Add support for configuring sensitive outputs (#34)

Signed-off-by: Yoriyasu Yano <[email protected]> Signed-off-by: tflibsonnet-ci <[email protected]> Co-authored-by: yorinasub17 <[email protected]>
tf-libsonnet · Jan 30, 2023 · 41d8940 · 41d8940
1 parent 6714e5d
commit 41d8940
Show file tree

Hide file tree

Showing 2 changed files with 63 additions and 9 deletions.
diff --git a/docs/README.md b/docs/README.md
@@ -22,11 +22,12 @@ local tf = import "github.com/tf-libsonnet/core/main.libsonnet"
 * [`fn withLocalList(locals)`](#fn-withlocallist)
 * [`fn withLocalMap(map)`](#fn-withlocalmap)
 * [`fn withModule(name, source, inpuuts, version='null', _meta={})`](#fn-withmodule)
-* [`fn withOutput(name, value, description='null')`](#fn-withoutput)
+* [`fn withOutput(name, value, description='null', sensitive='null')`](#fn-withoutput)
 * [`fn withOutputList(outputs)`](#fn-withoutputlist)
 * [`fn withOutputMap(map)`](#fn-withoutputmap)
 * [`fn withProvider(name, attrs, alias='null', src='null', version='null')`](#fn-withprovider)
 * [`fn withResource(type, label, attrs, _meta={})`](#fn-withresource)
+* [`fn withSensitiveOutputMap(map)`](#fn-withsensitiveoutputmap)
 * [`fn withVariable(name, isRequired=true, type='null', description='null', default='null')`](#fn-withvariable)
 * [`obj meta`](#obj-meta)
   * [`fn new(count='null', depends_on='null', for_each='null', provider='null', lifecycle='null', connection='null', provisioner='null')`](#fn-metanew)
@@ -239,7 +240,7 @@ Instead, make an explicit binding to the outer object using `local`.
 ### fn withOutput
 
 ```ts
-withOutput(name, value, description='null')
+withOutput(name, value, description='null', sensitive='null')
 ```
 
 `tf.withOutput` injects a new Terraform `output` block into the root configuration.
@@ -249,6 +250,8 @@ withOutput(name, value, description='null')
 - `value` (`string`): The expression to bind to the output name.
 - `description` (`string`): The description of the output. When `null`, the `description` field is omitted from
                             the object.
+- `sensitive` (`bool`): Whether the output contains sensitive information. When `null`, the `sensitive` field is
+                        omitted from the object.
 
 **Returns**:
 - A mixin object that injects the new output into the root Terraform configuration.
@@ -265,8 +268,8 @@ configuration.
 
 **Args**:
 - `outputs` (`list[obj]`): List of output configurations, where each element describes an `output` block. Each
-                           element should have the keys `n` (for `name`), `v` (for `value`), and `d` (for
-                           `description`).
+                           element should have the keys `n` (for `name`), `v` (for `value`), `d` (for
+                           `description`), and `s` (for `sensitive`).
 
 **Returns**:
 - A mixin object that injects all the outputs as output blocks.
@@ -345,6 +348,22 @@ Instead, make an explicit binding to the outer object using `local`.
 - A mixin object that injects the new resource into the root Terraform configuration.
 
 
+### fn withSensitiveOutputMap
+
+```ts
+withSensitiveOutputMap(map)
+```
+
+`tf.withSensitiveOutputMap` injects all the key value pairs of the input map as Terraform `output` blocks with
+`sensitive` set to `true` into the root configuration.
+
+**Args**:
+- `map` (`map[str, str]`): Map of output keys to output values.
+
+**Returns**:
+- A mixin object that injects all the key value pairs as output blocks.
+
+
 ### fn withVariable
 
 ```ts

diff --git a/src/_custom/root.libsonnet b/src/_custom/root.libsonnet
@@ -328,6 +328,8 @@ local withOutputDoc =
       - `value` (`string`): The expression to bind to the output name.
       - `description` (`string`): The description of the output. When `null`, the `description` field is omitted from
                                   the object.
+      - `sensitive` (`bool`): Whether the output contains sensitive information. When `null`, the `sensitive` field is
+                              omitted from the object.
 
       **Returns**:
       - A mixin object that injects the new output into the root Terraform configuration.
@@ -336,20 +338,28 @@ local withOutputDoc =
       d.arg('name', d.T.string),
       d.arg('value', d.T.string),
       d.arg('description', d.T.string, d.T.nil),
+      d.arg('sensitive', d.T.bool, d.T.nil),
     ],
   );
-local withOutput(name, value, description=null) =
+local withOutput(name, value, description=null, sensitive=null) =
   local maybeDescription =
     if description != null then
       { description: description }
     else
       {};
 
+  local maybeSensitive =
+    if sensitive != null then
+      { sensitive: sensitive }
+    else
+      {};
+
   {
     output+: {
       [name]:
         { value: value }
-        + maybeDescription,
+        + maybeDescription
+        + maybeSensitive,
     },
   };
 
@@ -377,6 +387,29 @@ local withOutputMap(map) =
   ]);
 
 
+local withSensitiveOutputMapDoc =
+  d.fn(
+    |||
+      `tf.withSensitiveOutputMap` injects all the key value pairs of the input map as Terraform `output` blocks with
+      `sensitive` set to `true` into the root configuration.
+
+      **Args**:
+      - `map` (`map[str, str]`): Map of output keys to output values.
+
+      **Returns**:
+      - A mixin object that injects all the key value pairs as output blocks.
+    |||,
+    [
+      d.arg('map', d.T.object),
+    ],
+  );
+local withSensitiveOutputMap(map) =
+  h.mergeAll([
+    withOutput(i.k, i.v, sensitive=true)
+    for i in h.objItems(map)
+  ]);
+
+
 local withOutputListDoc =
   d.fn(
     |||
@@ -385,8 +418,8 @@ local withOutputListDoc =
 
       **Args**:
       - `outputs` (`list[obj]`): List of output configurations, where each element describes an `output` block. Each
-                                 element should have the keys `n` (for `name`), `v` (for `value`), and `d` (for
-                                 `description`).
+                                 element should have the keys `n` (for `name`), `v` (for `value`), `d` (for
+                                 `description`), and `s` (for `sensitive`).
 
       **Returns**:
       - A mixin object that injects all the outputs as output blocks.
@@ -397,7 +430,7 @@ local withOutputListDoc =
   );
 local withOutputList(outputs) =
   h.mergeAll([
-    withOutput(o.n, o.v, std.get(o, 'd', null))
+    withOutput(o.n, o.v, std.get(o, 'd', null), std.get(o, 's', null))
     for o in outputs
   ]);
 
@@ -488,6 +521,8 @@ local withLocalList(locals) =
   withOutput:: withOutput,
   '#withOutputMap':: withOutputMapDoc,
   withOutputMap:: withOutputMap,
+  '#withSensitiveOutputMap':: withSensitiveOutputMapDoc,
+  withSensitiveOutputMap:: withSensitiveOutputMap,
   '#withOutputList':: withOutputListDoc,
   withOutputList:: withOutputList,
   '#withLocal':: withLocalDoc,