From 682e378968faaf0494b272dccc06b0090dbc9a58 Mon Sep 17 00:00:00 2001 From: Braedon Leonard <braedonleonard@gmail.com> Date: Tue, 22 Oct 2024 04:42:18 -0400 Subject: [PATCH] feat(pulumi): add `spec.showSecretsInOutput` config to Pulumi deploy action (#6555) * fix(pulumi): show secrets in pulumi stack output * feat(pulumi): Add `spec.showSecretsInOutput` config to Pulumi deploy action * chore: regenerate docs --- docs/reference/action-types/Deploy/pulumi.md | 13 +++++++++++++ docs/reference/module-types/pulumi.md | 17 +++++++++++++++++ plugins/pulumi/src/action.ts | 12 ++++++++++++ plugins/pulumi/src/helpers.ts | 6 +++++- plugins/pulumi/src/index.ts | 1 + 5 files changed, 48 insertions(+), 1 deletion(-) diff --git a/docs/reference/action-types/Deploy/pulumi.md b/docs/reference/action-types/Deploy/pulumi.md index 96486460d1..04c0a37f13 100644 --- a/docs/reference/action-types/Deploy/pulumi.md +++ b/docs/reference/action-types/Deploy/pulumi.md @@ -441,6 +441,19 @@ The name of the pulumi stack to use. Defaults to the current environment name. | -------- | -------- | | `string` | No | +### `spec.showSecretsInOutput` + +[spec](#spec) > showSecretsInOutput + +When set to true, stack outputs which are marked as secrets will be shown in the output. + +By default, Pulumi will print secret stack outputs as the string '[secret]' instead of +the true content of the output. + +| Type | Default | Required | +| --------- | ------- | -------- | +| `boolean` | `false` | No | + ## Outputs diff --git a/docs/reference/module-types/pulumi.md b/docs/reference/module-types/pulumi.md index 00baa08d55..dfdb4425e1 100644 --- a/docs/reference/module-types/pulumi.md +++ b/docs/reference/module-types/pulumi.md @@ -255,6 +255,12 @@ deployFromPreview: false # The name of the pulumi stack to use. Defaults to the current environment name. stack: + +# When set to true, stack outputs which are marked as secrets will be shown in the output. +# +# By default, Pulumi will print secret stack outputs as the string '[secret]' instead of +# the true content of the output. +showSecretsInOutput: false ``` ## Configuration Keys @@ -707,6 +713,17 @@ The name of the pulumi stack to use. Defaults to the current environment name. | -------- | -------- | | `string` | No | +### `showSecretsInOutput` + +When set to true, stack outputs which are marked as secrets will be shown in the output. + +By default, Pulumi will print secret stack outputs as the string '[secret]' instead of +the true content of the output. + +| Type | Default | Required | +| --------- | ------- | -------- | +| `boolean` | `false` | No | + ## Outputs diff --git a/plugins/pulumi/src/action.ts b/plugins/pulumi/src/action.ts index fd1ab12524..039a10ffef 100644 --- a/plugins/pulumi/src/action.ts +++ b/plugins/pulumi/src/action.ts @@ -23,6 +23,7 @@ export interface PulumiDeploySpec { deployFromPreview: boolean root: string stack?: string + showSecretsInOutput: boolean } export type PulumiDeployConfig = DeployActionConfig<"pulumi", PulumiDeploySpec> @@ -129,6 +130,17 @@ export const pulumiDeploySchemaKeys = () => ({ .string() .allow(null) .description("The name of the pulumi stack to use. Defaults to the current environment name."), + showSecretsInOutput: joi + .boolean() + .default(false) + .description( + dedent` + When set to true, stack outputs which are marked as secrets will be shown in the output. + + By default, Pulumi will print secret stack outputs as the string '[secret]' instead of + the true content of the output. + ` + ), }) export const pulumiDeploySchema = createSchema({ diff --git a/plugins/pulumi/src/helpers.ts b/plugins/pulumi/src/helpers.ts index 7552a5dc9e..47286c3344 100644 --- a/plugins/pulumi/src/helpers.ts +++ b/plugins/pulumi/src/helpers.ts @@ -151,9 +151,13 @@ export async function previewStack( } export async function getStackOutputs({ log, ctx, provider, action }: PulumiParams): Promise<any> { + const args = ["stack", "output", "--json"] + if (action.getSpec("showSecretsInOutput")) { + args.push("--show-secrets") + } const res = await pulumi(ctx, provider).json({ log, - args: ["stack", "output", "--json"], + args, env: ensureEnv({ log, ctx, provider, action }), cwd: getActionStackRoot(action), }) diff --git a/plugins/pulumi/src/index.ts b/plugins/pulumi/src/index.ts index a7284f5eeb..d0a9639fff 100644 --- a/plugins/pulumi/src/index.ts +++ b/plugins/pulumi/src/index.ts @@ -124,6 +124,7 @@ export const gardenPlugin = () => cacheStatus: module.spec.cacheStatus || false, stackReferences: module.spec.stackReferences || [], deployFromPreview: module.spec.deployFromPreview || false, + showSecretsInOutput: module.spec.showSecretsInOutput || false, root: module.spec.root || ".", ...omit(module.spec, ["build", "dependencies"]), },