Set user_kustomization pre- and post-commands as sensitive

Author: vsalomaki

MIGRATION.md

@@ -2,7 +2,7 @@
 
 # 2.18.3 -> 2.19.0
 
-## Extra_kustomization
+## User Kustomization
 The extra_kustomization-feature has been moved to a module so that multiple extra_kustomizations can be run in sequential steps.
 A new variable `user_kustomizations` is now in use, which contains the previous extra_kustomize_* vars.
 

README.md

@@ -444,7 +444,7 @@ In `kube.tf`, specify the folders in `user_kustomizations`.
       kustomize_parameters = {
         eso_access_username = "..."
         eso_access_password = "..."
-	    }      
+      }
     },
     ...
   }

docs/llms.md

@@ -2225,7 +2225,7 @@ Locked and loaded! Let's continue the detailed exploration.
 ```
 
 * **`user_kustomizations` (Map of Objects, Optional):**
-  * **Purpose:** Allows you to specify Kustomization sets that are run sequantially, with each set containing its own source_folder, pre_commands, post_commands and kustomize_parameters
+  * **Purpose:** Allows you to specify Kustomization sets that are run sequentially, with each set containing its own source_folder, pre_commands, post_commands and kustomize_parameters
   * **Use Cases:**
     * Some applications deployed via Helm or Kustomize install CustomResourceDefinitions (CRDs) first, and then CustomResources (CRs) that depend on those CRDs. There can be a race condition if the CRs are applied before the CRDs are fully registered. You could add a command here to wait for CRDs to become available (e.g., `kubectl wait --for condition=established crd/mycrd.example.com --timeout=120s`).
     * The `user_kustomizations`-map allows you to define steps of install where e.g. the first step installs CRDs, checks for their proper existence and then second step that install further CRs.

kustomization_user.tf

@@ -12,8 +12,10 @@ locals {
 
   processed_kustomizes = {
     for key, config in local.user_kustomize_defaulted : key => merge(config, {
-      # kustomize_parameters may contain secrets
-      kustomize_parameters = sensitive(config.kustomize_parameters)
+      # kustomize_parameters, pre_commands, and post_commands may contain secrets
+      kustomize_parameters = sensitive(config.kustomize_parameters),
+      pre_commands         = sensitive(config.pre_commands),
+      post_commands        = sensitive(config.post_commands)
     })
   }
 }

modules/user_kustomization_set/variables.tf

@@ -35,11 +35,13 @@ variable "template_parameters" {
 }
 
 variable "pre_commands_string" {
-  type    = string
-  default = ""
+  type      = string
+  default   = ""
+  sensitive = true
 }
 
 variable "post_commands_string" {
-  type    = string
-  default = ""
+  type      = string
+  default   = ""
+  sensitive = true
 }

modules/user_kustomizations/variables.tf

@@ -23,6 +23,7 @@ variable "kustomizations_map" {
   }))
   default     = {}
   description = "Map of kustomization entries, where key is the order number."
+  sensitive   = true
   validation {
     condition = alltrue([
       for key in keys(var.kustomizations_map) :