-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[codegen] Encrypt input args for secret properties #7128
Conversation
2ea34f1
to
6589a65
Compare
Diff for pulumi-random with merge commit ccff258 |
Diff for pulumi-azuread with merge commit ccff258 |
Diff for pulumi-kubernetes with merge commit ccff258 |
Reviewer note: The Kubernetes diff shows a real example of this change in action |
Diff for pulumi-gcp with merge commit ccff258 |
Diff for pulumi-azure with merge commit ccff258 |
Diff for pulumi-aws with merge commit ccff258 |
Diff for pulumi-azure-native with merge commit ccff258 |
pkg/codegen/internal/test/testdata/simple-resource-schema/dotnet/Resource.cs
Outdated
Show resolved
Hide resolved
pkg/codegen/internal/test/testdata/simple-resource-schema/nodejs/resource.ts
Outdated
Show resolved
Hide resolved
pkg/codegen/internal/test/testdata/simple-resource-schema/go/example/resource.go
Outdated
Show resolved
Hide resolved
pkg/codegen/internal/test/testdata/simple-resource-schema/nodejs/resource.ts
Outdated
Show resolved
Hide resolved
The output side was already handled using the addionalSecretOutputs property. This change ensures both inputs and outputs are encrypted in the state.
4d9aadf
to
7d2f6e3
Compare
Diff for pulumi-azure with merge commit e394506 |
Diff for pulumi-aws with merge commit e394506 |
Diff for pulumi-azure-native with merge commit e394506 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM aside from Vivek's suggestion.
Diff for pulumi-random with merge commit b30e087 |
Diff for pulumi-azuread with merge commit b30e087 |
Diff for pulumi-kubernetes with merge commit b30e087 |
Diff for pulumi-gcp with merge commit b30e087 |
Diff for pulumi-azure with merge commit b30e087 |
Diff for pulumi-aws with merge commit b30e087 |
Diff for pulumi-azure-native with merge commit b30e087 |
- Codegen change from pulumi/pulumi#7128 and remove hardcoded templates for v1/Secret resources - Nondeterministic import ordering fix from pulumi/pulumi#7126
- Codegen change from pulumi/pulumi#7128 and remove hardcoded templates for v1/Secret resources - Nondeterministic import ordering fix from pulumi/pulumi#7126
- Codegen change from pulumi/pulumi#7128 and remove hardcoded templates for v1/Secret resources - Nondeterministic import ordering fix from pulumi/pulumi#7126
#7128 added code to mark properties as secret based on a schema flag, but did not correctly handle the case where output properties do not have a corresponding input property. In this case, code was generated for nonexistent input properties, and would lead to a panic.
#7128 added code to mark properties as secret based on a schema flag, but did not correctly handle the case where output properties do not have a corresponding input property. In this case, code was generated for nonexistent input properties, and would lead to a panic.
Description
The output side was already handled using the
addionalSecretOutputs property. This change
ensures both inputs and outputs are encrypted
in the state.
Fixes # (issue)
Fix #7062
Checklist