Skip to content
This repository was archived by the owner on Aug 11, 2025. It is now read-only.

support sensitive_body #134

Merged
ms-henglu merged 1 commit into from
May 9, 2025
Merged

support sensitive_body #134

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
ENHANCEMENTS:
- `azapi` resources/data sources: Update embedded schema to the latest version.
- Support specifying the provider version used in the migration in the `terraform` block.
- `azapi_resource`, `azapi_update_resource` resources: Support `sensitive_body` field, which is used to specify the write-only properties in the request body.

BUG FIXES:
- Fix a bug that resource group's api-version `2024-07-01` is disabled in the provider.
Expand Down
62 changes: 46 additions & 16 deletions internal/langserver/handlers/testdata/TestCompletion_codeSample/expect.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,6 +224,36 @@
"command": "editor.action.triggerSuggest"
}
},
{
"label": "sensitive_body",
"labelDetails": {},
"kind": 10,
"detail": "sensitive_body (Optional)",
"documentation": {
"kind": "markdown",
"value": "Type: `dynamic` \nA dynamic attribute that contains the write-only properties of the request body. This will be merge-patched to the body to construct the actual request body.\n"
},
"sortText": "0006",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
"range": {
"start": {
"line": 2,
"character": 2
},
"end": {
"line": 2,
"character": 2
}
},
"newText": "sensitive_body = $0"
},
"command": {
"title": "Suggest",
"command": "editor.action.triggerSuggest"
}
},
{
"label": "tags",
"labelDetails": {},
Expand All @@ -233,7 +263,7 @@
"kind": "markdown",
"value": "Type: `map<string, string>` \nA mapping of tags which should be assigned to the azure resource.\n"
},
"sortText": "0006",
"sortText": "0007",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -263,7 +293,7 @@
"kind": "markdown",
"value": "Type: `list<string> or map<string, string>` \nThe attribute can accept either a list or a map of path that needs to be exported from response body.\n"
},
"sortText": "0007",
"sortText": "0008",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -293,7 +323,7 @@
"kind": "markdown",
"value": "Type: `dynamic` \nWill trigger a replace of the resource when the value changes and is not `null`.\n"
},
"sortText": "0008",
"sortText": "0009",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -323,7 +353,7 @@
"kind": "markdown",
"value": "Type: `block` \nConfiguration block for custom retry policy.\n"
},
"sortText": "0009",
"sortText": "0010",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -353,7 +383,7 @@
"kind": "markdown",
"value": "Type: `bool` \nWhether enabled the validation on `type` and `body` with embedded schema. Defaults to `true`.\n"
},
"sortText": "0010",
"sortText": "0011",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -383,7 +413,7 @@
"kind": "markdown",
"value": "Type: `list<string>` \nA list of ARM resource IDs which are used to avoid create/modify/delete azapi resources at the same time.\n"
},
"sortText": "0011",
"sortText": "0012",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -413,7 +443,7 @@
"kind": "markdown",
"value": "Type: `bool` \nWhether ignore incorrect casing returned in `body` to suppress plan-diff. Defaults to `false`.\n"
},
"sortText": "0012",
"sortText": "0013",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -443,7 +473,7 @@
"kind": "markdown",
"value": "Type: `bool` \nWhether ignore not returned properties like credentials in `body` to suppress plan-diff. Defaults to `false`.\n"
},
"sortText": "0013",
"sortText": "0014",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -473,7 +503,7 @@
"kind": "markdown",
"value": "Type: `map<string, string>` \nA mapping of headers which should be sent with the create request.\n"
},
"sortText": "0014",
"sortText": "0015",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -503,7 +533,7 @@
"kind": "markdown",
"value": "Type: `map<string, string>` \nA mapping of headers which should be sent with the update request.\n"
},
"sortText": "0015",
"sortText": "0016",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -533,7 +563,7 @@
"kind": "markdown",
"value": "Type: `map<string, string>` \nA mapping of headers which should be sent with the read request.\n"
},
"sortText": "0016",
"sortText": "0017",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -563,7 +593,7 @@
"kind": "markdown",
"value": "Type: `map<string, string>` \nA mapping of headers which should be sent with the delete request.\n"
},
"sortText": "0017",
"sortText": "0018",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -593,7 +623,7 @@
"kind": "markdown",
"value": "Type: `map<string, list<string>>` \nA mapping of query parameters which should be sent with the create request.\n"
},
"sortText": "0018",
"sortText": "0019",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -623,7 +653,7 @@
"kind": "markdown",
"value": "Type: `map<string, list<string>>` \nA mapping of query parameters which should be sent with the update request.\n"
},
"sortText": "0019",
"sortText": "0020",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -653,7 +683,7 @@
"kind": "markdown",
"value": "Type: `map<string, list<string>>` \nA mapping of query parameters which should be sent with the read request.\n"
},
"sortText": "0020",
"sortText": "0021",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down Expand Up @@ -683,7 +713,7 @@
"kind": "markdown",
"value": "Type: `map<string, list<string>>` \nA mapping of query parameters which should be sent with the delete request.\n"
},
"sortText": "0021",
"sortText": "0022",
"insertTextFormat": 2,
"insertTextMode": 2,
"textEdit": {
Expand Down
86 changes: 86 additions & 0 deletions internal/langserver/handlers/testdata/TestValidation_sensitiveBody/main.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
resource "azapi_resource" "resourceGroup" {
type = "Microsoft.Resources/resourceGroups@2021-04-01"
name = "henglu415"
location = "westus"
body = {} # Resource group does not require additional properties in the body
lifecycle {
ignore_changes = [
tags,
]
}
}

resource "azapi_resource" "storageAccount" {
type = "Microsoft.Storage/storageAccounts@2021-02-01"
parent_id = azapi_resource.resourceGroup.id
name = "henglu415storage"
location = "westus"
body = {
kind = "StorageV2"
sku = {
name = "Premium_LRS"
}
}
}

ephemeral "azapi_resource_action" "listKeys" {
type = "Microsoft.Storage/storageAccounts@2024-01-01"
resource_id = azapi_resource.storageAccount.id
action = "listKeys"
response_export_values = {
primary_access_key = "keys[0].value"
}
}


resource "azapi_resource" "workspace" {
type = "Microsoft.OperationalInsights/workspaces@2023-09-01"
parent_id = azapi_resource.resourceGroup.id
name = "henglu415workspace"
location = "westus"
body = {
properties = {
features = {
disableLocalAuth = false
enableLogAccessUsingOnlyResourcePermissions = true
}
publicNetworkAccessForIngestion = "Enabled"
publicNetworkAccessForQuery = "Enabled"
retentionInDays = 30
sku = {
name = "PerGB2018"
}
workspaceCapping = {
dailyQuotaGb = -1
}
}
}

}

resource "azapi_resource" "storageInsightConfig" {
type = "Microsoft.OperationalInsights/workspaces/storageInsightConfigs@2023-09-01"
parent_id = azapi_resource.workspace.id
name = "storageInsightConfig"
location = "westus"
identity {
type = "SystemAssigned"
identity_ids = []
}

body = {
properties = {
storageAccount = {
id = azapi_resource.storageAccount.id
}
}
}

sensitive_body = {
properties = {
storageAccount = {
key = ephemeral.azapi_resource_action.listKeys.output.primary_access_key
}
}
}
}
20 changes: 20 additions & 0 deletions internal/langserver/handlers/tfschema/init.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,16 @@ func init() {
GenericCandidatesFunc: bodyCandidates,
},

{
Name: "sensitive_body",
Modifier: "Optional",
Type: "dynamic",
CompletionNewText: "sensitive_body = $0",
Description: "A dynamic attribute that contains the write-only properties of the request body. This will be merge-patched to the body to construct the actual request body.",
ValueCandidatesFunc: FixedValueCandidatesFunc([]lsp.CompletionItem{dynamicPlaceholderCandidate()}),
GenericCandidatesFunc: bodyCandidates,
},

{
Name: "tags",
Modifier: "Optional",
Expand Down Expand Up @@ -297,6 +307,16 @@ func init() {
GenericCandidatesFunc: bodyCandidates,
},

{
Name: "sensitive_body",
Modifier: "Optional",
Type: "dynamic",
CompletionNewText: "sensitive_body = $0",
Description: "A dynamic attribute that contains the write-only properties of the request body. This will be merge-patched to the body to construct the actual request body.",
ValueCandidatesFunc: FixedValueCandidatesFunc([]lsp.CompletionItem{dynamicPlaceholderCandidate()}),
GenericCandidatesFunc: bodyCandidates,
},

{
Name: "response_export_values",
Modifier: "Optional",
Expand Down
5 changes: 5 additions & 0 deletions internal/langserver/handlers/validate/validate.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ func ValidateBlock(src []byte, block *hclsyntax.Block) hcl.Diagnostics {
hclNode = parser.BuildHclNode(tokens)
}
}
if sensitiveBodyAttribute := parser.AttributeWithName(block, "sensitive_body"); sensitiveBodyAttribute != nil {
tokens, _ := hclsyntax.LexExpression(src[sensitiveBodyAttribute.Expr.Range().Start.Byte:sensitiveBodyAttribute.Expr.Range().End.Byte], "", sensitiveBodyAttribute.Expr.Range().Start)
sensitiveHclNode := parser.BuildHclNode(tokens)
hclNode = parser.CombineHclNodes(hclNode, sensitiveHclNode)
}
if attribute == nil || hclNode == nil {
return nil
}
Expand Down
12 changes: 12 additions & 0 deletions internal/langserver/handlers/validate/validate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,3 +153,15 @@ func TestValidation_payload_missingRequiredPropertyInArrayItem(t *testing.T) {
}
}
}

func TestValidation_sensitiveBody(t *testing.T) {
config, err := os.ReadFile(fmt.Sprintf("../testdata/%s/main.tf", t.Name()))
if err != nil {
t.Fatal(err)
}

_, diag := ValidateFile(config, "main.tf")
if len(diag) != 0 {
t.Errorf("expect no diagnostics, but got %v", diag)
}
}
20 changes: 20 additions & 0 deletions internal/parser/hcl_node.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -416,3 +416,23 @@ func fixEmptyValueRange(hclNode *HclNode) {
}
}
}

func CombineHclNodes(a, b *HclNode) *HclNode {
if a == nil && b == nil {
return nil
}
if a == nil {
return b
}
if b == nil {
return a
}
for k, v := range b.Children {
if _, ok := a.Children[k]; !ok {
a.Children[k] = v
} else {
a.Children[k] = CombineHclNodes(a.Children[k], v)
}
}
return a
}
Loading