WIP

hashicorp · Nov 18, 2024 · 1c0a3af · 1c0a3af
1 parent bcb2e2d
commit 1c0a3af
Show file tree

Hide file tree

Showing 7 changed files with 31 additions and 16 deletions.
diff --git a/internal/command/jsonstate/state.go b/internal/command/jsonstate/state.go
@@ -408,13 +408,10 @@ func marshalResources(resources map[string]*states.Resource, module addrs.Module
 
 				var value cty.Value
 				var sensitivePaths []cty.Path
-				var ephemeralPaths []cty.Path
-				value, current.AttributeValues, sensitivePaths, ephemeralPaths, err = marshalAttributeValues(riObj.Value)
+				value, current.AttributeValues, sensitivePaths, _, err = marshalAttributeValues(riObj.Value)
 				if err != nil {
 					return nil, fmt.Errorf("preparing attribute values for %s: %w", current.Address, err)
 				}
-				// TODO: Put this into write_only_attributes path set on resource
-				fmt.Printf("\n\t ephemeralPaths --> %#v \n", ephemeralPaths)
 				sensitivePaths = append(sensitivePaths, schema.SensitivePaths(value, nil)...)
 				s := SensitiveAsBool(marks.MarkPaths(value, marks.Sensitive, sensitivePaths))
 				v, err := ctyjson.Marshal(s, s.Type())
@@ -463,10 +460,7 @@ func marshalResources(resources map[string]*states.Resource, module addrs.Module
 
 				var value cty.Value
 				var sensitivePaths []cty.Path
-				var ephemeralPaths []cty.Path
-				value, deposed.AttributeValues, sensitivePaths, ephemeralPaths, err = marshalAttributeValues(riObj.Value)
-				// TODO: Put this into write_only_attributes path set on resource
-				fmt.Printf("\n\t ephemeralPaths --> %#v \n", ephemeralPaths)
+				value, deposed.AttributeValues, sensitivePaths, _, err = marshalAttributeValues(riObj.Value)
 				if err != nil {
 					return nil, fmt.Errorf("preparing attribute values for %s: %w", current.Address, err)
 				}

diff --git a/internal/lang/ephemeral/marshal.go b/internal/lang/ephemeral/marshal.go
@@ -12,6 +12,7 @@ import (
 // values and returns an equal value without ephemeral values. If an attribute contains
 // an ephemeral value it will be set to null.
 func RemoveEphemeralValuesForMarshaling(v cty.Value) (cty.Value, []cty.Path, error) {
+	// TODO: Replace this implementation by extracting the ephemeralasnull transformer
 	unmarkedVal, pvms := v.UnmarkDeepWithPaths()
 	ephemeralPaths, otherMarks := marks.PathsWithMark(pvms, marks.Ephemeral)
 

diff --git a/internal/stacks/tfstackdata1/convert.go b/internal/stacks/tfstackdata1/convert.go
@@ -182,6 +182,7 @@ func DecodeProtoResourceInstanceObject(protoObj *StateResourceInstanceObjectV1)
 		paths = append(paths, path)
 	}
 	objSrc.AttrSensitivePaths = paths
+	// TODO: Handle write only paths
 
 	if len(protoObj.Dependencies) != 0 {
 		objSrc.Dependencies = make([]addrs.ConfigResource, len(protoObj.Dependencies))

diff --git a/internal/states/instance_object.go b/internal/states/instance_object.go
@@ -11,6 +11,7 @@ import (
 	ctyjson "github.com/zclconf/go-cty/cty/json"
 
 	"github.com/hashicorp/terraform/internal/addrs"
+	"github.com/hashicorp/terraform/internal/lang/ephemeral"
 	"github.com/hashicorp/terraform/internal/lang/marks"
 	"github.com/hashicorp/terraform/internal/tfdiags"
 )
@@ -168,11 +169,10 @@ func (o *ResourceInstanceObject) AsTainted() *ResourceInstanceObject {
 // know how to store must be dealt with somehow by a caller -- presumably by
 // replacing each marked value with some sort of storage placeholder -- before
 // writing a value into the state.
-func unmarkValueForStorage(v cty.Value) (unmarkedV cty.Value, sensitivePaths []cty.Path, ephemeralPaths []cty.Path, err error) {
-	val, pvms := v.UnmarkDeepWithPaths()
+func unmarkValueForStorage(v cty.Value) (cty.Value, []cty.Path, []cty.Path, error) {
+	val, ephemeralPaths, _ := ephemeral.RemoveEphemeralValuesForMarshaling(v)
+	val, pvms := val.UnmarkDeepWithPaths()
 	sensitivePaths, withOtherMarks := marks.PathsWithMark(pvms, marks.Sensitive)
-	// TODO: Don't I need to remove them from the value?
-	ephemeralPaths, withOtherMarks = marks.PathsWithMark(pvms, marks.Ephemeral)
 	if len(withOtherMarks) != 0 {
 		return cty.NilVal, nil, nil, fmt.Errorf(
 			"%s: cannot serialize value marked as %#v for inclusion in a state snapshot (this is a bug in Terraform)",

diff --git a/internal/states/instance_object_src.go b/internal/states/instance_object_src.go
@@ -100,6 +100,7 @@ func (os *ResourceInstanceObjectSrc) Decode(ty cty.Type) (*ResourceInstanceObjec
 	default:
 		val, err = ctyjson.Unmarshal(os.AttrsJSON, ty)
 		val = marks.MarkPaths(val, marks.Sensitive, os.AttrSensitivePaths)
+		val = marks.MarkPaths(val, marks.Ephemeral, os.AttrWriteOnlyPaths)
 		if err != nil {
 			return nil, err
 		}

diff --git a/internal/states/state_deepcopy.go b/internal/states/state_deepcopy.go
@@ -142,10 +142,16 @@ func (os *ResourceInstanceObjectSrc) DeepCopy() *ResourceInstanceObjectSrc {
 		copy(attrsJSON, os.AttrsJSON)
 	}
 
-	var attrPaths []cty.Path
+	var sensitiveAttrPaths []cty.Path
 	if os.AttrSensitivePaths != nil {
-		attrPaths = make([]cty.Path, len(os.AttrSensitivePaths))
-		copy(attrPaths, os.AttrSensitivePaths)
+		sensitiveAttrPaths = make([]cty.Path, len(os.AttrSensitivePaths))
+		copy(sensitiveAttrPaths, os.AttrSensitivePaths)
+	}
+
+	var writeOnlyAttrPaths []cty.Path
+	if os.AttrWriteOnlyPaths != nil {
+		writeOnlyAttrPaths = make([]cty.Path, len(os.AttrWriteOnlyPaths))
+		copy(writeOnlyAttrPaths, os.AttrWriteOnlyPaths)
 	}
 
 	var private []byte
@@ -168,7 +174,8 @@ func (os *ResourceInstanceObjectSrc) DeepCopy() *ResourceInstanceObjectSrc {
 		Private:             private,
 		AttrsFlat:           attrsFlat,
 		AttrsJSON:           attrsJSON,
-		AttrSensitivePaths:  attrPaths,
+		AttrSensitivePaths:  sensitiveAttrPaths,
+		AttrWriteOnlyPaths:  writeOnlyAttrPaths,
 		Dependencies:        dependencies,
 		CreateBeforeDestroy: os.CreateBeforeDestroy,
 		decodeValueCache:    os.decodeValueCache,

diff --git a/internal/states/statefile/version4.go b/internal/states/statefile/version4.go
@@ -166,6 +166,16 @@ func prepareStateV4(sV4 *stateV4) (*File, tfdiags.Diagnostics) {
 				obj.AttrSensitivePaths = paths
 			}
 
+			// write-only paths
+			if isV4.AttributeWriteOnlyPaths != nil {
+				paths, pathsDiags := unmarshalPaths([]byte(isV4.AttributeWriteOnlyPaths))
+				diags = diags.Append(pathsDiags)
+				if pathsDiags.HasErrors() {
+					continue
+				}
+				obj.AttrWriteOnlyPaths = paths
+			}
+
 			{
 				// Status
 				raw := isV4.Status
@@ -701,6 +711,7 @@ type instanceObjectStateV4 struct {
 	AttributesRaw           json.RawMessage   `json:"attributes,omitempty"`
 	AttributesFlat          map[string]string `json:"attributes_flat,omitempty"`
 	AttributeSensitivePaths json.RawMessage   `json:"sensitive_attributes,omitempty"`
+	AttributeWriteOnlyPaths json.RawMessage   `json:"write_only_attributes,omitempty"`
 
 	PrivateRaw []byte `json:"private,omitempty"`