From 3e30f3cd2e3de406b37e6e82480051a0c7d02ae1 Mon Sep 17 00:00:00 2001
From: Dalton Hubble <dghubble@gmail.com>
Date: Mon, 23 Nov 2020 11:01:04 -0800
Subject: [PATCH] Set kubeconfig and asset_dist as sensitive

* Mark `kubeconfig` and `asset_dist` as `sensitive` to
prevent the Terraform CLI displaying these values, esp.
for CI systems
* In particular, external tools or tfvars style uses (not
recommended) reportedly display all outputs and are improved
by setting sensitive
* For Terraform v0.14, outputs referencing sensitive fields
must also be annotated as sensitive

Closes https://github.com/poseidon/typhoon/issues/884
---
 fedora-coreos/kubernetes/outputs.tf | 6 ++++--
 flatcar-linux/kubernetes/outputs.tf | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/fedora-coreos/kubernetes/outputs.tf b/fedora-coreos/kubernetes/outputs.tf
index 9ad1263f2..67275db59 100644
--- a/fedora-coreos/kubernetes/outputs.tf
+++ b/fedora-coreos/kubernetes/outputs.tf
@@ -1,10 +1,12 @@
 output "kubeconfig-admin" {
-  value = module.bootstrap.kubeconfig-admin
+  value     = module.bootstrap.kubeconfig-admin
+  sensitive = true
 }
 
 # Outputs for debug
 
 output "assets_dist" {
-  value = module.bootstrap.assets_dist
+  value     = module.bootstrap.assets_dist
+  sensitive = true
 }
 
diff --git a/flatcar-linux/kubernetes/outputs.tf b/flatcar-linux/kubernetes/outputs.tf
index 9ad1263f2..67275db59 100644
--- a/flatcar-linux/kubernetes/outputs.tf
+++ b/flatcar-linux/kubernetes/outputs.tf
@@ -1,10 +1,12 @@
 output "kubeconfig-admin" {
-  value = module.bootstrap.kubeconfig-admin
+  value     = module.bootstrap.kubeconfig-admin
+  sensitive = true
 }
 
 # Outputs for debug
 
 output "assets_dist" {
-  value = module.bootstrap.assets_dist
+  value     = module.bootstrap.assets_dist
+  sensitive = true
 }