Unsecret tags all (#3471)

Stacked on top of #3468. This PR removes secreting tagsAll in all cases. This will allow users to leak secret tags. Fixes #3265
pulumi · Feb 27, 2024 · 4c1ce0e · 4c1ce0e
1 parent 9a0bcc6
commit 4c1ce0e
Show file tree

Hide file tree

Showing 3,229 changed files with 2,036 additions and 15,458 deletions.
diff --git a/examples/examples_test.go b/examples/examples_test.go
@@ -414,10 +414,7 @@ func TestRegressUnknownTags(t *testing.T) {
 		"revokeRulesOnDelete": true,
 		"vpcId": "vpc-4b82e033",
 		"tags": "04da6b54-80e4-46f7-96ec-b56ff0331ba9",
-                "tagsAll": {
-                    "4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
-                    "value": "04da6b54-80e4-46f7-96ec-b56ff0331ba9"
-                }
+                "tagsAll": "04da6b54-80e4-46f7-96ec-b56ff0331ba9"
               }
             }
           }
@@ -587,7 +584,7 @@ func TestWrongStateMaxItemOneDiffProduced(t *testing.T) {
 }
 
 func TestSourceCodeHashImportedLambdaChecksCleanly(t *testing.T) {
-  replay(t, `
+	replay(t, `
   [{
     "method": "/pulumirpc.ResourceProvider/Check",
     "request": {

diff --git a/examples/examples_yaml_test.go b/examples/examples_yaml_test.go
@@ -29,7 +29,6 @@ import (
 	"strings"
 	"testing"
 
-	"encoding/json"
 	"github.com/pulumi/pulumi/pkg/v3/testing/integration"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -372,15 +371,3 @@ outputs:
 		}
 	}
 }
-
-func TestRegressSecretTags(t *testing.T) {
-	integration.ProgramTest(t, &integration.ProgramTestOptions{
-		Dir:   "bucket-secret-tags-yaml",
-		Quick: true,
-		ExtraRuntimeValidation: func(t *testing.T, stack integration.RuntimeValidationStackInfo) {
-			bytes, err := json.Marshal(stack.Deployment)
-			require.NoError(t, err)
-			require.NotContainsf(t, string(bytes), "mysecret", "mysecret leaked to state in plain text")
-		},
-	})
-}
diff --git a/provider/cmd/pulumi-resource-aws/schema.json b/provider/cmd/pulumi-resource-aws/schema.json
diff --git a/provider/resources.go b/provider/resources.go
@@ -6270,18 +6270,12 @@ $ pulumi import aws:networkfirewall/resourcePolicy:ResourcePolicy example arn:aw
 			fields["tags_all"] = &tfbridge.SchemaInfo{}
 		}
 
-		fields["tags_all"].Secret = tfbridge.True()
-		fields["tags_all"].DeprecationMessage = "Please use `tags` instead."
-
 		// Upstream provider is edited to unmark tags_all as computed internally so that
 		// Pulumi provider internals can set it, but the user should not be able to set it.
 		fields["tags_all"].MarkAsComputedOnly = tfbridge.True()
-
+		fields["tags_all"].DeprecationMessage = "Please use `tags` instead."
 		fields["tags_all"].MarkAsOptional = tfbridge.False()
 
-		contract.Assertf(prov.Resources[key].TransformOutputs == nil,
-			"prov.Resources[key].TransformOutputs==nil")
-
 		return true
 	})
 

diff --git a/sdk/dotnet/AccessAnalyzer/Analyzer.cs b/sdk/dotnet/AccessAnalyzer/Analyzer.cs
diff --git a/sdk/dotnet/Acm/Certificate.cs b/sdk/dotnet/Acm/Certificate.cs
diff --git a/sdk/dotnet/Acmpca/CertificateAuthority.cs b/sdk/dotnet/Acmpca/CertificateAuthority.cs
diff --git a/sdk/dotnet/Alb/Listener.cs b/sdk/dotnet/Alb/Listener.cs
diff --git a/sdk/dotnet/Alb/ListenerRule.cs b/sdk/dotnet/Alb/ListenerRule.cs
diff --git a/sdk/dotnet/Alb/LoadBalancer.cs b/sdk/dotnet/Alb/LoadBalancer.cs
diff --git a/sdk/dotnet/Alb/TargetGroup.cs b/sdk/dotnet/Alb/TargetGroup.cs
diff --git a/sdk/dotnet/Amp/Scraper.cs b/sdk/dotnet/Amp/Scraper.cs
diff --git a/sdk/dotnet/Amp/Workspace.cs b/sdk/dotnet/Amp/Workspace.cs
diff --git a/sdk/dotnet/Amplify/App.cs b/sdk/dotnet/Amplify/App.cs
diff --git a/sdk/dotnet/Amplify/Branch.cs b/sdk/dotnet/Amplify/Branch.cs
diff --git a/sdk/dotnet/ApiGateway/ApiKey.cs b/sdk/dotnet/ApiGateway/ApiKey.cs
diff --git a/sdk/dotnet/ApiGateway/ClientCertificate.cs b/sdk/dotnet/ApiGateway/ClientCertificate.cs
diff --git a/sdk/dotnet/ApiGateway/DomainName.cs b/sdk/dotnet/ApiGateway/DomainName.cs