Make values diff usable

johannges commented 4 weeks ago

Description

At the moment the diff of the values is unusable. If there is any sensitive information inside one of the strings of the values array, the values are obscured completely. Even otherwise it will just print the complete old and new values.

My suggested solution is to introduce an optional calculated field for a better diff:

Additional field use_computed_values (bool, default_false) Additional field computed_values(optional, calculated):

merges the previews and new values strings each into one string (to enable a useful diff)
obscure the sensitive information
diffs the previews and new values strings
omit the values output

Potential Terraform Configuration

resource "helm_release" "test" {
  ...
  use_computed_diff = true
  values = [
    yamlencode({
      test = "regweff2"
    }),
    yamlencode({
      test2 = "gergd"
    }),
  ]
}

Potential Terraform Code Change:


// mapToString converts a map[string]interface{} to a JSON string
func mapToString(m map[string]interface{}) (string, error) {
    jsonBytes, err := json.Marshal(m)
    if err != nil {
        return "", err
    }
    return string(jsonBytes), nil
}
func resourceDiff(ctx context.Context, d *schema.ResourceDiff, meta interface{}) error {
    use_computed_diff := d.Get("use_computed_diff").(bool)
    if use_computed_diff {
        values, _ := getValues(d)
        valuesString, _ := mapToString(values)
        valuesString = redactSensitiveValues(valuesString, d)

        //d.SetNew("values", "test")
        d.SetNew("computed_diff", valuesString)
    }
        ...

References

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

David-PIC commented 4 weeks ago

👌

appilon commented 4 weeks ago

Hello @johannges ,

Unfortunately there is not much that be done to ameliorate the situation with the current implementation. This is a limitation of the original SDK which this provider still uses. It is something that may be addressable with the new framework which supports more powerful types (which Terraform can track and diff properly). Moving this provider to the new framework is something we are trying to prioritize.

hashicorp / terraform-provider-helm