secret config does not work as of v1.4.0

[pgavlin]

I am reasonably certain that the recent changes to consume config as property values were available has broken support for secret config. Consider the stack + program below:

# Stack config
config:
  static-secrets:my-secret:
    secure: AAAB... # plaintext value is password

# Pulumi program
name: static-secrets
runtime: yaml
config:
  my-secret:
    type: string
outputs:
  my-secret: ${my-secret}

With pulumi v3.92.0 and pulumi-yaml v1.4.0, updating this stack leaves the my-secret output with the value {}:

static-secrets ❯ pulumi stack                                 
Current stack is dev:
    Owner: pat-pulumi-corp
    Last updated: 2 seconds ago (2023-11-09 14:42:43.283559 -0800 PST)
    Pulumi version used: 3.92.0
Current stack resources (1):
    TYPE                 NAME
    pulumi:pulumi:Stack  static-secrets-dev

Current stack outputs (1):
    OUTPUT     VALUE
    my-secret  {}

More information at: https://app.pulumi.com/pat-pulumi-corp/static-secrets/dev

Use `pulumi stack select` to change stack; `pulumi stack ls` lists known ones

With pulumi-yaml v1.3.0, the update correctly sets the value of my-secret to password:

static-secrets ❯ pulumi stack                                               
Current stack is dev:
    Owner: pat-pulumi-corp
    Last updated: 5 seconds ago (2023-11-09 14:41:12.667638 -0800 PST)
    Pulumi version used: 3.92.0
Current stack resources (1):
    TYPE                 NAME
    pulumi:pulumi:Stack  static-secrets-dev

Current stack outputs (1):
    OUTPUT     VALUE
    my-secret  password

More information at: https://app.pulumi.com/pat-pulumi-corp/static-secrets/dev

Use `pulumi stack select` to change stack; `pulumi stack ls` lists known ones

[pulumi-bot]

Cannot close issue:

• does not have required labels: kind/

Please fix these problems and try again.