Thanks to visit codestin.com
Credit goes to github.com

Skip to content

apply: include sensitive metadata when comparing changed input values #37582

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Sep 10, 2025
Merged

apply: include sensitive metadata when comparing changed input values #37582

merged 2 commits into from
Sep 10, 2025
+98 −3

Conversation

liamcervante
Copy link
Member

This PR updates the output for when input values have erroneously changed between plan and apply so that sensitive input values are hidden in the error message.

This approach just rechecks the actual configuration for sensitive values, and applies those marks to the rendered outputs. Interestingly, the plan itself does not contain the information from the configuration, even those it does have room for the marks to be added. This comment suggests that this is deliberate, so I didn't change that behaviour.

Another approach would be to change that behaviour and add the marks from the config during the plan stage, and then just apply the marks from the plan instead of rechecking the config. I was worried about unintended side effects etc, so I went with just rechecking the config but am happy to go and make the more complete change if anyone feels strongly about it.

Fixes #37563

Target Release

1.13.2

Rollback Plan

  • If a change needs to be reverted, we will roll out an update to the code within 7 days.

Changes to Security Controls

Are there any changes to security controls (access controls, encryption, logging) in this pull request? If so, explain.

CHANGELOG entry

  • This change is user-facing and I added a changelog entry.
  • This change is not user-facing.

@liamcervante liamcervante added the 1.13-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged label Sep 10, 2025
@liamcervante liamcervante requested a review from a team as a code owner September 10, 2025 07:59
@liamcervante liamcervante merged commit 00d680d into main Sep 10, 2025
7 checks passed
@liamcervante liamcervante deleted the liamcervante/37563 branch September 10, 2025 09:11
@github-actions github-actions bot mentioned this pull request Sep 10, 2025
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DanielMSchmidt DanielMSchmidt DanielMSchmidt approved these changes

Assignees
No one assigned
Labels
1.13-backport If you add this label to a PR before merging, backport-assistant will open a new PR once merged
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Sensitive values exposed in logs when 'Ignoring variable when applying a saved plan'
2 participants
@liamcervante @DanielMSchmidt