expression.
 // Not expected to reflect anything other than cty.Value.
@@ -124,9 +125,6 @@ func (r *testRunner) EvaluateExpr(expr hcl.Expression, ret interface{}, _ *tflin
 	if diags.HasErrors() {
 		return diags
 	}
-	if val.IsMarked() {
-		return tflint.ErrSensitive
-	}
 
 	return gocty.FromCtyValue(val, ret)
 }

diff --git a/opa/test_runner_test.go b/opa/test_runner_test.go
@@ -9,7 +9,6 @@ import (
 	"github.com/hashicorp/hcl/v2"
 	"github.com/hashicorp/hcl/v2/hclsyntax"
 	"github.com/terraform-linters/tflint-plugin-sdk/hclext"
-	"github.com/terraform-linters/tflint-plugin-sdk/tflint"
 	"github.com/zclconf/go-cty/cty"
 )
 
@@ -236,7 +235,7 @@ variable "instance_type" {
 	sensitive = true
 }`,
 			expr: parse("var.instance_type"),
-			err:  tflint.ErrSensitive,
+			want: `cty.StringVal("t2.micro").Mark(marks.Sensitive)`,
 		},
 	}