terraform-provider-azapi icon indicating copy to clipboard operation
terraform-provider-azapi copied to clipboard
verified publisher icon Azure

Document what causes body to be marked as sensitive and not shown in plan

Open grayzu opened this issue 3 years ago • 1 comments

  • [ ] Is there anything that we can do to show all insensitive properties?
  • [ ] Is there anythign that we can do to prevent (sensitive) values from causing plan to report delta
  • [ ] Add documentation that thoroughly documents why and why this happens.

grayzu avatar Jul 26 '22 21:07 grayzu

Is there anything that we can do to show all insensitive properties?

Yes, use nonsensitive function to wrap the whole body, here's an example:

resource "azapi_resource" "test" {
  type      = "Microsoft.AppPlatform/Spring/storages@2022-05-01-preview"
  name      = "mystorage"
  parent_id = azurerm_spring_cloud_service.test.id
  body = nonsensitive(jsonencode({
    properties = {
      accountKey  = (azurerm_storage_account.test.primary_access_key)
      accountName = azurerm_storage_account.test.name
      storageType = "StorageAccount"
    }
  }))
  ignore_missing_property = true
}

But this way shows all the sensitive values in plan, which might cause credential leakage.

Is there anythign that we can do to prevent (sensitive) values from causing plan to report delta

Yes, ignore_missing_property = true.

ms-henglu avatar Aug 02 '22 03:08 ms-henglu

Closing this issue as we have this documented: https://registry.terraform.io/providers/Azure/azapi/latest/docs/guides/frequently_asked_questions#after-applying-the-configuration-running-terraform-plan-found-theres-still-a-change and resolved by dynamic properties.

ms-henglu avatar May 06 '24 06:05 ms-henglu