refactor(sharing_outputs): no default value for the sensitive fields. (…

…#1927)

## What this PR does / why we need it:

Backport of #1926 to
`v0.10.x` branch.

## Which issue(s) this PR fixes:
none

## Special notes for your reviewer:

## Does this PR introduce a user-facing change?
```
yes, change the behavior.
```

CHANGELOG.md

@@ -27,6 +27,10 @@ Given a version number `MAJOR.MINOR.PATCH`, we increment the:
 - Add support for dot (`.`) in the tag syntax.
   - Now you can add tags like `v1.0.0-abc_xyz`
 
+### Changed
+
+- The **Outputs Sharing** feature now has no default value for the `sensitive` field of `input` and `output` blocks.
+
 ## v0.10.8
 
 ### Fixed

config/sharing_backend.go

@@ -20,7 +20,7 @@ type (
 		Backend     string
 		FromStackID string
 		value       hhcl.Expression
-		Sensitive   bool
+		Sensitive   *bool
 		mock        hhcl.Expression
 	}
 
@@ -34,7 +34,7 @@ type (
 		Description string
 		Backend     string
 		Value       hhcl.Expression
-		Sensitive   bool
+		Sensitive   *bool
 	}
 
 	// Outputs is a list of outputs.
@@ -44,11 +44,10 @@ type (
 // EvalInput evaluates an input block using the provided evaluation context.
 func EvalInput(evalctx *eval.Context, input hcl.Input) (Input, error) {
 	evaluatedInput := Input{
-		Range:     input.Range,
-		Name:      input.Name, // TODO(i4k): validate name.
-		Sensitive: true,
-		value:     input.Value,
-		mock:      input.Mock,
+		Range: input.Range,
+		Name:  input.Name, // TODO(i4k): validate name.
+		value: input.Value,
+		mock:  input.Mock,
 	}
 	var err error
 	errs := errors.L()
@@ -59,7 +58,10 @@ func EvalInput(evalctx *eval.Context, input hcl.Input) (Input, error) {
 	errs.Append(validateID(evaluatedInput.FromStackID, "input.from_stack_id"))
 
 	if input.Sensitive != nil {
-		evaluatedInput.Sensitive, err = evalBool(evalctx, input.Sensitive, "input.sensitive")
+		val, err := evalBool(evalctx, input.Sensitive, "input.sensitive")
+		if err == nil {
+			evaluatedInput.Sensitive = &val
+		}
 		errs.Append(err)
 	}
 	if err := errs.AsError(); err != nil {
@@ -93,9 +95,8 @@ func (i *Input) Mock(evalctx *eval.Context) (cty.Value, bool, error) {
 // EvalOutput evaluates an output block using the provided evaluation context.
 func EvalOutput(evalctx *eval.Context, output hcl.Output) (Output, error) {
 	evaluatedOutput := Output{
-		Name:      output.Name,
-		Sensitive: true,
-		Value:     output.Value,
+		Name:  output.Name,
+		Value: output.Value,
 	}
 	var err error
 	errs := errors.L()
@@ -104,7 +105,10 @@ func EvalOutput(evalctx *eval.Context, output hcl.Output) (Output, error) {
 		errs.Append(err)
 	}
 	if output.Sensitive != nil {
-		evaluatedOutput.Sensitive, err = evalBool(evalctx, output.Sensitive, "output.sensitive")
+		val, err := evalBool(evalctx, output.Sensitive, "output.sensitive")
+		if err == nil {
+			evaluatedOutput.Sensitive = &val
+		}
 		errs.Append(err)
 	}
 	evaluatedOutput.Backend, err = evalString(evalctx, output.Backend, "output.backend")

config/sharing_backend_test.go

@@ -35,7 +35,9 @@ func TestEvalSharingBackendInput(t *testing.T) {
 		wantErr      error
 		wantValueErr error
 	}
-	t.Helper()
+	t.Parallel()
+	falsy := false
+	truthy := true
 	for _, tc := range []testcase{
 		{
 			name: "invalid backend attribute",
@@ -77,7 +79,30 @@ func TestEvalSharingBackendInput(t *testing.T) {
 			wantErr: errors.E(`"input.from_stack_id" "id cannot contain spaces" doesn't match "^[a-zA-Z0-9_-]{1,64}$"`),
 		},
 		{
-			name: "complete working input",
+			name: "complete working input - sensitive=(unset)",
+			globals: map[string]cty.Value{
+				"my_backend":  cty.StringVal("my-backend"),
+				"other_stack": cty.StringVal("other-stack"),
+				"val":         cty.StringVal("from-global"),
+			},
+			config: Input(
+				Labels("var_name"),
+				Expr("value", `"${outputs.var_name}-${global.val}"`),
+				Expr("from_stack_id", `global.other_stack`),
+				Expr("backend", `global.my_backend`),
+			),
+			outputs: map[string]cty.Value{
+				"var_name": cty.StringVal("test"),
+			},
+			want: config.Input{
+				Name:        "var_name",
+				FromStackID: "other-stack",
+				Backend:     "my-backend",
+			},
+			wantValue: cty.StringVal("test-from-global"),
+		},
+		{
+			name: "complete working input - sensitive=false",
 			globals: map[string]cty.Value{
 				"my_backend":  cty.StringVal("my-backend"),
 				"other_stack": cty.StringVal("other-stack"),
@@ -98,7 +123,33 @@ func TestEvalSharingBackendInput(t *testing.T) {
 				Name:        "var_name",
 				FromStackID: "other-stack",
 				Backend:     "my-backend",
-				Sensitive:   false,
+				Sensitive:   &falsy,
+			},
+			wantValue: cty.StringVal("test-from-global"),
+		},
+		{
+			name: "complete working input - sensitive=true",
+			globals: map[string]cty.Value{
+				"my_backend":  cty.StringVal("my-backend"),
+				"other_stack": cty.StringVal("other-stack"),
+				"val":         cty.StringVal("from-global"),
+				"is_secret":   cty.BoolVal(true),
+			},
+			config: Input(
+				Labels("var_name"),
+				Expr("value", `"${outputs.var_name}-${global.val}"`),
+				Expr("from_stack_id", `global.other_stack`),
+				Expr("backend", `global.my_backend`),
+				Expr("sensitive", `global.is_secret`),
+			),
+			outputs: map[string]cty.Value{
+				"var_name": cty.StringVal("test"),
+			},
+			want: config.Input{
+				Name:        "var_name",
+				FromStackID: "other-stack",
+				Backend:     "my-backend",
+				Sensitive:   &truthy,
 			},
 			wantValue: cty.StringVal("test-from-global"),
 		},
@@ -171,7 +222,8 @@ func TestEvalSharingBackendOutput(t *testing.T) {
 		wantValue string
 		wantErr   error
 	}
-	t.Helper()
+	t.Parallel()
+	falsy := false
 	for _, tc := range []testcase{
 		{
 			name: "invalid backend attribute",
@@ -200,7 +252,7 @@ func TestEvalSharingBackendOutput(t *testing.T) {
 				Name:        "var_name",
 				Description: "my output description",
 				Backend:     "my-backend",
-				Sensitive:   false,
+				Sensitive:   &falsy,
 			},
 			wantValue: `module.test.var_name`,
 		},

generate/generate_sharing_test.go

@@ -50,7 +50,7 @@ func TestGenerateSharing(t *testing.T) {
 			},
 		},
 		{
-			name: "single input generated",
+			name: "single input generated - sensitive=(unset)",
 			layout: []string{
 				"s:stacks/stack-1",
 				"s:stacks/stack-2",
@@ -87,7 +87,60 @@ func TestGenerateSharing(t *testing.T) {
 							Block("variable",
 								Labels("var_name"),
 								Expr("type", "any"),
-								Bool("sensitive", true),
+							),
+						),
+					},
+				},
+			},
+			wantReport: generate.Report{
+				Successes: []generate.Result{
+					{
+						Dir:     project.NewPath("/stacks/stack-1"),
+						Created: []string{"test.tf"},
+					},
+				},
+			},
+		},
+		{
+			name: "single input generated - sensitive=false",
+			layout: []string{
+				"s:stacks/stack-1",
+				"s:stacks/stack-2",
+			},
+			configs: []hclconfig{
+				{
+					path: "/",
+					add:  enableSharingExperiment,
+				},
+				{
+					path: "/",
+					add: Block("sharing_backend",
+						Labels("name"),
+						Expr("type", "terraform"),
+						Expr("command", `["echo"]`),
+						Str("filename", "test.tf"),
+					),
+				},
+				{
+					path: "/stacks/stack-1",
+					add: Input(
+						Labels("var_name"),
+						Str("backend", "name"),
+						Expr("value", "outputs.var_name"),
+						Str("from_stack_id", "abc"),
+						Bool("sensitive", false),
+					),
+				},
+			},
+			want: []generatedFile{
+				{
+					dir: "/stacks/stack-1",
+					files: map[string]fmt.Stringer{
+						"test.tf": Doc(
+							Block("variable",
+								Labels("var_name"),
+								Expr("type", "any"),
+								Bool("sensitive", false),
 							),
 						),
 					},
@@ -157,7 +210,6 @@ func TestGenerateSharing(t *testing.T) {
 							Block("variable",
 								Labels("var_name2"),
 								Expr("type", "any"),
-								Bool("sensitive", true),
 							),
 						),
 					},
@@ -173,7 +225,7 @@ func TestGenerateSharing(t *testing.T) {
 			},
 		},
 		{
-			name: "single output generated",
+			name: "single output generated - sensitive=(unset)",
 			layout: []string{
 				"s:stacks/stack-1",
 				"s:stacks/stack-2",
@@ -210,7 +262,6 @@ func TestGenerateSharing(t *testing.T) {
 							Block("output",
 								Labels("var_name"),
 								Expr("value", "module.something"),
-								Bool("sensitive", true),
 							),
 						),
 					},
@@ -252,7 +303,6 @@ func TestGenerateSharing(t *testing.T) {
 						Labels("var_name1"),
 						Str("backend", "name"),
 						Expr("value", "module.something1"),
-						Bool("sensitive", false),
 					),
 				},
 				{
@@ -274,7 +324,6 @@ func TestGenerateSharing(t *testing.T) {
 							Block("output",
 								Labels("var_name1"),
 								Expr("value", "module.something1"),
-								Bool("sensitive", false),
 							),
 							Block("output",
 								Labels("var_name2"),
@@ -363,6 +412,7 @@ func TestGenerateSharing(t *testing.T) {
 							Labels("var_output4"),
 							Str("backend", "name"),
 							Expr("value", "module.something4"),
+							Bool("sensitive", false),
 						),
 						Input(
 							Labels("var_input4"),
@@ -386,7 +436,6 @@ func TestGenerateSharing(t *testing.T) {
 							Block("variable",
 								Labels("var_input2"),
 								Expr("type", "any"),
-								Bool("sensitive", true),
 							),
 							Block("variable",
 								Labels("var_input3"),
@@ -396,27 +445,23 @@ func TestGenerateSharing(t *testing.T) {
 							Block("variable",
 								Labels("var_input4"),
 								Expr("type", "any"),
-								Bool("sensitive", true),
 							),
 							Block("output",
 								Labels("var_output1"),
 								Expr("value", "module.something1"),
-								Bool("sensitive", true),
 							),
 							Block("output",
 								Labels("var_output2"),
 								Expr("value", "module.something2"),
-								Bool("sensitive", true),
 							),
 							Block("output",
 								Labels("var_output3"),
 								Expr("value", "module.something3"),
-								Bool("sensitive", true),
 							),
 							Block("output",
 								Labels("var_output4"),
 								Expr("value", "module.something4"),
-								Bool("sensitive", true),
+								Bool("sensitive", false),
 							),
 						),
 					},
@@ -467,15 +512,13 @@ func TestSharingOrphanedFilesAreDeleted(t *testing.T) {
 	expectedOutput := genhcl.Header(genhcl.DefaultComment) + Block("output",
 		Labels("name"),
 		Expr("value", "module.test"),
-		Bool("sensitive", true),
 	).String() + "\n"
 	gotOutput := s.RootEntry().ReadFile("s1/sharing.tf")
 	assert.EqualStrings(t, expectedOutput, string(gotOutput))
 
 	expectedInput := genhcl.Header(genhcl.DefaultComment) + Block("variable",
 		Labels("name"),
 		Expr("type", "any"),
-		Bool("sensitive", true),
 	).String() + "\n"
 	gotInput := s.RootEntry().ReadFile("s2/sharing.tf")
 	assert.EqualStrings(t, expectedInput, string(gotInput))

generate/sharing/sharing_backend.go

@@ -43,7 +43,9 @@ func PrepareFile(root *config.Root, filename string, inputs config.Inputs, outpu
 				Bytes: []byte("any"),
 			},
 		})
-		blockBody.SetAttributeValue("sensitive", cty.BoolVal(in.Sensitive))
+		if in.Sensitive != nil {
+			blockBody.SetAttributeValue("sensitive", cty.BoolVal(*in.Sensitive))
+		}
 		body.AppendBlock(varBlock)
 	}
 	for _, out := range outputs {
@@ -53,7 +55,9 @@ func PrepareFile(root *config.Root, filename string, inputs config.Inputs, outpu
 		outBlock := hclwrite.NewBlock("output", []string{out.Name})
 		blockBody := outBlock.Body()
 		blockBody.SetAttributeRaw("value", ast.TokensForExpression(out.Value))
-		blockBody.SetAttributeValue("sensitive", cty.BoolVal(out.Sensitive))
+		if out.Sensitive != nil {
+			blockBody.SetAttributeValue("sensitive", cty.BoolVal(*out.Sensitive))
+		}
 		body.AppendBlock(outBlock)
 	}