2017-06-26 23:46:34 +02:00
|
|
|
// Copyright 2016-2017, Pulumi Corporation. All rights reserved.
|
2017-02-10 17:55:26 +01:00
|
|
|
|
|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
import "google/protobuf/empty.proto";
|
|
|
|
import "google/protobuf/struct.proto";
|
|
|
|
|
2017-09-22 04:18:21 +02:00
|
|
|
package pulumirpc;
|
2017-02-10 17:55:26 +01:00
|
|
|
|
|
|
|
// ResourceProvider is a service that understands how to create, read, update, or delete resources for types defined
|
2017-06-24 20:55:16 +02:00
|
|
|
// within a single package. It is driven by the overall planning engine in response to resource diffs.
|
2017-02-10 17:55:26 +01:00
|
|
|
service ResourceProvider {
|
2017-08-31 23:31:33 +02:00
|
|
|
// Configure configures the resource provider with "globals" that control its behavior.
|
|
|
|
rpc Configure(ConfigureRequest) returns (google.protobuf.Empty){}
|
2017-09-27 21:34:44 +02:00
|
|
|
// Invoke dynamically executes a built-in function in the provider.
|
|
|
|
rpc Invoke(InvokeRequest) returns (InvokeResponse) {}
|
2017-08-01 03:26:15 +02:00
|
|
|
// Check validates that the given property bag is valid for a resource of the given type.
|
|
|
|
rpc Check(CheckRequest) returns (CheckResponse) {}
|
|
|
|
// Diff checks what impacts a hypothetical update will have on the resource's properties.
|
|
|
|
rpc Diff(DiffRequest) returns (DiffResponse) {}
|
2017-02-10 17:55:26 +01:00
|
|
|
// Create allocates a new instance of the provided resource and returns its unique ID afterwards. (The input ID
|
|
|
|
// must be blank.) If this call fails, the resource must not have been created (i.e., it is "transacational").
|
|
|
|
rpc Create(CreateRequest) returns (CreateResponse) {}
|
2017-03-02 18:52:08 +01:00
|
|
|
// Update updates an existing resource with new values.
|
2017-07-18 03:44:45 +02:00
|
|
|
rpc Update(UpdateRequest) returns (UpdateResponse) {}
|
2017-02-10 17:55:26 +01:00
|
|
|
// Delete tears down an existing resource with the given ID. If it fails, the resource is assumed to still exist.
|
|
|
|
rpc Delete(DeleteRequest) returns (google.protobuf.Empty) {}
|
|
|
|
}
|
|
|
|
|
2017-08-31 23:31:33 +02:00
|
|
|
message ConfigureRequest {
|
|
|
|
map<string, string> variables = 1; // a map of configuration keys to values.
|
|
|
|
}
|
|
|
|
|
2017-09-27 21:34:44 +02:00
|
|
|
message InvokeRequest {
|
|
|
|
string tok = 1; // the function token to invoke.
|
|
|
|
google.protobuf.Struct args = 2; // the arguments for the function invocation.
|
|
|
|
}
|
|
|
|
|
|
|
|
message InvokeResponse {
|
|
|
|
google.protobuf.Struct return = 1; // the returned values, if invoke was successful.
|
|
|
|
repeated CheckFailure failures = 2; // the failures if any arguments didn't pass verification.
|
|
|
|
}
|
|
|
|
|
2017-03-03 03:15:38 +01:00
|
|
|
message CheckRequest {
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 1; // the Pulumi URN for this resource.
|
2017-03-03 03:15:38 +01:00
|
|
|
google.protobuf.Struct properties = 2; // the full properties to use for validation.
|
|
|
|
}
|
|
|
|
|
|
|
|
message CheckResponse {
|
2017-08-01 03:26:15 +02:00
|
|
|
google.protobuf.Struct defaults = 1; // defaults to use, if any.
|
|
|
|
repeated CheckFailure failures = 2; // any validation failures that occurred.
|
2017-03-03 03:15:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
message CheckFailure {
|
|
|
|
string property = 1; // the property that failed validation.
|
|
|
|
string reason = 2; // the reason that the property failed validation.
|
|
|
|
}
|
|
|
|
|
2017-08-01 03:26:15 +02:00
|
|
|
message DiffRequest {
|
|
|
|
string id = 1; // the ID of the resource to diff.
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
2017-08-01 03:26:15 +02:00
|
|
|
google.protobuf.Struct olds = 3; // the old values of properties to diff.
|
|
|
|
google.protobuf.Struct news = 4; // the new values of properties to diff.
|
Redo object monikers
This change overhauls the way we do object monikers. The old mechanism,
generating monikers using graph paths, was far too brittle and prone to
collisions. The new approach mixes some amount of "automatic scoping"
plus some "explicit naming." Although there is some explicitness, this
is arguably a good thing, as the monikers will be relatable back to the
source more readily by developers inspecting the graph and resource state.
Each moniker has four parts:
<Namespace>::<AllocModule>::<Type>::<Name>
wherein each element is the following:
<Namespace> The namespace being deployed into
<AllocModule> The module in which the object was allocated
<Type> The type of the resource
<Name> The assigned name of the resource
The <Namespace> is essentially the deployment target -- so "prod",
"stage", etc -- although it is more general purpose to allow for future
namespacing within a target (e.g., "prod/customer1", etc); for now
this is rudimentary, however, see marapongo/mu#94.
The <AllocModule> is the token for the code that contained the 'new'
that led to this object being created. In the future, we may wish to
extend this to also track the module under evaluation. (This is a nice
aspect of monikers; they can become arbitrarily complex, so long as
they are precise, and not prone to false positives/negatives.)
The <Name> warrants more discussion. The resource provider is consulted
via a new gRPC method, Name, that fetches the name. How the provider
does this is entirely up to it. For some resource types, the resource
may have properties that developers must set (e.g., `new Bucket("foo")`);
for other providers, perhaps the resource intrinsically has a property
that explicitly and uniquely qualifies the object (e.g., AWS SecurityGroups,
via `new SecurityGroup({groupName: "my-sg"}`); and finally, it's conceivable
that a provider might auto-generate the name (e.g., such as an AWS Lambda
whose name could simply be a hash of the source code contents).
This should overall produce better results with respect to moniker
collisions, ability to match resources, and the usability of the system.
2017-02-24 23:50:02 +01:00
|
|
|
}
|
|
|
|
|
2017-08-01 03:26:15 +02:00
|
|
|
message DiffResponse {
|
|
|
|
repeated string replaces = 1; // if this update requires a replacement, the set of properties triggering it.
|
Add a notion of stable properties
This change adds the capability for a resource provider to indicate
that, where an action carried out in response to a diff, a certain set
of properties would be "stable"; that is to say, they are guaranteed
not to change. As a result, properties may be resolved to their final
values during previewing, avoiding erroneous cascading impacts.
This avoids the ever-annoying situation I keep running into when demoing:
when adding or removing an ingress rule to a security group, we ripple
the impact through the instance, and claim it must be replaced, because
that instance depends on the security group via its name. Well, the name
is a great example of a stable property, in that it will never change, and
so this is truly unfortunate and always adds uncertainty into the demos.
Particularly since the actual update doesn't need to perform replacements.
This resolves pulumi/pulumi#330.
2017-10-04 14:22:21 +02:00
|
|
|
repeated string stables = 2; // an optional list of properties that will not ever change.
|
Redo object monikers
This change overhauls the way we do object monikers. The old mechanism,
generating monikers using graph paths, was far too brittle and prone to
collisions. The new approach mixes some amount of "automatic scoping"
plus some "explicit naming." Although there is some explicitness, this
is arguably a good thing, as the monikers will be relatable back to the
source more readily by developers inspecting the graph and resource state.
Each moniker has four parts:
<Namespace>::<AllocModule>::<Type>::<Name>
wherein each element is the following:
<Namespace> The namespace being deployed into
<AllocModule> The module in which the object was allocated
<Type> The type of the resource
<Name> The assigned name of the resource
The <Namespace> is essentially the deployment target -- so "prod",
"stage", etc -- although it is more general purpose to allow for future
namespacing within a target (e.g., "prod/customer1", etc); for now
this is rudimentary, however, see marapongo/mu#94.
The <AllocModule> is the token for the code that contained the 'new'
that led to this object being created. In the future, we may wish to
extend this to also track the module under evaluation. (This is a nice
aspect of monikers; they can become arbitrarily complex, so long as
they are precise, and not prone to false positives/negatives.)
The <Name> warrants more discussion. The resource provider is consulted
via a new gRPC method, Name, that fetches the name. How the provider
does this is entirely up to it. For some resource types, the resource
may have properties that developers must set (e.g., `new Bucket("foo")`);
for other providers, perhaps the resource intrinsically has a property
that explicitly and uniquely qualifies the object (e.g., AWS SecurityGroups,
via `new SecurityGroup({groupName: "my-sg"}`); and finally, it's conceivable
that a provider might auto-generate the name (e.g., such as an AWS Lambda
whose name could simply be a hash of the source code contents).
This should overall produce better results with respect to moniker
collisions, ability to match resources, and the usability of the system.
2017-02-24 23:50:02 +01:00
|
|
|
}
|
|
|
|
|
2017-02-10 17:55:26 +01:00
|
|
|
message CreateRequest {
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 1; // the Pulumi URN for this resource.
|
2017-02-10 17:55:26 +01:00
|
|
|
google.protobuf.Struct properties = 2; // the properties to set during creation.
|
|
|
|
}
|
|
|
|
|
|
|
|
message CreateResponse {
|
2017-10-12 00:27:34 +02:00
|
|
|
string id = 1; // the ID of the created resource.
|
2017-07-18 03:44:45 +02:00
|
|
|
google.protobuf.Struct properties = 2; // any properties that were computed during creation.
|
2017-02-10 17:55:26 +01:00
|
|
|
}
|
|
|
|
|
Initial support for output properties (1 of 3)
This change includes approximately 1/3rd of the change necessary
to support output properties, as per pulumi/lumi#90.
In short, the runtime now has a new hidden type, Latent<T>, which
represents a "speculative" value, whose eventual type will be T,
that we can use during evaluation in various ways. Namely,
operations against Latent<T>s generally produce new Latent<U>s.
During planning, any Latent<T>s that end up in resource properties
are transformed into "unknown" property values. An unknown property
value is legal only during planning-time activities, such as Check,
Name, and InspectChange. As a result, those RPC interfaces have
been updated to include lookaside maps indicating which properties
have unknown values. My intent is to add some helper functions to
make dealing with this circumstance more correct-by-construction.
For now, using an unresolved Latent<T> in a conditional will lead
to an error. See pulumi/lumi#67. Speculating beyond these -- by
supporting iterative planning and application -- is something we
want to support eventually, but it makes sense to do that as an
additive change beyond this initial support. That is a missing 1/3.
Finally, the other missing 1/3rd which will happen much sooner
than the rest is restructuing plan application so that it will
correctly observe resolution of Latent<T> values. Right now, the
evaluation happens in one single pass, prior to the application, and
so Latent<T>s never actually get witnessed in a resolved state.
2017-05-24 02:32:59 +02:00
|
|
|
message UpdateRequest {
|
|
|
|
string id = 1; // the ID of the resource to update.
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
Initial support for output properties (1 of 3)
This change includes approximately 1/3rd of the change necessary
to support output properties, as per pulumi/lumi#90.
In short, the runtime now has a new hidden type, Latent<T>, which
represents a "speculative" value, whose eventual type will be T,
that we can use during evaluation in various ways. Namely,
operations against Latent<T>s generally produce new Latent<U>s.
During planning, any Latent<T>s that end up in resource properties
are transformed into "unknown" property values. An unknown property
value is legal only during planning-time activities, such as Check,
Name, and InspectChange. As a result, those RPC interfaces have
been updated to include lookaside maps indicating which properties
have unknown values. My intent is to add some helper functions to
make dealing with this circumstance more correct-by-construction.
For now, using an unresolved Latent<T> in a conditional will lead
to an error. See pulumi/lumi#67. Speculating beyond these -- by
supporting iterative planning and application -- is something we
want to support eventually, but it makes sense to do that as an
additive change beyond this initial support. That is a missing 1/3.
Finally, the other missing 1/3rd which will happen much sooner
than the rest is restructuing plan application so that it will
correctly observe resolution of Latent<T> values. Right now, the
evaluation happens in one single pass, prior to the application, and
so Latent<T>s never actually get witnessed in a resolved state.
2017-05-24 02:32:59 +02:00
|
|
|
google.protobuf.Struct olds = 3; // the old values of properties to update.
|
|
|
|
google.protobuf.Struct news = 4; // the new values of properties to update.
|
|
|
|
}
|
|
|
|
|
2017-07-18 03:44:45 +02:00
|
|
|
message UpdateResponse {
|
|
|
|
google.protobuf.Struct properties = 1; // any properties that were computed during updating.
|
|
|
|
}
|
|
|
|
|
2017-02-10 17:55:26 +01:00
|
|
|
message DeleteRequest {
|
2017-07-19 16:57:22 +02:00
|
|
|
string id = 1; // the ID of the resource to delete.
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
2017-07-19 16:57:22 +02:00
|
|
|
google.protobuf.Struct properties = 3; // the current properties on the resource.
|
2017-02-10 17:55:26 +01:00
|
|
|
}
|
|
|
|
|