-
Notifications
You must be signed in to change notification settings - Fork 486
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
river/stdlib: add nonsensitive function #3817
Conversation
With the intent to add a `nonsensitive` function into the standard library, rivertypes needs to be moved under river/ to allow it to eventually remove import cycles. Plus, given a `nonsensitive` function, the river/ package would be a better home for the rivertypes package, since the River stdlib should not import anything outside of River.
This commit modifies rivertypes to import types through the internal value package instead of the top-level river package. This removes a potential import cycle allows the stdlib to import rivertypes.
The `nonsensitive` function allows users to explicitly convert a secret value back to a string. `nonsensitive` is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key).
Do we want to mention this in the remote.vault documentation? I think we probably should, since people interested in such functionality might be using remote.vault and would try find the information in the Export section of the remote.vault docs. |
I personally like the approach with
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small nit but looks good.
95a3037
to
99588d5
Compare
* move flow/rivertypes package to river/rivertypes With the intent to add a `nonsensitive` function into the standard library, rivertypes needs to be moved under river/ to allow it to eventually remove import cycles. Plus, given a `nonsensitive` function, the river/ package would be a better home for the rivertypes package, since the River stdlib should not import anything outside of River. * rivertypes: remove import on river This commit modifies rivertypes to import types through the internal value package instead of the top-level river package. This removes a potential import cycle allows the stdlib to import rivertypes. * river/stdlib: add `nonsensitive` function The `nonsensitive` function allows users to explicitly convert a secret value back to a string. `nonsensitive` is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key). * remote.vault: document usage of nonsensitive in exports * address review feedback
* move flow/rivertypes package to river/rivertypes With the intent to add a `nonsensitive` function into the standard library, rivertypes needs to be moved under river/ to allow it to eventually remove import cycles. Plus, given a `nonsensitive` function, the river/ package would be a better home for the rivertypes package, since the River stdlib should not import anything outside of River. * rivertypes: remove import on river This commit modifies rivertypes to import types through the internal value package instead of the top-level river package. This removes a potential import cycle allows the stdlib to import rivertypes. * river/stdlib: add `nonsensitive` function The `nonsensitive` function allows users to explicitly convert a secret value back to a string. `nonsensitive` is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key). * remote.vault: document usage of nonsensitive in exports * address review feedback
The
nonsensitive
function allows users to explicitly convert a secret value back to a string.nonsensitive
is primarily useful when combined with the remote.vault component, since remote.vault always returns secrets, even if some data stored in Vault is non-sensitive (such as a TLS public key).nonsensitive
is the equivalent to the Terraform function of the same name.