From e8de56990b860ba4b30b281f52a823f0a97fa3e9 Mon Sep 17 00:00:00 2001 From: "hashicorp-tsccr[bot]" <129506189+hashicorp-tsccr[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 08:40:27 +0000 Subject: [PATCH 1/5] build(deps): Bump workflows to latest trusted versions (#141) Co-authored-by: hashicorp-tsccr[bot] --- .github/workflows/test.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7a08138..ea89d89 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,7 +20,7 @@ jobs: timeout-minutes: 3 steps: - name: Checkout Repo - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Install copywrite uses: hashicorp/setup-copywrite@32638da2d4e81d56a0764aa1547882fc4d209636 # v1.1.3 - name: Validate Header Compliance @@ -41,9 +41,9 @@ jobs: - "1.20" steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: ${{ matrix.go }} - name: Go mod download From 2bee7b5aa50ddd7d89111633bc32bf9a28d4b23c Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Mon, 25 Nov 2024 16:38:46 +0000 Subject: [PATCH 2/5] Add CONTRIBUTING.md (#143) --- CONTRIBUTING.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..07b5fd5 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,22 @@ +# Contributing to terraform-json + +## Versioning + +The `github.com/hashicorp/terraform-json` Go module in its entirety is versioned according to [Go module versioning](https://golang.org/ref/mod#versions) with Git tags. + +There is currently no firm plan for releasing v1. + +## Releases + +Releases are made on a reasonably regular basis by the Terraform team, using our custom CI workflows. There is currently no set release schedule and no requirement for _contributors_ to write changelog entries. + +The following notes are only relevant to maintainers. + +[Create new release](https://github.com/hashicorp/terraform-json/releases/new) via GitHub UI to point to the new tag and use GitHub to generate the changelog (`Generate release notes` button). + +You can format the generated changelog before publishing - e.g. ensure entries are grouped into categories such as `ENHANCEMENTS`, `BUG FIXES` and `INTERNAL`. + +## Security vulnerabilities + +Please disclose security vulnerabilities by following the procedure +described at https://www.hashicorp.com/security#vulnerability-reporting. From 9a1f317c95a2472c252d647a01b31ea0048c680b Mon Sep 17 00:00:00 2001 From: Radek Simko Date: Tue, 26 Nov 2024 16:01:36 +0000 Subject: [PATCH 3/5] ci: Report test coverage (#144) --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index ea89d89..44e56bc 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -51,4 +51,4 @@ jobs: - name: Go mod verify run: go mod verify - name: Run tests - run: go test -v ./... + run: go test -cover -v ./... From 1a30a7543048dfa4d01407fb5e156352b9525177 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Nov 2024 10:38:25 +0000 Subject: [PATCH 4/5] Bump github.com/zclconf/go-cty from 1.15.0 to 1.15.1 (#145) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 423ca08..a656af2 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/mitchellh/copystructure v1.2.0 github.com/sebdah/goldie v1.0.0 - github.com/zclconf/go-cty v1.15.0 + github.com/zclconf/go-cty v1.15.1 github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b ) diff --git a/go.sum b/go.sum index a94cf3d..723f2b5 100644 --- a/go.sum +++ b/go.sum @@ -27,8 +27,8 @@ github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/vmihailenco/msgpack v3.3.3+incompatible/go.mod h1:fy3FlTQTDXWkZ7Bh6AcGMlsjHatGryHQYUTf1ShIgkk= github.com/zclconf/go-cty v1.2.0/go.mod h1:hOPWgoHbaTUnI5k4D2ld+GRpFJSCe6bCM7m1q/N4PQ8= -github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= -github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.15.1 h1:RgQYm4j2EvoBRXOPxhUvxPzRrGDo1eCOhHXuGfrj5S0= +github.com/zclconf/go-cty v1.15.1/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= golang.org/x/net v0.0.0-20180811021610-c39426892332/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= From 338fe142c8b929082e7af28d7f2c97e802cc79ac Mon Sep 17 00:00:00 2001 From: Sarah French <15078782+SarahFrench@users.noreply.github.com> Date: Thu, 12 Dec 2024 11:18:09 +0000 Subject: [PATCH 5/5] Add support for write-only attributes (#146) --- schemas.go | 6 ++ schemas_test.go | 85 +++++++++---------- .../schemas.json | 1 + 3 files changed, 46 insertions(+), 46 deletions(-) create mode 100644 testdata/write_only_attribute_on_resource/schemas.json diff --git a/schemas.go b/schemas.go index f6acc1f..13d0d38 100644 --- a/schemas.go +++ b/schemas.go @@ -230,6 +230,10 @@ type SchemaAttribute struct { // in logs. Future versions of Terraform may encrypt or otherwise // treat these values with greater care than non-sensitive fields. Sensitive bool `json:"sensitive,omitempty"` + + // If true, this attribute is write only and its value will not be + // persisted in artifacts such as plan files or state. + WriteOnly bool `json:"write_only,omitempty"` } // jsonSchemaAttribute describes an attribute within a schema block @@ -249,6 +253,7 @@ type jsonSchemaAttribute struct { Optional bool `json:"optional,omitempty"` Computed bool `json:"computed,omitempty"` Sensitive bool `json:"sensitive,omitempty"` + WriteOnly bool `json:"write_only,omitempty"` } func (as *SchemaAttribute) MarshalJSON() ([]byte, error) { @@ -261,6 +266,7 @@ func (as *SchemaAttribute) MarshalJSON() ([]byte, error) { Optional: as.Optional, Computed: as.Computed, Sensitive: as.Sensitive, + WriteOnly: as.WriteOnly, } if as.AttributeType != cty.NilType { attrTy, _ := as.AttributeType.MarshalJSON() diff --git a/schemas_test.go b/schemas_test.go index dddf5e1..d659e79 100644 --- a/schemas_test.go +++ b/schemas_test.go @@ -10,41 +10,47 @@ import ( ) func TestProviderSchemasValidate(t *testing.T) { - f, err := os.Open("testdata/basic/schemas.json") - if err != nil { - t.Fatal(err) + cases := map[string]struct { + testDataPath string + }{ + "a basic provider schema is validated": { + testDataPath: "testdata/basic/schemas.json", + }, + "a provider schema including functions is validated": { + testDataPath: "testdata/functions/schemas.json", + }, + "a provider schema including ephemeral resources is validated": { + testDataPath: "testdata/ephemeral_resources/schemas.json", + }, + "a provider schema including a resource with write-only attribute(s) is validated": { + testDataPath: "testdata/write_only_attribute_on_resource/schemas.json", + }, } - defer f.Close() - var schemas *ProviderSchemas - if err := json.NewDecoder(f).Decode(&schemas); err != nil { - t.Fatal(err) - } - - if err := schemas.Validate(); err != nil { - t.Fatal(err) - } -} + for tn, tc := range cases { + t.Run(tn, func(t *testing.T) { + f, err := os.Open(tc.testDataPath) + if err != nil { + t.Fatal(err) + } + defer f.Close() -func TestProviderSchemasValidate_functions(t *testing.T) { - f, err := os.Open("testdata/functions/schemas.json") - if err != nil { - t.Fatal(err) - } - defer f.Close() + var schemas *ProviderSchemas + if err := json.NewDecoder(f).Decode(&schemas); err != nil { + t.Fatal(err) + } - var schemas *ProviderSchemas - if err := json.NewDecoder(f).Decode(&schemas); err != nil { - t.Fatal(err) - } - - if err := schemas.Validate(); err != nil { - t.Fatal(err) + if err := schemas.Validate(); err != nil { + t.Fatal(err) + } + }) } } -func TestProviderSchemasValidate_ephemeralResources(t *testing.T) { - f, err := os.Open("testdata/ephemeral_resources/schemas.json") +// TestProviderSchemas_writeOnlyAttribute asserts that write-only attributes in a resource in a +// provider schema JSON file are marked as WriteOnly once decoded into a ProviderSchemas struct +func TestProviderSchemas_writeOnlyAttribute(t *testing.T) { + f, err := os.Open("testdata/write_only_attribute_on_resource/schemas.json") if err != nil { t.Fatal(err) } @@ -55,24 +61,11 @@ func TestProviderSchemasValidate_ephemeralResources(t *testing.T) { t.Fatal(err) } - if err := schemas.Validate(); err != nil { - t.Fatal(err) - } -} - -func TestProviderSchemasValidate_nestedAttributes(t *testing.T) { - f, err := os.Open("testdata/nested_attributes/schemas.json") - if err != nil { - t.Fatal(err) + resourceSchema := schemas.Schemas["terraform.io/builtin/terraform"].ResourceSchemas["terraform_example"] + if resourceSchema.Block.Attributes["wo_attr"].WriteOnly != true { + t.Fatal("expected terraform_example.wo_attr to be marked as write-only") } - defer f.Close() - - var schemas *ProviderSchemas - if err := json.NewDecoder(f).Decode(&schemas); err != nil { - t.Fatal(err) - } - - if err := schemas.Validate(); err != nil { - t.Fatal(err) + if resourceSchema.Block.Attributes["foo"].WriteOnly != false { + t.Fatal("expected terraform_example.foo to not be marked as write-only") } } diff --git a/testdata/write_only_attribute_on_resource/schemas.json b/testdata/write_only_attribute_on_resource/schemas.json new file mode 100644 index 0000000..e8c9146 --- /dev/null +++ b/testdata/write_only_attribute_on_resource/schemas.json @@ -0,0 +1 @@ +{"format_version":"1.0","provider_schemas":{"terraform.io/builtin/terraform":{"provider":{"version":0},"resource_schemas":{"terraform_example":{"version":0,"block":{"attributes":{"foo":{"type":"string","description_kind":"plain","optional":true},"wo_attr":{"type":"string","description_kind":"plain","optional":true,"write_only":true}},"description_kind":"plain"}}}}}}