[codegen] Encrypt input args for secret properties #7128
Conversation
lblackstone
force-pushed
the
lblackstone/secret-input
branch
from
2ea34f1
to
6589a65
Compare
|
Diff for pulumi-random with merge commit ccff258 |
|
Diff for pulumi-azuread with merge commit ccff258 |
|
Diff for pulumi-kubernetes with merge commit ccff258 |
|
Reviewer note: The Kubernetes diff shows a real example of this change in action |
|
Diff for pulumi-gcp with merge commit ccff258 |
|
Diff for pulumi-azure with merge commit ccff258 |
|
Diff for pulumi-aws with merge commit ccff258 |
|
Diff for pulumi-azure-native with merge commit ccff258 |
pkg/codegen/internal/test/testdata/simple-resource-schema/dotnet/Resource.cs
Outdated
Show resolved
Hide resolved
pkg/codegen/internal/test/testdata/simple-resource-schema/nodejs/resource.ts
Outdated
Show resolved
Hide resolved
pkg/codegen/internal/test/testdata/simple-resource-schema/go/example/resource.go
Outdated
Show resolved
Hide resolved
pkg/codegen/internal/test/testdata/simple-resource-schema/nodejs/resource.ts
Outdated
Show resolved
Hide resolved
The output side was already handled using the addionalSecretOutputs property. This change ensures both inputs and outputs are encrypted in the state.
lblackstone
force-pushed
the
lblackstone/secret-input
branch
from
4d9aadf
to
7d2f6e3
Compare
|
Diff for pulumi-azure with merge commit e394506 |
|
Diff for pulumi-aws with merge commit e394506 |
|
Diff for pulumi-azure-native with merge commit e394506 |
|
Diff for pulumi-random with merge commit b30e087 |
|
Diff for pulumi-azuread with merge commit b30e087 |
|
Diff for pulumi-kubernetes with merge commit b30e087 |
|
Diff for pulumi-gcp with merge commit b30e087 |
|
Diff for pulumi-azure with merge commit b30e087 |
|
Diff for pulumi-aws with merge commit b30e087 |
|
Diff for pulumi-azure-native with merge commit b30e087 |
- Codegen change from pulumi/pulumi#7128 and remove hardcoded templates for v1/Secret resources - Nondeterministic import ordering fix from pulumi/pulumi#7126
- Codegen change from pulumi/pulumi#7128 and remove hardcoded templates for v1/Secret resources - Nondeterministic import ordering fix from pulumi/pulumi#7126
- Codegen change from pulumi/pulumi#7128 and remove hardcoded templates for v1/Secret resources - Nondeterministic import ordering fix from pulumi/pulumi#7126
#7128 added code to mark properties as secret based on a schema flag, but did not correctly handle the case where output properties do not have a corresponding input property. In this case, code was generated for nonexistent input properties, and would lead to a panic.
#7128 added code to mark properties as secret based on a schema flag, but did not correctly handle the case where output properties do not have a corresponding input property. In this case, code was generated for nonexistent input properties, and would lead to a panic.
Description
The output side was already handled using the
addionalSecretOutputs property. This change
ensures both inputs and outputs are encrypted
in the state.
Fixes # (issue)
Fix #7062
Checklist