maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
4254 commits 380 branches 480 tags 70 MiB
Commit graph

8 commits

Author SHA1 Message Date
Chris Smith bec608d0d3
Improve error message when using PAC on out-of-date SDK (#3307) 
* Fix lint warnings

* Improve error message when using PAC on old SDK

* Update pkg/resource/plugin/analyzer_plugin.go

Co-Authored-By: Justin Van Patten <jvp@justinvp.com>
 2019-10-09 13:51:10 -07:00
Mikhail Shilkov 7b3a7c6253 Do not ask for a passphrase in non-interactive sessions (#3204) 
* Do not ask for a passphrase in non-interactive sessions. Fail with a hint to set the environment variable.

* Changelog
 2019-09-10 13:25:57 -07:00
PLACE 3fb8a59da9 PULUMI_CONFIG_PASSPHRASE now supports an enpty passphrase (#2904) 
This change allows you to run pulumi in non-interactive environments without a state passphrase.

e.g. the following will now work.

```
export PULUMI_CONFIG_PASSPHRASE=""
pulumi up --yes
```

Related to #2758.
 2019-07-25 14:23:43 -07:00
Matt Ellis 70e16a2acd Allow using the passphrase secrets manager with the pulumi service 
This change allows using the passphrase secrets manager when creating
a stack managed by the Pulumi service.  `pulumi stack init`, `pulumi
new` and `pulumi up` all learned a new optional argument
`--secrets-provider` which can be set to "passphrase" to force the
passphrase based secrets provider to be used.  When unset the default
secrets provider is used based on the backend (for local stacks this
is passphrase, for remote stacks, it is the key managed by the pulumi
service).

As part of this change, we also initialize the secrets manager when a
stack is created, instead of waiting for the first time a secret
config value is stored. We do this so that if an update is run using
`pulumi.secret` before any secret configuration values are used, we
already have the correct encryption method selected for a stack.
 2019-05-10 17:07:52 -07:00
Matt Ellis e5d3a20399 Use "passphrase" and "service" instead of "local" and "cloud" 2019-05-10 17:07:52 -07:00
Matt Ellis 88012c4d96 Enable "cloud" and "local" secrets managers across the system 
We move the implementations of our secrets managers in to
`pkg/secrets` (which is where the base64 one lives) and wire their use
up during deserialization.

It's a little unfortunate that for the passphrase based secrets
manager, we have to require `PULUMI_CONFIG_PASSPHRASE` when
constructing it from state, but we can make more progress with the
changes as they are now, and I think we can come up with some ways to
mitigate this problem a bit (at least make it only a problem for cases
where you are trying to take a stack reference to another stack that
is managed with local encryption).
 2019-05-10 17:07:52 -07:00
Matt Ellis a4dd8cba1f Add secrets managers for passphrase and service based encryption 
After adding these, move all the code in the CLI over to use the
secrets managers. We'll start passing them to the engine next.
 2019-05-10 17:07:52 -07:00
Matt Ellis 10792c417f Remove backend.GetStackCrypter 
As part of the pluggable secrets work, the crypter's used for secrets
are no longer tied to a backend. To enforce this, we remove the
`backend.GetStackCrypter` function and then have the relevent logic to
construct one live inside the CLI itself.

Right now the CLI still uses the backend type to decide what Crypter
to build, but we'll change that shortly.
 2019-05-10 17:07:52 -07:00
Renamed from pkg/backend/filestate/crypto.go (Browse further)