From bd7e9deddbba4bc9a95444fc0ba79a52fa6b97f8 Mon Sep 17 00:00:00 2001 From: Thomas Gummerer Date: Thu, 16 Nov 2023 13:58:21 +0100 Subject: [PATCH 1/4] pass through additional secret outputs from the provider schema Currently when the provider marks any outputs as secrets, the yaml language provider does not forward that information to the engine. Read the secret outputs from the schema and append them as additional secret outputs to tell the engine what needs to be kept secret. --- pkg/pulumiyaml/run.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/pkg/pulumiyaml/run.go b/pkg/pulumiyaml/run.go index b637ba04..e38198d9 100644 --- a/pkg/pulumiyaml/run.go +++ b/pkg/pulumiyaml/run.go @@ -1075,9 +1075,6 @@ func (e *programEvaluator) registerResource(kvp resourceNode) (lateboundResource return p, isPoison } - if v.Options.AdditionalSecretOutputs != nil { - opts = append(opts, pulumi.AdditionalSecretOutputs(listStrings(v.Options.AdditionalSecretOutputs))) - } if v.Options.Aliases != nil { var aliases []pulumi.Alias for _, s := range v.Options.Aliases.Elements { @@ -1236,6 +1233,14 @@ func (e *programEvaluator) registerResource(kvp resourceNode) (lateboundResource state = &r res = &r } + if v.Options.AdditionalSecretOutputs != nil { + opts = append(opts, pulumi.AdditionalSecretOutputs(listStrings(v.Options.AdditionalSecretOutputs))) + } + for _, prop := range resourceSchema.Properties { + if prop.Secret { + opts = append(opts, pulumi.AdditionalSecretOutputs([]string{prop.Name})) + } + } if !overallOk || e.sdiags.HasErrors() { return nil, false From 00a34a34b782742f89b61d2fa102000e47c07435 Mon Sep 17 00:00:00 2001 From: Thomas Gummerer Date: Thu, 16 Nov 2023 14:29:18 +0100 Subject: [PATCH 2/4] add changelog --- CHANGELOG_PENDING.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index 5ecddce9..f6952364 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -1,3 +1,5 @@ ### Improvements ### Bug Fixes + +- Fields marked as secret in the provider schema are now correctly handled as secrets. [#526](https://github.com/pulumi/pulumi-yaml/pull/526) From 5e0218dccb9ff080cdcd4c8af4cdb1931a496097 Mon Sep 17 00:00:00 2001 From: Thomas Gummerer Date: Thu, 16 Nov 2023 14:57:59 +0100 Subject: [PATCH 3/4] add test --- pkg/pulumiyaml/run_test.go | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/pkg/pulumiyaml/run_test.go b/pkg/pulumiyaml/run_test.go index 2e43f0c5..d11bbd3b 100644 --- a/pkg/pulumiyaml/run_test.go +++ b/pkg/pulumiyaml/run_test.go @@ -175,6 +175,16 @@ func newMockPackageMap() PackageLoader { Name: "foo", Type: schema.StringType, }) + case "test:resource:with-secret": + return inputProperties(typeName, schema.Property{ + Name: "foo", + Type: schema.StringType, + }, schema.Property{ + Name: "bar", + Type: schema.StringType, + Secret: true, + }) + default: return inputProperties(typeName) } @@ -1864,6 +1874,34 @@ resources: }) } +func TestResourceWithSecret(t *testing.T) { + t.Parallel() + + text := ` +name: test-secret +runtime: yaml +resources: + sec: + type: test:resource:with-secret + properties: + foo: baz + bar: frotz +` + tmpl := yamlTemplate(t, strings.TrimSpace(text)) + mocks := &testMonitor{ + NewResourceF: func(args pulumi.MockResourceArgs) (string, resource.PropertyMap, error) { + assert.Equal(t, "bar", args.RegisterRPC.GetAdditionalSecretOutputs()[0]) + return args.Name, args.Inputs, nil + }, + } + err := pulumi.RunErr(func(ctx *pulumi.Context) error { + runner := newRunner(tmpl, newMockPackageMap()) + runner.Evaluate(ctx) + return nil + }, pulumi.WithMocks("project", "stack", mocks)) + assert.NoError(t, err) +} + func TestGetConfNodesFromMap(t *testing.T) { t.Parallel() tests := []struct { From 18b7a32a0dc11074ad820e771ea7283c45d9c9c3 Mon Sep 17 00:00:00 2001 From: Thomas Gummerer Date: Thu, 16 Nov 2023 15:20:01 +0100 Subject: [PATCH 4/4] make linter happy --- pkg/pulumiyaml/run_test.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/pulumiyaml/run_test.go b/pkg/pulumiyaml/run_test.go index d11bbd3b..80d5b974 100644 --- a/pkg/pulumiyaml/run_test.go +++ b/pkg/pulumiyaml/run_test.go @@ -1896,7 +1896,9 @@ resources: } err := pulumi.RunErr(func(ctx *pulumi.Context) error { runner := newRunner(tmpl, newMockPackageMap()) - runner.Evaluate(ctx) + err := runner.Evaluate(ctx) + assert.Len(t, err, 0) + assert.Equal(t, err.Error(), "no diagnostics") return nil }, pulumi.WithMocks("project", "stack", mocks)) assert.NoError(t, err)