Add support for ephemeral value in Windows VM clone

[oeRIoV]

Code of Conduct

• I have read and agree to the project's Code of Conduct.
• Vote on this issue by adding a 👍 reaction to the original issue initial description to help the maintainers prioritize.
• Do not leave "+1" or other comments that do not add relevant information or questions.
• If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Description

Terraform 1.10 or later supports adding ephemeral argument to variables.

I tried applying ephemeral=true to admin_password and domain_admin_password in vsphere_virtual_machine resource during the cloning of a Windows machine and it fails with:

│ Error: Invalid use of ephemeral value
.
.
.
│ 
│ Ephemeral values are not valid for "clone", because it is not an assignable attribute.

Resource block:

resource "vsphere_virtual_machine" "win_vm" {
    guest_id = "windows2019srvNext_64Guest"
    name     = "win_vm.domain.com"
    clone {
        template_uuid = "xxxx-xxxx-xxxx-xxxx-xxxx"
        customize {
            network_interface {
                dns_domain = "domain.com"
                dns_server_list = [
                    "8.8.8.8",
                ]
            }
            windows_options {
                admin_password        = var.admin_password
                computer_name         = "win_vm"
                domain_admin_password = var.domain_admin_password
                domain_admin_user     = "domain_user"
                full_name             = "Administrator"
                join_domain           = "domain.com"
            }
        }
    }
    disk {
        label = "disk0"
        size  = 100

    }
}

Variables:

variable "domain_admin_password" {
  type        = string
  default     = "Super5ecret!"
  sensitive   = true
  ephemeral   = true
}

variable "admin_password" {
  type        = string
  default     = "Super5ecret!"
  sensitive   = true
  ephemeral   = true
}

Use Case(s)

Hide sensitive Windows admin_password and domain_admin_password without storing them in Terraform state files.

Potential Configuration

variable "domain_admin_password" {
  type        = string
  default     = "Super5ecret!"
  sensitive   = true
  ephemeral   = true
}

variable "admin_password" {
  type        = string
  default     = "Super5ecret!"
  sensitive   = true
  ephemeral   = true
}

References

Terraform's doc for hiding sensitive data: https://developer.hashicorp.com/terraform/language/manage-sensitive-data

[tenthirtyam]

This would require a transition from terraform-plugin-sdk/v2 to terraform-plugin-framework.