Hide secrets in source tooltip, correct ExpressionResolver logic for non-containers

[adamint]

Description

Took the opportunity to clean up my code in GetSourceViewModel as well to add a type CommandLineInfo instead of relying on a tuple. Hides secrets in tooltips using the same masking characters as appear in the GridValue.

Also removes logic in ExpressionResolver that resolves some types of expressions only for containers. All expressions except EndpointReferenceExpression and EndpointReference should be resolved for all resource types. The only other difference between containers and other types of resources is how HostUrl is resolved (special-cased for containers).

Fixes #7634, fixes #7632

Checklist

• Is this feature complete?
  • Yes. Ready to ship.
  • No. Follow-up changes expected.
• Are you including unit tests for the changes and scenario tests if relevant?
  • Yes
  • No
• Did you add public API?
  • Yes
    • If yes, did you have an API Review for it?
      • Yes
      • No
    • Did you add <remarks /> and <code /> elements on your triple slash comments?
      • Yes
      • No
  • No
• Does the change make any security assumptions or guarantees?
  • Yes
    • If yes, have you done a threat model and had a security review?
      • Yes
      • No
  • No
• Does the change require an update in our Aspire docs?
  • Yes
    • Is this introducing a breaking change?
      • Yes
        • Link to aspire-docs issue (please use this breaking-change template):
      • No
        • Link to aspire-docs issue (please use this doc-idea template):
  • No

[Copilot]

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

[eerhardt]

@davidfowl @mitchdenny @davidebbo - do we even need these 2 cases? Since ConnectionStringReference and IResourceWithConnectionString implement IValueProvider, shouldn't this just fall to that case?

(Note we don't necessarily need to change this in this PR, but I'm just trying to understand if I have the logic correct. If we are going to backport this to 9.1, we may not want to risk a change here.)

[eerhardt]

Nevermind, I think I understand why this is necessary - because we want to intercept any "host" references inside the ConnectionString and redirect them to the containerHostName.

Would it ever work if someone implemented an IValueProvider that contained a "host" reference, but wasn't one of these?

[eerhardt]

LGTM. I just had some questions for my learning.

[adamint]

Example with a connection string, like in @DamianEdwards's example in #7632 -

[adamint]

@eerhardt I added some additional special cases for certain resource kinds in ExpressionEvaluator, enough changes that need a re-review

[danmoseley]

@adamint please get this in 9.1 today if possible.

[adamint]

@adamint please get this in 9.1 today if possible.

Waiting on re-review. @eerhardt @davidfowl

[eerhardt]

The changes look good to me. Just a couple minor comments.

[eerhardt]

Are there other tests that should be added for this change? Specifically for the case(s) where we are changing ExpressionResolver - to catch secrets inside connection strings.

[adamint]

Added those tests in ExpressionResolverTests

[JamesNK]

Dashboard changes look good. Need some tests and a little clean up.

Is there a sample where this can be manually tested?

[JamesNK]

Is there a sample where this can be manually tested?

[adamint]

Is there a sample where this can be manually tested?

There is not, as there is no sample using ef migrate or this feature. We could add one? but I'm unsure exactly how to replicate the use case in #7632 - @DamianEdwards maybe for suggestion, or could you share the app you were referencing there?

I've been manually testing using the following, inspired by #7632 -

Update any service in TestShop.AppHost/Program.cs to include .WithArgs(catalogDb.Resource)

[adamint]

/backport to release/9.1

[github-actions]

Started backporting to release/9.1: https://github.com/dotnet/aspire/actions/runs/13428696603

[davidfowl]

I would be worried about side effects. We should only do this in the null case to avoid double evaluation in the common case.

[mitchdenny]

@adamint I was taking a closer look at this PR and I noticed a bug. Lets say I do this:

builder.Configuration["ConnectionStrings:connstring"] = "dummyvalue";
var connstring = builder.AddConnectionString("connstring");
builder.AddExecutable("pinger", "path/to/ping", "localhost", connstring);

When this renders in the console it'll look like this. The connectionstring type name itself is being rendered into the source column. I don't think that is the intention? It should just show the secret placeholder value.

Scratch that could be an underlying issue with the args handling with executable resources. It happens in 9.0 as well so I'm looking into it. Maybe there is an inconsistency here between containers and executables.

[mitchdenny]

Also issue #7634 suggests that we should also have a show secrets button in the copy dialog. I'm not 100% sure I agree that we need to do that - but was that a deliberate choice. If it was just skipped for expediency for 9.1 and we still want to do it then we should re-open that issue or open a new one to make sure we don't loose track.

[adamint]

Also issue #7634 suggests that we should also have a show secrets button in the copy dialog. I'm not 100% sure I agree that we need to do that - but was that a deliberate choice. If it was just skipped for expediency for 9.1 and we still want to do it then we should re-open that issue or open a new one to make sure we don't loose track.

It's a deliberate choice, I'll make a comment in #7634 as well - opening the text visualizer is an explicit action. With secret properties in the resource details view, users wouldn't otherwise be able to hide secrets without them being initially masked, of course. Here, secrets are already hidden in the source column; if users want to see all args (masked), they can expand the column or hover to show the (masked) tooltip.