Ensure pulumi history marks secrets that can't be un-encrypted as such (#5701)
This commit is contained in:
parent
f6b687ea03
commit
8685f96ce6
|
@ -3,6 +3,9 @@ CHANGELOG
|
|||
|
||||
## HEAD (Unreleased)
|
||||
|
||||
- [cli] Ensure `pulumi history` annotes when secrets are unable to be decrypted
|
||||
[#5701](https://github.com/pulumi/pulumi/pull/5701)
|
||||
|
||||
- Fix a bug in the Python SDK that caused incompatibilities with versions of the CLI prior to
|
||||
2.13.0.
|
||||
[#5702](https://github.com/pulumi/pulumi/pull/5702)
|
||||
|
|
|
@ -18,6 +18,8 @@ import (
|
|||
"github.com/pulumi/pulumi/sdk/v2/go/common/util/cmdutil"
|
||||
)
|
||||
|
||||
const errorDecryptingValue = "ERROR_UNABLE_TO_DECRYPT"
|
||||
|
||||
func newStackHistoryCmd() *cobra.Command {
|
||||
var stack string
|
||||
var jsonOut bool
|
||||
|
@ -109,9 +111,12 @@ func displayUpdatesJSON(updates []backend.UpdateInfo, decrypter config.Decrypter
|
|||
if !v.Secure() || (v.Secure() && decrypter != nil) {
|
||||
value, err := v.Value(decrypter)
|
||||
if err != nil {
|
||||
return err
|
||||
// We don't actually want to error here
|
||||
// we are just going to mark as "UNKNOWN" and then let the command continue
|
||||
configValue.Value = makeStringRef(errorDecryptingValue)
|
||||
} else {
|
||||
configValue.Value = makeStringRef(value)
|
||||
}
|
||||
configValue.Value = makeStringRef(value)
|
||||
|
||||
if v.Object() {
|
||||
var obj interface{}
|
||||
|
@ -121,7 +126,6 @@ func displayUpdatesJSON(updates []backend.UpdateInfo, decrypter config.Decrypter
|
|||
configValue.ObjectValue = obj
|
||||
}
|
||||
}
|
||||
|
||||
info.Config[k.String()] = configValue
|
||||
}
|
||||
info.Result = string(update.Result)
|
||||
|
|
Loading…
Reference in a new issue