2018-05-22 21:43:36 +02:00
|
|
|
// Copyright 2016-2018, Pulumi Corporation.
|
|
|
|
|
//
|
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
|
//
|
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
//
|
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
|
// limitations under the License.
|
2017-03-06 16:07:24 +01:00
|
|
|
|
2017-09-22 04:18:21 +02:00
|
|
|
package cmd
|
2017-03-06 16:07:24 +01:00
|
|
|
|
|
|
|
|
import (
|
2019-01-18 22:54:56 +01:00
|
|
|
"encoding/json"
|
2017-10-02 22:35:39 +02:00
|
|
|
"fmt"
|
2018-02-05 03:45:19 +01:00
|
|
|
"io/ioutil"
|
|
|
|
|
"os"
|
2018-08-10 03:10:32 +02:00
|
|
|
"regexp"
|
2017-10-02 22:35:39 +02:00
|
|
|
"sort"
|
2017-10-17 01:01:34 +02:00
|
|
|
"strings"
|
2017-10-02 22:35:39 +02:00
|
|
|
|
Detect secret-like config (#1689)
Previously, we would unconditionally warn anytime you added a non-secret
config:
$ pulumi config set aws:region us-west-2
warning: saved config key '%s' value '%s' as plaintext;
re-run with --secret to encrypt the value instead.
Use --plaintext to avoid this warning
This was particularly annoying, since it is very common to store
non-secret config. For instance, the AWS region. And it was easy to tune
out because it wasn't actually warning about anything interesting.
This change, which resolves pulumi/pulumi#570, uses an approach similar
to Go's gas linter, to detect high entropy values, and issue an error.
This ensures that we only make noise on things we suspect are actually
secrets being stored in plaintext, and forces the user to pass
--plaintext. For instance, the common case issues no errors:
$ pulumi config set aws:region us-west-2
And in the event that you store something that is secret-like:
$ pulumi config set aws:region nq8r4B4xslzrtj0a3
error: config value 'nq8r4B4xslzrtj0a3' looks like a secret;
rerun with --secret to encrypt it, or --plaintext if you meant
to store in plaintext
To suppress this, simply pass --secret (to encrypt) or --plaintext (to
override the warning).
2018-08-02 13:14:16 +02:00
|
|
|
zxcvbn "github.com/nbutton23/zxcvbn-go"
|
2017-08-31 23:31:33 +02:00
|
|
|
"github.com/pkg/errors"
|
2017-03-06 16:07:24 +01:00
|
|
|
"github.com/spf13/cobra"
|
2018-02-05 03:45:19 +01:00
|
|
|
"golang.org/x/crypto/ssh/terminal"
|
2017-03-06 16:07:24 +01:00
|
|
|
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
"github.com/pulumi/pulumi/pkg/backend"
|
2018-09-05 00:40:15 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/backend/display"
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
"github.com/pulumi/pulumi/pkg/resource/config"
|
2019-05-15 08:23:03 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/secrets"
|
2017-09-22 04:18:21 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/tokens"
|
|
|
|
|
"github.com/pulumi/pulumi/pkg/util/cmdutil"
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
"github.com/pulumi/pulumi/pkg/workspace"
|
2017-03-06 16:07:24 +01:00
|
|
|
)
|
|
|
|
|
|
Make major commands more pleasant
This change eliminates the need to constantly type in the environment
name when performing major commands like configuration, planning, and
deployment. It's probably due to my age, however, I keep fat-fingering
simple commands in front of investors and I am embarrassed!
In the new model, there is a notion of a "current environment", and
I have modeled it kinda sorta just like Git's notion of "current branch."
By default, the current environment is set when you `init` something.
Otherwise, there is the `coco env select <env>` command to change it.
(Running this command w/out a new <env> will show you the current one.)
The major commands `config`, `plan`, `deploy`, and `destroy` will prefer
to use the current environment, unless it is overridden by using the
--env flag. All of the `coco env <cmd> <env>` commands still require the
explicit passing of an environment which seems reasonable since they are,
after all, about manipulating environments.
As part of this, I've overhauled the aging workspace settings cruft,
which had fallen into disrepair since the initial prototype.
2017-03-22 03:23:32 +01:00
|
|
|
func newConfigCmd() *cobra.Command {
|
2017-11-14 22:28:27 +01:00
|
|
|
var stack string
|
|
|
|
|
var showSecrets bool
|
2019-01-18 22:54:56 +01:00
|
|
|
var jsonOut bool
|
2017-11-14 22:28:27 +01:00
|
|
|
|
2017-03-06 16:07:24 +01:00
|
|
|
cmd := &cobra.Command{
|
2017-10-19 00:37:18 +02:00
|
|
|
Use: "config",
|
|
|
|
|
Short: "Manage configuration",
|
2017-11-14 22:28:27 +01:00
|
|
|
Long: "Lists all configuration values for a specific stack. To add a new configuration value, run\n" +
|
2019-03-02 20:04:09 +01:00
|
|
|
"'pulumi config set'. To remove and existing value run 'pulumi config rm'. To get the value of\n" +
|
2017-11-14 22:28:27 +01:00
|
|
|
"for a specific configuration key, use 'pulumi config get <key-name>'.",
|
2017-11-29 22:44:06 +01:00
|
|
|
Args: cmdutil.NoArgs,
|
2017-11-14 22:28:27 +01:00
|
|
|
Run: cmdutil.RunFunc(func(cmd *cobra.Command, args []string) error {
|
2018-09-05 00:40:15 +02:00
|
|
|
opts := display.Options{
|
2018-07-07 06:30:00 +02:00
|
|
|
Color: cmdutil.GetGlobalColorization(),
|
|
|
|
|
}
|
|
|
|
|
|
Initial support for passing URLs to `new` and `up` (#1727)
* Initial support for passing URLs to `new` and `up`
This PR adds initial support for `pulumi new` using Git under the covers
to manage Pulumi templates, providing the same experience as before.
You can now also optionally pass a URL to a Git repository, e.g.
`pulumi new [<url>]`, including subdirectories within the repository,
and arbitrary branches, tags, or commits.
The following commands result in the same behavior from the user's
perspective:
- `pulumi new javascript`
- `pulumi new https://github.com/pulumi/templates/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates/javascript`
To specify an arbitrary branch, tag, or commit:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates/javascript`
Branches and tags can include '/' separators, and `pulumi` will still
find the right subdirectory.
URLs to Gists are also supported, e.g.:
`pulumi new https://gist.github.com/justinvp/6673959ceb9d2ac5a14c6d536cb871a6`
If the specified subdirectory in the repository does not contain a
`Pulumi.yaml`, it will look for subdirectories within containing
`Pulumi.yaml` files, and prompt the user to choose a template, along the
lines of how `pulumi new` behaves when no template is specified.
The following commands result in the CLI prompting to choose a template:
- `pulumi new`
- `pulumi new https://github.com/pulumi/templates/templates`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates`
Of course, arbitrary branches, tags, or commits can be specified as well:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates`
This PR also includes initial support for passing URLs to `pulumi up`,
providing a streamlined way to deploy installable cloud applications
with Pulumi, without having to manage source code locally before doing
a deployment.
For example, `pulumi up https://github.com/justinvp/aws` can be used to
deploy a sample AWS app. The stack can be updated with different
versions, e.g.
`pulumi up https://github.com/justinvp/aws/tree/v2 -s <stack-to-update>`
Config values can optionally be passed via command line flags, e.g.
`pulumi up https://github.com/justinvp/aws -c aws:region=us-west-2 -c foo:bar=blah`
Gists can also be used, e.g.
`pulumi up https://gist.github.com/justinvp/62fde0463f243fcb49f5a7222e51bc76`
* Fix panic when hitting ^C from "choose template" prompt
* Add description to templates
When running `pulumi new` without specifying a template, include the template description along with the name in the "choose template" display.
```
$ pulumi new
Please choose a template:
aws-go A minimal AWS Go program
aws-javascript A minimal AWS JavaScript program
aws-python A minimal AWS Python program
aws-typescript A minimal AWS TypeScript program
> go A minimal Go program
hello-aws-javascript A simple AWS serverless JavaScript program
javascript A minimal JavaScript program
python A minimal Python program
typescript A minimal TypeScript program
```
* React to changes to the pulumi/templates repo.
We restructured the `pulumi/templates` repo to have all the templates in the root instead of in a `templates` subdirectory, so make the change here to no longer look for templates in `templates`.
This also fixes an issue around using `Depth: 1` that I found while testing this. When a named template is used, we attempt to clone or pull from the `pulumi/templates` repo to `~/.pulumi/templates`. Having it go in this well-known directory allows us to maintain previous behavior around allowing offline use of templates. If we use `Depth: 1` for the initial clone, it will fail when attempting to pull when there are updates to the remote repository. Unfortunately, there's no built-in `--unshallow` support in `go-git` and setting a larger `Depth` doesn't appear to help. There may be a workaround, but for now, if we're cloning the pulumi templates directory to `~/.pulumi/templates`, we won't use `Depth: 1`. For template URLs, we will continue to use `Depth: 1` as we clone those to a temp directory (which gets deleted) that we'll never try to update.
* List available templates in help text
* Address PR Feedback
* Don't show "Installing dependencies" message for `up`
* Fix secrets handling
When prompting for config, if the existing stack value is a secret, keep it a secret and mask the prompt. If the template says it should be secret, make it a secret.
* Fix ${PROJECT} and ${DESCRIPTION} handling for `up`
Templates used with `up` should already have a filled-in project name and description, but if it's a `new`-style template, that has `${PROJECT}` and/or `${DESCRIPTION}`, be helpful and just replace these with better values.
* Fix stack handling
Add a bool `setCurrent` param to `requireStack` to control whether the current stack should be saved in workspace settings. For the `up <url>` case, we don't want to save. Also, split the `up` code into two separate functions: one for the `up <url>` case and another for the normal `up` case where you have workspace in your current directory. While we may be able to combine them back into a single function, right now it's a bit cleaner being separate, even with some small amount of duplication.
* Fix panic due to nil crypter
Lazily get the crypter only if needed inside `promptForConfig`.
* Embellish comment
* Harden isPreconfiguredEmptyStack check
Fix the code to check to make sure the URL specified on the command line matches the URL stored in the `pulumi:template` config value, and that the rest of the config from the stack satisfies the config requirements of the template.
2018-08-11 03:08:16 +02:00
|
|
|
stack, err := requireStack(stack, true, opts, true /*setCurrent*/)
|
2017-11-14 22:28:27 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
return listConfig(stack, showSecrets, jsonOut)
|
2017-11-14 22:28:27 +01:00
|
|
|
}),
|
2017-10-19 00:37:18 +02:00
|
|
|
}
|
2017-11-14 22:28:27 +01:00
|
|
|
|
|
|
|
|
cmd.Flags().BoolVar(
|
|
|
|
|
&showSecrets, "show-secrets", false,
|
|
|
|
|
"Show secret values when listing config instead of displaying blinded values")
|
2019-01-18 22:54:56 +01:00
|
|
|
cmd.Flags().BoolVarP(
|
|
|
|
|
&jsonOut, "json", "j", false,
|
|
|
|
|
"Emit output as JSON")
|
2017-11-14 22:28:27 +01:00
|
|
|
cmd.PersistentFlags().StringVarP(
|
|
|
|
|
&stack, "stack", "s", "",
|
2018-06-26 02:24:53 +02:00
|
|
|
"The name of the stack to operate on. Defaults to the current stack")
|
2018-12-01 00:11:05 +01:00
|
|
|
cmd.PersistentFlags().StringVar(
|
|
|
|
|
&stackConfigFile, "config-file", "",
|
|
|
|
|
"Use the configuration values in the specified file rather than detecting the file name")
|
2017-11-14 22:28:27 +01:00
|
|
|
|
|
|
|
|
cmd.AddCommand(newConfigGetCmd(&stack))
|
|
|
|
|
cmd.AddCommand(newConfigRmCmd(&stack))
|
|
|
|
|
cmd.AddCommand(newConfigSetCmd(&stack))
|
2018-04-27 01:13:52 +02:00
|
|
|
cmd.AddCommand(newConfigRefreshCmd(&stack))
|
2017-10-19 00:37:18 +02:00
|
|
|
|
|
|
|
|
return cmd
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
func newConfigGetCmd(stack *string) *cobra.Command {
|
2019-01-18 22:54:56 +01:00
|
|
|
var jsonOut bool
|
|
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
getCmd := &cobra.Command{
|
|
|
|
|
Use: "get <key>",
|
|
|
|
|
Short: "Get a single configuration value",
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
Args: cmdutil.SpecificArgs([]string{"key"}),
|
2017-10-19 00:37:18 +02:00
|
|
|
Run: cmdutil.RunFunc(func(cmd *cobra.Command, args []string) error {
|
2018-09-05 00:40:15 +02:00
|
|
|
opts := display.Options{
|
2018-07-07 06:30:00 +02:00
|
|
|
Color: cmdutil.GetGlobalColorization(),
|
|
|
|
|
}
|
|
|
|
|
|
Initial support for passing URLs to `new` and `up` (#1727)
* Initial support for passing URLs to `new` and `up`
This PR adds initial support for `pulumi new` using Git under the covers
to manage Pulumi templates, providing the same experience as before.
You can now also optionally pass a URL to a Git repository, e.g.
`pulumi new [<url>]`, including subdirectories within the repository,
and arbitrary branches, tags, or commits.
The following commands result in the same behavior from the user's
perspective:
- `pulumi new javascript`
- `pulumi new https://github.com/pulumi/templates/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates/javascript`
To specify an arbitrary branch, tag, or commit:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates/javascript`
Branches and tags can include '/' separators, and `pulumi` will still
find the right subdirectory.
URLs to Gists are also supported, e.g.:
`pulumi new https://gist.github.com/justinvp/6673959ceb9d2ac5a14c6d536cb871a6`
If the specified subdirectory in the repository does not contain a
`Pulumi.yaml`, it will look for subdirectories within containing
`Pulumi.yaml` files, and prompt the user to choose a template, along the
lines of how `pulumi new` behaves when no template is specified.
The following commands result in the CLI prompting to choose a template:
- `pulumi new`
- `pulumi new https://github.com/pulumi/templates/templates`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates`
Of course, arbitrary branches, tags, or commits can be specified as well:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates`
This PR also includes initial support for passing URLs to `pulumi up`,
providing a streamlined way to deploy installable cloud applications
with Pulumi, without having to manage source code locally before doing
a deployment.
For example, `pulumi up https://github.com/justinvp/aws` can be used to
deploy a sample AWS app. The stack can be updated with different
versions, e.g.
`pulumi up https://github.com/justinvp/aws/tree/v2 -s <stack-to-update>`
Config values can optionally be passed via command line flags, e.g.
`pulumi up https://github.com/justinvp/aws -c aws:region=us-west-2 -c foo:bar=blah`
Gists can also be used, e.g.
`pulumi up https://gist.github.com/justinvp/62fde0463f243fcb49f5a7222e51bc76`
* Fix panic when hitting ^C from "choose template" prompt
* Add description to templates
When running `pulumi new` without specifying a template, include the template description along with the name in the "choose template" display.
```
$ pulumi new
Please choose a template:
aws-go A minimal AWS Go program
aws-javascript A minimal AWS JavaScript program
aws-python A minimal AWS Python program
aws-typescript A minimal AWS TypeScript program
> go A minimal Go program
hello-aws-javascript A simple AWS serverless JavaScript program
javascript A minimal JavaScript program
python A minimal Python program
typescript A minimal TypeScript program
```
* React to changes to the pulumi/templates repo.
We restructured the `pulumi/templates` repo to have all the templates in the root instead of in a `templates` subdirectory, so make the change here to no longer look for templates in `templates`.
This also fixes an issue around using `Depth: 1` that I found while testing this. When a named template is used, we attempt to clone or pull from the `pulumi/templates` repo to `~/.pulumi/templates`. Having it go in this well-known directory allows us to maintain previous behavior around allowing offline use of templates. If we use `Depth: 1` for the initial clone, it will fail when attempting to pull when there are updates to the remote repository. Unfortunately, there's no built-in `--unshallow` support in `go-git` and setting a larger `Depth` doesn't appear to help. There may be a workaround, but for now, if we're cloning the pulumi templates directory to `~/.pulumi/templates`, we won't use `Depth: 1`. For template URLs, we will continue to use `Depth: 1` as we clone those to a temp directory (which gets deleted) that we'll never try to update.
* List available templates in help text
* Address PR Feedback
* Don't show "Installing dependencies" message for `up`
* Fix secrets handling
When prompting for config, if the existing stack value is a secret, keep it a secret and mask the prompt. If the template says it should be secret, make it a secret.
* Fix ${PROJECT} and ${DESCRIPTION} handling for `up`
Templates used with `up` should already have a filled-in project name and description, but if it's a `new`-style template, that has `${PROJECT}` and/or `${DESCRIPTION}`, be helpful and just replace these with better values.
* Fix stack handling
Add a bool `setCurrent` param to `requireStack` to control whether the current stack should be saved in workspace settings. For the `up <url>` case, we don't want to save. Also, split the `up` code into two separate functions: one for the `up <url>` case and another for the normal `up` case where you have workspace in your current directory. While we may be able to combine them back into a single function, right now it's a bit cleaner being separate, even with some small amount of duplication.
* Fix panic due to nil crypter
Lazily get the crypter only if needed inside `promptForConfig`.
* Embellish comment
* Harden isPreconfiguredEmptyStack check
Fix the code to check to make sure the URL specified on the command line matches the URL stored in the `pulumi:template` config value, and that the rest of the config from the stack satisfies the config requirements of the template.
2018-08-11 03:08:16 +02:00
|
|
|
s, err := requireStack(*stack, true, opts, true /*setCurrent*/)
|
2017-10-25 19:31:42 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-10-19 00:37:18 +02:00
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
key, err := parseConfigKey(args[0])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "invalid configuration key")
|
2017-10-19 00:37:18 +02:00
|
|
|
}
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
return getConfig(s, key, jsonOut)
|
2017-10-19 00:37:18 +02:00
|
|
|
}),
|
|
|
|
|
}
|
2019-01-18 22:54:56 +01:00
|
|
|
getCmd.Flags().BoolVarP(
|
|
|
|
|
&jsonOut, "json", "j", false,
|
|
|
|
|
"Emit output as JSON")
|
2017-10-19 00:37:18 +02:00
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
return getCmd
|
2017-10-19 00:37:18 +02:00
|
|
|
}
|
|
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
func newConfigRmCmd(stack *string) *cobra.Command {
|
2017-10-19 00:37:18 +02:00
|
|
|
rmCmd := &cobra.Command{
|
|
|
|
|
Use: "rm <key>",
|
|
|
|
|
Short: "Remove configuration value",
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
Args: cmdutil.SpecificArgs([]string{"key"}),
|
2017-04-12 20:12:25 +02:00
|
|
|
Run: cmdutil.RunFunc(func(cmd *cobra.Command, args []string) error {
|
2018-09-05 00:40:15 +02:00
|
|
|
opts := display.Options{
|
2018-07-07 06:30:00 +02:00
|
|
|
Color: cmdutil.GetGlobalColorization(),
|
|
|
|
|
}
|
|
|
|
|
|
Initial support for passing URLs to `new` and `up` (#1727)
* Initial support for passing URLs to `new` and `up`
This PR adds initial support for `pulumi new` using Git under the covers
to manage Pulumi templates, providing the same experience as before.
You can now also optionally pass a URL to a Git repository, e.g.
`pulumi new [<url>]`, including subdirectories within the repository,
and arbitrary branches, tags, or commits.
The following commands result in the same behavior from the user's
perspective:
- `pulumi new javascript`
- `pulumi new https://github.com/pulumi/templates/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates/javascript`
To specify an arbitrary branch, tag, or commit:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates/javascript`
Branches and tags can include '/' separators, and `pulumi` will still
find the right subdirectory.
URLs to Gists are also supported, e.g.:
`pulumi new https://gist.github.com/justinvp/6673959ceb9d2ac5a14c6d536cb871a6`
If the specified subdirectory in the repository does not contain a
`Pulumi.yaml`, it will look for subdirectories within containing
`Pulumi.yaml` files, and prompt the user to choose a template, along the
lines of how `pulumi new` behaves when no template is specified.
The following commands result in the CLI prompting to choose a template:
- `pulumi new`
- `pulumi new https://github.com/pulumi/templates/templates`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates`
Of course, arbitrary branches, tags, or commits can be specified as well:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates`
This PR also includes initial support for passing URLs to `pulumi up`,
providing a streamlined way to deploy installable cloud applications
with Pulumi, without having to manage source code locally before doing
a deployment.
For example, `pulumi up https://github.com/justinvp/aws` can be used to
deploy a sample AWS app. The stack can be updated with different
versions, e.g.
`pulumi up https://github.com/justinvp/aws/tree/v2 -s <stack-to-update>`
Config values can optionally be passed via command line flags, e.g.
`pulumi up https://github.com/justinvp/aws -c aws:region=us-west-2 -c foo:bar=blah`
Gists can also be used, e.g.
`pulumi up https://gist.github.com/justinvp/62fde0463f243fcb49f5a7222e51bc76`
* Fix panic when hitting ^C from "choose template" prompt
* Add description to templates
When running `pulumi new` without specifying a template, include the template description along with the name in the "choose template" display.
```
$ pulumi new
Please choose a template:
aws-go A minimal AWS Go program
aws-javascript A minimal AWS JavaScript program
aws-python A minimal AWS Python program
aws-typescript A minimal AWS TypeScript program
> go A minimal Go program
hello-aws-javascript A simple AWS serverless JavaScript program
javascript A minimal JavaScript program
python A minimal Python program
typescript A minimal TypeScript program
```
* React to changes to the pulumi/templates repo.
We restructured the `pulumi/templates` repo to have all the templates in the root instead of in a `templates` subdirectory, so make the change here to no longer look for templates in `templates`.
This also fixes an issue around using `Depth: 1` that I found while testing this. When a named template is used, we attempt to clone or pull from the `pulumi/templates` repo to `~/.pulumi/templates`. Having it go in this well-known directory allows us to maintain previous behavior around allowing offline use of templates. If we use `Depth: 1` for the initial clone, it will fail when attempting to pull when there are updates to the remote repository. Unfortunately, there's no built-in `--unshallow` support in `go-git` and setting a larger `Depth` doesn't appear to help. There may be a workaround, but for now, if we're cloning the pulumi templates directory to `~/.pulumi/templates`, we won't use `Depth: 1`. For template URLs, we will continue to use `Depth: 1` as we clone those to a temp directory (which gets deleted) that we'll never try to update.
* List available templates in help text
* Address PR Feedback
* Don't show "Installing dependencies" message for `up`
* Fix secrets handling
When prompting for config, if the existing stack value is a secret, keep it a secret and mask the prompt. If the template says it should be secret, make it a secret.
* Fix ${PROJECT} and ${DESCRIPTION} handling for `up`
Templates used with `up` should already have a filled-in project name and description, but if it's a `new`-style template, that has `${PROJECT}` and/or `${DESCRIPTION}`, be helpful and just replace these with better values.
* Fix stack handling
Add a bool `setCurrent` param to `requireStack` to control whether the current stack should be saved in workspace settings. For the `up <url>` case, we don't want to save. Also, split the `up` code into two separate functions: one for the `up <url>` case and another for the normal `up` case where you have workspace in your current directory. While we may be able to combine them back into a single function, right now it's a bit cleaner being separate, even with some small amount of duplication.
* Fix panic due to nil crypter
Lazily get the crypter only if needed inside `promptForConfig`.
* Embellish comment
* Harden isPreconfiguredEmptyStack check
Fix the code to check to make sure the URL specified on the command line matches the URL stored in the `pulumi:template` config value, and that the rest of the config from the stack satisfies the config requirements of the template.
2018-08-11 03:08:16 +02:00
|
|
|
s, err := requireStack(*stack, true, opts, true /*setCurrent*/)
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
Suport workspace local configuration and use it by default
Previously, we stored configuration information in the Pulumi.yaml
file. This was a change from the old model where configuration was
stored in a special section of the checkpoint file.
While doing things this way has some upsides with being able to flow
configuration changes with your source code (e.g. fixed values for a
production stack that version with the code) it caused some friction
for the local development scinerio. In this case, setting
configuration values would pend changes to Pulumi.yaml and if you
didn't want to publish these changes, you'd have to remember to remove
them before commiting. It also was problematic for our examples, where
it was not clear if we wanted to actually include values like
`aws:config:region` in our samples. Finally, we found that for our
own pulumi service, we'd have values that would differ across each
individual dev stack, and publishing these values to a global
Pulumi.yaml file would just be adding noise to things.
We now adopt a hybrid model, where by default configuration is stored
locally, in the workspace's settings per project. A new flag `--save`
tests commands to actual operate on the configuration information
stored in Pulumi.yaml.
With the following change, we have have four "slots" configuration
values can end up in:
1. In the Pulumi.yaml file, applies to all stacks
2. In the Pulumi.yaml file, applied to a specific stack
3. In the local workspace.json file, applied to all stacks
4. In the local workspace.json file, applied to a specific stack
When computing the configuration information for a stack, we apply
configuration in the above order, overriding values as we go
along.
We also invert the default behavior of the `pulumi config` commands so
they operate on a specific stack (i.e. how they did before
e3610989). If you want to apply configuration to all stacks, `--all`
can be passed to any configuration command.
2017-10-27 23:24:47 +02:00
|
|
|
}
|
2017-10-03 01:37:12 +02:00
|
|
|
|
2017-10-19 00:37:18 +02:00
|
|
|
key, err := parseConfigKey(args[0])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "invalid configuration key")
|
2017-03-06 16:07:24 +01:00
|
|
|
}
|
2017-03-07 14:47:42 +01:00
|
|
|
|
2018-12-01 00:11:05 +01:00
|
|
|
ps, err := loadProjectStack(s)
|
2018-02-28 00:51:19 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2017-12-11 23:41:57 +01:00
|
|
|
}
|
|
|
|
|
|
2018-02-28 00:51:19 +01:00
|
|
|
if ps.Config != nil {
|
|
|
|
|
delete(ps.Config, key)
|
Suport workspace local configuration and use it by default
Previously, we stored configuration information in the Pulumi.yaml
file. This was a change from the old model where configuration was
stored in a special section of the checkpoint file.
While doing things this way has some upsides with being able to flow
configuration changes with your source code (e.g. fixed values for a
production stack that version with the code) it caused some friction
for the local development scinerio. In this case, setting
configuration values would pend changes to Pulumi.yaml and if you
didn't want to publish these changes, you'd have to remember to remove
them before commiting. It also was problematic for our examples, where
it was not clear if we wanted to actually include values like
`aws:config:region` in our samples. Finally, we found that for our
own pulumi service, we'd have values that would differ across each
individual dev stack, and publishing these values to a global
Pulumi.yaml file would just be adding noise to things.
We now adopt a hybrid model, where by default configuration is stored
locally, in the workspace's settings per project. A new flag `--save`
tests commands to actual operate on the configuration information
stored in Pulumi.yaml.
With the following change, we have have four "slots" configuration
values can end up in:
1. In the Pulumi.yaml file, applies to all stacks
2. In the Pulumi.yaml file, applied to a specific stack
3. In the local workspace.json file, applied to all stacks
4. In the local workspace.json file, applied to a specific stack
When computing the configuration information for a stack, we apply
configuration in the above order, overriding values as we go
along.
We also invert the default behavior of the `pulumi config` commands so
they operate on a specific stack (i.e. how they did before
e3610989). If you want to apply configuration to all stacks, `--all`
can be passed to any configuration command.
2017-10-27 23:24:47 +02:00
|
|
|
}
|
|
|
|
|
|
2018-12-01 00:11:05 +01:00
|
|
|
return saveProjectStack(s, ps)
|
2017-10-19 00:37:18 +02:00
|
|
|
}),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return rmCmd
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-27 01:13:52 +02:00
|
|
|
func newConfigRefreshCmd(stack *string) *cobra.Command {
|
|
|
|
|
var force bool
|
|
|
|
|
refreshCmd := &cobra.Command{
|
|
|
|
|
Use: "refresh",
|
|
|
|
|
Short: "Update the local configuration based on the most recent deployment of the stack",
|
|
|
|
|
Args: cmdutil.NoArgs,
|
|
|
|
|
Run: cmdutil.RunFunc(func(cmd *cobra.Command, args []string) error {
|
2018-09-05 00:40:15 +02:00
|
|
|
opts := display.Options{
|
2018-07-07 06:30:00 +02:00
|
|
|
Color: cmdutil.GetGlobalColorization(),
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-27 01:13:52 +02:00
|
|
|
// Ensure the stack exists.
|
Initial support for passing URLs to `new` and `up` (#1727)
* Initial support for passing URLs to `new` and `up`
This PR adds initial support for `pulumi new` using Git under the covers
to manage Pulumi templates, providing the same experience as before.
You can now also optionally pass a URL to a Git repository, e.g.
`pulumi new [<url>]`, including subdirectories within the repository,
and arbitrary branches, tags, or commits.
The following commands result in the same behavior from the user's
perspective:
- `pulumi new javascript`
- `pulumi new https://github.com/pulumi/templates/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates/javascript`
To specify an arbitrary branch, tag, or commit:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates/javascript`
Branches and tags can include '/' separators, and `pulumi` will still
find the right subdirectory.
URLs to Gists are also supported, e.g.:
`pulumi new https://gist.github.com/justinvp/6673959ceb9d2ac5a14c6d536cb871a6`
If the specified subdirectory in the repository does not contain a
`Pulumi.yaml`, it will look for subdirectories within containing
`Pulumi.yaml` files, and prompt the user to choose a template, along the
lines of how `pulumi new` behaves when no template is specified.
The following commands result in the CLI prompting to choose a template:
- `pulumi new`
- `pulumi new https://github.com/pulumi/templates/templates`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates`
Of course, arbitrary branches, tags, or commits can be specified as well:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates`
This PR also includes initial support for passing URLs to `pulumi up`,
providing a streamlined way to deploy installable cloud applications
with Pulumi, without having to manage source code locally before doing
a deployment.
For example, `pulumi up https://github.com/justinvp/aws` can be used to
deploy a sample AWS app. The stack can be updated with different
versions, e.g.
`pulumi up https://github.com/justinvp/aws/tree/v2 -s <stack-to-update>`
Config values can optionally be passed via command line flags, e.g.
`pulumi up https://github.com/justinvp/aws -c aws:region=us-west-2 -c foo:bar=blah`
Gists can also be used, e.g.
`pulumi up https://gist.github.com/justinvp/62fde0463f243fcb49f5a7222e51bc76`
* Fix panic when hitting ^C from "choose template" prompt
* Add description to templates
When running `pulumi new` without specifying a template, include the template description along with the name in the "choose template" display.
```
$ pulumi new
Please choose a template:
aws-go A minimal AWS Go program
aws-javascript A minimal AWS JavaScript program
aws-python A minimal AWS Python program
aws-typescript A minimal AWS TypeScript program
> go A minimal Go program
hello-aws-javascript A simple AWS serverless JavaScript program
javascript A minimal JavaScript program
python A minimal Python program
typescript A minimal TypeScript program
```
* React to changes to the pulumi/templates repo.
We restructured the `pulumi/templates` repo to have all the templates in the root instead of in a `templates` subdirectory, so make the change here to no longer look for templates in `templates`.
This also fixes an issue around using `Depth: 1` that I found while testing this. When a named template is used, we attempt to clone or pull from the `pulumi/templates` repo to `~/.pulumi/templates`. Having it go in this well-known directory allows us to maintain previous behavior around allowing offline use of templates. If we use `Depth: 1` for the initial clone, it will fail when attempting to pull when there are updates to the remote repository. Unfortunately, there's no built-in `--unshallow` support in `go-git` and setting a larger `Depth` doesn't appear to help. There may be a workaround, but for now, if we're cloning the pulumi templates directory to `~/.pulumi/templates`, we won't use `Depth: 1`. For template URLs, we will continue to use `Depth: 1` as we clone those to a temp directory (which gets deleted) that we'll never try to update.
* List available templates in help text
* Address PR Feedback
* Don't show "Installing dependencies" message for `up`
* Fix secrets handling
When prompting for config, if the existing stack value is a secret, keep it a secret and mask the prompt. If the template says it should be secret, make it a secret.
* Fix ${PROJECT} and ${DESCRIPTION} handling for `up`
Templates used with `up` should already have a filled-in project name and description, but if it's a `new`-style template, that has `${PROJECT}` and/or `${DESCRIPTION}`, be helpful and just replace these with better values.
* Fix stack handling
Add a bool `setCurrent` param to `requireStack` to control whether the current stack should be saved in workspace settings. For the `up <url>` case, we don't want to save. Also, split the `up` code into two separate functions: one for the `up <url>` case and another for the normal `up` case where you have workspace in your current directory. While we may be able to combine them back into a single function, right now it's a bit cleaner being separate, even with some small amount of duplication.
* Fix panic due to nil crypter
Lazily get the crypter only if needed inside `promptForConfig`.
* Embellish comment
* Harden isPreconfiguredEmptyStack check
Fix the code to check to make sure the URL specified on the command line matches the URL stored in the `pulumi:template` config value, and that the rest of the config from the stack satisfies the config requirements of the template.
2018-08-11 03:08:16 +02:00
|
|
|
s, err := requireStack(*stack, false, opts, true /*setCurrent*/)
|
2018-04-27 01:13:52 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c, err := backend.GetLatestConfiguration(commandContext(), s)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-01 00:11:05 +01:00
|
|
|
configPath, err := getProjectStackPath(s)
|
2018-04-27 01:13:52 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ps, err := workspace.LoadProjectStack(configPath)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ps.Config = c
|
|
|
|
|
|
|
|
|
|
// If the configuration file doesn't exist, or force has been passed, save it in place.
|
|
|
|
|
if _, err = os.Stat(configPath); os.IsNotExist(err) || force {
|
|
|
|
|
return ps.Save(configPath)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Otherwise we'll create a backup, let's figure out what name to use by adding ".bak" over and over
|
|
|
|
|
// until we get to a name not in use.
|
|
|
|
|
backupFile := configPath + ".bak"
|
|
|
|
|
for {
|
|
|
|
|
_, err = os.Stat(backupFile)
|
|
|
|
|
if os.IsNotExist(err) {
|
|
|
|
|
if err = os.Rename(configPath, backupFile); err != nil {
|
|
|
|
|
return errors.Wrap(err, "backing up existing configuration file")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fmt.Printf("backed up existing configuration file to %s\n", backupFile)
|
|
|
|
|
break
|
|
|
|
|
} else if err != nil {
|
|
|
|
|
return errors.Wrap(err, "backing up existing configuration file")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
backupFile = backupFile + ".bak"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = ps.Save(configPath)
|
|
|
|
|
if err == nil {
|
2018-12-01 00:11:05 +01:00
|
|
|
fmt.Printf("refreshed configuration for stack '%s'\n", s.Ref().Name())
|
2018-04-27 01:13:52 +02:00
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}),
|
|
|
|
|
}
|
|
|
|
|
refreshCmd.PersistentFlags().BoolVarP(
|
|
|
|
|
&force, "force", "f", false, "Overwrite configuration file, if it exists, without creating a backup")
|
|
|
|
|
|
|
|
|
|
return refreshCmd
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
func newConfigSetCmd(stack *string) *cobra.Command {
|
2017-12-13 19:46:54 +01:00
|
|
|
var plaintext bool
|
2017-11-14 22:28:27 +01:00
|
|
|
var secret bool
|
2017-10-19 00:37:18 +02:00
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
setCmd := &cobra.Command{
|
|
|
|
|
Use: "set <key> [value]",
|
2017-10-19 00:37:18 +02:00
|
|
|
Short: "Set configuration value",
|
2018-02-05 03:45:19 +01:00
|
|
|
Long: "Configuration values can be accessed when a stack is being deployed and used to configure behavior. \n" +
|
|
|
|
|
"If a value is not present on the command line, pulumi will prompt for the value. Multi-line values\n" +
|
|
|
|
|
"may be set by piping a file to standard in.",
|
|
|
|
|
Args: cmdutil.RangeArgs(1, 2),
|
2017-10-19 00:37:18 +02:00
|
|
|
Run: cmdutil.RunFunc(func(cmd *cobra.Command, args []string) error {
|
2018-09-05 00:40:15 +02:00
|
|
|
opts := display.Options{
|
2018-07-07 06:30:00 +02:00
|
|
|
Color: cmdutil.GetGlobalColorization(),
|
|
|
|
|
}
|
2017-12-28 03:39:08 +01:00
|
|
|
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
// Ensure the stack exists.
|
Initial support for passing URLs to `new` and `up` (#1727)
* Initial support for passing URLs to `new` and `up`
This PR adds initial support for `pulumi new` using Git under the covers
to manage Pulumi templates, providing the same experience as before.
You can now also optionally pass a URL to a Git repository, e.g.
`pulumi new [<url>]`, including subdirectories within the repository,
and arbitrary branches, tags, or commits.
The following commands result in the same behavior from the user's
perspective:
- `pulumi new javascript`
- `pulumi new https://github.com/pulumi/templates/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates/javascript`
To specify an arbitrary branch, tag, or commit:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates/javascript`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates/javascript`
Branches and tags can include '/' separators, and `pulumi` will still
find the right subdirectory.
URLs to Gists are also supported, e.g.:
`pulumi new https://gist.github.com/justinvp/6673959ceb9d2ac5a14c6d536cb871a6`
If the specified subdirectory in the repository does not contain a
`Pulumi.yaml`, it will look for subdirectories within containing
`Pulumi.yaml` files, and prompt the user to choose a template, along the
lines of how `pulumi new` behaves when no template is specified.
The following commands result in the CLI prompting to choose a template:
- `pulumi new`
- `pulumi new https://github.com/pulumi/templates/templates`
- `pulumi new https://github.com/pulumi/templates/tree/master/templates`
- `pulumi new https://github.com/pulumi/templates/tree/HEAD/templates`
Of course, arbitrary branches, tags, or commits can be specified as well:
- `pulumi new https://github.com/pulumi/templates/tree/<branch>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<tag>/templates`
- `pulumi new https://github.com/pulumi/templates/tree/<commit>/templates`
This PR also includes initial support for passing URLs to `pulumi up`,
providing a streamlined way to deploy installable cloud applications
with Pulumi, without having to manage source code locally before doing
a deployment.
For example, `pulumi up https://github.com/justinvp/aws` can be used to
deploy a sample AWS app. The stack can be updated with different
versions, e.g.
`pulumi up https://github.com/justinvp/aws/tree/v2 -s <stack-to-update>`
Config values can optionally be passed via command line flags, e.g.
`pulumi up https://github.com/justinvp/aws -c aws:region=us-west-2 -c foo:bar=blah`
Gists can also be used, e.g.
`pulumi up https://gist.github.com/justinvp/62fde0463f243fcb49f5a7222e51bc76`
* Fix panic when hitting ^C from "choose template" prompt
* Add description to templates
When running `pulumi new` without specifying a template, include the template description along with the name in the "choose template" display.
```
$ pulumi new
Please choose a template:
aws-go A minimal AWS Go program
aws-javascript A minimal AWS JavaScript program
aws-python A minimal AWS Python program
aws-typescript A minimal AWS TypeScript program
> go A minimal Go program
hello-aws-javascript A simple AWS serverless JavaScript program
javascript A minimal JavaScript program
python A minimal Python program
typescript A minimal TypeScript program
```
* React to changes to the pulumi/templates repo.
We restructured the `pulumi/templates` repo to have all the templates in the root instead of in a `templates` subdirectory, so make the change here to no longer look for templates in `templates`.
This also fixes an issue around using `Depth: 1` that I found while testing this. When a named template is used, we attempt to clone or pull from the `pulumi/templates` repo to `~/.pulumi/templates`. Having it go in this well-known directory allows us to maintain previous behavior around allowing offline use of templates. If we use `Depth: 1` for the initial clone, it will fail when attempting to pull when there are updates to the remote repository. Unfortunately, there's no built-in `--unshallow` support in `go-git` and setting a larger `Depth` doesn't appear to help. There may be a workaround, but for now, if we're cloning the pulumi templates directory to `~/.pulumi/templates`, we won't use `Depth: 1`. For template URLs, we will continue to use `Depth: 1` as we clone those to a temp directory (which gets deleted) that we'll never try to update.
* List available templates in help text
* Address PR Feedback
* Don't show "Installing dependencies" message for `up`
* Fix secrets handling
When prompting for config, if the existing stack value is a secret, keep it a secret and mask the prompt. If the template says it should be secret, make it a secret.
* Fix ${PROJECT} and ${DESCRIPTION} handling for `up`
Templates used with `up` should already have a filled-in project name and description, but if it's a `new`-style template, that has `${PROJECT}` and/or `${DESCRIPTION}`, be helpful and just replace these with better values.
* Fix stack handling
Add a bool `setCurrent` param to `requireStack` to control whether the current stack should be saved in workspace settings. For the `up <url>` case, we don't want to save. Also, split the `up` code into two separate functions: one for the `up <url>` case and another for the normal `up` case where you have workspace in your current directory. While we may be able to combine them back into a single function, right now it's a bit cleaner being separate, even with some small amount of duplication.
* Fix panic due to nil crypter
Lazily get the crypter only if needed inside `promptForConfig`.
* Embellish comment
* Harden isPreconfiguredEmptyStack check
Fix the code to check to make sure the URL specified on the command line matches the URL stored in the `pulumi:template` config value, and that the rest of the config from the stack satisfies the config requirements of the template.
2018-08-11 03:08:16 +02:00
|
|
|
s, err := requireStack(*stack, true, opts, true /*setCurrent*/)
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
Suport workspace local configuration and use it by default
Previously, we stored configuration information in the Pulumi.yaml
file. This was a change from the old model where configuration was
stored in a special section of the checkpoint file.
While doing things this way has some upsides with being able to flow
configuration changes with your source code (e.g. fixed values for a
production stack that version with the code) it caused some friction
for the local development scinerio. In this case, setting
configuration values would pend changes to Pulumi.yaml and if you
didn't want to publish these changes, you'd have to remember to remove
them before commiting. It also was problematic for our examples, where
it was not clear if we wanted to actually include values like
`aws:config:region` in our samples. Finally, we found that for our
own pulumi service, we'd have values that would differ across each
individual dev stack, and publishing these values to a global
Pulumi.yaml file would just be adding noise to things.
We now adopt a hybrid model, where by default configuration is stored
locally, in the workspace's settings per project. A new flag `--save`
tests commands to actual operate on the configuration information
stored in Pulumi.yaml.
With the following change, we have have four "slots" configuration
values can end up in:
1. In the Pulumi.yaml file, applies to all stacks
2. In the Pulumi.yaml file, applied to a specific stack
3. In the local workspace.json file, applied to all stacks
4. In the local workspace.json file, applied to a specific stack
When computing the configuration information for a stack, we apply
configuration in the above order, overriding values as we go
along.
We also invert the default behavior of the `pulumi config` commands so
they operate on a specific stack (i.e. how they did before
e3610989). If you want to apply configuration to all stacks, `--all`
can be passed to any configuration command.
2017-10-27 23:24:47 +02:00
|
|
|
}
|
2017-10-19 00:37:18 +02:00
|
|
|
|
2017-10-17 01:01:34 +02:00
|
|
|
key, err := parseConfigKey(args[0])
|
2017-08-31 23:31:33 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "invalid configuration key")
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-19 00:37:18 +02:00
|
|
|
var value string
|
2018-02-05 03:45:19 +01:00
|
|
|
switch {
|
|
|
|
|
case len(args) == 2:
|
2017-10-19 00:37:18 +02:00
|
|
|
value = args[1]
|
2018-02-05 03:45:19 +01:00
|
|
|
case !terminal.IsTerminal(int(os.Stdin.Fd())):
|
|
|
|
|
b, readerr := ioutil.ReadAll(os.Stdin)
|
|
|
|
|
if readerr != nil {
|
|
|
|
|
return readerr
|
|
|
|
|
}
|
|
|
|
|
value = cmdutil.RemoveTralingNewline(string(b))
|
|
|
|
|
case secret:
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
value, err = cmdutil.ReadConsoleNoEcho("value")
|
2017-11-14 22:28:27 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2018-02-05 03:45:19 +01:00
|
|
|
default:
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
value, err = cmdutil.ReadConsole("value")
|
2017-10-19 00:37:18 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2017-08-31 23:31:33 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
// Encrypt the config value if needed.
|
|
|
|
|
var v config.Value
|
|
|
|
|
if secret {
|
2019-04-26 16:56:52 +02:00
|
|
|
c, cerr := getStackEncrypter(s)
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
if cerr != nil {
|
|
|
|
|
return cerr
|
2017-11-14 22:28:27 +01:00
|
|
|
}
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
enc, eerr := c.EncryptValue(value)
|
|
|
|
|
if eerr != nil {
|
|
|
|
|
return eerr
|
|
|
|
|
}
|
|
|
|
|
v = config.NewSecureValue(enc)
|
|
|
|
|
} else {
|
|
|
|
|
v = config.NewValue(value)
|
Detect secret-like config (#1689)
Previously, we would unconditionally warn anytime you added a non-secret
config:
$ pulumi config set aws:region us-west-2
warning: saved config key '%s' value '%s' as plaintext;
re-run with --secret to encrypt the value instead.
Use --plaintext to avoid this warning
This was particularly annoying, since it is very common to store
non-secret config. For instance, the AWS region. And it was easy to tune
out because it wasn't actually warning about anything interesting.
This change, which resolves pulumi/pulumi#570, uses an approach similar
to Go's gas linter, to detect high entropy values, and issue an error.
This ensures that we only make noise on things we suspect are actually
secrets being stored in plaintext, and forces the user to pass
--plaintext. For instance, the common case issues no errors:
$ pulumi config set aws:region us-west-2
And in the event that you store something that is secret-like:
$ pulumi config set aws:region nq8r4B4xslzrtj0a3
error: config value 'nq8r4B4xslzrtj0a3' looks like a secret;
rerun with --secret to encrypt it, or --plaintext if you meant
to store in plaintext
To suppress this, simply pass --secret (to encrypt) or --plaintext (to
override the warning).
2018-08-02 13:14:16 +02:00
|
|
|
|
|
|
|
|
// If we saved a plaintext configuration value, and --plaintext was not passed, warn the user.
|
2018-08-10 03:10:32 +02:00
|
|
|
if !plaintext && looksLikeSecret(key, value) {
|
Detect secret-like config (#1689)
Previously, we would unconditionally warn anytime you added a non-secret
config:
$ pulumi config set aws:region us-west-2
warning: saved config key '%s' value '%s' as plaintext;
re-run with --secret to encrypt the value instead.
Use --plaintext to avoid this warning
This was particularly annoying, since it is very common to store
non-secret config. For instance, the AWS region. And it was easy to tune
out because it wasn't actually warning about anything interesting.
This change, which resolves pulumi/pulumi#570, uses an approach similar
to Go's gas linter, to detect high entropy values, and issue an error.
This ensures that we only make noise on things we suspect are actually
secrets being stored in plaintext, and forces the user to pass
--plaintext. For instance, the common case issues no errors:
$ pulumi config set aws:region us-west-2
And in the event that you store something that is secret-like:
$ pulumi config set aws:region nq8r4B4xslzrtj0a3
error: config value 'nq8r4B4xslzrtj0a3' looks like a secret;
rerun with --secret to encrypt it, or --plaintext if you meant
to store in plaintext
To suppress this, simply pass --secret (to encrypt) or --plaintext (to
override the warning).
2018-08-02 13:14:16 +02:00
|
|
|
return errors.Errorf(
|
|
|
|
|
"config value '%s' looks like a secret; "+
|
|
|
|
|
"rerun with --secret to encrypt it, or --plaintext if you meant to store in plaintext",
|
|
|
|
|
value)
|
|
|
|
|
}
|
2017-11-14 22:28:27 +01:00
|
|
|
}
|
|
|
|
|
|
2018-12-01 00:11:05 +01:00
|
|
|
ps, err := loadProjectStack(s)
|
2018-02-28 00:51:19 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
2017-12-11 23:41:57 +01:00
|
|
|
}
|
2018-02-28 00:51:19 +01:00
|
|
|
|
|
|
|
|
ps.Config[key] = v
|
|
|
|
|
|
2018-12-01 00:11:05 +01:00
|
|
|
return saveProjectStack(s, ps)
|
2017-03-07 14:47:42 +01:00
|
|
|
}),
|
2017-03-06 16:07:24 +01:00
|
|
|
}
|
Make major commands more pleasant
This change eliminates the need to constantly type in the environment
name when performing major commands like configuration, planning, and
deployment. It's probably due to my age, however, I keep fat-fingering
simple commands in front of investors and I am embarrassed!
In the new model, there is a notion of a "current environment", and
I have modeled it kinda sorta just like Git's notion of "current branch."
By default, the current environment is set when you `init` something.
Otherwise, there is the `coco env select <env>` command to change it.
(Running this command w/out a new <env> will show you the current one.)
The major commands `config`, `plan`, `deploy`, and `destroy` will prefer
to use the current environment, unless it is overridden by using the
--env flag. All of the `coco env <cmd> <env>` commands still require the
explicit passing of an environment which seems reasonable since they are,
after all, about manipulating environments.
As part of this, I've overhauled the aging workspace settings cruft,
which had fallen into disrepair since the initial prototype.
2017-03-22 03:23:32 +01:00
|
|
|
|
2017-12-13 19:46:54 +01:00
|
|
|
setCmd.PersistentFlags().BoolVar(
|
|
|
|
|
&plaintext, "plaintext", false,
|
|
|
|
|
"Save the value as plaintext (unencrypted)")
|
|
|
|
|
setCmd.PersistentFlags().BoolVar(
|
|
|
|
|
&secret, "secret", false,
|
|
|
|
|
"Encrypt the value instead of storing it in plaintext")
|
Make major commands more pleasant
This change eliminates the need to constantly type in the environment
name when performing major commands like configuration, planning, and
deployment. It's probably due to my age, however, I keep fat-fingering
simple commands in front of investors and I am embarrassed!
In the new model, there is a notion of a "current environment", and
I have modeled it kinda sorta just like Git's notion of "current branch."
By default, the current environment is set when you `init` something.
Otherwise, there is the `coco env select <env>` command to change it.
(Running this command w/out a new <env> will show you the current one.)
The major commands `config`, `plan`, `deploy`, and `destroy` will prefer
to use the current environment, unless it is overridden by using the
--env flag. All of the `coco env <cmd> <env>` commands still require the
explicit passing of an environment which seems reasonable since they are,
after all, about manipulating environments.
As part of this, I've overhauled the aging workspace settings cruft,
which had fallen into disrepair since the initial prototype.
2017-03-22 03:23:32 +01:00
|
|
|
|
2017-11-14 22:28:27 +01:00
|
|
|
return setCmd
|
2017-03-06 16:07:24 +01:00
|
|
|
}
|
2017-10-02 22:35:39 +02:00
|
|
|
|
2018-12-01 00:11:05 +01:00
|
|
|
var stackConfigFile string
|
|
|
|
|
|
|
|
|
|
func getProjectStackPath(stack backend.Stack) (string, error) {
|
|
|
|
|
if stackConfigFile == "" {
|
|
|
|
|
return workspace.DetectProjectStackPath(stack.Ref().Name())
|
|
|
|
|
}
|
|
|
|
|
return stackConfigFile, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func loadProjectStack(stack backend.Stack) (*workspace.ProjectStack, error) {
|
|
|
|
|
if stackConfigFile == "" {
|
|
|
|
|
return workspace.DetectProjectStack(stack.Ref().Name())
|
|
|
|
|
}
|
|
|
|
|
return workspace.LoadProjectStack(stackConfigFile)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func saveProjectStack(stack backend.Stack, ps *workspace.ProjectStack) error {
|
|
|
|
|
if stackConfigFile == "" {
|
|
|
|
|
return workspace.SaveProjectStack(stack.Ref().Name(), ps)
|
|
|
|
|
}
|
|
|
|
|
return ps.Save(stackConfigFile)
|
|
|
|
|
}
|
|
|
|
|
|
2018-03-01 02:21:40 +01:00
|
|
|
func parseConfigKey(key string) (config.Key, error) {
|
2017-10-17 01:01:34 +02:00
|
|
|
// As a convience, we'll treat any key with no delimiter as if:
|
2018-08-22 19:55:51 +02:00
|
|
|
// <program-name>:<key> had been written instead
|
2017-10-17 01:01:34 +02:00
|
|
|
if !strings.Contains(key, tokens.TokenDelimiter) {
|
2018-02-14 22:56:16 +01:00
|
|
|
proj, err := workspace.DetectProject()
|
2017-10-17 01:01:34 +02:00
|
|
|
if err != nil {
|
2018-03-02 01:51:09 +01:00
|
|
|
return config.Key{}, err
|
2017-10-17 01:01:34 +02:00
|
|
|
}
|
|
|
|
|
|
2018-08-22 19:55:51 +02:00
|
|
|
return config.ParseKey(fmt.Sprintf("%s:%s", proj.Name, key))
|
2017-10-17 01:01:34 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-01 02:21:40 +01:00
|
|
|
return config.ParseKey(key)
|
2017-10-17 01:01:34 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-02 01:51:09 +01:00
|
|
|
func prettyKey(k config.Key) string {
|
2018-02-14 22:56:16 +01:00
|
|
|
proj, err := workspace.DetectProject()
|
2017-10-17 01:01:34 +02:00
|
|
|
if err != nil {
|
2018-03-02 01:51:09 +01:00
|
|
|
return fmt.Sprintf("%s:%s", k.Namespace(), k.Name())
|
2017-10-17 01:01:34 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-02 01:51:09 +01:00
|
|
|
return prettyKeyForProject(k, proj)
|
2017-10-18 19:10:04 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-02 01:51:09 +01:00
|
|
|
func prettyKeyForProject(k config.Key, proj *workspace.Project) string {
|
|
|
|
|
if k.Namespace() == string(proj.Name) {
|
|
|
|
|
return k.Name()
|
2017-10-17 01:01:34 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-02 01:51:09 +01:00
|
|
|
return fmt.Sprintf("%s:%s", k.Namespace(), k.Name())
|
2017-10-17 01:01:34 +02:00
|
|
|
}
|
|
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
// configValueJSON is the shape of the --json output for a configuration value. While we can add fields to this
|
|
|
|
|
// structure in the future, we should not change existing fields.
|
|
|
|
|
type configValueJSON struct {
|
|
|
|
|
// When the value is encrypted and --show-secrets was not passed, the value will not be set.
|
|
|
|
|
Value *string `json:"value,omitempty"`
|
|
|
|
|
Secret bool `json:"secret"`
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func listConfig(stack backend.Stack, showSecrets bool, jsonOut bool) error {
|
2018-12-01 00:11:05 +01:00
|
|
|
ps, err := loadProjectStack(stack)
|
2017-10-02 22:35:39 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-28 00:51:19 +01:00
|
|
|
cfg := ps.Config
|
|
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
// By default, we will use a blinding decrypter to show "[secret]". If requested, display secrets in plaintext.
|
2019-04-26 16:56:52 +02:00
|
|
|
decrypter := config.NewBlindingDecrypter()
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
if cfg.HasSecureValue() && showSecrets {
|
2019-04-26 16:56:52 +02:00
|
|
|
dec, decerr := getStackDencrypter(stack)
|
|
|
|
|
if decerr != nil {
|
|
|
|
|
return decerr
|
2017-10-19 00:37:18 +02:00
|
|
|
}
|
2019-04-26 16:56:52 +02:00
|
|
|
decrypter = dec
|
2017-10-19 00:37:18 +02:00
|
|
|
}
|
|
|
|
|
|
2018-03-02 01:51:09 +01:00
|
|
|
var keys config.KeyArray
|
2018-02-28 00:51:19 +01:00
|
|
|
for key := range cfg {
|
|
|
|
|
// Note that we use the fully qualified module member here instead of a `prettyKey`, this lets us ensure
|
|
|
|
|
// that all the config values for the current program are displayed next to one another in the output.
|
2018-03-02 01:51:09 +01:00
|
|
|
keys = append(keys, key)
|
2018-02-28 00:51:19 +01:00
|
|
|
}
|
2018-03-02 01:51:09 +01:00
|
|
|
sort.Sort(keys)
|
2018-12-02 09:22:07 +01:00
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
if jsonOut {
|
2019-01-22 23:25:56 +01:00
|
|
|
configValues := make(map[string]configValueJSON)
|
2019-01-18 22:54:56 +01:00
|
|
|
for _, key := range keys {
|
|
|
|
|
entry := configValueJSON{
|
|
|
|
|
Secret: cfg[key].Secure(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
decrypted, err := cfg[key].Value(decrypter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "could not decrypt configuration value")
|
|
|
|
|
}
|
|
|
|
|
entry.Value = &decrypted
|
|
|
|
|
|
|
|
|
|
// If the value was a secret value and we aren't showing secrets, then the above would have set value
|
|
|
|
|
// to "[secret]" which is reasonable when printing for human display, but for our JSON output, we'd rather
|
|
|
|
|
// just elide the value.
|
|
|
|
|
if cfg[key].Secure() && !showSecrets {
|
|
|
|
|
entry.Value = nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-22 23:25:56 +01:00
|
|
|
configValues[key.String()] = entry
|
2019-01-18 22:54:56 +01:00
|
|
|
}
|
|
|
|
|
out, err := json.MarshalIndent(configValues, "", " ")
|
2018-02-28 00:51:19 +01:00
|
|
|
if err != nil {
|
2019-01-18 22:54:56 +01:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
fmt.Println(string(out))
|
|
|
|
|
} else {
|
|
|
|
|
rows := []cmdutil.TableRow{}
|
|
|
|
|
for _, key := range keys {
|
|
|
|
|
decrypted, err := cfg[key].Value(decrypter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "could not decrypt configuration value")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rows = append(rows, cmdutil.TableRow{Columns: []string{prettyKey(key), decrypted}})
|
2017-10-02 22:35:39 +02:00
|
|
|
}
|
2017-10-19 00:37:18 +02:00
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
cmdutil.PrintTable(cmdutil.Table{
|
|
|
|
|
Headers: []string{"KEY", "VALUE"},
|
|
|
|
|
Rows: rows,
|
|
|
|
|
})
|
2017-10-02 22:35:39 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-18 22:54:56 +01:00
|
|
|
func getConfig(stack backend.Stack, key config.Key, jsonOut bool) error {
|
2018-12-01 00:11:05 +01:00
|
|
|
ps, err := loadProjectStack(stack)
|
2017-10-02 22:35:39 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-28 00:51:19 +01:00
|
|
|
cfg := ps.Config
|
|
|
|
|
|
|
|
|
|
if v, ok := cfg[key]; ok {
|
|
|
|
|
var d config.Decrypter
|
|
|
|
|
if v.Secure() {
|
|
|
|
|
var err error
|
2019-04-26 16:56:52 +02:00
|
|
|
if d, err = getStackDencrypter(stack); err != nil {
|
2018-02-28 00:51:19 +01:00
|
|
|
return errors.Wrap(err, "could not create a decrypter")
|
2017-12-03 14:38:31 +01:00
|
|
|
}
|
2018-02-28 00:51:19 +01:00
|
|
|
} else {
|
|
|
|
|
d = config.NewPanicCrypter()
|
|
|
|
|
}
|
|
|
|
|
raw, err := v.Value(d)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "could not decrypt configuration value")
|
2017-10-02 22:35:39 +02:00
|
|
|
}
|
2019-01-18 22:54:56 +01:00
|
|
|
|
|
|
|
|
if jsonOut {
|
|
|
|
|
value := configValueJSON{
|
|
|
|
|
Value: &raw,
|
|
|
|
|
Secret: v.Secure(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out, err := json.MarshalIndent(value, "", " ")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
fmt.Println(string(out))
|
|
|
|
|
} else {
|
|
|
|
|
fmt.Printf("%v\n", raw)
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-28 00:51:19 +01:00
|
|
|
return nil
|
2017-10-02 22:35:39 +02:00
|
|
|
}
|
|
|
|
|
|
Improve the overall cloud CLI experience
This improves the overall cloud CLI experience workflow.
Now whether a stack is local or cloud is inherent to the stack
itself. If you interact with a cloud stack, we transparently talk
to the cloud; if you interact with a local stack, we just do the
right thing, and perform all operations locally. Aside from sometimes
seeing a cloud emoji pop-up ☁️, the experience is quite similar.
For example, to initialize a new cloud stack, simply:
$ pulumi login
Logging into Pulumi Cloud: https://pulumi.com/
Enter Pulumi access token: <enter your token>
$ pulumi stack init my-cloud-stack
Note that you may log into a specific cloud if you'd like. For
now, this is just for our own testing purposes, but someday when we
support custom clouds (e.g., Enterprise), you can just say:
$ pulumi login --cloud-url https://corp.acme.my-ppc.net:9873
The cloud is now the default. If you instead prefer a "fire and
forget" style of stack, you can skip the login and pass `--local`:
$ pulumi stack init my-faf-stack --local
If you are logged in and run `pulumi`, we tell you as much:
$ pulumi
Usage:
pulumi [command]
// as before...
Currently logged into the Pulumi Cloud ☁️
https://pulumi.com/
And if you list your stacks, we tell you which one is local or not:
$ pulumi stack ls
NAME LAST UPDATE RESOURCE COUNT CLOUD URL
my-cloud-stack 2017-12-01 ... 3 https://pulumi.com/
my-faf-stack n/a 0 n/a
And `pulumi stack` by itself prints information like your cloud org,
PPC name, and so on, in addition to the usuals.
I shall write up more details and make sure to document these changes.
This change also fairly significantly refactors the layout of cloud
versus local logic, so that the cmd/ package is resonsible for CLI
things, and the new pkg/backend/ package is responsible for the
backends. The following is the overall resulting package architecture:
* The backend.Backend interface can be implemented to substitute
a new backend. This has operations to get and list stacks,
perform updates, and so on.
* The backend.Stack struct is a wrapper around a stack that has
or is being manipulated by a Backend. It resembles our existing
Stack notions in the engine, but carries additional metadata
about its source. Notably, it offers functions that allow
operations like updating and deleting on the Backend from which
it came.
* There is very little else in the pkg/backend/ package.
* A new package, pkg/backend/local/, encapsulates all local state
management for "fire and forget" scenarios. It simply implements
the above logic and contains anything specific to the local
experience.
* A peer package, pkg/backend/cloud/, encapsulates all logic
required for the cloud experience. This includes its subpackage
apitype/ which contains JSON schema descriptions required for
REST calls against the cloud backend. It also contains handy
functions to list which clouds we have authenticated with.
* A subpackage here, pkg/backend/state/, is not a provider at all.
Instead, it contains all of the state management functions that
are currently shared between local and cloud backends. This
includes configuration logic -- including encryption -- as well
as logic pertaining to which stacks are known to the workspace.
This addresses pulumi/pulumi#629 and pulumi/pulumi#494.
2017-12-02 16:29:46 +01:00
|
|
|
return errors.Errorf(
|
2018-09-05 16:20:25 +02:00
|
|
|
"configuration key '%s' not found for stack '%s'", prettyKey(key), stack.Ref())
|
2017-10-02 22:35:39 +02:00
|
|
|
}
|
Detect secret-like config (#1689)
Previously, we would unconditionally warn anytime you added a non-secret
config:
$ pulumi config set aws:region us-west-2
warning: saved config key '%s' value '%s' as plaintext;
re-run with --secret to encrypt the value instead.
Use --plaintext to avoid this warning
This was particularly annoying, since it is very common to store
non-secret config. For instance, the AWS region. And it was easy to tune
out because it wasn't actually warning about anything interesting.
This change, which resolves pulumi/pulumi#570, uses an approach similar
to Go's gas linter, to detect high entropy values, and issue an error.
This ensures that we only make noise on things we suspect are actually
secrets being stored in plaintext, and forces the user to pass
--plaintext. For instance, the common case issues no errors:
$ pulumi config set aws:region us-west-2
And in the event that you store something that is secret-like:
$ pulumi config set aws:region nq8r4B4xslzrtj0a3
error: config value 'nq8r4B4xslzrtj0a3' looks like a secret;
rerun with --secret to encrypt it, or --plaintext if you meant
to store in plaintext
To suppress this, simply pass --secret (to encrypt) or --plaintext (to
override the warning).
2018-08-02 13:14:16 +02:00
|
|
|
|
2018-08-10 03:10:32 +02:00
|
|
|
var (
|
|
|
|
|
// keyPattern is the regular expression a configuration key must match before we check (and error) if we think
|
|
|
|
|
// it is a password
|
|
|
|
|
keyPattern = regexp.MustCompile("(?i)passwd|pass|password|pwd|secret|token")
|
|
|
|
|
)
|
|
|
|
|
|
Detect secret-like config (#1689)
Previously, we would unconditionally warn anytime you added a non-secret
config:
$ pulumi config set aws:region us-west-2
warning: saved config key '%s' value '%s' as plaintext;
re-run with --secret to encrypt the value instead.
Use --plaintext to avoid this warning
This was particularly annoying, since it is very common to store
non-secret config. For instance, the AWS region. And it was easy to tune
out because it wasn't actually warning about anything interesting.
This change, which resolves pulumi/pulumi#570, uses an approach similar
to Go's gas linter, to detect high entropy values, and issue an error.
This ensures that we only make noise on things we suspect are actually
secrets being stored in plaintext, and forces the user to pass
--plaintext. For instance, the common case issues no errors:
$ pulumi config set aws:region us-west-2
And in the event that you store something that is secret-like:
$ pulumi config set aws:region nq8r4B4xslzrtj0a3
error: config value 'nq8r4B4xslzrtj0a3' looks like a secret;
rerun with --secret to encrypt it, or --plaintext if you meant
to store in plaintext
To suppress this, simply pass --secret (to encrypt) or --plaintext (to
override the warning).
2018-08-02 13:14:16 +02:00
|
|
|
const (
|
|
|
|
|
// maxEntropyCheckLength is the maximum length of a possible secret for entropy checking.
|
|
|
|
|
maxEntropyCheckLength = 16
|
|
|
|
|
// entropyThreshold is the total entropy threshold a potential secret needs to pass before being flagged.
|
|
|
|
|
entropyThreshold = 80.0
|
|
|
|
|
// entropyCharThreshold is the per-char entropy threshold a potential secret needs to pass before being flagged.
|
|
|
|
|
entropyPerCharThreshold = 3.0
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// looksLikeSecret returns true if a configuration value "looks" like a secret. This is always going to be a heuristic
|
|
|
|
|
// that suffers from false positives, but is better (a) than our prior approach of unconditionally printing a warning
|
|
|
|
|
// for all plaintext values, and (b) to be paranoid about such things. Inspired by the gas linter and securego project.
|
2018-08-10 03:10:32 +02:00
|
|
|
func looksLikeSecret(k config.Key, v string) bool {
|
|
|
|
|
if !keyPattern.MatchString(k.Name()) {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
Detect secret-like config (#1689)
Previously, we would unconditionally warn anytime you added a non-secret
config:
$ pulumi config set aws:region us-west-2
warning: saved config key '%s' value '%s' as plaintext;
re-run with --secret to encrypt the value instead.
Use --plaintext to avoid this warning
This was particularly annoying, since it is very common to store
non-secret config. For instance, the AWS region. And it was easy to tune
out because it wasn't actually warning about anything interesting.
This change, which resolves pulumi/pulumi#570, uses an approach similar
to Go's gas linter, to detect high entropy values, and issue an error.
This ensures that we only make noise on things we suspect are actually
secrets being stored in plaintext, and forces the user to pass
--plaintext. For instance, the common case issues no errors:
$ pulumi config set aws:region us-west-2
And in the event that you store something that is secret-like:
$ pulumi config set aws:region nq8r4B4xslzrtj0a3
error: config value 'nq8r4B4xslzrtj0a3' looks like a secret;
rerun with --secret to encrypt it, or --plaintext if you meant
to store in plaintext
To suppress this, simply pass --secret (to encrypt) or --plaintext (to
override the warning).
2018-08-02 13:14:16 +02:00
|
|
|
if len(v) > maxEntropyCheckLength {
|
|
|
|
|
v = v[:maxEntropyCheckLength]
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Compute the strength use the resulting entropy to flag whether this looks like a secret.
|
|
|
|
|
info := zxcvbn.PasswordStrength(v, nil)
|
|
|
|
|
entropyPerChar := info.Entropy / float64(len(v))
|
|
|
|
|
return (info.Entropy >= entropyThreshold ||
|
|
|
|
|
(info.Entropy >= (entropyThreshold/2) && entropyPerChar >= entropyPerCharThreshold))
|
|
|
|
|
}
|
2019-04-19 00:57:54 +02:00
|
|
|
|
|
|
|
|
// getStackConfiguration loads configuration information for a given stack. If stackConfigFile is non empty,
|
|
|
|
|
// it is uses instead of the default configuration file for the stack
|
2019-05-15 08:23:03 +02:00
|
|
|
func getStackConfiguration(stack backend.Stack, sm secrets.Manager) (backend.StackConfiguration, error) {
|
2019-04-19 00:57:54 +02:00
|
|
|
workspaceStack, err := loadProjectStack(stack)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return backend.StackConfiguration{}, errors.Wrap(err, "loading stack configuration")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// If there are no secrets in the configuration, we should never use the decrypter, so it is safe to return
|
|
|
|
|
// one which panics if it is used. This provides for some nice UX in the common case (since, for example, building
|
|
|
|
|
// the correct decrypter for the local backend would involve prompting for a passphrase)
|
|
|
|
|
if !workspaceStack.Config.HasSecureValue() {
|
|
|
|
|
return backend.StackConfiguration{
|
|
|
|
|
Config: workspaceStack.Config,
|
|
|
|
|
Decrypter: config.NewPanicCrypter(),
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-15 08:23:03 +02:00
|
|
|
crypter, err := sm.Decrypter()
|
2019-04-19 00:57:54 +02:00
|
|
|
if err != nil {
|
|
|
|
|
return backend.StackConfiguration{}, errors.Wrap(err, "getting configuration decrypter")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return backend.StackConfiguration{
|
|
|
|
|
Config: workspaceStack.Config,
|
|
|
|
|
Decrypter: crypter,
|
|
|
|
|
}, nil
|
|
|
|
|
}
|
