There current RPC model for Pulumi allows secret values to be deeply embedded in lists or maps, however at the language level, since we track secrets via `Output<T>` we need to ensure that during deserialization, if a list or a map contains a secret, we need to instead treat it as if the entire list or map was a secret. We have logic in the language runtimes to do this as part of serialization. There were a few issues this commit addresses: - We were not promoting secretness across arrays in either Node or Python - For Python, our promotion logic was buggy and caused it to behave in a manner where if any value was secret, the output values of the object would be corrupted, because we'd incorrectly treat the outputs as a secret who's value was a map, instead of a map of values (some of which may be secret). This caused very confusing behavior, because it would appear that a resource creation call just did not set various output properties when one or more of them ended up containing a secret. |
||
---|---|---|
.. | ||
go | ||
nodejs | ||
proto | ||
python | ||
README.md |