-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: allow masking output on comments #4331
base: main
Are you sure you want to change the base?
feat: allow masking output on comments #4331
Conversation
did you test tfmask? or any other tool? |
I did, also terrahelp and even plain sed. The problem is that we are sending the output straight to the $planfile, so we can鈥檛 act on it. I even tried to change the $showfile, and while that works, Atlantis doesn鈥檛 use it for the comment. |
I see ok, it make sense on doing the pre-processing |
I like the feature and find it very useful. However, IMHO, the API could be better. workflows:
terragrunt:
plan:
steps:
- run:
command: terragrunt plan -input=false -out=$PLANFILE
output: strip_refreshing|show|hide
- run:
command: terragrunt plan -input=false -out=$PLANFILE
output:
- show
- strip_refreshing
- filter_regex: "((?i)secret:\\s\")[^\"]*" This would allow us to support previous |
Hi, thanks for the feedback 馃槂 I've been using this to support terraform for 100+ environments on the three major clouds with zero issues so far. I adjusted the regex to I have to rebase this soon, I'll take a stab at making it work the way you suggested and see how it behaves. |
what
Part of #163 (comment).
why
I have the requirements to mask some values that are passed to the comments posted by Atlantis, building up on
strip_refreshing
I added two new output configurations that will allow this via a regex configured on the step. There is an assumption that users that shouldn't see secrets/sensitive values won't have access to the URL jobs, where the plan outputs are shown untouched.Example (added to the docs):
Note that the changes related to mocks were automatically generated with
make go-generate
.tests
atlantis plan
provides the desired masked output on GitHub 馃槃references
Possibly solves #163.