Merge pull request #5 from RoseSecurity/add-sensitive-vars

feat: add more outputs, clean up tui, and update gitignore

Author: RoseSecurity

.gitignore

@@ -22,4 +22,5 @@ go.work
 go.work.sum
 
 # env file
+build/**
 .env

internal/analyze.go

@@ -7,14 +7,16 @@ import (
 )
 
 type Analytics struct {
-	VariableCount   int
-	ResourceCount   int
-	OutputCount     int
-	DataSourceCount int
-	ProviderCount   int
-	ModuleCount     int
-	FileCount       int
-	DocCount        int
+	VariableCount          int
+	SensitiveVariableCount int
+	ResourceCount          int
+	OutputCount            int
+	SensitiveOutputCount   int
+	DataSourceCount        int
+	ProviderCount          int
+	ModuleCount            int
+	FileCount              int
+	DocCount               int
 }
 
 func AnalyzeRepository(rootDir string) ([]Analytics, error) {
@@ -27,7 +29,7 @@ func AnalyzeRepository(rootDir string) ([]Analytics, error) {
 		return nil, ErrNoTerraformFiles
 	}
 
-	var totalVars, totalResources, totalOutputs, totalDataSources, totalModules, totalProviders int
+	var totalVars, totalResources, totalOutputs, totalDataSources, totalModules, totalProviders, totalSensitiveVars, totalSensitiveOutputs int
 
 	for dir := range dirs {
 		if !isTerraformDirectory(dir) {
@@ -45,6 +47,18 @@ func AnalyzeRepository(rootDir string) ([]Analytics, error) {
 		totalDataSources += len(repo.DataResources)
 		totalModules += len(repo.ModuleCalls)
 		totalProviders += len(repo.RequiredProviders)
+
+		for _, v := range repo.Variables {
+			if v.Sensitive {
+				totalSensitiveVars++
+			}
+		}
+
+		for _, v := range repo.Outputs {
+			if v.Sensitive {
+				totalSensitiveOutputs++
+			}
+		}
 	}
 
 	totalTfFiles, totalDocFiles, err := utils.FindFiles(rootDir)
@@ -54,14 +68,16 @@ func AnalyzeRepository(rootDir string) ([]Analytics, error) {
 
 	return []Analytics{
 		{
-			VariableCount:   totalVars,
-			ResourceCount:   totalResources,
-			OutputCount:     totalOutputs,
-			DataSourceCount: totalDataSources,
-			ProviderCount:   totalProviders,
-			ModuleCount:     totalModules,
-			FileCount:       totalTfFiles,
-			DocCount:        totalDocFiles,
+			VariableCount:          totalVars,
+			SensitiveVariableCount: totalSensitiveVars,
+			ResourceCount:          totalResources,
+			OutputCount:            totalOutputs,
+			SensitiveOutputCount:   totalSensitiveOutputs,
+			DataSourceCount:        totalDataSources,
+			ProviderCount:          totalProviders,
+			ModuleCount:            totalModules,
+			FileCount:              totalTfFiles,
+			DocCount:               totalDocFiles,
 		},
 	}, nil
 }

pkg/tui/ui.go

@@ -7,39 +7,76 @@ import (
 
 	"github.com/RoseSecurity/terrafetch/internal"
 	"github.com/charmbracelet/lipgloss"
+	"github.com/mattn/go-runewidth"
 )
 
 var (
 	borderColor = lipgloss.Color("99") // purple
 	container   = lipgloss.NewStyle().Border(lipgloss.RoundedBorder()).BorderForeground(borderColor)
 
 	headerStyle = lipgloss.NewStyle().Bold(true).Foreground(lipgloss.Color("63")) // magenta header
-	keyStyle    = lipgloss.NewStyle().Foreground(lipgloss.Color("111"))           // cyan keys
+	keyBase     = lipgloss.NewStyle().Foreground(lipgloss.Color("111"))           // cyan keys (base style)
 	valStyle    = lipgloss.NewStyle().Foreground(lipgloss.Color("15"))            // white values
 	logoStyle   = lipgloss.NewStyle().Foreground(lipgloss.Color("99"))            // purple logo
 )
 
-func padKey(k string) string {
-	return keyStyle.Render(fmt.Sprintf("%-10s:", k))
+// padKey dynamically pads and styles a key string based on the provided style
+// (whose width is already set to the widest key + 1 for the trailing colon).
+func padKey(k string, style lipgloss.Style) string {
+	return style.Render(k + ":")
 }
 
 func RenderInfo(dir string, a internal.Analytics) string {
+	// All label strings in the order they'll be rendered.
+	labels := []string{
+		"Terraform Files",
+		"Documentation",
+		"Providers",
+		"Module Calls",
+		"Resources",
+		"Data Sources",
+		"Variables",
+		"Sensitive Variables",
+		"Outputs",
+		"Sensitive Outputs",
+	}
+
+	// Find the widest label using runewidth (handles double‑width runes correctly).
+	max := 0
+	for _, l := range labels {
+		if w := runewidth.StringWidth(l); w > max {
+			max = w
+		}
+	}
+
+	// Clone the base key style and set its width dynamically.
+	keyStyle := keyBase.Width(max + 1) // +1 for the trailing colon
+
 	tfDir := filepath.Base(dir)
+
+	// Helper closure so we don't repeat ourselves.
+	pk := func(k string) string { return padKey(k, keyStyle) }
+
 	lines := []string{
 		headerStyle.Render(tfDir),
-		headerStyle.Render(strings.Repeat("-", len(tfDir))),
-		fmt.Sprintf("%s %s", padKey("Files"), valStyle.Render(fmt.Sprint(a.FileCount))),
-		fmt.Sprintf("%s %s", padKey("Docs"), valStyle.Render(fmt.Sprint(a.DocCount))),
-		fmt.Sprintf("%s %s", padKey("Resources"), valStyle.Render(fmt.Sprint(a.ResourceCount))),
-		fmt.Sprintf("%s %s", padKey("Modules"), valStyle.Render(fmt.Sprint(a.ModuleCount))),
-		fmt.Sprintf("%s %s", padKey("Variables"), valStyle.Render(fmt.Sprint(a.VariableCount))),
-		fmt.Sprintf("%s %s", padKey("Outputs"), valStyle.Render(fmt.Sprint(a.OutputCount))),
-		fmt.Sprintf("%s %s", padKey("Providers"), valStyle.Render(fmt.Sprint(a.ProviderCount))),
+		headerStyle.Render(strings.Repeat("-", runewidth.StringWidth(tfDir))),
+		fmt.Sprintf("%s %s", pk("Terraform Files"), valStyle.Render(fmt.Sprint(a.FileCount))),
+		fmt.Sprintf("%s %s", pk("Documentation"), valStyle.Render(fmt.Sprint(a.DocCount))),
+		fmt.Sprintf("%s %s", pk("Providers"), valStyle.Render(fmt.Sprint(a.ProviderCount))),
+		fmt.Sprintf("%s %s", pk("Module Calls"), valStyle.Render(fmt.Sprint(a.ModuleCount))),
+		fmt.Sprintf("%s %s", pk("Resources"), valStyle.Render(fmt.Sprint(a.ResourceCount))),
+		fmt.Sprintf("%s %s", pk("Data Sources"), valStyle.Render(fmt.Sprint(a.DataSourceCount))),
+		fmt.Sprintf("%s %s", pk("Variables"), valStyle.Render(fmt.Sprint(a.VariableCount))),
+		fmt.Sprintf("%s %s", pk("Sensitive Variables"), valStyle.Render(fmt.Sprint(a.SensitiveVariableCount))),
+		fmt.Sprintf("%s %s", pk("Outputs"), valStyle.Render(fmt.Sprint(a.OutputCount))),
+		fmt.Sprintf("%s %s", pk("Sensitive Outputs"), valStyle.Render(fmt.Sprint(a.SensitiveOutputCount))),
 	}
 
 	rightColumn := lipgloss.NewStyle().
 		PaddingLeft(4).
+		PaddingRight(4).
 		Render(strings.Join(lines, "\n"))
+
 	logoColumn := logoStyle.Render(logo)
 
 	return container.Render(

tests/small.tf

@@ -0,0 +1,87 @@
+terraform {
+  required_version = ">= 1.7.0"
+
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+
+############################
+# Providers
+############################
+provider "aws" {
+  region = var.aws_region
+}
+
+############################
+# Variables (including a sensitive one)
+############################
+variable "aws_region" {
+  type        = string
+  description = "AWS region to deploy into"
+  default     = "us-east-1"
+}
+
+variable "project" {
+  type        = string
+  description = "Project name used as a prefix for resources"
+}
+
+variable "db_password" {
+  type        = string
+  description = "Database password (kept secret)"
+  sensitive   = true
+}
+
+############################
+# Data source
+############################
+
+data "aws_ssm_parameter" "password" {
+  name = "secret"
+}
+
+############################
+# Module call
+############################
+module "vpc" {
+  source  = "terraform-aws-modules/vpc/aws"
+  version = ">= 5.0.0"
+
+  name = "${var.project}-vpc"
+  cidr = "10.0.0.0/16"
+}
+
+############################
+# Resource example
+############################
+resource "aws_s3_bucket" "artifact" {
+  bucket = "${var.project}-artifact-bucket"
+
+  tags = {
+    Project = var.project
+  }
+}
+
+############################
+# Outputs
+############################
+output "vpc_id" {
+  description = "ID of the VPC created by the module"
+  value       = module.vpc.vpc_id
+}
+
+output "artifact_bucket_id" {
+  description = "ID of the S3 bucket for artifacts"
+  value       = aws_s3_bucket.artifact.id
+}
+
+output "sensitive_variable_example" {
+  description = "Demonstrates a sensitive output (will be redacted on CLI)"
+  value       = var.db_password
+  sensitive   = true
+}
+