From ff58d43ff1d6a94e1cdb093ea08aac6355501684 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Tue, 24 Oct 2023 11:34:41 +0000 Subject: [PATCH] Add limited support for nested secrets --- cloudbender/stack.py | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/cloudbender/stack.py b/cloudbender/stack.py index a75beaf..58b3f69 100644 --- a/cloudbender/stack.py +++ b/cloudbender/stack.py @@ -953,7 +953,7 @@ class Stack(object): """Set a config or secret""" pulumi_stack = self._get_pulumi_stack(create=True) - pulumi_stack.set_config(key, pulumi.automation.ConfigValue(value, secret)) + pulumi_stack.set_config(key, pulumi.automation.ConfigValue(value, secret)) # Pulumi bug https://github.com/pulumi/pulumi/issues/13063 so no: , path=True) # Store salt or key and encrypted value in CloudBender stack config settings = None @@ -974,9 +974,18 @@ class Stack(object): if "parameters" not in settings: settings["parameters"] = {} - settings["parameters"][key] = pulumi_settings["config"][ - "{}:{}".format(self.parameters["Conglomerate"], key) - ] + + + # hack for bug above, we support one level of nested values for now + _val = pulumi_settings["config"]["{}:{}".format(self.parameters["Conglomerate"], key)] + if '.' in key: + (root,leaf) = key.split('.') + if root not in settings["parameters"]: + settings["parameters"][root] = {} + + settings["parameters"][root][leaf] = _val + else: + settings["parameters"][key] = _val with open(self.path, "w") as file: yaml.dump(settings, stream=file) @@ -987,7 +996,7 @@ class Stack(object): def get_config(self, key): """Get a config or secret""" - print(self._get_pulumi_stack().get_config(key).value) + print(self._get_pulumi_stack().get_config(key, path=True).value) def create_change_set(self, change_set_name): """Creates a Change Set with the name ``change_set_name``."""