Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Provider can not resolve sensitive data #486

Open
benkeil opened this issue Jul 31, 2024 · 1 comment
Open

Provider can not resolve sensitive data #486

benkeil opened this issue Jul 31, 2024 · 1 comment
Labels
effort/medium 1 week tops feature-request New/Enhanced functionality wanted priority/p2 Dependent on community feedback. PR's are welcome :)

Comments

@benkeil
Copy link

benkeil commented Jul 31, 2024
edited
Loading

Description of the bug:

When TerraformOutput contains sensitive data, the resulting properties of the secret are omitted.

Reproduction Steps:

DataKeepassEntry.Builder.create(this, "DataKeepassEntry_PAPERLESS_ADMIN_USER")
        .path("Root/PAPERLESS_ADMIN_USER")
        .build()
        .also {
          paperlessAdminUser =
              Fn.tostring(
                  TerraformOutput.Builder.create(this, "PAPERLESS_ADMIN_USER")
                      .value(it.password)
                      .sensitive(true)
                      .build()
                      .value)

...

Secret.Builder.create(this, "secret")
            .stringData(
                mapOf(
                    "PAPERLESS_SECRET_KEY" to config.paperlessSecretKey,
                    "PAPERLESS_ADMIN_USER" to config.paperlessAdminUser,
                    "PAPERLESS_ADMIN_PASSWORD" to config.paperlessAdminPassword,
                ))
            .build()

Result

apiVersion: v1
kind: Secret
metadata:
  name: paperless-secret-c89e4b62
  namespace: paperless
immutable: false
stringData: {}

Error Log:

Environment:

  • Framework Version:
  • OS:

Other:

This is 🐛 Bug Report
@benkeil benkeil added bug Something isn't working needs-triage Priority and effort undetermined yet labels Jul 31, 2024
@iliapolo
Copy link
Member

Thanks for reporting this. Indeed, to include sensitive data we need to add the --outputs-file-include-sensitive-outputs option when the resolver fetches outputs. See https://developer.hashicorp.com/terraform/cdktf/cli-reference/commands#output.

We should provide this as an option to the resolver.

@iliapolo iliapolo added effort/medium 1 week tops feature-request New/Enhanced functionality wanted priority/p2 Dependent on community feedback. PR's are welcome :) and removed bug Something isn't working needs-triage Priority and effort undetermined yet labels Sep 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
effort/medium 1 week tops feature-request New/Enhanced functionality wanted priority/p2 Dependent on community feedback. PR's are welcome :)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iliapolo @benkeil