From 9a53c0c662fab38e9878759abb6b0a0112b5f0a1 Mon Sep 17 00:00:00 2001 From: Ian Wahbe Date: Thu, 7 Apr 2022 11:56:02 +0200 Subject: [PATCH 1/2] Warn when `additionalSecretOutputs` includes `id` --- pkg/resource/deploy/step_generator.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/pkg/resource/deploy/step_generator.go b/pkg/resource/deploy/step_generator.go index 17c6964ca65f..44cb22b281c4 100644 --- a/pkg/resource/deploy/step_generator.go +++ b/pkg/resource/deploy/step_generator.go @@ -284,6 +284,15 @@ func (sg *stepGenerator) generateSteps(event RegisterResourceEvent) ([]Step, res } sg.urns[urn] = true + for _, secret := range goal.AdditionalSecretOutputs { + if secret == "id" { + sg.deployment.ctx.Diag.Warningf(&diag.Diag{ + URN: urn, + Message: "The 'id' property cannot be made secret. See pulumi/pulumi#2717 for more details.", + }) + } + } + // Check for an old resource so that we can figure out if this is a create, delete, etc., and/or // to diff. We look up first by URN and then by any provided aliases. If it is found using an // alias, record that alias so that we do not delete the aliased resource later. From 6d59b9fa071bc494fad0d242ffa057adbaa68bcd Mon Sep 17 00:00:00 2001 From: Ian Wahbe Date: Thu, 7 Apr 2022 11:59:10 +0200 Subject: [PATCH 2/2] Update CHANGELOG_PENDING.md --- CHANGELOG_PENDING.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md index 2f38af968f95..316798245e69 100644 --- a/CHANGELOG_PENDING.md +++ b/CHANGELOG_PENDING.md @@ -9,5 +9,8 @@ - [cli] Display more useful diffs for secrets that are not primitive values [#9351](https://github.com/pulumi/pulumi/pull/9351) +- [cli] - Warn when `additionalSecretOutputs` is used to mark the `id` property as secret. + [#9360](https://github.com/pulumi/pulumi/pull/9360) + ### Bug Fixes