Merge pull request #28583 from hashicorp/alisdair/sensitive-attribute…

…-forces-replacement cli: Show forces replacement for sensitive attrs
hashicorp · May 3, 2021 · 48b9055 · 48b9055
2 parents 6bed300 + c95e9ad
commit 48b9055
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 0 deletions.
diff --git a/command/format/diff.go b/command/format/diff.go
@@ -359,6 +359,9 @@ func (p *blockBodyDiffPrinter) writeAttrDiff(name string, attrS *configschema.At
 
 	if attrS.Sensitive {
 		p.buf.WriteString("(sensitive value)")
+		if p.pathForcesNewResource(path) {
+			p.buf.WriteString(p.color.Color(forcesNewResourceCaption))
+		}
 	} else {
 		switch {
 		case showJustNew:

diff --git a/command/format/diff_test.go b/command/format/diff_test.go
@@ -3992,6 +3992,33 @@ func TestResourceChange_sensitiveVariable(t *testing.T) {
           # so its contents will not be displayed.
         }
     }
+`,
+		},
+		"update with sensitive attribute forcing replacement": {
+			Action: plans.DeleteThenCreate,
+			Mode:   addrs.ManagedResourceMode,
+			Before: cty.ObjectVal(map[string]cty.Value{
+				"id":  cty.StringVal("i-02ae66f368e8518a9"),
+				"ami": cty.StringVal("ami-BEFORE"),
+			}),
+			After: cty.ObjectVal(map[string]cty.Value{
+				"id":  cty.StringVal("i-02ae66f368e8518a9"),
+				"ami": cty.StringVal("ami-AFTER"),
+			}),
+			Schema: &configschema.Block{
+				Attributes: map[string]*configschema.Attribute{
+					"id":  {Type: cty.String, Optional: true, Computed: true},
+					"ami": {Type: cty.String, Optional: true, Computed: true, Sensitive: true},
+				},
+			},
+			RequiredReplace: cty.NewPathSet(
+				cty.GetAttrPath("ami"),
+			),
+			ExpectedOutput: `  # test_instance.example must be replaced
+-/+ resource "test_instance" "example" {
+      ~ ami = (sensitive value) # forces replacement
+        id  = "i-02ae66f368e8518a9"
+    }
 `,
 		},
 	}