secretAccessKey on S3Credential returns empty string

[tcrasset]

Until recently, everything was fine. Now, the S3Credential property returns an empty string for the secretAccessKey property.

const userS3 = new ovh.cloudproject.User(
  "user-s3",
  {
    serviceName: projectId,
    description: "Service account ONLY to access OVH S3 Buckets.",
    roleNames: ["objectstore_operator"],
  },
  { provider: ovhProvider },
);

const newUserS3Credentials = new ovh.cloudproject.S3Credential(
  "new-user-s3-credentials",
  {
    serviceName: projectId,
    userId: newUserS3.id,
  },
  { provider: ovhProvider },
);

newUserS3Credentials.accessKeyId.apply((s) => console.log(`access key id: ${s}`))
newUserS3Credentials.secretAccessKey.apply((s) => console.log(`secret access key: ${s}`))

Doing pulumi up, prints

  pulumi:pulumi:Stack (avatar-ovh-test-pulumi2):
    access key id: REDACTED
    secret access key:

This is unfortunate as now we have to hardcode the secretAccessKey when using the aws.Provider

const bucketDomain = `s3.${REGION_SHORTNAME_LOWERCASE}.io.cloud.ovh.net`;
const awsProviderClassic = new aws_classic.Provider("aws", {
  accessKey: newUserS3Credentials.accessKeyId,
  secretKey: newUserS3Credentials.secretAccessKey,
  skipRegionValidation: true,
  skipCredentialsValidation: true,
  skipRequestingAccountId: true,
  skipMetadataApiCheck: true,
  region: REGION_SHORTNAME_LOWERCASE as aws_classic.Region,
  endpoints: [
    {
      s3: `https://${bucketDomain}`,
      s3api: `https://${bucketDomain}`,
    },
  ],
});
// We do use the classic provider as ovh does not implement
// buckets yet in the native provider.
// https://github.com/pulumi/pulumi-aws-native/issues/108

const bucketS3 = new aws_classic.s3.BucketV2(
  "shared-storage",
  {},
  { provider: awsProviderClassic },
);

Which fails due to secretAccessKey missing with

  aws:s3:BucketV2 (shared-storage):
    error: 1 error occurred:
    	* retrieving credentials: static credentials are empty