From ea8fb88b8e5f108b02a86d96506937977505ac77 Mon Sep 17 00:00:00 2001
From: Venelin <venelin@pulumi.com>
Date: Mon, 25 Nov 2024 14:28:09 +0000
Subject: [PATCH] add note about stripping secrets

---
 pkg/tfbridge/detailed_diff.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/tfbridge/detailed_diff.go b/pkg/tfbridge/detailed_diff.go
index 4e9870ca49..e241e90eed 100644
--- a/pkg/tfbridge/detailed_diff.go
+++ b/pkg/tfbridge/detailed_diff.go
@@ -483,6 +483,12 @@ func MakeDetailedDiffV2(
 	ps map[string]*SchemaInfo,
 	priorProps, props, newInputs resource.PropertyMap,
 ) map[string]*pulumirpc.PropertyDiff {
+	// Strip secrets and outputs from the properties before calculating the diff.
+	// This allows the rest of the algorithm to focus on the actual changes and not
+	// have to deal with the extra noise.
+	// This is safe to do here because the detailed diff we return to the engine
+	// is only represented by paths to the values and not the values themselves.
+	// The engine will then takes care of masking secrets.
 	stripSecretsAndOutputs := func(props resource.PropertyMap) resource.PropertyMap {
 		propsVal := propertyvalue.RemoveSecretsAndOutputs(resource.NewProperty(props))
 		return propsVal.ObjectValue()