From 67bb134c287769ae2c0aed07a56dd0ff08cf55ad Mon Sep 17 00:00:00 2001 From: Matt Ellis Date: Fri, 19 Apr 2019 10:41:08 -0700 Subject: [PATCH] Don't return serialized outputs from `stack.GetRooStacktResource` Half of the call sites didn't care about these values and with the secrets work the ergonmics of calling this method when it has to return serialized ouputs isn't great. Move the serialization for this into the CLI itself, as it was the only place that cared to do this (so it could display things to end users). --- cmd/stack.go | 7 ++----- cmd/stack_output.go | 22 +++++++++++++++++++--- cmd/up.go | 4 +--- pkg/backend/backend.go | 7 +------ pkg/resource/stack/checkpoint.go | 20 ++++---------------- 5 files changed, 27 insertions(+), 33 deletions(-) diff --git a/cmd/stack.go b/cmd/stack.go index 26b770d58..8eaf825fe 100644 --- a/cmd/stack.go +++ b/cmd/stack.go @@ -19,14 +19,11 @@ import ( "fmt" "sort" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/dustin/go-humanize" "github.com/spf13/cobra" "github.com/pulumi/pulumi/pkg/backend/display" "github.com/pulumi/pulumi/pkg/backend/httpstate" - "github.com/pulumi/pulumi/pkg/resource/stack" "github.com/pulumi/pulumi/pkg/util/cmdutil" ) @@ -131,8 +128,8 @@ func newStackCmd() *cobra.Command { Prefix: " ", }) - res, outputs, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) - if err != nil && res != nil { + outputs, err := getStackOutputs(snap) + if err != nil { fmt.Printf("\n") printStackOutputs(outputs) } diff --git a/cmd/stack_output.go b/cmd/stack_output.go index dc10d0350..78807c2fe 100644 --- a/cmd/stack_output.go +++ b/cmd/stack_output.go @@ -17,12 +17,12 @@ package cmd import ( "fmt" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/pkg/errors" "github.com/spf13/cobra" "github.com/pulumi/pulumi/pkg/backend/display" + "github.com/pulumi/pulumi/pkg/resource/config" + "github.com/pulumi/pulumi/pkg/resource/deploy" "github.com/pulumi/pulumi/pkg/resource/stack" "github.com/pulumi/pulumi/pkg/util/cmdutil" ) @@ -54,7 +54,7 @@ func newStackOutputCmd() *cobra.Command { return err } - _, outputs, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) + outputs, err := getStackOutputs(snap) if err != nil { return errors.Wrap(err, "getting outputs") } @@ -95,3 +95,19 @@ func newStackOutputCmd() *cobra.Command { return cmd } + +func getStackOutputs(snap *deploy.Snapshot) (map[string]interface{}, error) { + state, err := stack.GetRootStackResource(snap) + if err != nil { + return nil, err + } + + // TODO(ellismg): We probably want to adjust this interface slightly. Instead of just taking an encrypter, it + // should take something that lests us control how SecretValues are handled. For example, we may by default want + // to say that secret values are just returned as `[secret]` and if you pass --show-secrets we will show them. As + // is, right now, you'd see weird JSON encoding of secret outputs. Note that in order to construct the snapshot + // you had to have access to see the secrets, so we aren't disclosing anything you already didn't have access to + // by passing config.NopEncrypter here. But you will end up seeing the wire encoding of a property map which + // isn't super intuitive. + return stack.SerializeProperties(state.Outputs, config.NopEncrypter) +} diff --git a/cmd/up.go b/cmd/up.go index d248c44bd..275eac5d9 100644 --- a/cmd/up.go +++ b/cmd/up.go @@ -21,8 +21,6 @@ import ( "math" "os" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/pulumi/pulumi/pkg/tokens" "github.com/pulumi/pulumi/pkg/util/contract" @@ -475,7 +473,7 @@ func isPreconfiguredEmptyStack( if len(snap.Resources) != 1 { return false } - stackResource, _, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) + stackResource, err := stack.GetRootStackResource(snap) if err != nil || stackResource == nil { return false } diff --git a/pkg/backend/backend.go b/pkg/backend/backend.go index 888671d3a..ae3768392 100644 --- a/pkg/backend/backend.go +++ b/pkg/backend/backend.go @@ -21,8 +21,6 @@ import ( "io" "time" - "github.com/pulumi/pulumi/pkg/secrets/b64" - "github.com/pkg/errors" "github.com/pulumi/pulumi/pkg/apitype" @@ -230,10 +228,7 @@ func (c *backendClient) GetStackOutputs(ctx context.Context, name string) (resou if err != nil { return nil, err } - // TODO(ellismg): Since we throw the decrypted property bag on the floor, we don't care what secrets manager - // we pass to this operation. It would be nice to not have to pass one and just be able to get the - // resource.PropertyMap back as the only return value. Maybe we can have another function that does this? - res, _, err := stack.GetRootStackResource(snap, b64.NewBase64SecretsManager()) + res, err := stack.GetRootStackResource(snap) if err != nil { return nil, errors.Wrap(err, "getting root stack resources") } diff --git a/pkg/resource/stack/checkpoint.go b/pkg/resource/stack/checkpoint.go index 3fa0089aa..cad5c2da3 100644 --- a/pkg/resource/stack/checkpoint.go +++ b/pkg/resource/stack/checkpoint.go @@ -117,26 +117,14 @@ func DeserializeCheckpoint(chkpoint *apitype.CheckpointV3) (*deploy.Snapshot, er return nil, nil } -// GetRootStackResource returns the root stack resource from a given snapshot, or nil if not found. If the stack -// exists, its output properties, if any, are also returned in the resulting map. -func GetRootStackResource(snap *deploy.Snapshot, - sm secrets.Manager) (*resource.State, map[string]interface{}, error) { +// GetRootStackResource returns the root stack resource from a given snapshot, or nil if not found. +func GetRootStackResource(snap *deploy.Snapshot) (*resource.State, error) { if snap != nil { for _, res := range snap.Resources { if res.Type == resource.RootStackType { - enc, err := sm.Encrypter() - if err != nil { - return nil, nil, errors.Wrap(err, "getting encrytper") - } - - sres, err := SerializeResource(res, enc) - if err != nil { - return nil, nil, errors.Wrap(err, "serializing output properties") - } - - return res, sres.Outputs, nil + return res, nil } } } - return nil, nil, nil + return nil, nil }