feat: Added sensitive parameter filtering to import and init. Added sensitive parameter hiding to displaying plans

Author: kevinwang5658

package-lock.json

@@ -17,7 +17,7 @@
     "ajv": "^8.12.0",
     "ajv-formats": "^3.0.1",
     "chalk": "^5.3.0",
-    "codify-schemas": "^1.0.81",
+    "codify-schemas": "^1.0.83",
     "cors": "^2.8.5",
     "debug": "^4.3.4",
     "detect-indent": "^7.0.1",

package.json

@@ -49,6 +49,9 @@ For more information, visit: https://docs.codifycli.com/commands/import`
     'updateExisting': Flags.boolean({
       description: 'Force the CLI to try to update an existing file instead of prompting the user with the option of creating a new file',
     }),
+    'includeSensitive': Flags.boolean({
+      description: 'Allow the import of resources with sensitive parameters. This only applies when a resource id hasn\'t been explicitly included. Otherwise, this parameter will be ignored.',
+    }),
   }
 
   public async run(): Promise<void> {
@@ -70,8 +73,8 @@ For more information, visit: https://docs.codifycli.com/commands/import`
       verbosityLevel: flags.debug ? 3 : 0,
       typeIds: cleanedArgs,
       path: resolvedPath,
-      secureMode: flags.secure,
       updateExisting: flags.updateExisting,
+      includeSensitive: flags.includeSensitive,
     }, this.reporter)
 
     process.exit(0)

src/commands/import.ts

@@ -2,6 +2,7 @@ import chalk from 'chalk';
 
 import { BaseCommand } from '../common/base-command.js';
 import { InitializeOrchestrator } from '../orchestrators/init.js';
+import { Flags } from '@oclif/core';
 
 export default class Init extends BaseCommand {
   static strict = false;
@@ -17,6 +18,9 @@ For more information, visit: https://docs.codifycli.com/commands/init`
 
   static baseFlags= {
     ...BaseCommand.baseFlags,
+    includeSensitive: Flags.boolean({
+      description: 'Include sensitive resources in the generated configs.',
+    }),
   }
 
   static override examples = [
@@ -29,6 +33,7 @@ For more information, visit: https://docs.codifycli.com/commands/init`
     await InitializeOrchestrator.run({
       verbosityLevel: flags.debug ? 3 : 0,
       path: flags.path,
+      includeSensitive: flags.includeSensitive,
     },this.reporter);
 
     process.exit(0)

src/commands/init.ts

@@ -73,6 +73,7 @@ export class ResourcePlan {
     newValue: null | unknown;
     operation: ParameterOperation;
     previousValue: null | unknown;
+    isSensitive?: boolean;
   }>
 
   constructor(json: PlanResponseData) {

src/entities/plan.ts

@@ -27,7 +27,7 @@ export interface ImportArgs {
   typeIds?: string[];
   path: string;
   updateExisting?: boolean;
-  secureMode?: boolean;
+  includeSensitive?: boolean;
   verbosityLevel?: number;
 }
 
@@ -59,7 +59,12 @@ export class ImportOrchestrator {
     const { project, pluginManager, resourceDefinitions } = initializeResult;
 
     ctx.subprocessStarted(SubProcessName.IMPORT_RESOURCE)
-    const importResults = await Promise.all([...resourceDefinitions.keys()].map(async (typeId) => {
+
+    // Omit sensitive resources if not included
+    const typeIdsToImport = [...resourceDefinitions.keys()]
+      .filter((typeId) => args.includeSensitive || (!args.includeSensitive && (resourceDefinitions.get(typeId)?.sensitiveParameters ?? []).length === 0))
+
+    const importResults = await Promise.all(typeIdsToImport.map(async (typeId) => {
       try {
         return await pluginManager.importResource({
           core: { type: typeId },

src/orchestrators/import.ts

@@ -11,6 +11,7 @@ import { resolvePathWithVariables, untildify } from '../utils/index.js';
 export interface InitArgs {
   path?: string;
   verbosityLevel?: number;
+  includeSensitive?: boolean;
 }
 
 export const InitializeOrchestrator = {
@@ -25,7 +26,12 @@ export const InitializeOrchestrator = {
     const { pluginManager, resourceDefinitions } = await PluginInitOrchestrator.run(args, reporter);
 
     ctx.subprocessStarted(SubProcessName.IMPORT_RESOURCE)
-    const importResults = await Promise.all([...resourceDefinitions.keys()].map(async (typeId) => {
+
+    // Omit sensitive resources if not included
+    const typeIdsToImport = [...resourceDefinitions.keys()]
+      .filter((typeId) => args.includeSensitive || (!args.includeSensitive && (resourceDefinitions.get(typeId)?.sensitiveParameters ?? []).length === 0))
+
+    const importResults = await Promise.all(typeIdsToImport.map(async (typeId) => {
       try {
         return await pluginManager.importResource({
           core: { type: typeId },

src/orchestrators/init.ts

@@ -48,9 +48,10 @@ function prettyFormatCreatePlan(plan: ResourcePlan): string {
         return result;
       }
 
+      const value = parameter.isSensitive ? '[Sensitive]' : parameter.newValue;
       result[parameter.name] = typeof parameter.newValue === 'string'
-        ? escapeNewlines(parameter.newValue)
-        : parameter.newValue;
+        ? escapeNewlines(value as string)
+        : value;
 
       return result;
     }, {} as Record<string, unknown>)
@@ -69,9 +70,10 @@ function prettyFormatDestroyPlan(plan: ResourcePlan): string {
         return result;
       }
 
+      const value = parameter.isSensitive ? '[Sensitive]' : parameter.previousValue;
       result[parameter.name] = typeof parameter.previousValue === 'string'
-        ? escapeNewlines(parameter.previousValue)
-        : parameter.previousValue;
+        ? escapeNewlines(value as string)
+        : value;
 
       return result;
     }, {} as Record<string, unknown>)
@@ -89,11 +91,11 @@ function prettyFormatModifyPlan(plan: ResourcePlan): string {
   ];
 
   for (const parameter of plan.parameters) {
-
     // TODO: Add support for object types as well in the future
     if ((Array.isArray(parameter.previousValue) || parameter.previousValue === null)
       && (Array.isArray(parameter.newValue) || parameter.newValue === null)
       && !(parameter.previousValue === null && parameter.newValue === null)
+      && !parameter.isSensitive
     ) {
       const line = formatArray(parameter);
       builder.push(line);
@@ -121,27 +123,36 @@ function escapeNewlines(str: string): string {
 function formatParameter(parameter: PlanResponseData['parameters'][0]): string {
   switch (parameter.operation) {
     case ParameterOperation.NOOP: {
+      const value = parameter.isSensitive ? '[Sensitive]' : parameter.newValue;
+
       return typeof parameter.newValue === 'string'
-        ? `"${parameter.name}": "${escapeNewlines(parameter.newValue)}",`
-        : `"${parameter.name}": ${parameter.newValue},`
+        ? `"${parameter.name}": "${escapeNewlines(value as string)}",`
+        : `"${parameter.name}": ${value},`
     }
 
     case ParameterOperation.ADD: {
+      const value = parameter.isSensitive ? '[Sensitive]' : parameter.newValue;
+
       return typeof parameter.newValue === 'string'
-        ? chalk.green(`"${parameter.name}": "${escapeNewlines(parameter.newValue)}",`)
-        : chalk.green(`"${parameter.name}": ${parameter.newValue},`)
+        ? chalk.green(`"${parameter.name}": "${escapeNewlines(value as string)}",`)
+        : chalk.green(`"${parameter.name}": ${value},`)
     }
 
     case ParameterOperation.REMOVE: {
+      const value = parameter.isSensitive ? '[Sensitive]' : parameter.previousValue;
+
       return typeof parameter.previousValue === 'string'
-        ? chalk.red(`"${parameter.name}": "${escapeNewlines(parameter.previousValue)}",`)
-        : chalk.red(`"${parameter.name}": ${parameter.previousValue},`)
+        ? chalk.red(`"${parameter.name}": "${escapeNewlines(value as string)}",`)
+        : chalk.red(`"${parameter.name}": ${value},`)
     }
 
     case ParameterOperation.MODIFY: {
+      const newValue = parameter.isSensitive ? '[Sensitive]' : parameter.newValue;
+      const previousValue = parameter.isSensitive ? '[Sensitive]' : parameter.previousValue;
+
       return typeof parameter.newValue === 'string' && typeof parameter.previousValue === 'string'
-        ? `"${parameter.name}": "${escapeNewlines(parameter.previousValue)}" -> "${escapeNewlines(parameter.newValue)}",`
-        : `"${parameter.name}": ${parameter.previousValue} -> ${parameter.newValue},`
+        ? `"${parameter.name}": "${escapeNewlines(previousValue as string)}" -> "${escapeNewlines(newValue as string)}",`
+        : `"${parameter.name}": ${previousValue} -> ${newValue},`
     }
   }
 }