Commit Graph

14 Commits

Author SHA1 Message Date
Fraser Waters 39aaf0604f Change secret.Manager State to json.RawMessage
The state from a secret manager _always_ has to be something json
serialisable because we store it into the json state files. Rather than
allowing any `interface{}` to be returned here and then error'ing if it
happens to not be something that can be marshalled to JSON this changes
the interface to return a `json.RawMessage` moving the
marshalling/unmarshalling concerns into the individual implementations
that can pretty much guarantee valid structures.
2023-05-22 11:21:15 +01:00
Fraser Waters ea609d546f Add 'secret' to config
Also separate the validation and merging of project-to-stack values, to
allow us to apply in values even if they're secure and we don't have an
available decrypter. We can't validate that they're all correct, but it
means at least `config get` can do a best effort retrival for config
values.
2022-10-24 09:22:24 +01:00
Anton Tayanovskyy 96a3783fb2
Fix orphan bulk decrypt traces ()
* Propagate context through crypter to correctly parent service crypter tracing spans

* Remove one of the context.TODO that is needed

* Fix new_test.go

* Fix pulumi_test.go

* Fix resources_test.go

* Fix pkg/resource/stack tests

* Add CHANGELOG_PENDING

* Fix value_test.go

* Fix stack_test.go

* Feedback
2022-07-18 09:36:31 -04:00
Fraser Waters 5528cde977
Change BulkDecrypt to not rely on type tests ()
* Change BulkDecrypt to not rely on type tests

Fixes https://github.com/pulumi/pulumi/issues/9350

* Add to CHANGELOG
2022-04-11 08:59:46 +01:00
Pat Gavlin 87b3f44590
[secrets] Fix + refactor bulk decryption. ()
The bulk decryption logic in deployment deserialization did not recur
into slices or maps. This prevented the bulk decryption of nested secret
values. These changes fix that bug, improve test coverage, and refactor
the bulk decryption code for simplicity, clarity, and separation of
concerns.

Related to https://github.com/pulumi/home/issues/1842.
2022-02-25 08:51:52 -08:00
Paul Stack e3720b3a93
Using a decryptAll functionality when deserializing a deployment () 2022-01-24 22:33:40 +02:00
pulumi-bot 73a66f48ea [breaking] Changing the version of go.mod in sdk / pkg to be v3 2021-04-14 19:32:18 +01:00
Levi Blackstone 709fcbad51
Document Go packages ()
Co-authored-by: Pat Gavlin <pat@pulumi.com>
2021-01-11 11:07:59 -07:00
CyrusNajmabadi 66bd3f4aa8
Breaking changes due to Feature 2.0 work
* Make `async:true` the default for `invoke` calls ()

* Switch away from native grpc impl. ()

* Remove usage of the 'deasync' library from @pulumi/pulumi. ()

* Only retry as long as we get unavailable back.  Anything else continues. ()

* Handle all errors for now. ()


* Do not assume --yes was present when using pulumi in non-interactive mode ()

* Upgrade all paths for sdk and pkg to v2

* Backport C# invoke classes and other recent gen changes ()

Adjust C# generation

* Replace IDeployment with a sealed class ()

Replace IDeployment with a sealed class

* .NET: default to args subtype rather than Args.Empty ()

* Adding system namespace for Dotnet code gen

This is required for using Obsolute attributes for deprecations

```
Iam/InstanceProfile.cs(142,10): error CS0246: The type or namespace name 'ObsoleteAttribute' could not be found (are you missing a using directive or an assembly reference?) [/Users/stack72/code/go/src/github.com/pulumi/pulumi-aws/sdk/dotnet/Pulumi.Aws.csproj]
Iam/InstanceProfile.cs(142,10): error CS0246: The type or namespace name 'Obsolete' could not be found (are you missing a using directive or an assembly reference?) [/Users/stack72/code/go/src/github.com/pulumi/pulumi-aws/sdk/dotnet/Pulumi.Aws.csproj]
```

* Fix the nullability of config type properties in C# codegen ()
2020-04-14 09:30:25 +01:00
evanboyle d3f5bbce48 go fmt 2020-03-18 17:27:02 -07:00
evanboyle f754b486b8 move pkg/resource/config -> sdk/go/common/resource/config 2020-03-18 15:03:37 -07:00
Chris Smith 17ee050abe
Refactor the way secrets managers are provided () 2019-08-01 10:33:52 -07:00
Matt Ellis 88012c4d96 Enable "cloud" and "local" secrets managers across the system
We move the implementations of our secrets managers in to
`pkg/secrets` (which is where the base64 one lives) and wire their use
up during deserialization.

It's a little unfortunate that for the passphrase based secrets
manager, we have to require `PULUMI_CONFIG_PASSPHRASE` when
constructing it from state, but we can make more progress with the
changes as they are now, and I think we can come up with some ways to
mitigate this problem a bit (at least make it only a problem for cases
where you are trying to take a stack reference to another stack that
is managed with local encryption).
2019-05-10 17:07:52 -07:00
Matt Ellis 5cde8e416a Rename base64sm to b64 2019-05-10 17:07:52 -07:00