Generate the corresponding Kubernetes secret references for the sensi…

…tive Terraform

configuration arguments also under the spec.initProvider API tree.

Signed-off-by: Alper Rifat Ulucinar <ulucinar@users.noreply.github.com>

pkg/resource/sensitive.go

@@ -127,7 +127,7 @@ func GetSensitiveAttributes(from map[string]any, mapping map[string]string) (map
 			// Note(turkenh): k8s secrets uses a strict regex to validate secret
 			// keys which does not allow having brackets inside. So, we need to
 			// do a conversion to be able to store as connection secret keys.
-			// See https://github.com/crossplane/upjet/pull/94 for
+			// See https://github.com/crossplane/terrajet/pull/94 for
 			// more details.
 			k, err := fieldPathToSecretKey(fp)
 			if err != nil {

pkg/types/field.go

@@ -50,6 +50,9 @@ type Field struct {
 	// Injected is set if this Field is an injected field to the Terraform
 	// schema as an object list map key for server-side apply merges.
 	Injected bool
+	// Sensitive is set if this Field holds sensitive data and is thus
+	// generated as a secret reference.
+	Sensitive bool
 }
 
 // getDocString tries to extract the documentation string for the specified
@@ -268,6 +271,7 @@ func NewSensitiveField(g *Builder, cfg *config.Resource, r *resource, sch *schem
 	if err != nil {
 		return nil, false, err
 	}
+	f.Sensitive = true
 
 	if IsObservation(f.Schema) {
 		cfg.Sensitive.AddFieldPath(traverser.FieldPathWithWildcard(f.TerraformPaths), "status.atProvider."+traverser.FieldPathWithWildcard(f.CRDPaths))
@@ -415,7 +419,7 @@ func (f *Field) AddToResource(g *Builder, r *resource, typeNames *TypeNames, add
 // an earlier step, so they cannot be included as well. Plus probably they
 // should also not change for Create and Update steps.
 func (f *Field) isInit() bool {
-	return !f.Identifier && (f.TFTag != "-" || f.Injected)
+	return !f.Identifier && (f.TFTag != "-" || f.Injected || f.Sensitive)
 }
 
 func getDescription(s string) string {