This commit modifies the work in #7058 to permit properties which do not
pass the test of being strings directly, but which have an underlying
type of string.
When applied to `pulumi-aws`, this results in the following diff:
```
diff --git a/sdk/go/aws/provider.go b/sdk/go/aws/provider.go
index c32ad2367..8b4c9fd0a 100644
--- a/sdk/go/aws/provider.go
+++ b/sdk/go/aws/provider.go
@@ -21,6 +21,8 @@ type Provider struct {
AccessKey pulumi.StringPtrOutput `pulumi:"accessKey"`
// The profile for API operations. If not set, the default profile created with `aws configure` will be used.
Profile pulumi.StringPtrOutput `pulumi:"profile"`
+ // The region where AWS operations will take place. Examples are us-east-1, us-west-2, etc.
+ Region pulumi.StringPtrOutput `pulumi:"region"`
// The secret key for API operations. You can retrieve this from the 'Security & Credentials' section of the AWS console.
SecretKey pulumi.StringPtrOutput `pulumi:"secretKey"`
// The path to the shared credentials file. If not set this defaults to ~/.aws/credentials.
```
The primary purpose this is desirable is to expose Region from instances
of the AWS provider.
We were trimming trailing newlines from log messages in `pulumi logs` but not in `pulumi watch`. The latter was seeing many empty lines in logs as a result of this. This change consistently trims trailing newlines in all log rendering.
Fix the generated C# code for plain properties:
- Value types should not be initialized with `= null!`
- Arrays and maps should be `List<T>` and `Dictionary<string, TValue>`
* Version 7 indicates to the Pulumi Service that the CLI supports setting required headers for policy pack publishing
* Add bumping the Pulumi Service API version to the PR checklist
This change is a simple perf optimization to speed up the process of listing plugins by excluding some metadata like size by default.
Our strategy for finding a plugin is to first look on the path, and then to iterate through all plugins in the plugin cache (a directory). We do this for each plugin that is loaded when NewProvider is called. Unfortunately, the codepath that gets all plugins is shared by pulumi plugin ls that needs to do things like display the total size of all plugins, the size of each plugin, and when the plugin was last installed/last used.
This means that any time a plugin is loaded, we are computing the size of all plugins by recursively enumerating all folder (including all of the node_modules directories of any installed node multi-lang plugins!). For my 5 gb of node plugins this translated to 10s of overhead each time a plugin was loaded.
This change is a very simple fix. pulumi plugin ls is the only code path that uses size, so we create a dedicated code path GetPluginsWithMetadata that populates that info, excluding from the result of GetPlugins by default.
In Go, resource types are modeled as pointers, but there were cases where the type was not being emitted as a pointer, leading to panics and marshaling errors in programs. Additionally, array and map values that are external references were being emitted as pointers, but only resources should be pointers (not types), regardless of whether the resource type is external or local.
* Send plugin install output to stderr
We currently send plugin install output to stdout. This interferes
with --json (#5747), automation API scenarios, and in general is bad
CLI hygiene. This change sends plugin output to stdout instead.
* Add a changelog entry
Following pulumi/pulumi-terraform-bridge#347, properties are generated
for all provider config matching the inputs. Unfortunately this does not
work for complex values and non-string primitives generally (not only in
bridged providers) since values are JSON serialized.
While a proper solution to this is designed, it's sufficient for now to
stop generating non-string properties, which this commit does.
This commit adds a fallback for the README definition in the generated
setup.py files for Python SDKs, thus allowing editable installs of
packages which not yet been built.
Co-authored-by: Luke Hoban <luke@pulumi.com>
* Propagate workspace.Project metadata to plugin init
* Get to a working fix
* Propagate Root via plugin context
* Propagate root instead of yaml path
* Revert out unnecessary parameter propagation
* Root is now always absolute at this point; simplify code and docs
* Drop python conditional and propagate unused -root to all lang hosts
* Add tests that fail before and pass after
* Lint
* Add changelog entry
This commit adds a new language option for Python generation to specify
the package name instead of using `pulumi_x` where x is the name defined
in the schema.
A new test is added, and this has also been shown to produce no diff
when run against `pulumi-eks`.
Fixes: #6974
Passphrase Environment variables were set before loading the
secrets provider from state
Unfortunately, it seems that some users are using empty passphrases
and thus this newly introduced logic has broken their usecases
We now check that the environment variables are set - it doesn't
matter if they are set as empty, but the existance of an empty
environment variabe still suggests that it is an intentional
empty passphrase
* Remove leading and trailing whitespace in resource properties
* Make tests pass
* Add PULUMI_ACCEPT support to docs gen tests
* Handle a couple more places
Co-authored-by: Pat Gavlin <pat@pulumi.com>
Fixes: #6934
With this snippet of code:
```
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Create an AWS resource (S3 Bucket)
vpc, err := ec2.NewVpc(ctx, "main", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.0.0.0/16"),
})
if err != nil {
return err
}
rt, err := ec2.NewRouteTable(ctx, "example", &ec2.RouteTableArgs{
VpcId: vpc.ID(),
})
// Export the name of the bucket
ctx.Export("rt", rt)
return nil
})
}
```
the CLI would panic on the diff as follows:
```
panic: fatal: An assertion has failed
goroutine 249 [running]:
github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)
/private/tmp/pulumi-20210422-70582-1bpvlru/sdk/go/common/util/contract/failfast.go:23
github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)
/private/tmp/pulumi-20210422-70582-1bpvlru/sdk/go/common/util/contract/assert.go:26
github.com/pulumi/pulumi/pkg/v3/engine.printPropertyValue(0xc0005d41b0, 0x57cce00, 0xc001da9050, 0x0, 0x1, 0x5932853, 0x4, 0x0)
/private/tmp/pulumi-20210422-70582-1bpvlru/pkg/engine/diff.go:511 +0x1485
```
This was due to the entire object being added to the output and
the property being a ResourceReference
On the changing of the code to use a switch statement, we can
now include the ResourceReference and ensure that we catch any
missing case statements with a panic as default
This means the same piece of code now outputs to the CLI as
follows:
```
Outputs:
rt: {
URN: "urn:pulumi:dev::testing-new-engine-diff::aws:ec2/routeTable:RouteTable::example"
ID : "rtb-09b37608ec34f3b49"
PackageVersion: ""
}
Resources:
3 unchanged
Duration: 2s
```
If `rootPackageName` is set, we can look for the version in the
baseImportPath rather than at a location based on the package name -
which currently fails if every component is not named `pulumi-*`. To err
on the side of caution, this method is only used for packages where
`rootPackageName` is set, meaning existing SDKs retain their current
behavior.
The new behavior is confirmed via the test added in #6862.
* Import subpackages lazily
* Tighten up lazy_import impl
* Eagerly register resources, but lazily load their impl
* Add CHANGELOG entry
* Satisfy lint
* Restore mypy behavior so the change is not breaking
* Fix golden tests
When working in a monorepo environment, it can be desirable to generate
Go SDKs into a structure less like the upstream SDKs, and more like
this:
github.com/x/mymonorepo/sdk/go/package-name
Where `package-name` is also the root of a Go module. Since
`package-name` is not a valid package name in Go, it's also desirable to
be able to choose a replacement name and reduce the amount of nesting.
This commit adds a new Go option to the schema, `rootPackageName`, which
can be used to modify the generated root package name (e.g. to
`mypackage` instead of `package-name`, and remove the additional layer
of nesting.
Test coverage is added to ensure that the correct file structure and
package names are generated.
This incorporates some post merge feedback from https://github.com/pulumi/pulumi/pull/6893
This doesn't change the functionality of any of the tests:
```
go test -v ./secrets/passphrase -count=1
=== RUN TestPassphraseManagerIncorrectPassphraseReturnsErrorCrypter
--- PASS: TestPassphraseManagerIncorrectPassphraseReturnsErrorCrypter (0.89s)
=== RUN TestPassphraseManagerIncorrectStateReturnsError
--- PASS: TestPassphraseManagerIncorrectStateReturnsError (0.00s)
=== RUN TestPassphraseManagerCorrectPassphraseReturnsSecretsManager
--- PASS: TestPassphraseManagerCorrectPassphraseReturnsSecretsManager (1.08s)
=== RUN TestPassphraseManagerNoEnvironmentVariablesReturnsError
--- PASS: TestPassphraseManagerNoEnvironmentVariablesReturnsError (0.00s)
PASS
ok github.com/pulumi/pulumi/pkg/v3/secrets/passphrase 2.270s
```
Fixes: #6286
When a user is using the passphrase provider and unsets the environment
variables that let them interact with the secrets provider, then would
get an error as follows:
```
▶ pulumi up -y -f
error: decrypting secret value: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase
```
We are oging to change this error message to make it more obvious
to a user what the error is and how they need to fix it
```
▶ pulumi up -y -f
error: constructing secrets manager of type "passphrase": unable to find either `PULUMI_CONFIG_PASSPHRASE` nor `PULUMI_CONFIG_PASSPHRASE_FILE` when trying to access the Passphrase Secrets Manager. Please ensure one of these values are set to allow the operation to continue
```
Ideally, we would like to prompt the user for the passphrase at this
point rather than error, but the CLI could be in the middle of an
update operation as the same codepath is used for reading stackreference
values
This commit adjusts the way that Go module versions are discovered from
packages when generating Go programs, to account for those on module
version 1. Previously, this function would panic when dereferencing a
nil instance of semver.Version.
These changes fix a regression introduced by #6686 that caused the SDK
code generators for .NET, Python, and Typescript to omit definitions for
plain object types. This regression occurred because #6686 drew a
clearer line between types used as resource arguments and types used
as function arguments, but conflated "resource arguments" with "inputty
types". This caused the code generators to generate inputty types for
any types used as resource arguments, even those that are used for
plainly-typed properties.
Fixes#6796.
Add line breaks and whitespace to avoid long horizontal scrolls for Python constructor/function arguments. Also, include the new ResourceArgs constructor overload.
See #6200 for a complete description of the issue. In short, we generate
inconsistent names for object types depending on whether or not they are
transitively reachable from resources or functions, which risks
unintentional breaking changes due to schema updates.
1. Name "input" types differently: `TArgs` for a type that is used in
resource inputs, having `Input<T>` properties, and `T` for a type
that is used in invoke inputs. The same schema type can produce both.
2. Always keep the name `T` for output types, avoid appending `Result` to
the name.
3. As needed, introduce a flag in the existing providers' schemas to avoid
breaking changes. Consider removing it on a major version bump.
Fixes#6200.
These have been deprecated for a very long time and it's a trivial change to remove them from the generated code. Let's clean this up for the 3.0-based providers.
This change updates the Python SDK codegen to opt-in to the new casing
translation behavior, which will use the passed-in props type's property
name metadata for translations, rather than calling the resource's
`translate_input_property` and `translate_output_property` methods.
- FIX: Keys in user-defined dicts will no longer be unintentionally
translated/modified.
- BREAKING: Dictionary keys in nested output classes are now
consistently snake_case. If accessing camelCase keys from such output
classes, move to accessing the values via the snake_case property
getters (or snake_case keys). A warning will be logged when accessing
camelCase keys.
When serializing inputs:
- If a value is a dict and the associated type is an input type, the
dict's keys will be translated based on the input type's property
name metadata.
- If a value is a dict and the associated type is a dict (or Mapping),
the dict's keys will _not_ be translated.
When resolving outputs:
- If a value is a dict and the associated type is an output type, the
dict's keys will be translated based on the output type's property
name metadata.
- If a value is a dict and the associated type is a dict (or Mapping),
the dict's keys will _not_ be translated.
Update the RegisterResource method in the ResourceMonitor
to unmarshal the providers field added in d297db3 and then resolve
any provider references so that they can be set on the Construct call.
Add support for creating instances of resources in Python using a
`<Resource>Args` class. This capability aligns with how args are passed
to resources in all the other language SDKs and the separate object bag
allows the properties to be manipulated/validated/passed-around before
creating the resource.
We've been emitting calls to `New<Resource>` for resource registrations
in Go, passing `nil` for args. However, some of those `New<Resource>`
functions actually check for `nil` args and return an error if the
resource has required arguments.
At first, I was looking for a way to check inside `New<Resource>` if
the `URN` option was specified and in that case not error on
`nil` args (like we do in other languages), but we don't provide a way
to access the resource option values outside the Go SDK), so I don't
think there is a way to do it this way for Go.
So instead, this change updates the registration code to call
`ctx.RegisterResource` directly instead of `New<Resource>`, where we can
pass a `nil` args.
When using the filestate backend (local files and cloud buckets) there is no protection to prevent two processes from managing the same stack simultaneously.
This PR creates a locks directory in the management directory that stores lock files for a stack. Each backend implementation gets its own UUID that is joined with the stack name. The feature is currently available behind the `PULUMI_SELF_MANAGED_STATE_LOCKING=1` environment variable flag.
This change adds schema and codegen support for plain properties which
are emitted typed as the plain type rather than wrapped as an `Input`.
Plain properties require a prompt value and do not accept a value that
is `Output`.
When passing a package source as part of a `dotnet add package` in
our acceptance testing framework, dotnet was then trying to use that
package source for the restoration of other packages in the csproj
file.
We have removed passing the source to dotnet add package add
and replaced it with adding a machine level package source via
dotnet nuget add source command
this is the more correct way to work and will allow us to be able
to search multiple locations as part of the dotnet restore command
We currently include `version.txt` in the package via `<Content Include="version.txt">`. This places the file in the NuGet package in two locations: the `content` directory and `contentFiles`.
We want the file to be in `content` because this is where the Pulumi .NET Language host looks for the file when determining a program's required plugins.
However, having the file in `contentFiles` is problematic. For packages that reference other Pulumi resource packages (e.g. for multi-lang components), referenced `contentFiles` are included in the package by default. This means another package's `version.txt` will be included and used over the current project's `version.txt`. For example, if a multi-lang component package `Pulumi.Xyz` references `Pulumi.Aws`, the `version.txt` from `Pulumi.Aws` will be used in `Pulumi.Xyz` package rather than the intended `version.txt` for `Pulumi.Xyz`.
To address this, stop including `version.txt` in `contentFiles`. We do this by changing the `<Content Include="version.txt" />` to `<None Include="version.txt" Pack="True" PackagePath="content" />` in the project file. This ensures the file will still be included in the package in the `content` dir (where the Pulumi .NET language host expects to find it), but doesn't include the file in `contentFiles` which would cause it to be used in other packages that reference the package.
Further, when generating `<PackageReference>`s for packages that start with "Pulumi.", include an additional `ExcludeAssets="contentFiles"` attribute to prevent the package's `contentFiles` from being included.
Fixes: #4029Fixes: #3537
Should the user want to get permalinks when using a self-managed backend, they can pass a flag:
```
$ pulumi up --suppress-permalink false
```
Permalinks for these self-managed backends will be suppressed on `update`, `preview`, `destroy`,
`import` and `refresh` operations.
This new optional file can be used to include additional metadata about the provider plugin (such as version and custom server URL), which the Python language host will use when determining a program's required plugins.
This change fixes the codegen to emit the file in the correct location (inside the package dir). Note: Providers need to opt-in to emitting this file via a schema option (because it requires some Makefile changes to insert the version in the file) and we haven't done that with any of our providers yet.
The schema specifies supported environment variables
for Provider inputs, but these are not currently reflected
in the generated docs. This change adds any supported
environment variables to the input property comment
field on Provider resources.
Co-authored-by: Justin Van Patten <jvp@justinvp.com>
This way, the tests use the built-in virtual environment support by
default, which is what most customers will be using. A new `UsePipenv`
option is available to go back to using pipenv for tests.
We previously looked for `python3` and fallback to `python` on all systems. However, our Windows CI images include a `python3.exe` symlink to `python.exe` which does not work with `venv`. So on Windows, just look for `python` first, falling back to `python3`. (The default python.org Windows installation only includes `python.exe`).
Adds a `--limit` flag to `pulumi stack history. This allows limiting to the last few entries rather than fetching the entirety of a stack's update history (which can be quite slow for stacks with lots of updates). Example: `pulumi stack history --limit 1` fetches the last history entry only.
`stack.up` and related operations in the Automation API have been updated to consume this change, drastically reducing overhead.
* Fix resource-ref-as-ID marshaling. (#6125)
This reapplies 2f0dba23ab.
* Fix malformed resource value bug
PR #6125 introduced a bug by marshaling resource
ids as PropertyValues, but not handling that case on
the unmarshaling side. The previous code assumed
that the id was a simple string value. This bug prevents
any stack update operations (preview, update, destroy,
refresh). Since this change was already
released, we must now handle both cases in the
unmarshaling code.
* Add resource ref unit tests for the Go SDK. (#6142)
This reapplies 3d505912b8.
Co-authored-by: Pat Gavlin <pat@pulumi.com>
When marshaling a resource reference as its ID (i.e. when
opts.KeepResources is false, as it will be in the case of downlevel SDKs
and resource providers), we must take care to marshal/unmarshal an empty
ID as the unknown property value.
This includes the following changes to the resource ref APIs:
- Bifurcate resource reference creation into two methods: one for
creating references to custom resources and one for creating
references to component resources.
- Store the ID in a resource reference as a PropertyValue s.t. it can be
computed.
- Add a helper method for retrieving the ID as a string + an indicator of
whether or not the reference has an ID.
Fixes#5939.
Although raw provider resources accept an input that allows a user to
specifiy a provider version to use, this input is not reflected in
current SDK code generation. Furthermore, we already have a method to
specify the provider version that should be used for a resource: the
"version" resource option. These changes update the code that handles
provider resource registrations to autmoatically populate the version
input from the "version" resource option if the option is present.
Fixes https://github.com/pulumi/pulumi-azure/issues/803.
Fixes: #2086
```
pulumi new --help
Create a new Pulumi project and stack from a template.
...
To create a project from a user defined template location in source control, pass the url as follows e.g.
* pulumi new https://gitlab.com/<user>/<repo>
* pulumi new https://bitbucket.org/<user>/<repo>
* pulumi new https://github.com/<user>/<repo>
To create the project from a branch of the user defined source control location, pass the url to the branch, e.g.
* pulumi new https://gitlab.com/<user>/<repo>/tree/<branch>
* pulumi new https://bitbucket.org/<user>/<repo>/tree/<branch>
* pulumi new https://github.com/<user>/<repo>/tree/<branch>
```
These changes are a combination of three commits, each of which
contributes to the testing and/or fixing of a problem with marshaling
unknowns in `plugin.provider.Update` when `preview` is true.
## deploytest: add support for gRPC adapters.
These changes add support for communicating with providers using the
gRPC adapters to the deploytest pacakage. This makes it easier to test
the gRPC adapters across typical lifecycle patterns.
Supporting these changes are two additions to the `resource/plugin`
package:
1. A type that bridges between the `plugin.Provider` interface and the
`pulumirpc.ResourceProviderServer`
2. A function to create a `plugin.Provider` given a
`pulumirpc.ResourceProviderClient`
The deploytest package uses these to wrap an in-process
`plugin.Provider` in a gRPC interface and connect to it without using
the default plugin host, respectively.
## pulumi_test: test provider preview over gRPC.
Add a test that runs the provider preview lifecycle, but using a
provider that communicates over gRPC.
## gRPC bridge: fix unknowns in `Update` previews
Set the `KeepUnknowns` and `RejectUnknowns` bits in the `MarshalOptions`
used when unmarshaling update results to preserve unknowns during a
preview and reject them otherwise.
These changes also set the `RejectUnknowns` bit in the `MarshalOptions`
used by `Create` if `preview` is false, and fix a bug in the array
unmarshaler that could cause out-of-bounds accesses.
Fixes https://github.com/pulumi/pulumi/issues/6004.
State tracking for goals was implemented using a raw map,
but this was not safe for concurrent read/write access from
multiple goroutines. Switched to using a sync.Map, which
is threadsafe.
* Do not read TGZs into memory.
This runs a serious risk of exhausting the memory on lower-end machines
(e.g. certain CI VMs), especially given the potential size of some
plugins.
* CHANGELOG
* fixes
The step generator was incorrectly tracking goal states for
old resources, which could lead to a panic if the resource
was removed in the update. This fix only generates goal
states for resources that exist in the updated program.
Now that resources are serialized as refs, ComponentResources
may try to unmarshal local resource refs before they are
initialized during the RegisterResource step.
This change avoids that issue by skipping Output marshaling
for local ComponentResources during the RegisterResource step.
These Outputs will be handled instead during the
RegisterResourceOutputs step.
Co-authored-by: Pat Gavlin <pat@pulumi.com>
The step generator applies `ignoreChanges` pre-processing for all
resources by copying old input values to the new goal for any properties
mentioned in the `ignoreChanges` list. However, this pre-processing
depends on the existence of prior inputs, which by definition does not
exist for a resource being imported prior to the issuance of the
`ImportStep`. These changes add this processing to the implementation of
`ImportStep`, using the inputs read from the provider as the prior
inputs.
- Add component ref coverage to the existing test
- Add coverage for a downlevel SDK communicating with an engine that
supports resource refs
- Add coverage for a downlevel engine communicating with an SDK that
supports resource refs
As part of improving coverage, these changes add a knob to explicitly
disable resource refs in the engine without the use of the environment
variable. The environment variable is now only read by the CLI, and has
been restored to its prior polarity (i.e. `PULUMI_ENABLE_RESOURCE_REFERENCES`).
Disable resource ref support until https://github.com/pulumi/pulumi-kubernetes/issues/1405
is fixed. This bug currently affects Python users with recent versions of the pulumi SDK
who are using the pulumi-kubernetes provider.
* Enable resource reference feature by default
Unless the PULUMI_DISABLE_RESOURCE_REFERENCES flag
is explicitly set to a truthy value, the resource reference feature is now
enabled by default.
* Set AcceptResources in the language SDKs
This can be disabled by setting the `PULUMI_DISABLE_RESOURCE_REFERENCES` environment variable to a truthy value.
Co-authored-by: Justin Van Patten <jvp@justinvp.com>