Support sensitive output (fixes #107)

[jtyr]

Community Note

• Please vote on this pull request by adding a 👍 reaction to the original pull request comment to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for pull request followers and do not help prioritize the request

---

This PR is adding support for sensitive outputs. This closes the issue #107. The bellow Workspace resource been tested with this Terraform module. This PR needs to be rebased once the PR #129 is merged to remove most of the changes in the CRD.

apiVersion: app.terraform.io/v1alpha1
kind: Workspace
metadata:
  name: test
spec:
  module:
    source: app.terraform.io/jtyr/test/tfco
    version: 0.0.4
  organization: jtyr
  outputs:
    - key: string
      moduleOutputName: string
    - key: int
      moduleOutputName: int
    - key: float
      moduleOutputName: float
    - key: bool
      moduleOutputName: bool
    - key: "null"
      moduleOutputName: "null"
    - key: list
      moduleOutputName: list
    - key: map
      moduleOutputName: map
    - key: password
      moduleOutputName: password
      sensitive: true
    - key: sensitive
      moduleOutputName: sensitive
      sensitive: true
  omitNamespacePrefix: true
  secretsMountPath: /tmp/secrets
  variables:
    - key: "null"
      value: null value 1

The resulting test-outputs secret then contains those outputs:

$ kubectl get secret -o yaml test-outputs | yq e '.data' -
bool: dHJ1ZQ==
float: MS4yMw==
int: MTIz
list: WyJmb28iLCJiYXIiXQ==
map: eyJiYXIiOiJ4eXoiLCJmb28iOiJhYmMifQ==
"null": Im51bGwgdmFsdWUgMSI=
password: eyJpZCI6Im5vbmUiLCJrZWVwZXJzIjpudWxsLCJsZW5ndGgiOjE2LCJsb3dlciI6dHJ1ZSwibWluX2xvd2VyIjowLCJtaW5fbnVtZXJpYyI6MCwibWluX3NwZWNpYWwiOjAsIm1pbl91cHBlciI6MCwibnVtYmVyIjp0cnVlLCJvdmVycmlkZV9zcGVjaWFsIjoiISMkJSYqKCktXz0rW117fTw+Oj8iLCJyZXN1bHQiOiJaM2k/OlpiUSNSem1Qd2s8Iiwic3BlY2lhbCI6dHJ1ZSwidXBwZXIiOnRydWV9
sensitive: IlNFTlNJVElWRSBURVNUIg==
string: IkhlbGxvIHdvcmxkIg==

As you can see, the password and sensitive outputs are visible in the resulting secret thanks to the sensitive: true set in the Workspace resource.

Release note for CHANGELOG:

Added support for sensitive outputs

[jtyr]

This PR is rebased now.