70e16a2acd
This change allows using the passphrase secrets manager when creating a stack managed by the Pulumi service. `pulumi stack init`, `pulumi new` and `pulumi up` all learned a new optional argument `--secrets-provider` which can be set to "passphrase" to force the passphrase based secrets provider to be used. When unset the default secrets provider is used based on the backend (for local stacks this is passphrase, for remote stacks, it is the key managed by the pulumi service). As part of this change, we also initialize the secrets manager when a stack is created, instead of waiting for the first time a secret config value is stored. We do this so that if an update is run using `pulumi.secret` before any secret configuration values are used, we already have the correct encryption method selected for a stack.
223 lines
8.3 KiB
Go
223 lines
8.3 KiB
Go
// Copyright 2016-2018, Pulumi Corporation.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package backend
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"path/filepath"
|
|
|
|
"github.com/pkg/errors"
|
|
|
|
"github.com/pulumi/pulumi/pkg/apitype"
|
|
"github.com/pulumi/pulumi/pkg/engine"
|
|
"github.com/pulumi/pulumi/pkg/operations"
|
|
"github.com/pulumi/pulumi/pkg/resource/config"
|
|
"github.com/pulumi/pulumi/pkg/resource/deploy"
|
|
"github.com/pulumi/pulumi/pkg/tokens"
|
|
"github.com/pulumi/pulumi/pkg/util/contract"
|
|
"github.com/pulumi/pulumi/pkg/util/gitutil"
|
|
"github.com/pulumi/pulumi/pkg/util/result"
|
|
"github.com/pulumi/pulumi/pkg/workspace"
|
|
)
|
|
|
|
// Stack is a stack associated with a particular backend implementation.
|
|
type Stack interface {
|
|
Ref() StackReference // this stack's identity.
|
|
Snapshot(ctx context.Context) (*deploy.Snapshot, error) // the latest deployment snapshot.
|
|
Backend() Backend // the backend this stack belongs to.
|
|
|
|
// Preview changes to this stack.
|
|
Preview(ctx context.Context, op UpdateOperation) (engine.ResourceChanges, result.Result)
|
|
// Update this stack.
|
|
Update(ctx context.Context, op UpdateOperation) (engine.ResourceChanges, result.Result)
|
|
// Refresh this stack's state from the cloud provider.
|
|
Refresh(ctx context.Context, op UpdateOperation) (engine.ResourceChanges, result.Result)
|
|
// Destroy this stack's resources.
|
|
Destroy(ctx context.Context, op UpdateOperation) (engine.ResourceChanges, result.Result)
|
|
|
|
// Query this stack's state.
|
|
Query(ctx context.Context, op UpdateOperation) result.Result
|
|
// remove this stack.
|
|
Remove(ctx context.Context, force bool) (bool, error)
|
|
// rename this stack.
|
|
Rename(ctx context.Context, newName tokens.QName) error
|
|
// list log entries for this stack.
|
|
GetLogs(ctx context.Context, cfg StackConfiguration, query operations.LogQuery) ([]operations.LogEntry, error)
|
|
// export this stack's deployment.
|
|
ExportDeployment(ctx context.Context) (*apitype.UntypedDeployment, error)
|
|
// import the given deployment into this stack.
|
|
ImportDeployment(ctx context.Context, deployment *apitype.UntypedDeployment) error
|
|
}
|
|
|
|
// Query executes a query program against a stack's resource outputs.
|
|
func Query(ctx context.Context, s Stack, op UpdateOperation) result.Result {
|
|
return s.Backend().Query(ctx, s.Ref(), op)
|
|
}
|
|
|
|
// RemoveStack returns the stack, or returns an error if it cannot.
|
|
func RemoveStack(ctx context.Context, s Stack, force bool) (bool, error) {
|
|
return s.Backend().RemoveStack(ctx, s.Ref(), force)
|
|
}
|
|
|
|
func RenameStack(ctx context.Context, s Stack, newName tokens.QName) error {
|
|
return s.Backend().RenameStack(ctx, s.Ref(), newName)
|
|
}
|
|
|
|
// PreviewStack previews changes to this stack.
|
|
func PreviewStack(ctx context.Context, s Stack, op UpdateOperation) (engine.ResourceChanges, result.Result) {
|
|
return s.Backend().Preview(ctx, s.Ref(), op)
|
|
}
|
|
|
|
// UpdateStack updates the target stack with the current workspace's contents (config and code).
|
|
func UpdateStack(ctx context.Context, s Stack, op UpdateOperation) (engine.ResourceChanges, result.Result) {
|
|
return s.Backend().Update(ctx, s.Ref(), op)
|
|
}
|
|
|
|
// RefreshStack refresh's the stack's state from the cloud provider.
|
|
func RefreshStack(ctx context.Context, s Stack, op UpdateOperation) (engine.ResourceChanges, result.Result) {
|
|
return s.Backend().Refresh(ctx, s.Ref(), op)
|
|
}
|
|
|
|
// DestroyStack destroys all of this stack's resources.
|
|
func DestroyStack(ctx context.Context, s Stack, op UpdateOperation) (engine.ResourceChanges, result.Result) {
|
|
return s.Backend().Destroy(ctx, s.Ref(), op)
|
|
}
|
|
|
|
// GetLatestConfiguration returns the configuration for the most recent deployment of the stack.
|
|
func GetLatestConfiguration(ctx context.Context, s Stack) (config.Map, error) {
|
|
return s.Backend().GetLatestConfiguration(ctx, s.Ref())
|
|
}
|
|
|
|
// GetStackLogs fetches a list of log entries for the current stack in the current backend.
|
|
func GetStackLogs(ctx context.Context, s Stack, cfg StackConfiguration,
|
|
query operations.LogQuery) ([]operations.LogEntry, error) {
|
|
return s.Backend().GetLogs(ctx, s.Ref(), cfg, query)
|
|
}
|
|
|
|
// ExportStackDeployment exports the given stack's deployment as an opaque JSON message.
|
|
func ExportStackDeployment(ctx context.Context, s Stack) (*apitype.UntypedDeployment, error) {
|
|
return s.Backend().ExportDeployment(ctx, s.Ref())
|
|
}
|
|
|
|
// ImportStackDeployment imports the given deployment into the indicated stack.
|
|
func ImportStackDeployment(ctx context.Context, s Stack, deployment *apitype.UntypedDeployment) error {
|
|
return s.Backend().ImportDeployment(ctx, s.Ref(), deployment)
|
|
}
|
|
|
|
// GetStackTags fetches the stack's existing tags.
|
|
func GetStackTags(ctx context.Context, s Stack) (map[apitype.StackTagName]string, error) {
|
|
return s.Backend().GetStackTags(ctx, s.Ref())
|
|
}
|
|
|
|
// UpdateStackTags updates the stacks's tags, replacing all existing tags.
|
|
func UpdateStackTags(ctx context.Context, s Stack, tags map[apitype.StackTagName]string) error {
|
|
return s.Backend().UpdateStackTags(ctx, s.Ref(), tags)
|
|
}
|
|
|
|
// GetMergedStackTags returns the stack's existing tags merged with fresh tags from the environment
|
|
// and Pulumi.yaml file.
|
|
func GetMergedStackTags(ctx context.Context, s Stack) (map[apitype.StackTagName]string, error) {
|
|
// Get the stack's existing tags.
|
|
tags, err := GetStackTags(ctx, s)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if tags == nil {
|
|
tags = make(map[apitype.StackTagName]string)
|
|
}
|
|
|
|
// Get latest environment tags for the current stack.
|
|
envTags, err := GetEnvironmentTagsForCurrentStack()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
// Add each new environment tag to the existing tags, overwriting existing tags with the
|
|
// latest values.
|
|
for k, v := range envTags {
|
|
tags[k] = v
|
|
}
|
|
|
|
return tags, nil
|
|
}
|
|
|
|
// GetEnvironmentTagsForCurrentStack returns the set of tags for the "current" stack, based on the environment
|
|
// and Pulumi.yaml file.
|
|
func GetEnvironmentTagsForCurrentStack() (map[apitype.StackTagName]string, error) {
|
|
tags := make(map[apitype.StackTagName]string)
|
|
|
|
// Tags based on Pulumi.yaml.
|
|
projPath, err := workspace.DetectProjectPath()
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if projPath != "" {
|
|
proj, err := workspace.LoadProject(projPath)
|
|
if err != nil {
|
|
return nil, errors.Wrapf(err, "error loading project %q", projPath)
|
|
}
|
|
tags[apitype.ProjectNameTag] = proj.Name.String()
|
|
tags[apitype.ProjectRuntimeTag] = proj.Runtime.Name()
|
|
if proj.Description != nil {
|
|
tags[apitype.ProjectDescriptionTag] = *proj.Description
|
|
}
|
|
|
|
// Add the git metadata to the tags, ignoring any errors that come from it.
|
|
ignoredErr := addGitMetadataToStackTags(tags, projPath)
|
|
contract.IgnoreError(ignoredErr)
|
|
}
|
|
|
|
return tags, nil
|
|
}
|
|
|
|
// addGitMetadataToStackTags fetches the git repository from the directory, and attempts to detect
|
|
// and add any relevant git metadata as stack tags.
|
|
func addGitMetadataToStackTags(tags map[apitype.StackTagName]string, projPath string) error {
|
|
repo, err := gitutil.GetGitRepository(filepath.Dir(projPath))
|
|
if repo == nil {
|
|
return fmt.Errorf("no git repository found from %v", projPath)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
remoteURL, err := gitutil.GetGitRemoteURL(repo, "origin")
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if remoteURL == "" {
|
|
return nil
|
|
}
|
|
|
|
if vcsInfo, err := gitutil.TryGetVCSInfo(remoteURL); err == nil {
|
|
tags[apitype.VCSOwnerNameTag] = vcsInfo.Owner
|
|
tags[apitype.VCSRepositoryNameTag] = vcsInfo.Repo
|
|
tags[apitype.VCSRepositoryKindTag] = vcsInfo.Kind
|
|
} else {
|
|
return errors.Wrapf(err, "detecting VCS info for stack tags for remote %v", remoteURL)
|
|
}
|
|
// Set the old stack tags keys as GitHub so that the UI will continue to work,
|
|
// regardless of whether the remote URL is a GitHub URL or not.
|
|
// TODO remove these when the UI no longer needs them.
|
|
if tags[apitype.VCSOwnerNameTag] != "" {
|
|
tags[apitype.GitHubOwnerNameTag] = tags[apitype.VCSOwnerNameTag]
|
|
tags[apitype.GitHubRepositoryNameTag] = tags[apitype.VCSRepositoryNameTag]
|
|
}
|
|
|
|
return nil
|
|
}
|