HCL2: pass sensitive variables to packer.LogSecretFilter

Co-Authored-By: Megan Marsh <1008838+SwampDragons@users.noreply.github.com>
2020-10-02 10:17:07 +02:00 · 2020-10-02 10:17:07 +02:00 · bb22cfcf34
parent 984f21d409
commit bb22cfcf34
1 changed files with 17 additions and 0 deletions
--- a/hcl2template/parser.go
+++ b/hcl2template/parser.go
@ -9,6 +9,7 @@ import (
 	"github.com/hashicorp/hcl/v2/ext/dynblock"
 	"github.com/hashicorp/hcl/v2/hclparse"
 	"github.com/hashicorp/packer/packer"
+	"github.com/zclconf/go-cty/cty"
 )

 const (
@ -177,6 +178,22 @@ func (cfg *PackerConfig) Initialize() hcl.Diagnostics {
 	diags = append(diags, moreDiags...)
 	diags = append(diags, cfg.evaluateLocalVariables(cfg.LocalBlocks)...)

+	for _, variable := range cfg.InputVariables {
+		if !variable.Sensitive {
+			continue
+		}
+		value, _ := variable.Value()
+		if !value.IsWhollyKnown() && value.IsNull() && !value.Type().Equals(cty.String) {
+			continue
+		}
+		cty.Walk(value, func(_ cty.Path, nested cty.Value) (bool, error) {
+			if nested.IsWhollyKnown() && !nested.IsNull() && nested.Type().Equals(cty.String) {
+				packer.LogSecretFilter.Set(nested.AsString())
+			}
+			return true, nil
+		})
+	}
+
 	// decode the actual content
 	for _, file := range cfg.files {
 		diags = append(diags, cfg.parser.decodeConfig(file, cfg)...)