From 6a8c41ff47e76e4b08ce10ee4c929d3bd84e44a9 Mon Sep 17 00:00:00 2001
From: Stefan Reimer <stefan@zero-downtime.net>
Date: Tue, 15 Mar 2022 11:18:00 +0100
Subject: [PATCH] fix: bail out if Pulumi secrets provider is missing, incl.
 overwrite for bootstrap

---
 cloudbender/pulumi.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cloudbender/pulumi.py b/cloudbender/pulumi.py
index 9bba8a1..4e7ee82 100644
--- a/cloudbender/pulumi.py
+++ b/cloudbender/pulumi.py
@@ -92,7 +92,7 @@ def pulumi_init(stack):
     os.environ["AWS_DEFAULT_REGION"] = stack.region
 
     # Secrets provider
-    try:
+    if "secretsProvider" in stack.pulumi:
         secrets_provider = stack.pulumi["secretsProvider"]
         if (
             secrets_provider == "passphrase"
@@ -100,9 +100,13 @@ def pulumi_init(stack):
         ):
             raise ValueError("Missing PULUMI_CONFIG_PASSPHRASE environment variable!")
 
-    except KeyError:
-        logger.warning("Missing pulumi.secretsProvider setting, secrets disabled !")
-        secrets_provider = None
+    else:
+        try:
+            if _stack.IKNOWHATIDO:
+                logger.warning("Missing pulumi.secretsProvider setting, IKNOWHATIDO enabled ... ")
+                secrets_provider = None
+        except AttributeError:
+            raise ValueError("Missing pulumi.secretsProvider setting!")
 
     # Set tag for stack file name and version
     _tags = stack.tags