Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

eval: improve unknown/secret for complex literals #170

Merged
merged 1 commit into from
Nov 7, 2023
Merged

eval: improve unknown/secret for complex literals #170

merged 1 commit into from
Nov 7, 2023

Conversation

komalali
Copy link
Member

@komalali komalali commented Nov 6, 2023
edited by pgavlin
Loading

Do not treat object and array literals that include unknown or secret
elements as unknown or secret themselves. Instead, leave it up to the
consumer of the literal to handle unknownness and secretness
appropriately (i.e. by combining the unknownness and secretness of each
leaf value the consumer observes).

For example, the following object definition no is no longer unknown
during check or secret during eval:

foo:
  bar: 42
  baz:
    fn::secret:
      ciphertext: AjIAEJFDIe==

Instead, it is partially-known during check:

foo:
  bar: 42
  baz: [unknown]

And partially-secret during eval:

foo:
  bar: 42
  baz: [secret]

But when passed to fn::toJSON, the result of the call would be unknown
in check or secret in eval b/c of the nested unknown/secret.

Fixes #164.
Fixes https://github.com/pulumi/pulumi-service/issues/16162.

Base automatically changed from komal/preview-render-tests to main November 6, 2023 20:04
@komalali komalali added the impact/no-changelog-required This issue doesn't require a CHANGELOG update label Nov 6, 2023
@komalali komalali marked this pull request as ready for review November 6, 2023 21:23
@komalali komalali changed the base branch from main to komal/preview-tests-redux November 7, 2023 02:43
@komalali komalali force-pushed the komal/preview-tests-redux branch 2 times, most recently from 1a1ec0f to 7f4a07c Compare November 7, 2023 18:43
@komalali komalali requested a review from pgavlin November 7, 2023 21:25
pgavlin
pgavlin requested changes Nov 7, 2023
View reviewed changes
Base automatically changed from komal/preview-tests-redux to main November 7, 2023 22:43
@komalali @pgavlin
eval: improve unknown/secret for complex literals
8449b6f 
Do not treat object and array literals that include unknown or secret
elements as unknown or secret themselves. Instead, leave it up to the
consumer of the literal to handle unknownness and secretness
appropriately (i.e. by combining the unknownness and secretness of each
leaf value the consumer observes).

For example, the following object definition no is no longer unknown
during check or secret during eval:

```yaml
foo:
  bar: 42
  baz:
    fn::secret:
      ciphertext: AjIAEJFDIe==
```

Instead, it is partially-known during check:

```yaml
foo:
  bar: 42
  baz: [unknown]
```

And partially-secret during eval:

```yaml
foo:
  bar: 42
  baz: [secret]
```

But when passed to `fn::toJSON`, the result of the call would be unknown
in check or secret in eval b/c of the nested unknown/secret.

Fixes #164.
Fixes pulumi/pulumi-service#16162.
@pgavlin pgavlin changed the title Resolve unknowns as deeply as possible eval: improve unknown/secret for complex literals Nov 7, 2023
@pgavlin pgavlin merged commit 9fbe440 into main Nov 7, 2023
@pgavlin pgavlin deleted the komal/unknowns branch November 7, 2023 22:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pgavlin pgavlin pgavlin approved these changes

Assignees
No one assigned
Labels
impact/no-changelog-required This issue doesn't require a CHANGELOG update
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Editor view always reports unknown for secrets
2 participants
@komalali @pgavlin