feat: Add resource level isSensitive

kevinwang5658 · kevinwang5658 · commit 1e3f1e90e426 · 2025-12-13T20:18:10.000-05:00
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "codify-plugin-lib",
-  "version": "1.0.177",
+  "version": "1.0.180",
   "description": "Library plugin library",
   "main": "dist/index.js",
   "typings": "dist/index.d.ts",
diff --git a/src/plugin/plugin.ts b/src/plugin/plugin.ts
@@ -59,13 +59,24 @@ export class Plugin {
 
     return {
       resourceDefinitions: [...this.resourceControllers.values()]
-        .map((r) => ({
-          dependencies: r.dependencies,
-          type: r.typeId,
-          sensitiveParameters: Object.entries(r.settings.parameterSettings ?? {})
+        .map((r) => {
+          const sensitiveParameters = Object.entries(r.settings.parameterSettings ?? {})
             .filter(([, v]) => v?.isSensitive)
-            .map(([k]) => k),
-        }))
+            .map(([k]) => k);
+
+          // Here we add '*' if the resource is sensitive but no sensitive parameters are found. This works because the import
+          // sensitivity check only checks for the existance of a sensitive parameter whereas the parameter blocking one blocks
+          // on a specific sensitive parameter.
+          if (r.settings.isSensitive && sensitiveParameters.length === 0) {
+            sensitiveParameters.push('*');
+          }
+
+          return {
+            dependencies: r.dependencies,
+            type: r.typeId,
+            sensitiveParameters,
+          }
+        })
     }
   }
 
@@ -87,10 +98,17 @@ export class Plugin {
     const allowMultiple = resource.settings.allowMultiple !== undefined
       && resource.settings.allowMultiple !== false;
 
+    // Here we add '*' if the resource is sensitive but no sensitive parameters are found. This works because the import
+    // sensitivity check only checks for the existance of a sensitive parameter whereas the parameter blocking one blocks
+    // on a specific sensitive parameter.
     const sensitiveParameters = Object.entries(resource.settings.parameterSettings ?? {})
       .filter(([, v]) => v?.isSensitive)
       .map(([k]) => k);
 
+    if (resource.settings.isSensitive && sensitiveParameters.length === 0) {
+      sensitiveParameters.push('*');
+    }
+
     return {
       plugin: this.name,
       type: data.type,
diff --git a/src/resource/resource-settings.ts b/src/resource/resource-settings.ts
@@ -27,6 +27,12 @@ export interface ResourceSettings<T extends StringIndexedObject> {
    */
   schema?: Partial<JSONSchemaType<T | any>>;
 
+  /**
+   * Mark the resource as sensitive. Defaults to false. This prevents the resource from automatically being imported by init and import.
+   * This differs from the parameter level sensitivity which also prevents the parameter value from being displayed in the plan.
+   */
+  isSensitive?: boolean;
+
   /**
    * Allow multiple of the same resource to unique. Set truthy if
    * multiples are allowed, for example for applications, there can be multiple copy of the same application installed

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "codify-plugin-lib",`
`3`		`- "version": "1.0.177",`
	`3`	`+ "version": "1.0.180",`
`4`	`4`	`"description": "Library plugin library",`
`5`	`5`	`"main": "dist/index.js",`
`6`	`6`	`"typings": "dist/index.d.ts",`