From 87e1d322af0e3f407f0df8d29010be8bc5a4d4b0 Mon Sep 17 00:00:00 2001 From: Landon Woerdeman <13247759+lwoerdeman@users.noreply.github.com> Date: Wed, 27 Jan 2021 21:16:47 -0600 Subject: [PATCH 1/2] Add sensitive_source block --- internal/provider/data_source_archive_file.go | 55 +++++++++++++++++-- .../provider/data_source_archive_file_test.go | 21 +++++++ 2 files changed, 70 insertions(+), 6 deletions(-) diff --git a/internal/provider/data_source_archive_file.go b/internal/provider/data_source_archive_file.go index fb95166b..0f9cfa3d 100644 --- a/internal/provider/data_source_archive_file.go +++ b/internal/provider/data_source_archive_file.go @@ -53,6 +53,34 @@ func dataSourceFile() *schema.Resource { return hashcode.String(buf.String()) }, }, + "sensitive_source": { + Type: schema.TypeSet, + Optional: true, + Computed: true, + Elem: &schema.Resource{ + Schema: map[string]*schema.Schema{ + "content": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + Sensitive: true, + }, + "filename": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + }, + }, + }, + ConflictsWith: []string{"source_file", "source_dir", "source_content", "source_content_filename"}, + Set: func(v interface{}) int { + var buf bytes.Buffer + m := v.(map[string]interface{}) + buf.WriteString(fmt.Sprintf("%s-", m["filename"].(string))) + buf.WriteString(fmt.Sprintf("%s-", m["content"].(string))) + return hashcode.String(buf.String()) + }, + }, "source_content": { Type: schema.TypeString, Optional: true, @@ -193,21 +221,36 @@ func archive(d *schema.ResourceData) error { return fmt.Errorf("error archiving content: %s", err) } } else if v, ok := d.GetOk("source"); ok { - vL := v.(*schema.Set).List() - content := make(map[string][]byte) - for _, v := range vL { - src := v.(map[string]interface{}) - content[src["filename"].(string)] = []byte(src["content"].(string)) + content := genFileContentMap(v) + if v, ok := d.GetOk("sensitive_source"); ok { + for fileName, fileContent := range genFileContentMap(v) { + content[fileName] = fileContent + } + } + if err := archiver.ArchiveMultiple(content); err != nil { + return fmt.Errorf("error archiving content: %s", err) } + } else if v, ok := d.GetOk("sensitive_source"); ok { + content := genFileContentMap(v) if err := archiver.ArchiveMultiple(content); err != nil { return fmt.Errorf("error archiving content: %s", err) } } else { - return fmt.Errorf("one of 'source_dir', 'source_file', 'source_content_filename' must be specified") + return fmt.Errorf("one of 'source_dir', 'source_file', 'source_content_filename', 'source', 'sensitive_source' must be specified") } return nil } +func genFileContentMap(v interface{}) map[string][]byte { + vL := v.(*schema.Set).List() + content := make(map[string][]byte) + for _, v := range vL { + src := v.(map[string]interface{}) + content[src["filename"].(string)] = []byte(src["content"].(string)) + } + return content +} + func genFileShas(filename string) (string, string, string, error) { data, err := ioutil.ReadFile(filename) if err != nil { diff --git a/internal/provider/data_source_archive_file_test.go b/internal/provider/data_source_archive_file_test.go index 9f23eb1b..38875c4f 100644 --- a/internal/provider/data_source_archive_file_test.go +++ b/internal/provider/data_source_archive_file_test.go @@ -73,6 +73,14 @@ func TestAccArchiveFile_Basic(t *testing.T) { r.TestCheckResourceAttrPtr("data.archive_file.foo", "output_size", &fileSize), ), }, + + { + Config: testAccArchiveFileSensitiveConfig(f), + Check: r.ComposeTestCheckFunc( + testAccArchiveFileExists(f, &fileSize), + r.TestCheckResourceAttrPtr("data.archive_file.foo", "output_size", &fileSize), + ), + }, }, }) } @@ -144,6 +152,19 @@ data "archive_file" "foo" { `, filepath.ToSlash(outputPath)) } +func testAccArchiveFileSensitiveConfig(outputPath string) string { + return fmt.Sprintf(` +data "archive_file" "foo" { + type = "zip" + sensitive_source { + filename = "content.txt" + content = "This is some content" + } + output_path = "%s" +} +`, filepath.ToSlash(outputPath)) +} + func testTempDir(t *testing.T) string { tmp, err := ioutil.TempDir("", "tf") if err != nil { From c3ac956cfda461f8f685d375015d54e4dea31e0b Mon Sep 17 00:00:00 2001 From: Landon Woerdeman <13247759+lwoerdeman@users.noreply.github.com> Date: Thu, 28 Jan 2021 16:55:46 -0600 Subject: [PATCH 2/2] Add sensitive_source documentation --- website/docs/d/archive_file.html.markdown | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/website/docs/d/archive_file.html.markdown b/website/docs/d/archive_file.html.markdown index 48c9c503..28e4c9c2 100644 --- a/website/docs/d/archive_file.html.markdown +++ b/website/docs/d/archive_file.html.markdown @@ -37,6 +37,11 @@ data "archive_file" "dotfiles" { content = "${data.template_file.ssh_config.rendered}" filename = ".ssh/config" } + + sensitive_source { + content = "This is sensitive content" + filename = ".ssh/id_rsa" + } } ``` @@ -68,6 +73,9 @@ NOTE: One of `source`, `source_content_filename` (with `source_content`), `sourc * `source` - (Optional) Specifies attributes of a single source file to include into the archive. +* `sensitive_source` - (Optional) Specifies attributes of a single sensitive source file to include into the archive. + Content will not be displayed in plans. + * `excludes` - (Optional) Specify files to ignore when reading the `source_dir`. The `source` block supports the following: @@ -76,6 +84,13 @@ The `source` block supports the following: * `filename` - (Required) Set this as the filename when declaring a `source`. +The `sensitive_source` block supports the following: + +* `content` - (Required) Add this content to the archive with `filename` as the filename. + Content will not be displayed in plans. + +* `filename` - (Required) Set this as the filename when declaring a `source`. + ## Attributes Reference The following attributes are exported: