river/stdlib: add nonsensitive function #3817
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
With the intent to add a `nonsensitive` function into the standard library, rivertypes needs to be moved under river/ to allow it to eventually remove import cycles. Plus, given a `nonsensitive` function, the river/ package would be a better home for the rivertypes package, since the River stdlib should not import anything outside of River.
This commit modifies rivertypes to import types through the internal value package instead of the top-level river package. This removes a potential import cycle allows the stdlib to import rivertypes.
The `nonsensitive` function allows users to explicitly convert a secret value back to a string. `nonsensitive` is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key).
|
Do we want to mention this in the remote.vault documentation? I think we probably should, since people interested in such functionality might be using remote.vault and would try find the information in the Export section of the remote.vault docs. |
|
I personally like the approach with
|
ptodev
approved these changes
May 9, 2023
mattdurham
reviewed
May 9, 2023
mattdurham
approved these changes
May 9, 2023
rfratto
force-pushed
the
river-nonsensitive
branch
from
95a3037
to
99588d5
Compare
clayton-cornell
pushed a commit
that referenced
this pull request
Aug 14, 2023
* move flow/rivertypes package to river/rivertypes With the intent to add a `nonsensitive` function into the standard library, rivertypes needs to be moved under river/ to allow it to eventually remove import cycles. Plus, given a `nonsensitive` function, the river/ package would be a better home for the rivertypes package, since the River stdlib should not import anything outside of River. * rivertypes: remove import on river This commit modifies rivertypes to import types through the internal value package instead of the top-level river package. This removes a potential import cycle allows the stdlib to import rivertypes. * river/stdlib: add `nonsensitive` function The `nonsensitive` function allows users to explicitly convert a secret value back to a string. `nonsensitive` is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key). * remote.vault: document usage of nonsensitive in exports * address review feedback
clayton-cornell
pushed a commit
that referenced
this pull request
Aug 14, 2023
* move flow/rivertypes package to river/rivertypes With the intent to add a `nonsensitive` function into the standard library, rivertypes needs to be moved under river/ to allow it to eventually remove import cycles. Plus, given a `nonsensitive` function, the river/ package would be a better home for the rivertypes package, since the River stdlib should not import anything outside of River. * rivertypes: remove import on river This commit modifies rivertypes to import types through the internal value package instead of the top-level river package. This removes a potential import cycle allows the stdlib to import rivertypes. * river/stdlib: add `nonsensitive` function The `nonsensitive` function allows users to explicitly convert a secret value back to a string. `nonsensitive` is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key). * remote.vault: document usage of nonsensitive in exports * address review feedback
github-actions
bot
added
the
frozen-due-to-age
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
nonsensitivefunction allows users to explicitly convert a secret value back to a string.nonsensitiveis primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key).nonsensitiveis the equivalent to the Terraform function of the same name.