diff --git a/docs/data-sources/stack.md b/docs/data-sources/stack.md index 846e4a80..9d92e1de 100644 --- a/docs/data-sources/stack.md +++ b/docs/data-sources/stack.md @@ -54,6 +54,7 @@ data "spacelift_stack" "k8s-core" { - `cloudformation` (List of Object) CloudFormation-specific configuration. Presence means this Stack is a CloudFormation Stack. (see [below for nested schema](#nestedatt--cloudformation)) - `description` (String) free-form stack description for users - `enable_local_preview` (Boolean) Indicates whether local preview runs can be triggered on this Stack. +- `enable_sensitive_outputs_upload` (Boolean) Indicates whether sensitive outputs created by this stack can be uploaded to Spacelift to be used by Stack Dependency references. Triggered only when corresponding option is enabled on the Worker Pool used by the Stack as well. Defaults to `true`. - `enable_well_known_secret_masking` (Boolean) Indicates whether well-known secret masking is enabled. - `github_enterprise` (List of Object) GitHub Enterprise (self-hosted) VCS settings (see [below for nested schema](#nestedatt--github_enterprise)) - `gitlab` (List of Object) GitLab VCS settings (see [below for nested schema](#nestedatt--gitlab)) diff --git a/docs/data-sources/stacks.md b/docs/data-sources/stacks.md index e5d4ba60..8c918ec6 100644 --- a/docs/data-sources/stacks.md +++ b/docs/data-sources/stacks.md @@ -151,6 +151,7 @@ Read-Only: - `cloudformation` (List of Object) (see [below for nested schema](#nestedobjatt--stacks--cloudformation)) - `description` (String) - `enable_local_preview` (Boolean) +- `enable_sensitive_outputs_upload` (Boolean) - `enable_well_known_secret_masking` (Boolean) - `github_enterprise` (List of Object) (see [below for nested schema](#nestedobjatt--stacks--github_enterprise)) - `gitlab` (List of Object) (see [below for nested schema](#nestedobjatt--stacks--gitlab)) diff --git a/docs/resources/stack.md b/docs/resources/stack.md index 5e0fdb59..01655542 100644 --- a/docs/resources/stack.md +++ b/docs/resources/stack.md @@ -232,6 +232,7 @@ resource "spacelift_stack" "terragrunt-stack" { - `cloudformation` (Block List, Max: 1) CloudFormation-specific configuration. Presence means this Stack is a CloudFormation Stack. (see [below for nested schema](#nestedblock--cloudformation)) - `description` (String) Free-form stack description for users - `enable_local_preview` (Boolean) Indicates whether local preview runs can be triggered on this Stack. Defaults to `false`. +- `enable_sensitive_outputs_upload` (Boolean) Indicates whether sensitive outputs created by this stack can be uploaded to Spacelift to be used by Stack Dependency references. Triggered only when corresponding option is enabled on the Worker Pool used by the Stack as well. Defaults to `true`. - `enable_well_known_secret_masking` (Boolean) Indicates whether well-known secret masking is enabled. - `github_action_deploy` (Boolean) Indicates whether GitHub users can deploy from the Checks API. Defaults to `true`. This is called allow run promotion in the UI. - `github_enterprise` (Block List, Max: 1) VCS settings for [GitHub custom application](https://docs.spacelift.io/integrations/source-control/github#setting-up-the-custom-application) (see [below for nested schema](#nestedblock--github_enterprise)) diff --git a/spacelift/data_stack.go b/spacelift/data_stack.go index 75e0b74f..79aced47 100644 --- a/spacelift/data_stack.go +++ b/spacelift/data_stack.go @@ -306,6 +306,11 @@ func dataStack() *schema.Resource { Description: "Indicates whether well-known secret masking is enabled.", Computed: true, }, + "enable_sensitive_outputs_upload": { + Type: schema.TypeBool, + Description: "Indicates whether sensitive outputs created by this stack can be uploaded to Spacelift to be used by Stack Dependency references. Triggered only when corresponding option is enabled on the Worker Pool used by the Stack as well. Defaults to `true`.", + Computed: true, + }, "kubernetes": { Type: schema.TypeList, Description: "Kubernetes-specific configuration. Presence means this Stack is a Kubernetes Stack.", @@ -528,6 +533,7 @@ func dataStackRead(ctx context.Context, d *schema.ResourceData, meta interface{} d.Set("description", stack.Description) d.Set("enable_local_preview", stack.LocalPreviewEnabled) d.Set("enable_well_known_secret_masking", stack.EnableWellKnownSecretMasking) + d.Set("enable_sensitive_outputs_upload", stack.EnableSensitiveOutputUpload) d.Set("manage_state", stack.ManagesStateFile) d.Set("name", stack.Name) d.Set("project_root", stack.ProjectRoot) diff --git a/spacelift/data_stack_test.go b/spacelift/data_stack_test.go index 5688e6e4..106f3655 100644 --- a/spacelift/data_stack_test.go +++ b/spacelift/data_stack_test.go @@ -42,7 +42,8 @@ func TestStackData(t *testing.T) { terraform_workspace = "bacon" terraform_smart_sanitization = true terraform_external_state_access = true - enable_well_known_secret_masking = true + enable_well_known_secret_masking= true + enable_sensitive_outputs_upload = false } data "spacelift_stack" "test" { stack_id = spacelift_stack.test.id @@ -92,6 +93,7 @@ func TestStackData(t *testing.T) { Attribute("terraform_smart_sanitization", Equals("true")), Attribute("terraform_external_state_access", Equals("true")), Attribute("enable_well_known_secret_masking", Equals("true")), + Attribute("enable_sensitive_outputs_upload", Equals("false")), ), }}) }) @@ -313,6 +315,7 @@ func TestStackData(t *testing.T) { "data.spacelift_stack.test", Attribute("terraform_workflow_tool", Equals("CUSTOM")), Attribute("enable_well_known_secret_masking", Equals("false")), + Attribute("enable_sensitive_outputs_upload", Equals("true")), ), }, }) diff --git a/spacelift/internal/structs/stack.go b/spacelift/internal/structs/stack.go index 4d9f7b14..4485dbb5 100644 --- a/spacelift/internal/structs/stack.go +++ b/spacelift/internal/structs/stack.go @@ -49,6 +49,7 @@ type Stack struct { Labels []string `graphql:"labels"` LocalPreviewEnabled bool `graphql:"localPreviewEnabled"` EnableWellKnownSecretMasking bool `graphql:"enableWellKnownSecretMasking"` + EnableSensitiveOutputUpload bool `graphql:"enableSensitiveOutputUpload"` ManagesStateFile bool `graphql:"managesStateFile"` Name string `graphql:"name"` Namespace string `graphql:"namespace"` @@ -235,6 +236,7 @@ func PopulateStack(d *schema.ResourceData, stack *Stack) error { d.Set("description", stack.Description) d.Set("enable_local_preview", stack.LocalPreviewEnabled) d.Set("enable_well_known_secret_masking", stack.EnableWellKnownSecretMasking) + d.Set("enable_sensitive_outputs_upload", stack.EnableSensitiveOutputUpload) d.Set("github_action_deploy", stack.GitHubActionDeploy) d.Set("manage_state", stack.ManagesStateFile) d.Set("name", stack.Name) diff --git a/spacelift/internal/structs/stack_input.go b/spacelift/internal/structs/stack_input.go index 30a2f2e8..faca537f 100644 --- a/spacelift/internal/structs/stack_input.go +++ b/spacelift/internal/structs/stack_input.go @@ -24,6 +24,7 @@ type StackInput struct { Labels *[]graphql.String `json:"labels"` LocalPreviewEnabled graphql.Boolean `json:"localPreviewEnabled"` EnableWellKnownSecretMasking graphql.Boolean `json:"enableWellKnownSecretMasking"` + EnableSensitiveOutputUpload graphql.Boolean `json:"enableSensitiveOutputUpload"` Name graphql.String `json:"name"` Namespace *graphql.String `json:"namespace"` ProjectRoot *graphql.String `json:"projectRoot"` diff --git a/spacelift/resource_stack.go b/spacelift/resource_stack.go index 20372a9c..42d49a2b 100644 --- a/spacelift/resource_stack.go +++ b/spacelift/resource_stack.go @@ -328,6 +328,12 @@ func resourceStack() *schema.Resource { Optional: true, Default: false, }, + "enable_sensitive_outputs_upload": { + Type: schema.TypeBool, + Description: "Indicates whether sensitive outputs created by this stack can be uploaded to Spacelift to be used by Stack Dependency references. Triggered only when corresponding option is enabled on the Worker Pool used by the Stack as well. Defaults to `true`.", + Optional: true, + Default: true, + }, "github_action_deploy": { Type: schema.TypeBool, Description: "Indicates whether GitHub users can deploy from the Checks API. Defaults to `true`. This is called allow run promotion in the UI.", @@ -774,6 +780,7 @@ func stackInput(d *schema.ResourceData) structs.StackInput { GitHubActionDeploy: graphql.Boolean(d.Get("github_action_deploy").(bool)), LocalPreviewEnabled: graphql.Boolean(d.Get("enable_local_preview").(bool)), EnableWellKnownSecretMasking: graphql.Boolean(d.Get("enable_well_known_secret_masking").(bool)), + EnableSensitiveOutputUpload: graphql.Boolean(d.Get("enable_sensitive_outputs_upload").(bool)), Name: toString(d.Get("name")), ProtectFromDeletion: graphql.Boolean(d.Get("protect_from_deletion").(bool)), Repository: toString(d.Get("repository")), diff --git a/spacelift/resource_stack_test.go b/spacelift/resource_stack_test.go index a51e0c18..31e43107 100644 --- a/spacelift/resource_stack_test.go +++ b/spacelift/resource_stack_test.go @@ -95,6 +95,7 @@ func TestStackResource(t *testing.T) { SetEquals("additional_project_globs", "/bacon", "/bacon/eggs/*"), Attribute("protect_from_deletion", Equals("true")), Attribute("enable_well_known_secret_masking", Equals("false")), + Attribute("enable_sensitive_outputs_upload", Equals("true")), Attribute("repository", Equals("demo")), Attribute("runner_image", Equals("custom_image:runner")), ), @@ -1492,6 +1493,26 @@ func TestStackResourceSpace(t *testing.T) { }) }) + t.Run("can set false to enabling sensitive output", func(t *testing.T) { + randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum) + + testSteps(t, []resource.TestStep{ + { + Config: fmt.Sprintf(`resource "spacelift_stack" "test" { + name = "Provider test stack %s" + branch = "master" + labels = ["one", "two"] + repository = "demo" + enable_sensitive_outputs_upload = false + }`, randomID), + Check: Resource( + "spacelift_stack.test", + Attribute("enable_sensitive_outputs_upload", Equals("false")), + ), + }, + }) + }) + t.Run("importing non-existent resource", func(t *testing.T) { randomID := acctest.RandStringFromCharSet(5, acctest.CharSetAlphaNum)