Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
d
dry-keyboard-94795
02/14/2023, 1:33 PMCouple of questions around the new
StackReference.get_output_detailsvaluesecret_valuee
echoing-dinner-19531
02/14/2023, 1:50 PM• How do we call it in our stacks? The method is async.Ah 🤦 I'll raise an issue about that, all the other SDKs support async calls in the program but I don't think we have a great way to do this in python yet (short of the user nesting the whole program in an asyncio.run call)
How come our code needs to care if an output is secret or not?Because you may want to change behaviour based on it being secret or not, more importantly we didn't want people to inadvertently leak secret values because they just didn't think about that the values could be secrets.
d
dry-keyboard-94795
02/14/2023, 2:01 PMIt's rare I see actual code referencing config/stackreferences directly; aliasing them to globals or a config namespace instead.
Them being Stackreferences complicates it, too, as Stack B now needs to know whether Stack A is exporting a secret. The Stacks may not be part of the same package, or codebase, meaning co-ordinated updates are needed.
I see this becoming common practice:
# config.py
def get_output_details(stack, name):
from pulumi.runtime.sync_await import _sync_await
d = _sync_await(
stack.get_output_details(name)
)
return d.value if d.value is not None else d.secret_valuee
echoing-dinner-19531
02/14/2023, 2:03 PMYes, I suspect your right there. It's tricky trying to build something "just does the right thing" and "is easy to use".
People want "plain" values, just str or int so they can work with them easier. But they also want secrets correctly tracked so they don't get leaked, but plain values can't track that.
d
dry-keyboard-94795
02/14/2023, 2:04 PMIt's a tough one, yeah.
Heard a few people say they use (or consider using) Pulumi purely for the Secrets support
regarding async; Jupyter (bits anyway) is moving toward being async-first, and wrapping sync functions up. example.
Could be a nice pattern to adopt for the public API:
def async_get_output_details(self, ...): ...
get_output_details = run_sync(async_get_output_details)e
echoing-dinner-19531
02/14/2023, 2:14 PMYeh that sounds reasonable