maxmustermann/pulumi
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
pulumi/sdk/nodejs/dynamic/index.ts
Joe Duffy bc2cf55463
Implement resource protection (#751) 
This change implements resource protection, as per pulumi/pulumi#689.
The overall idea is that a resource can be marked as "protect: true",
which will prevent deletion of that resource for any reason whatsoever
(straight deletion, replacement, etc).  This is expressed in the
program.  To "unprotect" a resource, one must perform an update setting
"protect: false", and then afterwards, they can delete the resource.

For example:

    let res = new MyResource("precious", { .. }, { protect: true });

Afterwards, the resource will display in the CLI with a lock icon, and
any attempts to remove it will fail in the usual ways (in planning or,
worst case, during an actual update).

This was done by adding a new ResourceOptions bag parameter to the
base Resource types.  This is unfortunately a breaking change, but now
is the right time to take this one.  We had been adding new settings
one by one -- like parent and dependsOn -- and this new approach will
set us up to add any number of additional settings down the road,
without needing to worry about breaking anything ever again.

This is related to protected stacks, as described in
pulumi/pulumi-service#399.  Most likely this will serve as a foundational
building block that enables the coarser grained policy management.
2017-12-20 14:31:07 -08:00

157 lines
4.8 KiB
TypeScript
Raw Blame History

// Copyright 2016-2017, Pulumi Corporation. All rights reserved.
import * as resource from "../resource";
import * as runtime from "../runtime";
/**
* CheckResult represents the results of a call to `ResourceProvider.check`.
*/
export interface CheckResult {
/**
* The inputs to use, if any.
*/
readonly inputs?: any;
/**
* Any validation failures that occurred.
*/
readonly failures?: CheckFailure[];
}
/**
* CheckFailure represents a single failure in the results of a call to `ResourceProvider.check`
*/
export interface CheckFailure {
/**
* The property that failed validation.
*/
readonly property: string;
/**
* The reason that the property failed validation.
*/
readonly reason: string;
}
/**
* DiffResult represents the results of a call to `ResourceProvider.diff`.
*/
export interface DiffResult {
/**
* If this update requires a replacement, the set of properties triggering it.
*/
readonly replaces?: string[];
/**
* An optional list of properties that will not ever change.
*/
readonly stables?: string[];
/**
* If true, and a replacement occurs, the resource will first be deleted before being recreated. This is to
* void potential side-by-side issues with the default create before delete behavior.
*/
readonly deleteBeforeReplace?: boolean;
}
/**
* CreateResult represents the results of a call to `ResourceProvider.create`.
*/
export interface CreateResult {
/**
* The ID of the created resource.
*/
readonly id: resource.ID;
/**
* Any properties that were computed during creation.
*/
readonly outs?: any;
}
/**
* UpdateResult represents the results of a call to `ResourceProvider.update`.
*/
export interface UpdateResult {
/**
* Any properties that were computed during updating.
*/
readonly outs?: any;
}
/**
* ResourceProvider represents an object that provides CRUD operations for a particular type of resource.
*/
export interface ResourceProvider {
/**
* Check validates that the given property bag is valid for a resource of the given type.
*
* @param olds The old input properties to use for validation.
* @param news The new input properties to use for validation.
*/
check?: (olds: any, news: any) => Promise<CheckResult>;
/**
* Diff checks what impacts a hypothetical update will have on the resource's properties.
*
* @param id The ID of the resource to diff.
* @param olds The old values of properties to diff.
* @param news The new values of properties to diff.
*/
diff?: (id: resource.ID, olds: any, news: any) => Promise<DiffResult>;
/**
* Create allocates a new instance of the provided resource and returns its unique ID afterwards.
* If this call fails, the resource must not have been created (i.e., it is "transacational").
*
* @param inputs The properties to set during creation.
*/
create: (inputs: any) => Promise<CreateResult>;
/**
* Update updates an existing resource with new values.
*
* @param id The ID of the resource to update.
* @param olds The old values of properties to update.
* @param news The new values of properties to update.
*/
update?: (id: resource.ID, olds: any, news: any) => Promise<UpdateResult>;
/**
* Delete tears down an existing resource with the given ID. If it fails, the resource is assumed to still exist.
*
* @param id The ID of the resource to delete.
* @param props The current properties on the resource.
*/
delete?: (id: resource.ID, props: any) => Promise<void>;
}
async function serializeProvider(provider: ResourceProvider): Promise<string> {
return runtime.serializeJavaScriptText(await runtime.serializeClosure(() => provider));
}
/**
* Resource represents a Pulumi Resource that incorporates an inline implementation of the Resource's CRUD operations.
*/
export abstract class Resource extends resource.CustomResource {
/**
* Creates a new dynamic resource.
*
* @param provider The implementation of the resource's CRUD operations.
* @param name The name of the resource.
* @param props The arguments to use to populate the new resource. Must not define the reserved
* property "__provider".
* @param opts A bag of options that control this resource's behavior.
*/
constructor(provider: ResourceProvider, name: string, props: resource.ComputedValues,
opts?: resource.ResourceOptions) {
const providerKey: string = "__provider";
if (props[providerKey]) {
throw new Error("A dynamic resource must not define the __provider key");
}
props[providerKey] = serializeProvider(provider);
super("pulumi-nodejs:dynamic:Resource", name, props, opts);
}
}
Reference in a new issue View git blame Copy permalink