The type checker is modified to make property access on 'Any' return 'Any', which enables workarounds for #434 using programs like below.
Unblocking this sans workaround will require further implementation of these issues to support more complex structured, hierarchical config:
pulumi/pulumi#1052
pulumi/pulumi#2307
The workaround program is:
name: tmp.0T7TLEvBj8
runtime: yaml
description: A minimal Pulumi YAML program
variables:
myObject:
fn::secret:
fn::std:jsondecode:
input:
fn::fromBase64: ${myJSON}
outputs:
test: ${myObject.result.test.password}
In this workaround we:
Base64 encode the JSON object we want to use in Pulumi YAML. This is necessary because Pulumi will attempt to JSON decode the value of config variables into objects on our behalf.
sh pulumi config set --secret \ myJSON \ $(printf '{ "test": { "password": "secretpassword123" } }' | base64)
Use fn::fromBase64 to decode that string into its original value.
Use fn::std:jsondecode to convert that string to an object.
Use fn::secret to ensure the value is marked as a secret. (Experimentally, this was necessary.)
The code change in the analyzer is necessary to allow indexing into the Any type on ${myObject.result}.
The type checker is modified to make property access on 'Any' return 'Any', which enables workarounds for #434 using programs like below.
Unblocking this sans workaround will require further implementation of these issues to support more complex structured, hierarchical config:
The workaround program is:
In this workaround we:
Base64 encode the JSON object we want to use in Pulumi YAML. This is necessary because Pulumi will attempt to JSON decode the value of config variables into objects on our behalf.
sh pulumi config set --secret \ myJSON \ $(printf '{ "test": { "password": "secretpassword123" } }' | base64)
Use
fn::fromBase64
to decode that string into its original value.Use
fn::std:jsondecode
to convert that string to an object.Use
fn::secret
to ensure the value is marked as a secret. (Experimentally, this was necessary.)The code change in the analyzer is necessary to allow indexing into the
Any
type on${myObject.result}
.