CHANGELOG ========= ## Unreleased ## 0.17.27 (2019-07-29) - Fix an error message from the logging subsystem which was introduced in v0.17.26 [#2989](https://github.com/pulumi/pulumi/pull/2997) ## 0.17.26 (2019-07-26) - Add `get_object`, `require_object`, `get_secret_object` and `require_secret_object` APIs to Python `config` module [#2959](https://github.com/pulumi/pulumi/pull/2959) - Fix unexpected provider replacements when upgrading from older CLIs and older providers [pulumi/pulumi-kubernetes#645](https://github.com/pulumi/pulumi-kubernetes/issues/645) - Add *Python* support for renaming resources via the `aliases` resource option. Adding aliases allows new resources to match resources from previous deployments which used different names, maintaining the identity of the resource and avoiding replacements or re-creation of the resource. This was previously added to the *JavaScript* sdk in 0.17.15. [#2974](https://github.com/pulumi/pulumi/pull/2974) ## 0.17.25 (2019-07-19) - Support for Dynamic Providers in Python [#2900](https://github.com/pulumi/pulumi/pull/2900) ## 0.17.24 (2019-07-19) - Fix a crash when two different versions of `@pulumi/pulumi` are used in the same Pulumi program [#2942](https://github.com/pulumi/pulumi/issues/2942) ## 0.17.23 (2019-07-16) - `pulumi new` allows specifying a local path to templates (resolves [#2672](https://github.com/pulumi/pulumi/issues/2672)) - Fix an issue where a file archive created on Windows would contain back-slashes [#2784](https://github.com/pulumi/pulumi/issues/2784) - Fix an issue where output values of a resource would not be present when they contained secret values, when using Python. - Fix an issue where emojis are printed in non-interactive mode. (fixes [#2871](https://github.com/pulumi/pulumi/issues/2871)) - Promises/Outputs can now be directly exported as the top-level (i.e. not-named) output of a Stack. (fixes [#2910](https://github.com/pulumi/pulumi/issues/2910)) - Add support for importing existing resources to be managed using Pulumi. A resource can be imported by setting the `import` property in the resource options bag when instantiating a resource. In order to successfully import a resource, its desired configuration (i.e. its inputs) must not differ from its actual configuration (i.e. its state) as calculated by the resource's provider. - Add the ability to pass a customTimeouts object from the providers across the engine to resource management. (fixes [#2655](https://github.com/pulumi/pulumi/issues/2655)) ### Breaking Changes - Defer to resource providers in all cases where the engine must determine whether or not a resource has changed. Note that this can expose bugs in the resources providers that cause diffs to be present even if the desired configuration matches the actual state of the resource: in these cases, users can set the `PULUMI_ENABLE_LEGACY_DIFF` environment variable to `1` or `true` to enable the old diff behavior. https://github.com/pulumi/pulumi/issues/2971 lists the known provider bugs exposed by these changes and links to appropriate workarounds or tracking issues. ## 0.17.22 (2019-07-11) - Improve update performance in cases where a large number of log messages are reported during an update. ## 0.17.21 (2019-06-26) - Python SDK fix for a crash resulting from a KeyError if secrets were used in configuration. - Fix an issue where a secret would not be encrypted in the state file if it was a property of a resource which was used as a stack output (fixes [#2862](https://github.com/pulumi/pulumi/issues/2862)) ## 0.17.20 (2019-06-23) - SDK fix for crash that could occasionally happen if there were multiple identical aliases to the same Resource. ## 0.17.19 (2019-06-23) - Engine fix for crash that could occasionally happen if there were multiple identical aliases to the same Resource. ## 0.17.18 (2019-06-20) - Allow setting backend URL explicitly in `Pulumi.yaml` file - `StackReference` now has a `.getOutputSync` function to retrieve exported values from an existing stack synchronously. This can be valuable when creating another stack that wants to base flow-control off of the values of an existing stack (i.e. importing the information about all AZs and basing logic off of that in a new stack). Note: this only works for importing values from Stacks that have not exported `secrets`. - When the environment variable `PULUMI_TEST_MODE` is set to `true`, the Python runtime will now behave as if `pulumi.runtime.settings._set_test_mode_enabled(True)` had been called. This mirrors the behavior for NodeJS programs (fixes [#2818](https://github.com/pulumi/pulumi/issues/2818)). - Resources that are only 'read' will no longer be displayed in the terminal tree-display anymore. These ended up heavily cluttering the display and often meant that programs without updates still showed a bunch of resources that weren't important. There will still be a message displayed indicating that a 'read' has happened to help know that these are going on and that the program is making progress. ## 0.17.17 (2019-06-12) ### Improvements - docs(login): escape codeblocks, and add object store state instructions [#2810](https://github.com/pulumi/pulumi/pull/2810) - The API for passing along a custom provider to a ComponentResource has been simplified. You can now just say `new SomeComponentResource(name, props, { provider: awsProvider })` instead of `new SomeComponentResource(name, props, { providers: { "aws" : awsProvider } })` - Fix a bug where the path provided to a URL in `pulumi login` is lost are dropped, so if you `pulumi login s3://bucketname/afolder`, the Pulumi files will be inside of `s3://bucketname/afolder/.pulumi` rather than `s3://bucketname/.pulumi` (thanks, [@bigkraig](https://github.com/bigkraig)!). **NOTE**: If you have been logging in to the s3 backend with a path after the bucket name, you will need to either move the .pulumi folder in the bucket to the correct location or log in again without the path prefix to see your previous stacks. - Fix a crash that would happen if you ran `pulumi stack output` against an empty stack (fixes [pulumi/pulumi#2792](https://github.com/pulumi/pulumi/issues/2792)). - Unparented Pulumi `CustomResource`s now support calling `.getProvider(...)` on them. ## 0.17.16 (2019-06-06) ### Improvements - Fixed a bug that caused an assertion when dealing with unchanged resources across version upgrades. ## 0.17.15 (2019-06-05) ### Improvements - Pulumi now allows Python programs to "read" existing resources instead of just creating them. This feature enables Pulumi Python packages to expose ".get()" methods that allow for reading of resources that already exist. - Support for referencing the outputs of other Pulumi stacks has been added to the Pulumi Python libraries via the `StackReference` type. - Add CI system detection for Bitbucket Pipelines. - Pulumi now tolerates changes in default providers in certain cases, which fixes an issue where users would see unexpected replaces when upgrading a Pulumi package. - Add support for renaming resources via the `aliases` resource option. Adding aliases allows new resources to match resources from previous deployments which used different names, maintaining the identity of the resource and avoiding replacements or re-creation of the resource. - `pulumi plugin install` gained a new optional argument `--server` which can be used to provide a custom server to be used when downloading a plugin. ## 0.17.14 (2019-05-28) ### Improvements - `pulumi refresh` now tries to install any missing plugins automatically like `pulumi destroy` and `pulumi update` do (fixes [pulumi/pulumi#2669](https://github.com/pulumi/pulumi/issues/2669)). - `pulumi whoami` now outputs the URL of the currently connected backend. - Correctly suppress stack outputs when serializing previews to JSON, i.e. `pulumi preview --json --suppress-outputs`. Fixes [pulumi/pulumi#2765](https://github.com/pulumi/pulumi/issues/2765). ## 0.17.13 (2019-05-21) ### Improvements - Fix an issue where creating a first class provider would fail if any of the configuration values for the providers were secrets. (fixes [pulumi/pulumi#2741](https://github.com/pulumi/pulumi/issues/2741)). - Fix an issue where when using `--diff` or looking at details for a proposed updated, the CLI might print text like: `<{%reset%}> --outputs:--<{%reset%}>` instead of just `--outputs:--`. - Fixes local login on Windows. Specifically, windows local paths are properly understood and backslashes `\` are not converted to `__5c__` in paths. - Fix an issue where some operations would fail with `error: could not deserialize deployment: unknown secrets provider type`. - Fix an issue where pulumi might try to replace existing resources when upgrading to the newest version of some resource providers. ## 0.17.12 (2019-05-15) ### Improvements - Pulumi now tells you much earlier when the `--secrets-provider` argument to `up` `init` or `new` has the wrong value. In addition, supported values are now listed in the help text. (fixes [pulumi/pulumi#2727](https://github.com/pulumi/pulumi/issues/2727)). - Pulumi no longer prompts for your passphrase twice during operations when you are using the passphrase based secrets provider. (fixes [pulumi/pulumi#2729](https://github.com/pulumi/pulumi/issues/2729)). - Fix an issue where complex inputs to a resource which contained secret values would not be stored correctly. - Fix a panic during property diffing when comparing two secret arrays. ## 0.17.11 (2019-05-13) ### Major Changes #### Secrets and Pluggable Encryption - The Pulumi engine and Python and NodeJS SDKs now have support for tracking values as "secret" to ensure they are encrypted when being persisted in a state file. `[pulumi/pulumi#397](https://github.com/pulumi/pulumi/issues/397)` Any existing value may be turned into a secret by calling `pulumi.secret()` (NodeJS) or `Output.secret(`) (Python). In both cases, the returned value is an output which may be passed around like any other. If this value flows into a resource, the plaintext will not be stored in the state file, but instead It will be encrypted, just like values added to config with `pulumi config set --secret`. You can verify that values are being stored as you expect by running `pulumi stack export`, When values are encrypted in the state file, they appear as an object with a special signature key and a ciphertext property. When outputs of a stack are secrets, `pulumi stack output` will show `[secret]` as the value, by default. You can pass `--show-secrets` to `pulumi stack output` in order to see the actual raw value. - When storing state with the Pulumi Service, you may now elect to use the passphrase based encryption for both secret configuration values and values that are encrypted in a state file. To use this new feature, pass `--secrets-provider passphrase` to `pulumi new` or `pulumi stack init` when you initally create the stack. When you create the stack, you will be prompted for a passphrase (or if `PULUMI_CONFIG_PASSPHRASE` is set, it will be used). This passphrase is used to generate a unique key for your stack, and config values and encrypted state values are encrypted using AES-256-GCM. The key is derived from your passphrase, and while information to re-create it when provided with your passphrase is stored in both the `Pulumi..yaml` file and the state file for your stack, this information can not be used to recover the key. When using this mode, the Pulumi Service is unable to decrypt either your secret configuration values or and secret values in your state file. We will be adding gestures to move existing stacks managed by the service to use passphrase based encryption soon as well as gestures to change the passphrase for an existing stack. ** Note ** Stacks with encrypted secrets in their state files can only be managed by 0.17.11 or later of the CLI. Attempting to use a previous version of the CLI with these stacks will result in an error. Fixes #397 ### Improvements - Add support for Azure Pipelines in CI environment detection. - Minor fix to how Azure repository information is extracted to allow proper grouping of Azure repositories when various remote URLs are used to pull the repository. ## 0.17.10 (2019-05-02) ### Improvements - Fixes issue introduced in 0.17.9 where local-login broke on Windows due to the new support for `s3://`, `azblob://` and `gs://` save locations. - Minor contributing document improvement. - Warnings from `npm` about missing description, repository, and license fields in package.json are now suppressed when `npm install` is run from `pulumi new` (via `npm install --loglevel=error`). - Depend on newer version of gRPC package in the NodeJS SDK. This version has prebuilt binaries for Node 12, which should make installing `@pulumi/pulumi` more reliable when running on Node 12. ## 0.17.9 (2019-04-30) ### Improvements - `pulumi login` now supports `s3://`, `azblob://` and `gs://` paths (on top of `file://`) for storing stack information. These are passed the location of a desired bucket for each respective cloud provider (i.e. `pulumi login s3://mybucket`). Pulumi artifacts (like the `xxx.checkpoint.json` file) will then be stored in that bucket. Credentials for accessing the bucket operate in the normal manner for each cloud provider. i.e. for AWS this can come from the environment, or your `.aws/credentials` file, etc. - The pulumi version update check can be skipped by setting the environment variable `PULUMI_SKIP_UPDATE_CHECK` to `1` or `true`. - Fix an issue where the stack would not be selected when an existing stack is specified when running `pulumi new