search

pulumi / pulumi-terraform-bridge

A library allowing Terraform providers to be bridged into Pulumi.
Apache License 2.0
199 stars 43 forks source link

Tests for secret handling in resources #2525

Open t0yv0 opened 4 weeks ago

t0yv0 commented 4 weeks ago

For the following combinations:

Check that first-class secrets work as expected in resources.

Create with secrets

When creating a resource, if the user passes a secret to an input property.

   new R("r0", {prop: secret("X")})

Then the "prop" input and output should be stored as secret in the state.

Update adding secrets

Given a resource provisioned using this form:

   new R("r0", {prop: "X"})

When the user updates the program to mark the property as secret and executes pulumi up.

   new R("r0", {prop: secret("X")})

Then the "prop" input and output should be stored as secret in the state.

Update removing secrets

Given a resource provisioned using this form on a provider that copies inputs to outputs:

   new R("r0", {prop: secret("X")})

When the user updates the program to mark the property as secret and executes pulumi up.

   new R("r0", {prop: "X"})

Then the "prop" input and output should be stored as non-secret in the state.

Check that schema secrets work as expected in resources

If a property prop is marked as Sensitive in Terraform, or by the bridged provider in info.Schema{Secret: true}, then creating or updating the resource should store the value of that property as secret in the state inputs and outputs.

Creating: new R("r0", {prop: "X"}) Updating: new R("r0", {prop: "X"}) --> new R("r0", {prop: "Y"})

cleverguy25 commented 3 weeks ago

Added to epic https://github.com/pulumi/home/issues/3657