2018-03-21 20:43:21 +01:00
|
|
|
// Copyright 2016-2018, Pulumi Corporation. All rights reserved.
|
2017-07-23 20:12:17 +02:00
|
|
|
|
|
|
|
|
package examples
|
|
|
|
|
|
|
|
|
|
import (
|
2017-11-14 20:26:41 +01:00
|
|
|
"bytes"
|
2017-07-23 20:12:17 +02:00
|
|
|
"os"
|
2018-11-20 23:55:38 +01:00
|
|
|
"os/exec"
|
2017-07-23 20:12:17 +02:00
|
|
|
"path"
|
2017-11-14 20:26:41 +01:00
|
|
|
"strings"
|
2017-07-23 20:12:17 +02:00
|
|
|
"testing"
|
|
|
|
|
|
2018-11-20 23:55:38 +01:00
|
|
|
"github.com/blang/semver"
|
|
|
|
|
"github.com/pkg/errors"
|
2017-07-23 20:12:17 +02:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
|
2019-05-10 21:30:41 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/resource"
|
Implement first-class providers. (#1695)
### First-Class Providers
These changes implement support for first-class providers. First-class
providers are provider plugins that are exposed as resources via the
Pulumi programming model so that they may be explicitly and multiply
instantiated. Each instance of a provider resource may be configured
differently, and configuration parameters may be source from the
outputs of other resources.
### Provider Plugin Changes
In order to accommodate the need to verify and diff provider
configuration and configure providers without complete configuration
information, these changes adjust the high-level provider plugin
interface. Two new methods for validating a provider's configuration
and diffing changes to the same have been added (`CheckConfig` and
`DiffConfig`, respectively), and the type of the configuration bag
accepted by `Configure` has been changed to a `PropertyMap`.
These changes have not yet been reflected in the provider plugin gRPC
interface. We will do this in a set of follow-up changes. Until then,
these methods are implemented by adapters:
- `CheckConfig` validates that all configuration parameters are string
or unknown properties. This is necessary because existing plugins
only accept string-typed configuration values.
- `DiffConfig` either returns "never replace" if all configuration
values are known or "must replace" if any configuration value is
unknown. The justification for this behavior is given
[here](https://github.com/pulumi/pulumi/pull/1695/files#diff-a6cd5c7f337665f5bb22e92ca5f07537R106)
- `Configure` converts the config bag to a legacy config map and
configures the provider plugin if all config values are known. If any
config value is unknown, the underlying plugin is not configured and
the provider may only perform `Check`, `Read`, and `Invoke`, all of
which return empty results. We justify this behavior becuase it is
only possible during a preview and provides the best experience we
can manage with the existing gRPC interface.
### Resource Model Changes
Providers are now exposed as resources that participate in a stack's
dependency graph. Like other resources, they are explicitly created,
may have multiple instances, and may have dependencies on other
resources. Providers are referred to using provider references, which
are a combination of the provider's URN and its ID. This design
addresses the need during a preview to refer to providers that have not
yet been physically created and therefore have no ID.
All custom resources that are not themselves providers must specify a
single provider via a provider reference. The named provider will be
used to manage that resource's CRUD operations. If a resource's
provider reference changes, the resource must be replaced. Though its
URN is not present in the resource's dependency list, the provider
should be treated as a dependency of the resource when topologically
sorting the dependency graph.
Finally, `Invoke` operations must now specify a provider to use for the
invocation via a provider reference.
### Engine Changes
First-class providers support requires a few changes to the engine:
- The engine must have some way to map from provider references to
provider plugins. It must be possible to add providers from a stack's
checkpoint to this map and to register new/updated providers during
the execution of a plan in response to CRUD operations on provider
resources.
- In order to support updating existing stacks using existing Pulumi
programs that may not explicitly instantiate providers, the engine
must be able to manage the "default" providers for each package
referenced by a checkpoint or Pulumi program. The configuration for
a "default" provider is taken from the stack's configuration data.
The former need is addressed by adding a provider registry type that is
responsible for managing all of the plugins required by a plan. In
addition to loading plugins froma checkpoint and providing the ability
to map from a provider reference to a provider plugin, this type serves
as the provider plugin for providers themselves (i.e. it is the
"provider provider").
The latter need is solved via two relatively self-contained changes to
plan setup and the eval source.
During plan setup, the old checkpoint is scanned for custom resources
that do not have a provider reference in order to compute the set of
packages that require a default provider. Once this set has been
computed, the required default provider definitions are conjured and
prepended to the checkpoint's resource list. Each resource that
requires a default provider is then updated to refer to the default
provider for its package.
While an eval source is running, each custom resource registration,
resource read, and invoke that does not name a provider is trapped
before being returned by the source iterator. If no default provider
for the appropriate package has been registered, the eval source
synthesizes an appropriate registration, waits for it to complete, and
records the registered provider's reference. This reference is injected
into the original request, which is then processed as usual. If a
default provider was already registered, the recorded reference is
used and no new registration occurs.
### SDK Changes
These changes only expose first-class providers from the Node.JS SDK.
- A new abstract class, `ProviderResource`, can be subclassed and used
to instantiate first-class providers.
- A new field in `ResourceOptions`, `provider`, can be used to supply
a particular provider instance to manage a `CustomResource`'s CRUD
operations.
- A new type, `InvokeOptions`, can be used to specify options that
control the behavior of a call to `pulumi.runtime.invoke`. This type
includes a `provider` field that is analogous to
`ResourceOptions.provider`.
2018-08-07 02:50:29 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/resource/deploy/providers"
|
2017-09-22 04:18:21 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/testing/integration"
|
2019-05-10 21:30:41 +02:00
|
|
|
"github.com/pulumi/pulumi/pkg/util/contract"
|
2017-07-23 20:12:17 +02:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestExamples(t *testing.T) {
|
|
|
|
|
cwd, err := os.Getwd()
|
|
|
|
|
if !assert.NoError(t, err, "expected a valid working directory: %v", err) {
|
|
|
|
|
return
|
|
|
|
|
}
|
2017-11-06 16:23:07 +01:00
|
|
|
|
2019-05-03 01:52:00 +02:00
|
|
|
getExamples := func() []integration.ProgramTestOptions {
|
|
|
|
|
var formattableStdout, formattableStderr bytes.Buffer
|
|
|
|
|
return []integration.ProgramTestOptions{
|
|
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "minimal"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
Config: map[string]string{
|
|
|
|
|
"name": "Pulumi",
|
|
|
|
|
},
|
|
|
|
|
Secrets: map[string]string{
|
|
|
|
|
"secret": "this is my secret message",
|
|
|
|
|
},
|
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
|
|
|
|
// Simple runtime validation that just ensures the checkpoint was written and read.
|
|
|
|
|
assert.NotNil(t, stackInfo.Deployment)
|
|
|
|
|
},
|
|
|
|
|
RunBuild: true,
|
2018-11-14 22:27:32 +01:00
|
|
|
},
|
2019-05-03 01:52:00 +02:00
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "dynamic-provider/simple"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
Config: map[string]string{
|
|
|
|
|
"simple:config:w": "1",
|
|
|
|
|
"simple:config:x": "1",
|
|
|
|
|
"simple:config:y": "1",
|
|
|
|
|
},
|
2018-11-14 22:27:32 +01:00
|
|
|
},
|
2019-05-03 01:52:00 +02:00
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "dynamic-provider/class-with-comments"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
Config: map[string]string{},
|
2018-11-14 22:27:32 +01:00
|
|
|
},
|
2019-05-03 01:52:00 +02:00
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "dynamic-provider/multiple-turns"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
|
|
|
|
for _, res := range stackInfo.Deployment.Resources {
|
|
|
|
|
if !providers.IsProviderType(res.Type) && res.Parent == "" {
|
|
|
|
|
assert.Equal(t, stackInfo.RootResource.URN, res.URN,
|
|
|
|
|
"every resource but the root resource should have a parent, but %v didn't", res.URN)
|
|
|
|
|
}
|
2018-01-19 23:17:28 +01:00
|
|
|
}
|
2019-05-03 01:52:00 +02:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "dynamic-provider/derived-inputs"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "formattable"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
|
|
|
|
// Note that we're abusing this hook to validate stdout. We don't actually care about the checkpoint.
|
|
|
|
|
stdout := formattableStdout.String()
|
|
|
|
|
assert.False(t, strings.Contains(stdout, "MISSING"))
|
|
|
|
|
},
|
|
|
|
|
Stdout: &formattableStdout,
|
|
|
|
|
Stderr: &formattableStderr,
|
2018-01-19 23:17:28 +01:00
|
|
|
},
|
2019-05-03 01:52:00 +02:00
|
|
|
{
|
|
|
|
|
Dir: path.Join(cwd, "dynamic-provider/multiple-turns-2"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
2017-11-14 20:26:41 +01:00
|
|
|
},
|
2019-05-03 01:52:00 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Get the entire set of examples first.
|
|
|
|
|
examples := getExamples()
|
|
|
|
|
|
|
|
|
|
// Now, add them again, this time using a local-login path. This helps test all the same
|
|
|
|
|
// scenarios against local paths to validate that they are working properly.
|
|
|
|
|
for _, test := range getExamples() {
|
|
|
|
|
examples = append(examples, test.With(integration.ProgramTestOptions{
|
|
|
|
|
CloudURL: "file://~",
|
|
|
|
|
}))
|
2018-11-20 23:55:38 +01:00
|
|
|
}
|
|
|
|
|
|
2019-05-10 21:30:41 +02:00
|
|
|
// Add a secrets example: This deploys a program that spins up a bunch of custom resources with different sets
|
|
|
|
|
// of secret inputs.
|
|
|
|
|
examples = append(examples, integration.ProgramTestOptions{
|
|
|
|
|
Dir: path.Join(cwd, "secrets"),
|
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
|
Config: map[string]string{
|
|
|
|
|
"message": "plaintext message",
|
|
|
|
|
},
|
|
|
|
|
Secrets: map[string]string{
|
|
|
|
|
"apiKey": "FAKE_API_KEY_FOR_TESTING",
|
|
|
|
|
},
|
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
|
|
|
|
assert.NotNil(t, stackInfo.Deployment.SecretsProviders, "Deployment should have a secrets provider")
|
|
|
|
|
|
|
|
|
|
isEncrypted := func(v interface{}) bool {
|
|
|
|
|
if m, ok := v.(map[string]interface{}); ok {
|
|
|
|
|
sigKey := m[resource.SigKey]
|
|
|
|
|
if sigKey == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
v, vOk := sigKey.(string)
|
|
|
|
|
if !vOk {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if v != resource.SecretSig {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ciphertext := m["ciphertext"]
|
|
|
|
|
if ciphertext == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_, cOk := ciphertext.(string)
|
|
|
|
|
return cOk
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-14 21:56:30 +02:00
|
|
|
assertEncryptedValue := func(m map[string]interface{}, key string) {
|
|
|
|
|
assert.Truef(t, isEncrypted(m[key]), "%s value should be encrypted", key)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
assertPlaintextValue := func(m map[string]interface{}, key string) {
|
|
|
|
|
assert.Truef(t, !isEncrypted(m[key]), "%s value should not encrypted", key)
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-10 21:30:41 +02:00
|
|
|
for _, res := range stackInfo.Deployment.Resources {
|
|
|
|
|
if res.Type == "pulumi-nodejs:dynamic:Resource" {
|
|
|
|
|
switch res.URN.Name() {
|
|
|
|
|
case "sValue", "sApply", "cValue", "cApply":
|
2019-05-14 21:56:30 +02:00
|
|
|
assertEncryptedValue(res.Inputs, "value")
|
|
|
|
|
assertEncryptedValue(res.Outputs, "value")
|
2019-05-10 21:30:41 +02:00
|
|
|
case "pValue", "pApply":
|
2019-05-14 21:56:30 +02:00
|
|
|
assertPlaintextValue(res.Inputs, "value")
|
|
|
|
|
assertPlaintextValue(res.Outputs, "value")
|
2019-05-10 21:30:41 +02:00
|
|
|
case "pDummy":
|
2019-05-14 21:56:30 +02:00
|
|
|
assertPlaintextValue(res.Outputs, "value")
|
2019-05-10 21:30:41 +02:00
|
|
|
case "sDummy":
|
|
|
|
|
// Creation of this resource passes in a custom resource options to ensure that "value" is
|
|
|
|
|
// treated as secret. In the state file, we'll see this as an uncrypted input with an
|
|
|
|
|
// encrypted output.
|
2019-05-14 21:56:30 +02:00
|
|
|
assertEncryptedValue(res.Outputs, "value")
|
|
|
|
|
case "rValue":
|
|
|
|
|
assertEncryptedValue(res.Inputs["value"].(map[string]interface{}), "secret")
|
|
|
|
|
assertEncryptedValue(res.Outputs["value"].(map[string]interface{}), "secret")
|
|
|
|
|
assertPlaintextValue(res.Inputs["value"].(map[string]interface{}), "plain")
|
|
|
|
|
assertPlaintextValue(res.Outputs["value"].(map[string]interface{}), "plain")
|
2019-05-10 21:30:41 +02:00
|
|
|
default:
|
|
|
|
|
contract.Assertf(false, "unknown name type: %s", res.URN.Name())
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-05-14 21:56:30 +02:00
|
|
|
|
|
|
|
|
assertEncryptedValue(stackInfo.Outputs, "combinedApply")
|
|
|
|
|
assertEncryptedValue(stackInfo.Outputs, "combinedMessage")
|
|
|
|
|
assertPlaintextValue(stackInfo.Outputs, "plaintextApply")
|
|
|
|
|
assertPlaintextValue(stackInfo.Outputs, "plaintextMessage")
|
|
|
|
|
assertEncryptedValue(stackInfo.Outputs, "secretApply")
|
|
|
|
|
assertEncryptedValue(stackInfo.Outputs, "secretMessage")
|
|
|
|
|
assertEncryptedValue(stackInfo.Outputs, "richStructure")
|
2019-05-10 21:30:41 +02:00
|
|
|
},
|
|
|
|
|
})
|
|
|
|
|
|
2018-11-20 23:55:38 +01:00
|
|
|
// The compat test only works on Node 6.10.X because its uses the old 0.10.0 pulumi package, which only supported
|
|
|
|
|
// a single node version, since it had the native runtime component.
|
|
|
|
|
if nodeVer, err := getNodeVersion(); err != nil && nodeVer.Major == 6 && nodeVer.Minor == 10 {
|
|
|
|
|
examples = append(examples, integration.ProgramTestOptions{
|
2018-11-14 22:27:32 +01:00
|
|
|
Dir: path.Join(cwd, "compat/v0.10.0/minimal"),
|
2018-03-14 05:52:16 +01:00
|
|
|
Config: map[string]string{
|
|
|
|
|
"name": "Pulumi",
|
|
|
|
|
},
|
|
|
|
|
Secrets: map[string]string{
|
|
|
|
|
"secret": "this is my secret message",
|
|
|
|
|
},
|
2018-08-02 03:09:23 +02:00
|
|
|
RunBuild: true,
|
2018-11-20 23:55:38 +01:00
|
|
|
})
|
|
|
|
|
} else {
|
|
|
|
|
t.Log("Skipping 0.10.0 compat tests, because current node version is not 6.10.X")
|
2017-07-23 20:12:17 +02:00
|
|
|
}
|
2017-11-06 16:23:07 +01:00
|
|
|
|
2018-04-03 06:34:54 +02:00
|
|
|
for _, example := range examples {
|
2018-05-29 20:24:51 +02:00
|
|
|
ex := example
|
2017-08-06 17:26:20 +02:00
|
|
|
t.Run(example.Dir, func(t *testing.T) {
|
2018-04-03 06:34:54 +02:00
|
|
|
integration.ProgramTest(t, &ex)
|
2017-07-23 20:12:17 +02:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-11-20 23:55:38 +01:00
|
|
|
|
|
|
|
|
func getNodeVersion() (semver.Version, error) {
|
|
|
|
|
var buf bytes.Buffer
|
|
|
|
|
|
|
|
|
|
nodeVersionCmd := exec.Command("node", "--version")
|
|
|
|
|
nodeVersionCmd.Stdout = &buf
|
|
|
|
|
if err := nodeVersionCmd.Run(); err != nil {
|
|
|
|
|
return semver.Version{}, errors.Wrap(err, "running node --version")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return semver.ParseTolerant(buf.String())
|
|
|
|
|
}
|
