Allow Python dynamic providers to capture secrets #15864
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As of #13315 (which shipped in v3.75.0),
__provider
(the serialized provider string) is always set to a secret in the state. This can lead to poor performance when there are a lot of dynamic resources and the serialized provider does not actually have any secrets.This change allows Outputs to be captured during serialization of the provider, which wasn't previously possible.
Additionally, a new attribute,
auto_secret
, can be set on theResourceProvider
subclass to opt-in to automatically determining the secretness based on whether any secret Outputs were captured during serialization of the provider.auto_secret
isFalse
by default, which makes__provider
always a secret (current behavior). If set toTrue
,__provider
will only be a secret if secret Outputs were captured during serialization of the provider.Setting
auto_secret
toTrue
aligns Python dynamic providers with Node.js.Fixes #15539