2018-05-22 21:43:36 +02:00
|
|
|
// Copyright 2016-2018, Pulumi Corporation.
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2017-02-10 17:55:26 +01:00
|
|
|
|
|
|
|
syntax = "proto3";
|
|
|
|
|
2017-12-01 22:50:32 +01:00
|
|
|
import "plugin.proto";
|
2017-02-10 17:55:26 +01:00
|
|
|
import "google/protobuf/empty.proto";
|
|
|
|
import "google/protobuf/struct.proto";
|
|
|
|
|
2017-09-22 04:18:21 +02:00
|
|
|
package pulumirpc;
|
2017-02-10 17:55:26 +01:00
|
|
|
|
|
|
|
// ResourceProvider is a service that understands how to create, read, update, or delete resources for types defined
|
2017-06-24 20:55:16 +02:00
|
|
|
// within a single package. It is driven by the overall planning engine in response to resource diffs.
|
2017-02-10 17:55:26 +01:00
|
|
|
service ResourceProvider {
|
2017-08-31 23:31:33 +02:00
|
|
|
// Configure configures the resource provider with "globals" that control its behavior.
|
2018-04-04 19:08:17 +02:00
|
|
|
rpc Configure(ConfigureRequest) returns (google.protobuf.Empty) {}
|
2017-09-27 21:34:44 +02:00
|
|
|
// Invoke dynamically executes a built-in function in the provider.
|
|
|
|
rpc Invoke(InvokeRequest) returns (InvokeResponse) {}
|
2017-12-03 01:34:16 +01:00
|
|
|
// Check validates that the given property bag is valid for a resource of the given type and returns the inputs
|
2017-12-08 22:28:54 +01:00
|
|
|
// that should be passed to successive calls to Diff, Create, or Update for this resource. As a rule, the provider
|
|
|
|
// inputs returned by a call to Check should preserve the original representation of the properties as present in
|
|
|
|
// the program inputs. Though this rule is not required for correctness, violations thereof can negatively impact
|
|
|
|
// the end-user experience, as the provider inputs are using for detecting and rendering diffs.
|
2017-08-01 03:26:15 +02:00
|
|
|
rpc Check(CheckRequest) returns (CheckResponse) {}
|
|
|
|
// Diff checks what impacts a hypothetical update will have on the resource's properties.
|
|
|
|
rpc Diff(DiffRequest) returns (DiffResponse) {}
|
2017-02-10 17:55:26 +01:00
|
|
|
// Create allocates a new instance of the provided resource and returns its unique ID afterwards. (The input ID
|
|
|
|
// must be blank.) If this call fails, the resource must not have been created (i.e., it is "transacational").
|
|
|
|
rpc Create(CreateRequest) returns (CreateResponse) {}
|
2018-04-05 16:00:16 +02:00
|
|
|
// Read the current live state associated with a resource. Enough state must be include in the inputs to uniquely
|
|
|
|
// identify the resource; this is typically just the resource ID, but may also include some properties.
|
|
|
|
rpc Read(ReadRequest) returns (ReadResponse) {}
|
2017-03-02 18:52:08 +01:00
|
|
|
// Update updates an existing resource with new values.
|
2017-07-18 03:44:45 +02:00
|
|
|
rpc Update(UpdateRequest) returns (UpdateResponse) {}
|
2017-02-10 17:55:26 +01:00
|
|
|
// Delete tears down an existing resource with the given ID. If it fails, the resource is assumed to still exist.
|
|
|
|
rpc Delete(DeleteRequest) returns (google.protobuf.Empty) {}
|
2017-12-01 22:50:32 +01:00
|
|
|
// GetPluginInfo returns generic information about this plugin, like its version.
|
|
|
|
rpc GetPluginInfo(google.protobuf.Empty) returns (PluginInfo) {}
|
2017-02-10 17:55:26 +01:00
|
|
|
}
|
|
|
|
|
2017-08-31 23:31:33 +02:00
|
|
|
message ConfigureRequest {
|
|
|
|
map<string, string> variables = 1; // a map of configuration keys to values.
|
|
|
|
}
|
|
|
|
|
2018-04-04 19:08:17 +02:00
|
|
|
// ConfigureErrorMissingKeys is sent as a Detail on an error returned from `ResourceProvider.Configure`.
|
|
|
|
message ConfigureErrorMissingKeys {
|
|
|
|
message MissingKey {
|
|
|
|
string name = 1; // the Pulumi name (not the provider name!) of the missing config key.
|
|
|
|
string description = 2; // a description of the missing config key, as reported by the provider.
|
|
|
|
}
|
|
|
|
|
|
|
|
repeated MissingKey missingKeys = 1; // a list of required configuration keys that were not supplied.
|
|
|
|
}
|
|
|
|
|
2017-09-27 21:34:44 +02:00
|
|
|
message InvokeRequest {
|
|
|
|
string tok = 1; // the function token to invoke.
|
|
|
|
google.protobuf.Struct args = 2; // the arguments for the function invocation.
|
|
|
|
}
|
|
|
|
|
|
|
|
message InvokeResponse {
|
|
|
|
google.protobuf.Struct return = 1; // the returned values, if invoke was successful.
|
|
|
|
repeated CheckFailure failures = 2; // the failures if any arguments didn't pass verification.
|
|
|
|
}
|
|
|
|
|
2017-03-03 03:15:38 +01:00
|
|
|
message CheckRequest {
|
2017-12-03 01:34:16 +01:00
|
|
|
string urn = 1; // the Pulumi URN for this resource.
|
|
|
|
google.protobuf.Struct olds = 2; // the old Pulumi inputs for this resource, if any.
|
|
|
|
google.protobuf.Struct news = 3; // the new Pulumi inputs for this resource.
|
2017-03-03 03:15:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
message CheckResponse {
|
2017-12-03 01:34:16 +01:00
|
|
|
google.protobuf.Struct inputs = 1; // the provider inputs for this resource.
|
|
|
|
repeated CheckFailure failures = 2; // any validation failures that occurred.
|
2017-03-03 03:15:38 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
message CheckFailure {
|
|
|
|
string property = 1; // the property that failed validation.
|
|
|
|
string reason = 2; // the reason that the property failed validation.
|
|
|
|
}
|
|
|
|
|
2017-08-01 03:26:15 +02:00
|
|
|
message DiffRequest {
|
|
|
|
string id = 1; // the ID of the resource to diff.
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
2017-12-03 01:34:16 +01:00
|
|
|
google.protobuf.Struct olds = 3; // the old values of provider inputs to diff.
|
|
|
|
google.protobuf.Struct news = 4; // the new values of provider inputs to diff.
|
Redo object monikers
This change overhauls the way we do object monikers. The old mechanism,
generating monikers using graph paths, was far too brittle and prone to
collisions. The new approach mixes some amount of "automatic scoping"
plus some "explicit naming." Although there is some explicitness, this
is arguably a good thing, as the monikers will be relatable back to the
source more readily by developers inspecting the graph and resource state.
Each moniker has four parts:
<Namespace>::<AllocModule>::<Type>::<Name>
wherein each element is the following:
<Namespace> The namespace being deployed into
<AllocModule> The module in which the object was allocated
<Type> The type of the resource
<Name> The assigned name of the resource
The <Namespace> is essentially the deployment target -- so "prod",
"stage", etc -- although it is more general purpose to allow for future
namespacing within a target (e.g., "prod/customer1", etc); for now
this is rudimentary, however, see marapongo/mu#94.
The <AllocModule> is the token for the code that contained the 'new'
that led to this object being created. In the future, we may wish to
extend this to also track the module under evaluation. (This is a nice
aspect of monikers; they can become arbitrarily complex, so long as
they are precise, and not prone to false positives/negatives.)
The <Name> warrants more discussion. The resource provider is consulted
via a new gRPC method, Name, that fetches the name. How the provider
does this is entirely up to it. For some resource types, the resource
may have properties that developers must set (e.g., `new Bucket("foo")`);
for other providers, perhaps the resource intrinsically has a property
that explicitly and uniquely qualifies the object (e.g., AWS SecurityGroups,
via `new SecurityGroup({groupName: "my-sg"}`); and finally, it's conceivable
that a provider might auto-generate the name (e.g., such as an AWS Lambda
whose name could simply be a hash of the source code contents).
This should overall produce better results with respect to moniker
collisions, ability to match resources, and the usability of the system.
2017-02-24 23:50:02 +01:00
|
|
|
}
|
|
|
|
|
2017-08-01 03:26:15 +02:00
|
|
|
message DiffResponse {
|
|
|
|
repeated string replaces = 1; // if this update requires a replacement, the set of properties triggering it.
|
Add a notion of stable properties
This change adds the capability for a resource provider to indicate
that, where an action carried out in response to a diff, a certain set
of properties would be "stable"; that is to say, they are guaranteed
not to change. As a result, properties may be resolved to their final
values during previewing, avoiding erroneous cascading impacts.
This avoids the ever-annoying situation I keep running into when demoing:
when adding or removing an ingress rule to a security group, we ripple
the impact through the instance, and claim it must be replaced, because
that instance depends on the security group via its name. Well, the name
is a great example of a stable property, in that it will never change, and
so this is truly unfortunate and always adds uncertainty into the demos.
Particularly since the actual update doesn't need to perform replacements.
This resolves pulumi/pulumi#330.
2017-10-04 14:22:21 +02:00
|
|
|
repeated string stables = 2; // an optional list of properties that will not ever change.
|
2017-12-10 17:37:22 +01:00
|
|
|
bool deleteBeforeReplace = 3; // if true, this resource must be deleted before replacing it.
|
2018-04-05 16:00:16 +02:00
|
|
|
DiffChanges changes = 4; // if true, this diff represents an actual difference and thus requires an update.
|
|
|
|
|
|
|
|
enum DiffChanges {
|
|
|
|
DIFF_UNKNOWN = 0; // unknown whether there are changes or not (legacy behavior).
|
|
|
|
DIFF_NONE = 1; // the diff was performed, and no changes were detected that require an update.
|
|
|
|
DIFF_SOME = 2; // the diff was performed, and changes were detected that require an update or replacement.
|
|
|
|
}
|
Redo object monikers
This change overhauls the way we do object monikers. The old mechanism,
generating monikers using graph paths, was far too brittle and prone to
collisions. The new approach mixes some amount of "automatic scoping"
plus some "explicit naming." Although there is some explicitness, this
is arguably a good thing, as the monikers will be relatable back to the
source more readily by developers inspecting the graph and resource state.
Each moniker has four parts:
<Namespace>::<AllocModule>::<Type>::<Name>
wherein each element is the following:
<Namespace> The namespace being deployed into
<AllocModule> The module in which the object was allocated
<Type> The type of the resource
<Name> The assigned name of the resource
The <Namespace> is essentially the deployment target -- so "prod",
"stage", etc -- although it is more general purpose to allow for future
namespacing within a target (e.g., "prod/customer1", etc); for now
this is rudimentary, however, see marapongo/mu#94.
The <AllocModule> is the token for the code that contained the 'new'
that led to this object being created. In the future, we may wish to
extend this to also track the module under evaluation. (This is a nice
aspect of monikers; they can become arbitrarily complex, so long as
they are precise, and not prone to false positives/negatives.)
The <Name> warrants more discussion. The resource provider is consulted
via a new gRPC method, Name, that fetches the name. How the provider
does this is entirely up to it. For some resource types, the resource
may have properties that developers must set (e.g., `new Bucket("foo")`);
for other providers, perhaps the resource intrinsically has a property
that explicitly and uniquely qualifies the object (e.g., AWS SecurityGroups,
via `new SecurityGroup({groupName: "my-sg"}`); and finally, it's conceivable
that a provider might auto-generate the name (e.g., such as an AWS Lambda
whose name could simply be a hash of the source code contents).
This should overall produce better results with respect to moniker
collisions, ability to match resources, and the usability of the system.
2017-02-24 23:50:02 +01:00
|
|
|
}
|
|
|
|
|
2017-02-10 17:55:26 +01:00
|
|
|
message CreateRequest {
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 1; // the Pulumi URN for this resource.
|
2017-12-03 01:34:16 +01:00
|
|
|
google.protobuf.Struct properties = 2; // the provider inputs to set during creation.
|
2017-02-10 17:55:26 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
message CreateResponse {
|
2017-10-12 00:27:34 +02:00
|
|
|
string id = 1; // the ID of the created resource.
|
2017-07-18 03:44:45 +02:00
|
|
|
google.protobuf.Struct properties = 2; // any properties that were computed during creation.
|
2017-02-10 17:55:26 +01:00
|
|
|
}
|
|
|
|
|
2018-04-05 16:00:16 +02:00
|
|
|
message ReadRequest {
|
|
|
|
string id = 1; // the ID of the resource to read.
|
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
|
|
|
google.protobuf.Struct properties = 3; // the current state (sufficiently complete to identify the resource).
|
|
|
|
}
|
|
|
|
|
|
|
|
message ReadResponse {
|
2018-04-10 21:58:50 +02:00
|
|
|
string id = 1; // the ID of the resource read back (or empty if missing).
|
|
|
|
google.protobuf.Struct properties = 2; // the state of the resource read from the live environment.
|
2018-04-05 16:00:16 +02:00
|
|
|
}
|
|
|
|
|
Initial support for output properties (1 of 3)
This change includes approximately 1/3rd of the change necessary
to support output properties, as per pulumi/lumi#90.
In short, the runtime now has a new hidden type, Latent<T>, which
represents a "speculative" value, whose eventual type will be T,
that we can use during evaluation in various ways. Namely,
operations against Latent<T>s generally produce new Latent<U>s.
During planning, any Latent<T>s that end up in resource properties
are transformed into "unknown" property values. An unknown property
value is legal only during planning-time activities, such as Check,
Name, and InspectChange. As a result, those RPC interfaces have
been updated to include lookaside maps indicating which properties
have unknown values. My intent is to add some helper functions to
make dealing with this circumstance more correct-by-construction.
For now, using an unresolved Latent<T> in a conditional will lead
to an error. See pulumi/lumi#67. Speculating beyond these -- by
supporting iterative planning and application -- is something we
want to support eventually, but it makes sense to do that as an
additive change beyond this initial support. That is a missing 1/3.
Finally, the other missing 1/3rd which will happen much sooner
than the rest is restructuing plan application so that it will
correctly observe resolution of Latent<T> values. Right now, the
evaluation happens in one single pass, prior to the application, and
so Latent<T>s never actually get witnessed in a resolved state.
2017-05-24 02:32:59 +02:00
|
|
|
message UpdateRequest {
|
|
|
|
string id = 1; // the ID of the resource to update.
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
2017-12-03 01:34:16 +01:00
|
|
|
google.protobuf.Struct olds = 3; // the old values of provider inputs for the resource to update.
|
|
|
|
google.protobuf.Struct news = 4; // the new values of provider inputs for the resource to update.
|
Initial support for output properties (1 of 3)
This change includes approximately 1/3rd of the change necessary
to support output properties, as per pulumi/lumi#90.
In short, the runtime now has a new hidden type, Latent<T>, which
represents a "speculative" value, whose eventual type will be T,
that we can use during evaluation in various ways. Namely,
operations against Latent<T>s generally produce new Latent<U>s.
During planning, any Latent<T>s that end up in resource properties
are transformed into "unknown" property values. An unknown property
value is legal only during planning-time activities, such as Check,
Name, and InspectChange. As a result, those RPC interfaces have
been updated to include lookaside maps indicating which properties
have unknown values. My intent is to add some helper functions to
make dealing with this circumstance more correct-by-construction.
For now, using an unresolved Latent<T> in a conditional will lead
to an error. See pulumi/lumi#67. Speculating beyond these -- by
supporting iterative planning and application -- is something we
want to support eventually, but it makes sense to do that as an
additive change beyond this initial support. That is a missing 1/3.
Finally, the other missing 1/3rd which will happen much sooner
than the rest is restructuing plan application so that it will
correctly observe resolution of Latent<T> values. Right now, the
evaluation happens in one single pass, prior to the application, and
so Latent<T>s never actually get witnessed in a resolved state.
2017-05-24 02:32:59 +02:00
|
|
|
}
|
|
|
|
|
2017-07-18 03:44:45 +02:00
|
|
|
message UpdateResponse {
|
|
|
|
google.protobuf.Struct properties = 1; // any properties that were computed during updating.
|
|
|
|
}
|
|
|
|
|
2017-02-10 17:55:26 +01:00
|
|
|
message DeleteRequest {
|
2017-07-19 16:57:22 +02:00
|
|
|
string id = 1; // the ID of the resource to delete.
|
2017-08-31 22:10:55 +02:00
|
|
|
string urn = 2; // the Pulumi URN for this resource.
|
2017-07-19 16:57:22 +02:00
|
|
|
google.protobuf.Struct properties = 3; // the current properties on the resource.
|
2017-02-10 17:55:26 +01:00
|
|
|
}
|