diff --git a/cmd/stack.go b/cmd/stack.go index 26b770d58..8eaf825fe 100644 --- a/cmd/stack.go +++ b/cmd/stack.go @@ -19,14 +19,11 @@ import ( "fmt" "sort" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/dustin/go-humanize" "github.com/spf13/cobra" "github.com/pulumi/pulumi/pkg/backend/display" "github.com/pulumi/pulumi/pkg/backend/httpstate" - "github.com/pulumi/pulumi/pkg/resource/stack" "github.com/pulumi/pulumi/pkg/util/cmdutil" ) @@ -131,8 +128,8 @@ func newStackCmd() *cobra.Command { Prefix: " ", }) - res, outputs, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) - if err != nil && res != nil { + outputs, err := getStackOutputs(snap) + if err != nil { fmt.Printf("\n") printStackOutputs(outputs) } diff --git a/cmd/stack_output.go b/cmd/stack_output.go index dc10d0350..78807c2fe 100644 --- a/cmd/stack_output.go +++ b/cmd/stack_output.go @@ -17,12 +17,12 @@ package cmd import ( "fmt" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/pulumi/pulumi/pkg/backend/display" + "github.com/pulumi/pulumi/pkg/resource/config" + "github.com/pulumi/pulumi/pkg/resource/deploy" "github.com/pulumi/pulumi/pkg/resource/stack" "github.com/pulumi/pulumi/pkg/util/cmdutil" ) @@ -54,7 +54,7 @@ func newStackOutputCmd() *cobra.Command { return err } - _, outputs, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) + outputs, err := getStackOutputs(snap) if err != nil { return errors.Wrap(err, "getting outputs") } @@ -95,3 +95,19 @@ func newStackOutputCmd() *cobra.Command { return cmd } + +func getStackOutputs(snap *deploy.Snapshot) (map[string]interface{}, error) { + state, err := stack.GetRootStackResource(snap) + if err != nil { + return nil, err + } + + // TODO(ellismg): We probably want to adjust this interface slightly. Instead of just taking an encrypter, it + // should take something that lests us control how SecretValues are handled. For example, we may by default want + // to say that secret values are just returned as `[secret]` and if you pass --show-secrets we will show them. As + // is, right now, you'd see weird JSON encoding of secret outputs. Note that in order to construct the snapshot + // you had to have access to see the secrets, so we aren't disclosing anything you already didn't have access to + // by passing config.NopEncrypter here. But you will end up seeing the wire encoding of a property map which + // isn't super intuitive. + return stack.SerializeProperties(state.Outputs, config.NopEncrypter) +} diff --git a/cmd/up.go b/cmd/up.go index d248c44bd..275eac5d9 100644 --- a/cmd/up.go +++ b/cmd/up.go @@ -21,8 +21,6 @@ import ( "math" "os" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/pulumi/pulumi/pkg/tokens" "github.com/pulumi/pulumi/pkg/util/contract" @@ -475,7 +473,7 @@ func isPreconfiguredEmptyStack( if len(snap.Resources) != 1 { return false } - stackResource, _, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) + stackResource, err := stack.GetRootStackResource(snap) if err != nil || stackResource == nil { return false } diff --git a/pkg/backend/backend.go b/pkg/backend/backend.go index 888671d3a..ae3768392 100644 --- a/pkg/backend/backend.go +++ b/pkg/backend/backend.go @@ -21,8 +21,6 @@ import ( "io" "time" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/pkg/errors" "github.com/pulumi/pulumi/pkg/apitype" @@ -230,10 +228,7 @@ func (c *backendClient) GetStackOutputs(ctx context.Context, name string) (resou if err != nil { return nil, err } - // TODO(ellismg): Since we throw the decrypted property bag on the floor, we don't care what secrets manager - // we pass to this operation. It would be nice to not have to pass one and just be able to get the - // resource.PropertyMap back as the only return value. Maybe we can have another function that does this? - res, _, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) + res, err := stack.GetRootStackResource(snap) if err != nil { return nil, errors.Wrap(err, "getting root stack resources") } diff --git a/pkg/resource/stack/checkpoint.go b/pkg/resource/stack/checkpoint.go index 3fa0089aa..cad5c2da3 100644 --- a/pkg/resource/stack/checkpoint.go +++ b/pkg/resource/stack/checkpoint.go @@ -117,26 +117,14 @@ func DeserializeCheckpoint(chkpoint *apitype.CheckpointV3) (*deploy.Snapshot, er return nil, nil } -// GetRootStackResource returns the root stack resource from a given snapshot, or nil if not found. If the stack -// exists, its output properties, if any, are also returned in the resulting map. -func GetRootStackResource(snap *deploy.Snapshot, - sm secrets.Manager) (*resource.State, map[string]interface{}, error) { +// GetRootStackResource returns the root stack resource from a given snapshot, or nil if not found. +func GetRootStackResource(snap *deploy.Snapshot) (*resource.State, error) { if snap != nil { for _, res := range snap.Resources { if res.Type == resource.RootStackType { - enc, err := sm.Encrypter() - if err != nil { - return nil, nil, errors.Wrap(err, "getting encrytper") - } - - sres, err := SerializeResource(res, enc) - if err != nil { - return nil, nil, errors.Wrap(err, "serializing output properties") - } - - return res, sres.Outputs, nil + return res, nil } } } - return nil, nil, nil + return nil, nil }