feat: Add insecure_value to datasource aws_ssm_parameter

[Jno21]

Description

Add insecure_value to datasource aws_ssm_parameter. The idea is to have the possibility to expose the value as insecure like in the resource aws_ssm_parameter.

Relations

Closes #26915

References

Output from Acceptance Testing

$ make testacc TESTS=TestAccSSMParameterDataSource_basic PKG=ssm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ssm/... -v -count 1 -parallel 20 -run='TestAccSSMParameterDataSource_basic'  -timeout 180m
=== RUN   TestAccSSMParameterDataSource_basic
=== PAUSE TestAccSSMParameterDataSource_basic
=== CONT  TestAccSSMParameterDataSource_basic
--- PASS: TestAccSSMParameterDataSource_basic (107.81s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ssm        122.663s

$ make testacc TESTS=TestAccSSMParameterDataSource_fullPath PKG=ssm
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ssm/... -v -count 1 -parallel 20 -run='TestAccSSMParameterDataSource_fullPath'  -timeout 180m
=== RUN   TestAccSSMParameterDataSource_fullPath
=== PAUSE TestAccSSMParameterDataSource_fullPath
=== CONT  TestAccSSMParameterDataSource_fullPath
--- PASS: TestAccSSMParameterDataSource_fullPath (120.89s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ssm        137.380s

[github-actions]

Community Note

Voting for Prioritization

• Please vote on this pull request by adding a 👍 reaction to the original post to help the community and maintainers prioritize this pull request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

For Submitters

• Review the contribution guide relating to the type of change you are making to ensure all of the necessary steps have been taken.
• For new resources and data sources, use skaff to generate scaffolding with comments detailing common expectations.
• Whether or not the branch has been rebased will not impact prioritization, but doing so is always a welcome surprise.

[agupta94]

@Jno21 ThankYou for this PR!
Would it be easier to add nonsensitive = true that would flag value to be nonsensitive?
That would prevent us from switching all references of value to insecure_value, otherwise this is no different than simply doing nonsensitive(data.aws_ssm_parameter.xyz.value) currently.

[Jno21]

@agupta94 Thank you for your comment.

Would it be easier to add nonsensitive = true that would flag value to be nonsensitive? That would prevent us from switching all references of value to insecure_value, otherwise this is no different than simply doing nonsensitive(data.aws_ssm_parameter.xyz.value) currently.

That would be an idea, my first though was to have the value exposed as sensitive or not depending on the SecureString or String in ssm parameter. Unfortunately the way I understand the Terraform SDK it is not possible to change dynamically the value of a sensitive value since it is set in the Schema before any interaction, if I am wrong on this I will be happy to know how to do it.
I also think that the vision of the aws provider is to avoid implicit behaviors, having a behavior that change the way a value work depending on something else is quite risky and can induce error.

Globally I follow what was done here: #25721 to have the same behavior on the resource and data.

To answer the last part, yes indeed doing nonsensitive would be the same, but that would also mean using locals if you want to use that value multiples time, I think the insecure_value make it easier code wise.

If there is a better solution possible, that I didn't think of and it respect the way this provider wants to go, I would be totally down to work on it :)

[nam054]

🚀 LGTM! Thank you for your contribution!!

==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./internal/service/ssm/... -v -count 1 -parallel 20  -run=TestAccSSMParameterDataSource_ -timeout 180m
=== RUN   TestAccSSMParameterDataSource_basic
=== PAUSE TestAccSSMParameterDataSource_basic
=== RUN   TestAccSSMParameterDataSource_fullPath
=== PAUSE TestAccSSMParameterDataSource_fullPath
=== RUN   TestAccSSMParameterDataSource_insecureValue
=== PAUSE TestAccSSMParameterDataSource_insecureValue
=== CONT  TestAccSSMParameterDataSource_basic
=== CONT  TestAccSSMParameterDataSource_insecureValue
=== CONT  TestAccSSMParameterDataSource_fullPath
--- PASS: TestAccSSMParameterDataSource_fullPath (16.82s)
--- PASS: TestAccSSMParameterDataSource_insecureValue (17.02s)
--- PASS: TestAccSSMParameterDataSource_basic (28.23s)
PASS
ok      github.com/hashicorp/terraform-provider-aws/internal/service/ssm        31.573s

[github-actions]

This functionality has been released in v5.8.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.