Skip to content

feat: password v2 component #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bornast wants to merge 14 commits into
base: master
Choose a base branch
from
Open

feat: password v2 component #90

bornast wants to merge 14 commits into from
+233 −0

Conversation

@bornast
Copy link
Member

@bornast bornast commented Dec 5, 2025

This PR copies the password component into the v2 folder and adds integration tests for it.

@bornast bornast added the enhancement New feature or request label Dec 5, 2025
droguljic
droguljic requested changes Dec 8, 2025
View reviewed changes
tests/password/index.test.ts
program: () => import('./infrastructure'),
};

describe('Password component deployment', () => {
Copy link
Contributor

@droguljic droguljic Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if we'll be able to test this, but it is worth to investigate - is the password value masked in the output of the Pulumi program?

Note: it should be due to additionalSecretOutputs option sent to the super, but having that test would be beneficial to capture potential leaks.

Copy link
Member Author

@bornast bornast Dec 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've done some investigation and seems like additionalSecretOutputs isn't even working for custom components as it states in the docs.
I had to wrap the value in pulumi.secret() which behaves the same as output except the returned output is marked as containing sensitive data.
I also implemented a test to verify that the password is treated as a secret. To make that test work, I had to export the password output directly from the infrastructure index file. The reason is that the automation api unwraps values, and for objects it only keeps the secret flag at the top level. Because of that, there’s no reliable way to check whether nested properties are secrets once they’re unwrapped.

mandryllo
mandryllo reviewed Dec 8, 2025
View reviewed changes
@bornast bornast added the Don't merge Do not merge this PR label Dec 15, 2025
@bornast bornast removed the Don't merge Do not merge this PR label Dec 16, 2025
mandryllo
mandryllo requested changes Dec 16, 2025
View reviewed changes
@bornast bornast requested a review from mandryllo December 16, 2025 12:23
mandryllo
mandryllo approved these changes Dec 16, 2025
View reviewed changes
Copy link
Collaborator

@mandryllo mandryllo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mandryllo mandryllo mandryllo approved these changes

@abasic abasic Awaiting requested review from abasic

@MiroDojkic MiroDojkic Awaiting requested review from MiroDojkic

@droguljic droguljic Awaiting requested review from droguljic

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bornast @droguljic @mandryllo