bc2cf55463
This change implements resource protection, as per pulumi/pulumi#689. The overall idea is that a resource can be marked as "protect: true", which will prevent deletion of that resource for any reason whatsoever (straight deletion, replacement, etc). This is expressed in the program. To "unprotect" a resource, one must perform an update setting "protect: false", and then afterwards, they can delete the resource. For example: let res = new MyResource("precious", { .. }, { protect: true }); Afterwards, the resource will display in the CLI with a lock icon, and any attempts to remove it will fail in the usual ways (in planning or, worst case, during an actual update). This was done by adding a new ResourceOptions bag parameter to the base Resource types. This is unfortunately a breaking change, but now is the right time to take this one. We had been adding new settings one by one -- like parent and dependsOn -- and this new approach will set us up to add any number of additional settings down the road, without needing to worry about breaking anything ever again. This is related to protected stacks, as described in pulumi/pulumi-service#399. Most likely this will serve as a foundational building block that enables the coarser grained policy management.
43 lines
2.3 KiB
Protocol Buffer
43 lines
2.3 KiB
Protocol Buffer
// Copyright 2016-2017, Pulumi Corporation. All rights reserved.
|
|
|
|
syntax = "proto3";
|
|
|
|
import "google/protobuf/empty.proto";
|
|
import "google/protobuf/struct.proto";
|
|
import "provider.proto";
|
|
|
|
package pulumirpc;
|
|
|
|
// ResourceMonitor is the interface a source uses to talk back to the planning monitor orchestrating the execution.
|
|
service ResourceMonitor {
|
|
rpc Invoke(InvokeRequest) returns (InvokeResponse) {}
|
|
rpc RegisterResource(RegisterResourceRequest) returns (RegisterResourceResponse) {}
|
|
rpc RegisterResourceOutputs(RegisterResourceOutputsRequest) returns (google.protobuf.Empty) {}
|
|
}
|
|
|
|
// RegisterResourceRequest contains information about a resource object that was newly allocated.
|
|
message RegisterResourceRequest {
|
|
string type = 1; // the type of the object allocated.
|
|
string name = 2; // the name, for URN purposes, of the object.
|
|
string parent = 3; // an optional parent URN that this child resource belongs to.
|
|
bool custom = 4; // true if the resource is a custom, managed by a plugin's CRUD operations.
|
|
google.protobuf.Struct object = 5; // an object produced by the interpreter/source.
|
|
bool protect = 6; // true if the resource should be marked protected.
|
|
}
|
|
|
|
// RegisterResourceResponse is returned by the engine after a resource has finished being initialized. It includes the
|
|
// auto-assigned URN, the provider-assigned ID, and any other properties initialized by the engine.
|
|
message RegisterResourceResponse {
|
|
string urn = 1; // the URN assigned by the fabric.
|
|
string id = 2; // the unique ID assigned by the provider.
|
|
google.protobuf.Struct object = 3; // the resulting object properties, including provider defaults.
|
|
bool stable = 4; // if true, the object's state is stable and may be trusted not to change.
|
|
repeated string stables = 5; // an optional list of guaranteed-stable properties.
|
|
}
|
|
|
|
// RegisterResourceOutputsRequest adds extra resource outputs created by the program after registration has occurred.
|
|
message RegisterResourceOutputsRequest {
|
|
string urn = 1; // the URN for the resource to attach output properties to.
|
|
google.protobuf.Struct outputs = 2; // additional output properties to add to the existing resource.
|
|
}
|