Pulumi

- Python SDK fix for a crash resulting from a KeyError if secrets were used in configuration.

- Fix an issue where a secret would not be encrypted in the state file if it was
a property of a resource which was used as a stack output (fixes
[2862](https://github.com/pulumi/pulumi/issues/2862))

- SDK fix for crash that could occasionally happen if there were multiple identical aliases to the
same Resource.

- Engine fix for crash that could occasionally happen if there were multiple identical aliases to
the same Resource.

- Allow setting backend URL explicitly in `Pulumi.yaml` file

- `StackReference` now has a `.getOutputSync` function to retrieve exported values from an existing
stack synchronously. This can be valuable when creating another stack that wants to base
flow-control off of the values of an existing stack (i.e. importing the information about all AZs
and basing logic off of that in a new stack). Note: this only works for importing values from
Stacks that have not exported `secrets`.

- When the environment variable `PULUMI_TEST_MODE` is set to `true`, the
Python runtime will now behave as if
`pulumi.runtime.settings._set_test_mode_enabled(True)` had been called. This
mirrors the behavior for NodeJS programs (fixes [2818](https://github.com/pulumi/pulumi/issues/2818)).

- Resources that are only 'read' will no longer be displayed in the terminal tree-display anymore.
These ended up heavily cluttering the display and often meant that programs without updates still
showed a bunch of resources that weren't important. There will still be a message displayed
indicating that a 'read' has happened to help know that these are going on and that the program is making progress.

Improvements

- docs(login): escape codeblocks, and add object store state instructions
[2810](https://github.com/pulumi/pulumi/pull/2810)
- The API for passing along a custom provider to a ComponentResource has been simplified. You can
now just say `new SomeComponentResource(name, props, { provider: awsProvider })` instead of `new
SomeComponentResource(name, props, { providers: { "aws" : awsProvider } })`
- Fix a bug where the path provided to a URL in `pulumi login` is lost are dropped, so if you `pulumi login
s3://bucketname/afolder`, the Pulumi files will be inside of `s3://bucketname/afolder/.pulumi` rather than
`s3://bucketname/.pulumi` (thanks, [bigkraig](https://github.com/bigkraig)!). **NOTE**: If you have been
logging in to the s3 backend with a path after the bucket name, you will need to either move the .pulumi
folder in the bucket to the correct location or log in again without the path prefix to see your previous
stacks.
- Fix a crash that would happen if you ran `pulumi stack output` against an empty stack (fixes
[pulumi/pulumi2792](https://github.com/pulumi/pulumi/issues/2792)).
- Unparented Pulumi `CustomResource`s now support calling `.getProvider(...)` on them.

Improvements

- Fixed a bug that caused an assertion when dealing with unchanged resources across version upgrades.