Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read passphrase from the terminal when rotating. #7347

Merged
merged 4 commits into from
Jun 22, 2021
Merged

Read passphrase from the terminal when rotating. #7347

merged 4 commits into from
Jun 22, 2021

Conversation

pgavlin
Copy link
Member

@pgavlin pgavlin commented Jun 21, 2021

Rotating a passphrase requires that the old passphrase is available via
one of the PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE
environment variables. This confuses readPassphrase when reading a new
passphrase, since that function checks the aforementioned environment
variables prior to reading from the console. The overall effect is that
it is impossible to rotate the passphrase for a stack using the
passphrase provider. These changes fix this by always reading from the
console when rotating a passphrase.

@pgavlin
Read passphrase from the terminal when rotating.
024d733 
Rotating a passphrase requires that the old passphrase is available via
one of the `PULUMI_CONFIG_PASSPHRASE` or `PULUMI_CONFIG_PASSPHRASE_FILE`
environment variables. This confuses `readPassphrase` when reading a new
passphrase, since that function checks the aforementioned environment
variables prior to reading from the console. The overall effect is that
it is impossible to rotate the passphrase for a stack using the
passphrase provider. These changes fix this by always reading from the
console when rotating a passphrase.
@pgavlin pgavlin requested a review from stack72 June 21, 2021 21:33
lukehoban
lukehoban approved these changes Jun 22, 2021
View reviewed changes
Copy link
Member

@lukehoban lukehoban left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

Do we have any way to test this?

@pgavlin
Copy link
Member Author

pgavlin commented Jun 22, 2021

Do we have any way to test this?

Working on an integration test.

@pgavlin
Add an integration test.
034e97a 
This was surprisingly annoying. It did, however, find a bug in the
code we use to read from stdin, which could read beyond the end of
the input when stdin is not a terminal.
@pgavlin
...add the test files 🤦
0ee83f4
@pgavlin pgavlin merged commit 2cc89de into master Jun 22, 2021
@pulumi-bot pulumi-bot deleted the pgavlin/gh7261 branch June 22, 2021 18:14
@pgavlin pgavlin mentioned this pull request Jun 22, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukehoban lukehoban lukehoban approved these changes

@stack72 stack72 Awaiting requested review from stack72

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pgavlin @lukehoban