Skip to content

Add non-sensitive value attribute to environment variable resource #677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add non-sensitive value attribute to environment variable resource #677

wants to merge 1 commit into from

Conversation

@mbialon
Copy link
Contributor

@mbialon mbialon commented Sep 10, 2025
edited
Loading

Description of the change

This change adds an alternative, non-sensitive value attribute to the environment variable resource.
This allows users to view the value of non-sensitive environment variables.

As I can't see the reason to have write-only, non-sensitive values, this combination is not allowed.

Type of change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Chore (maintenance work, dependency bumps, refactors, not supposed to break existing functionalities)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation (non-breaking change that adds documentation)

Related issues

Fixes #517

Checklists

Development

  • Lint rules pass locally
  • The code changed/added as part of this pull request has been covered with tests
  • All tests related to the changed code pass in development
  • Examples for new resources and data sources have been added
  • Default values have been documented in the description (e.g., "Dummy: (Boolean) Blah blah. Defaults to false.)
  • If the action fails that checks the documentation: Run go generate to make sure the docs are up to date

Code review

  • This pull request has a descriptive title and information useful to a reviewer. There may be a screenshot or screencast attached
  • Pull Request is no longer marked as "draft"
  • Reviewers have been assigned
  • Changes have been reviewed by at least one other engineer

@mbialon mbialon self-assigned this Sep 10, 2025
@mbialon mbialon force-pushed the mbialon/push-ztlskooqqpnp branch 4 times, most recently from 21d2364 to d58db12 Compare September 11, 2025 11:40
@mbialon
Add non-sensitive value attribute to environment variable resource
d7a26f9 
This change adds an alternative, non-sensitive `value` attribute to the environment variable resource.
This allows users to view the value of non-sensitive environment variables.

As I can't see the reason to have write-only, non-sensitive values, this combination is not allowed.

Fixes #517
@mbialon mbialon force-pushed the mbialon/push-ztlskooqqpnp branch from d58db12 to d7a26f9 Compare September 11, 2025 11:50
@mbialon mbialon marked this pull request as ready for review September 11, 2025 11:51
@mbialon mbialon requested review from a team September 11, 2025 11:51
@mbialon mbialon changed the title wip: non-sensitive environment values Add non-sensitive value attribute to environment variable resource Sep 11, 2025
eliecharra
eliecharra reviewed Sep 12, 2025
View reviewed changes
spacelift/resource_environment_variable.go
ForceNew: true,
ConflictsWith: []string{"value_nonsensitive"},
},
"value_nonsensitive": {
Copy link
Member

@eliecharra eliecharra Sep 12, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we introduce that, we should IMO fully get rid of write_only since it will bring confusion.
The validation we perform works, but will only trigger during apply I think nope? That's a bit sad that we can't catch such misconfiguration earlier in the plan.

Removing write_only will introduce a BC break, so I can understand we want to avoid that. But maybe let's mark it as deprecated?

Can we also use ConflictsWith write_only ? Or find a way to validate that the logic is correct earlier than during apply? Not sure if we can do cross field validation 🤔

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@eliecharra eliecharra eliecharra left review comments

@sephriot sephriot sephriot approved these changes

Assignees

@mbialon mbialon

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Environment variable values should be sensitive only when write_only is enabled

4 participants

@mbialon @eliecharra @sephriot