ephemeral: remove write only paths

we might need them later on, but it will be easier to find the right place and abstraction when the need to use them arises

internal/plans/changes.go

@@ -582,10 +582,6 @@ type Change struct {
 	// collections/structures.
 	Before, After cty.Value
 
-	// BeforeWriteOnlyPaths and AfterWriteOnlyPaths are paths for any values
-	// in Before or After (respectively) that are considered to be write-only.
-	BeforeWriteOnlyPaths, AfterWriteOnlyPaths []cty.Path
-
 	// Importing is present if the resource is being imported as part of this
 	// change.
 	//
@@ -649,8 +645,6 @@ func (c *Change) Encode(ty cty.Type) (*ChangeSrc, error) {
 		After:                afterDV,
 		BeforeSensitivePaths: sensitiveAttrsBefore,
 		AfterSensitivePaths:  sensitiveAttrsAfter,
-		BeforeWriteOnlyPaths: c.BeforeWriteOnlyPaths,
-		AfterWriteOnlyPaths:  c.AfterWriteOnlyPaths,
 		Importing:            c.Importing.Encode(),
 		GeneratedConfig:      c.GeneratedConfig,
 	}, nil

internal/plans/changes_src.go

@@ -130,12 +130,6 @@ func (c *ChangesSrc) Decode(schemas *schemarepo.Schemas) (*Changes, error) {
 		rc.Before = marks.MarkPaths(rc.Before, marks.Sensitive, rcs.BeforeSensitivePaths)
 		rc.After = marks.MarkPaths(rc.After, marks.Sensitive, rcs.AfterSensitivePaths)
 
-		rc.Before = marks.MarkPaths(rc.Before, marks.Ephemeral, rcs.BeforeWriteOnlyPaths)
-		rc.After = marks.MarkPaths(rc.After, marks.Ephemeral, rcs.BeforeWriteOnlyPaths)
-
-		rc.BeforeWriteOnlyPaths = rcs.BeforeWriteOnlyPaths
-		rc.AfterWriteOnlyPaths = rcs.AfterWriteOnlyPaths
-
 		changes.Resources = append(changes.Resources, rc)
 	}
 
@@ -394,10 +388,6 @@ type ChangeSrc struct {
 	// the serialized change.
 	BeforeSensitivePaths, AfterSensitivePaths []cty.Path
 
-	// BeforeWriteOnlyPaths and AfterWriteOnlyPaths are paths for any values
-	// in Before or After (respectively) that are considered to be write-only.
-	BeforeWriteOnlyPaths, AfterWriteOnlyPaths []cty.Path
-
 	// Importing is present if the resource is being imported as part of this
 	// change.
 	//

internal/states/instance_object.go

@@ -50,10 +50,6 @@ type ResourceInstanceObject struct {
 	// destroy operations, we need to record the status to ensure a resource
 	// removed from the config will still be destroyed in the same manner.
 	CreateBeforeDestroy bool
-
-	// AttrWriteOnlyPaths is an array of paths to mark as ephemeral coming out of
-	// state, or to save as write_only paths when saving state
-	AttrWriteOnlyPaths []cty.Path
 }
 
 // ObjectStatus represents the status of a RemoteObject.
@@ -139,7 +135,6 @@ func (o *ResourceInstanceObject) Encode(ty cty.Type, schemaVersion uint64) (*Res
 		SchemaVersion:       schemaVersion,
 		AttrsJSON:           src,
 		AttrSensitivePaths:  sensitivePaths,
-		AttrWriteOnlyPaths:  o.AttrWriteOnlyPaths,
 		Private:             o.Private,
 		Status:              o.Status,
 		Dependencies:        dependencies,

internal/states/instance_object_src.go

@@ -57,10 +57,6 @@ type ResourceInstanceObjectSrc struct {
 	// state, or to save as sensitive paths when saving state
 	AttrSensitivePaths []cty.Path
 
-	// AttrWriteOnlyPaths is an array of paths to mark as ephemeral coming out of
-	// state, or to save as write_only paths when saving state
-	AttrWriteOnlyPaths []cty.Path
-
 	// These fields all correspond to the fields of the same name on
 	// ResourceInstanceObject.
 	Private             []byte
@@ -100,7 +96,6 @@ func (os *ResourceInstanceObjectSrc) Decode(ty cty.Type) (*ResourceInstanceObjec
 	default:
 		val, err = ctyjson.Unmarshal(os.AttrsJSON, ty)
 		val = marks.MarkPaths(val, marks.Sensitive, os.AttrSensitivePaths)
-		val = marks.MarkPaths(val, marks.Ephemeral, os.AttrWriteOnlyPaths)
 		if err != nil {
 			return nil, err
 		}
@@ -112,7 +107,6 @@ func (os *ResourceInstanceObjectSrc) Decode(ty cty.Type) (*ResourceInstanceObjec
 		Dependencies:        os.Dependencies,
 		Private:             os.Private,
 		CreateBeforeDestroy: os.CreateBeforeDestroy,
-		AttrWriteOnlyPaths:  os.AttrWriteOnlyPaths,
 	}, nil
 }
 

internal/states/remote/state_test.go

@@ -129,9 +129,8 @@ func TestStatePersist(t *testing.T) {
 										"attributes_flat": map[string]interface{}{
 											"filename": "file.txt",
 										},
-										"schema_version":        0.0,
-										"sensitive_attributes":  []interface{}{},
-										"write_only_attributes": []interface{}{},
+										"schema_version":       0.0,
+										"sensitive_attributes": []interface{}{},
 									},
 								},
 								"mode":     "managed",
@@ -168,9 +167,8 @@ func TestStatePersist(t *testing.T) {
 										"attributes_flat": map[string]interface{}{
 											"filename": "file.txt",
 										},
-										"schema_version":        0.0,
-										"sensitive_attributes":  []interface{}{},
-										"write_only_attributes": []interface{}{},
+										"schema_version":       0.0,
+										"sensitive_attributes": []interface{}{},
 									},
 								},
 								"mode":     "managed",

internal/states/state_deepcopy.go

@@ -148,12 +148,6 @@ func (os *ResourceInstanceObjectSrc) DeepCopy() *ResourceInstanceObjectSrc {
 		copy(sensitiveAttrPaths, os.AttrSensitivePaths)
 	}
 
-	var writeOnlyAttrPaths []cty.Path
-	if os.AttrWriteOnlyPaths != nil {
-		writeOnlyAttrPaths = make([]cty.Path, len(os.AttrWriteOnlyPaths))
-		copy(writeOnlyAttrPaths, os.AttrWriteOnlyPaths)
-	}
-
 	var private []byte
 	if os.Private != nil {
 		private = make([]byte, len(os.Private))
@@ -175,7 +169,6 @@ func (os *ResourceInstanceObjectSrc) DeepCopy() *ResourceInstanceObjectSrc {
 		AttrsFlat:           attrsFlat,
 		AttrsJSON:           attrsJSON,
 		AttrSensitivePaths:  sensitiveAttrPaths,
-		AttrWriteOnlyPaths:  writeOnlyAttrPaths,
 		Dependencies:        dependencies,
 		CreateBeforeDestroy: os.CreateBeforeDestroy,
 		decodeValueCache:    os.decodeValueCache,

internal/states/statefile/version4.go

@@ -166,16 +166,6 @@ func prepareStateV4(sV4 *stateV4) (*File, tfdiags.Diagnostics) {
 				obj.AttrSensitivePaths = paths
 			}
 
-			// write-only paths
-			if isV4.AttributeWriteOnlyPaths != nil {
-				paths, pathsDiags := unmarshalPaths([]byte(isV4.AttributeWriteOnlyPaths))
-				diags = diags.Append(pathsDiags)
-				if pathsDiags.HasErrors() {
-					continue
-				}
-				obj.AttrWriteOnlyPaths = paths
-			}
-
 			{
 				// Status
 				raw := isV4.Status
@@ -492,8 +482,6 @@ func appendInstanceObjectStateV4(rs *states.Resource, is *states.ResourceInstanc
 	// Marshal paths to JSON
 	attributeSensitivePaths, pathsDiags := marshalPaths(obj.AttrSensitivePaths)
 	diags = diags.Append(pathsDiags)
-	attributeWriteOnlyPaths, pathsDiags := marshalPaths(obj.AttrWriteOnlyPaths)
-	diags = diags.Append(pathsDiags)
 
 	return append(isV4s, instanceObjectStateV4{
 		IndexKey:                rawKey,
@@ -503,7 +491,6 @@ func appendInstanceObjectStateV4(rs *states.Resource, is *states.ResourceInstanc
 		AttributesFlat:          obj.AttrsFlat,
 		AttributesRaw:           obj.AttrsJSON,
 		AttributeSensitivePaths: attributeSensitivePaths,
-		AttributeWriteOnlyPaths: attributeWriteOnlyPaths,
 		PrivateRaw:              privateRaw,
 		Dependencies:            deps,
 		CreateBeforeDestroy:     obj.CreateBeforeDestroy,
@@ -714,7 +701,6 @@ type instanceObjectStateV4 struct {
 	AttributesRaw           json.RawMessage   `json:"attributes,omitempty"`
 	AttributesFlat          map[string]string `json:"attributes_flat,omitempty"`
 	AttributeSensitivePaths json.RawMessage   `json:"sensitive_attributes,omitempty"`
-	AttributeWriteOnlyPaths json.RawMessage   `json:"write_only_attributes,omitempty"`
 
 	PrivateRaw []byte `json:"private,omitempty"`
 

internal/terraform/context_apply_ephemeral_test.go

@@ -420,10 +420,6 @@ resource "ephem_write_only" "wo" {
 		t.Fatalf("Expected 1 resource change, got %d", len(plan.Changes.Resources))
 	}
 
-	if len(plan.Changes.Resources[0].AfterWriteOnlyPaths) != 1 {
-		t.Fatalf("Expected 1 write-only attribute in plan, got %d", len(plan.Changes.Resources[0].AfterWriteOnlyPaths))
-	}
-
 	schemas, schemaDiags := ctx.Schemas(m, plan.PriorState)
 	assertNoDiagnostics(t, schemaDiags)
 	planChanges, err := plan.Changes.Decode(schemas)
@@ -475,14 +471,6 @@ resource "ephem_write_only" "wo" {
 	if !attrs.Value.GetAttr("write_only").IsNull() {
 		t.Fatalf("write_only attribute should be null")
 	}
-
-	if len(resourceInstance.Current.AttrWriteOnlyPaths) != 1 {
-		t.Fatalf("Expected 1 write only attribute in apply")
-	}
-
-	if !resourceInstance.Current.AttrWriteOnlyPaths[0].Equals(cty.GetAttrPath("write_only")) {
-		t.Fatalf("Expected write_only to be a write only attribute")
-	}
 }
 
 func TestContext2Apply_update_write_only_attribute_not_in_plan_and_state(t *testing.T) {
@@ -560,10 +548,6 @@ resource "ephem_write_only" "wo" {
 		t.Fatalf("Expected 1 resource change, got %d", len(plan.Changes.Resources))
 	}
 
-	if len(plan.Changes.Resources[0].AfterWriteOnlyPaths) != 1 {
-		t.Fatalf("Expected 1 write-only attribute in plan, got %d", len(plan.Changes.Resources[0].AfterWriteOnlyPaths))
-	}
-
 	schemas, schemaDiags := ctx.Schemas(m, plan.PriorState)
 	assertNoDiagnostics(t, schemaDiags)
 	planChanges, err := plan.Changes.Decode(schemas)
@@ -615,14 +599,6 @@ resource "ephem_write_only" "wo" {
 	if !attrs.Value.GetAttr("write_only").IsNull() {
 		t.Fatalf("write_only attribute should be null")
 	}
-
-	if len(resourceInstance.Current.AttrWriteOnlyPaths) != 1 {
-		t.Fatalf("Expected 1 write only attribute in apply")
-	}
-
-	if !resourceInstance.Current.AttrWriteOnlyPaths[0].Equals(cty.GetAttrPath("write_only")) {
-		t.Fatalf("Expected write_only to be a write only attribute")
-	}
 }
 
 func TestContext2Apply_normal_attributes_becomes_write_only_attribute(t *testing.T) {
@@ -701,10 +677,6 @@ resource "ephem_write_only" "wo" {
 		t.Fatalf("Expected 1 resource change, got %d", len(plan.Changes.Resources))
 	}
 
-	if len(plan.Changes.Resources[0].AfterWriteOnlyPaths) != 1 {
-		t.Fatalf("Expected 1 write-only attribute in plan, got %d", len(plan.Changes.Resources[0].AfterWriteOnlyPaths))
-	}
-
 	schemas, schemaDiags := ctx.Schemas(m, plan.PriorState)
 	assertNoDiagnostics(t, schemaDiags)
 	planChanges, err := plan.Changes.Decode(schemas)
@@ -756,12 +728,4 @@ resource "ephem_write_only" "wo" {
 	if !attrs.Value.GetAttr("write_only").IsNull() {
 		t.Fatalf("write_only attribute should be null")
 	}
-
-	if len(resourceInstance.Current.AttrWriteOnlyPaths) != 1 {
-		t.Fatalf("Expected 1 write only attribute in apply")
-	}
-
-	if !resourceInstance.Current.AttrWriteOnlyPaths[0].Equals(cty.GetAttrPath("write_only")) {
-		t.Fatalf("Expected write_only to be a write only attribute")
-	}
 }

internal/terraform/node_resource_abstract_instance.go

@@ -1202,9 +1202,6 @@ func (n *NodeAbstractResourceInstance) plan(
 			// Marks will be removed when encoding.
 			After:           plannedNewVal,
 			GeneratedConfig: n.generatedConfigHCL,
-
-			BeforeWriteOnlyPaths: ephemeral.EphemeralValuePaths(priorVal),
-			AfterWriteOnlyPaths:  ephemeralValuePaths,
 		},
 		ActionReason:    actionReason,
 		RequiredReplace: reqRep,
@@ -1218,10 +1215,9 @@ func (n *NodeAbstractResourceInstance) plan(
 		// must _also_ record the returned change in the active plan,
 		// which the expression evaluator will use in preference to this
 		// incomplete value recorded in the state.
-		Status:             states.ObjectPlanned,
-		Value:              plannedNewVal,
-		Private:            plannedPrivate,
-		AttrWriteOnlyPaths: ephemeralValuePaths,
+		Status:  states.ObjectPlanned,
+		Value:   plannedNewVal,
+		Private: plannedPrivate,
 	}
 
 	return plan, state, deferred, keyData, diags

internal/terraform/node_resource_apply_instance.go

@@ -10,7 +10,6 @@ import (
 	"github.com/hashicorp/terraform/internal/addrs"
 	"github.com/hashicorp/terraform/internal/configs"
 	"github.com/hashicorp/terraform/internal/instances"
-	"github.com/hashicorp/terraform/internal/lang/ephemeral"
 	"github.com/hashicorp/terraform/internal/plans"
 	"github.com/hashicorp/terraform/internal/plans/objchange"
 	"github.com/hashicorp/terraform/internal/providers"
@@ -324,10 +323,6 @@ func (n *NodeApplyableResourceInstance) managedResourceExecute(ctx EvalContext)
 	if state != nil {
 		// dependencies are always updated to match the configuration during apply
 		state.Dependencies = n.Dependencies
-
-		// The value is updated to remove ephemeral values
-		state.Value = ephemeral.RemoveEphemeralValues(state.Value)
-		state.AttrWriteOnlyPaths = diffApply.AfterWriteOnlyPaths
 	}
 	err = n.writeResourceInstanceState(ctx, state, workingState)
 	if err != nil {