Skip to content

Commit

Permalink
Apply secrets to function result properties marked as such
Browse files Browse the repository at this point in the history
  • Loading branch information
mikhailshilkov committed Sep 23, 2024
1 parent c63d6b6 commit ccaf7eb
Show file tree
Hide file tree
Showing 4 changed files with 109 additions and 1 deletion.
11 changes: 11 additions & 0 deletions examples/credentials/consumer/Pulumi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,16 @@ plugins:
- name: credentials
path: ..

variables:
helloworld:
fn::invoke:
function: credentials:sign
arguments:
message: "Hello, World!"
return: out
options:
provider: ${provider}

resources:
provider:
type: pulumi:providers:credentials
Expand All @@ -22,3 +32,4 @@ outputs:
user: ${user.name}
password: ${user.password}
rawPassword: ${provider.password}
helloworld: ${helloworld}
28 changes: 28 additions & 0 deletions examples/credentials/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,9 @@ func provider() p.Provider {
"credentials": "index",
},
Config: infer.Config[*Config](),
Functions: []infer.InferredFunction{
infer.Function[*Sign](),
},
})
}

Expand Down Expand Up @@ -110,3 +113,28 @@ func (*User) Diff(ctx context.Context, id string, olds UserState, news UserArgs)
}
return p.DiffResponse{}, nil
}

type Sign struct{}

func (Sign) Call(ctx context.Context, args SignArgs) (SignRes, error) {
config := infer.GetConfig[Config](ctx)
return SignRes{
Out: fmt.Sprintf("%s by %s", args.Message, config.User),
}, nil
}

func (r *Sign) Annotate(a infer.Annotator) {
a.Describe(r, "Signs the message with the user name and returns the result as a secret.")
}

type SignArgs struct {
Message string `pulumi:"message"`
}

func (ra *SignArgs) Annotate(a infer.Annotator) {
a.Describe(&ra.Message, "Message to sign.")
}

type SignRes struct {
Out string `pulumi:"out" provider:"secret"`
}
2 changes: 1 addition & 1 deletion infer/function.go
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,6 @@ func (r *derivedInvokeController[F, I, O]) Invoke(ctx context.Context, req p.Inv
return p.InvokeResponse{}, err
}
return p.InvokeResponse{
Return: m,
Return: applySecrets[O](m),
}, nil
}
69 changes: 69 additions & 0 deletions tests/invoke_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
// Copyright 2024, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package tests

import (
"context"
"testing"

"github.com/blang/semver"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"

p "github.com/pulumi/pulumi-go-provider"
"github.com/pulumi/pulumi-go-provider/infer"
"github.com/pulumi/pulumi-go-provider/integration"
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
)

type inv struct{}

type invInput struct {
Field string `pulumi:"field"`
}

type invOutput struct {
Out string `pulumi:"out" provider:"secret"`
}

func (inv) Call(ctx context.Context, args invInput) (invOutput, error) {
return invOutput{
Out: args.Field + "-secret",
}, nil
}

var _ infer.Annotated = inv{}

func (c inv) Annotate(a infer.Annotator) { a.SetToken("index", "inv") }

func TestInferInvokeSecrets(t *testing.T) {
t.Parallel()

resp, err := integration.NewServer("test", semver.MustParse("0.0.0"), infer.Provider(infer.Options{
Functions: []infer.InferredFunction{
infer.Function[inv, invInput, invOutput](),
},
})).Invoke(p.InvokeRequest{
Token: "test:index:inv",
Args: map[resource.PropertyKey]resource.PropertyValue{
"field": resource.NewProperty("value"),
},
})
require.NoError(t, err)
require.Empty(t, resp.Failures)
assert.Equal(t, resource.PropertyMap{
"out": resource.MakeSecret(resource.NewProperty("value-secret")),
}, resp.Return)
}

0 comments on commit ccaf7eb

Please sign in to comment.