pulumi/pkg/backend/httpstate/backend_test.go

263 lines
7.2 KiB
Go
Raw Permalink Normal View History

// Copyright 2016-2021, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
2022-09-14 02:12:02 +00:00
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package httpstate
import (
"context"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"encoding/json"
"errors"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"os"
"testing"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"github.com/pulumi/pulumi/pkg/v3/backend"
"github.com/pulumi/pulumi/pkg/v3/backend/display"
Add Base64SecretsProvider for testing (#15017) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> To support plugin based secret providers like (e.g. AGE https://github.com/pulumi/pulumi/issues/11493) the default secrets provider will need to become more complicated, requiring access to a plugin host at least. As such for tests it will be simpler to have a basic secrets provider that only supports base64 and can be created without any setup. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [ ] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2024-01-05 08:32:56 +00:00
"github.com/pulumi/pulumi/pkg/v3/secrets/b64"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"github.com/pulumi/pulumi/sdk/v3/go/common/apitype"
Fix merge failures #2 (#15543) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Fixes https://github.com/pulumi/pulumi/issues/15528 See https://github.com/pulumi/pulumi/pull/15540 & https://github.com/pulumi/pulumi/pull/15531 Re-creating this as a PR with `ci/test` label so we can get it merged. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> --------- Co-authored-by: Justin Van Patten <jvp@justinvp.com> Co-authored-by: Anton Tayanovskyy <anton@pulumi.com> Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com>
2024-02-29 21:06:24 +00:00
ptesting "github.com/pulumi/pulumi/sdk/v3/go/common/testing"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"github.com/pulumi/pulumi/sdk/v3/go/common/testing/diagtest"
Support always qualifying stack names (#11081) (#15857) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> This commit adds the `--fully-qualify-stack-names` (or `-Q` for short) global command-line argument, which when supplied will always print stack names in the fully-qualified form of `organization/project/stack`. Fixes #11081. ## Checklist - [X] I have run `make tidy` to update any new dependencies - [X] I have run `make lint` to verify my code passes the lint check - [X] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [X] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2024-04-04 10:11:46 +00:00
"github.com/pulumi/pulumi/sdk/v3/go/common/util/cmdutil"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
"github.com/stretchr/testify/assert"
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
"github.com/stretchr/testify/require"
)
Support always qualifying stack names (#11081) (#15857) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> This commit adds the `--fully-qualify-stack-names` (or `-Q` for short) global command-line argument, which when supplied will always print stack names in the fully-qualified form of `organization/project/stack`. Fixes #11081. ## Checklist - [X] I have run `make tidy` to update any new dependencies - [X] I have run `make lint` to verify my code passes the lint check - [X] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [X] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2024-04-04 10:11:46 +00:00
//nolint:paralleltest // mutates global configuration
func TestEnabledFullyQualifiedStackNames(t *testing.T) {
// Arrange
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
}
ctx := context.Background()
_, err := NewLoginManager().Login(ctx, PulumiCloudURL, false, "", "", nil, true, display.Options{})
require.NoError(t, err)
b, err := New(diagtest.LogSink(t), PulumiCloudURL, &workspace.Project{Name: "testproj"}, false)
require.NoError(t, err)
stackName := ptesting.RandomStackName()
ref, err := b.ParseStackReference(stackName)
require.NoError(t, err)
s, err := b.CreateStack(ctx, ref, "", nil)
require.NoError(t, err)
previous := cmdutil.FullyQualifyStackNames
expected := s.Ref().FullyQualifiedName().String()
// Act
cmdutil.FullyQualifyStackNames = true
defer func() { cmdutil.FullyQualifyStackNames = previous }()
actual := s.Ref().String()
// Assert
assert.Equal(t, expected, actual)
}
//nolint:paralleltest // mutates global configuration
func TestDisabledFullyQualifiedStackNames(t *testing.T) {
// Arrange
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
}
ctx := context.Background()
_, err := NewLoginManager().Login(ctx, PulumiCloudURL, false, "", "", nil, true, display.Options{})
require.NoError(t, err)
b, err := New(diagtest.LogSink(t), PulumiCloudURL, &workspace.Project{Name: "testproj"}, false)
require.NoError(t, err)
stackName := ptesting.RandomStackName()
ref, err := b.ParseStackReference(stackName)
require.NoError(t, err)
s, err := b.CreateStack(ctx, ref, "", nil)
require.NoError(t, err)
previous := cmdutil.FullyQualifyStackNames
expected := s.Ref().Name().String()
// Act
cmdutil.FullyQualifyStackNames = false
defer func() { cmdutil.FullyQualifyStackNames = previous }()
actual := s.Ref().String()
// Assert
assert.Equal(t, expected, actual)
}
//nolint:paralleltest // mutates environment variables
func TestValueOrDefaultURL(t *testing.T) {
t.Run("TestValueOrDefault", func(t *testing.T) {
// Validate trailing slash gets cut
assert.Equal(t, "https://api-test1.pulumi.com", ValueOrDefaultURL("https://api-test1.pulumi.com/"))
// Validate no-op case
assert.Equal(t, "https://api-test2.pulumi.com", ValueOrDefaultURL("https://api-test2.pulumi.com"))
// Validate trailing slash in pre-set env var is unchanged
t.Setenv("PULUMI_API", "https://api-test3.pulumi.com/")
assert.Equal(t, "https://api-test3.pulumi.com/", ValueOrDefaultURL(""))
})
}
// TestDefaultOrganizationPriority tests the priority of the default organization.
// The priority is:
// 1. The default organization.
// 2. The user's organization.
func TestDefaultOrganizationPriority(t *testing.T) {
t.Parallel()
tests := []struct {
name string
getDefaultOrg func() (string, error)
getUserOrg func() (string, error)
wantOrg string
wantErr bool
}{
{
name: "default org set",
getDefaultOrg: func() (string, error) {
return "default-org", nil
},
getUserOrg: func() (string, error) {
return "", nil
},
wantOrg: "default-org",
},
{
name: "user org set",
getDefaultOrg: func() (string, error) {
return "", nil
},
getUserOrg: func() (string, error) {
return "user-org", nil
},
wantOrg: "user-org",
},
{
name: "no org set",
getDefaultOrg: func() (string, error) {
return "", nil
},
getUserOrg: func() (string, error) {
return "", nil
},
wantErr: true,
},
{
name: "both orgs set",
getDefaultOrg: func() (string, error) {
return "default-org", nil
},
getUserOrg: func() (string, error) {
return "user-org", nil
},
wantOrg: "default-org",
},
{
name: "default org set, user org error",
getDefaultOrg: func() (string, error) {
return "default-org", nil
},
getUserOrg: func() (string, error) {
return "", errors.New("user org error")
},
wantOrg: "default-org",
},
{
name: "user org set, default org error",
getDefaultOrg: func() (string, error) {
return "", errors.New("default org error")
},
getUserOrg: func() (string, error) {
return "user-org", nil
},
wantOrg: "user-org",
},
}
for _, tt := range tests {
tt := tt
t.Run(tt.name, func(t *testing.T) {
t.Parallel()
org, err := inferOrg(context.Background(), tt.getDefaultOrg, tt.getUserOrg)
if tt.wantErr {
assert.Error(t, err)
} else {
assert.NoError(t, err)
}
assert.Equal(t, tt.wantOrg, org)
})
}
}
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
//nolint:paralleltest // mutates global state
func TestDisableIntegrityChecking(t *testing.T) {
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
}
ctx := context.Background()
_, err := NewLoginManager().Login(ctx, PulumiCloudURL, false, "", "", nil, true, display.Options{})
require.NoError(t, err)
b, err := New(diagtest.LogSink(t), PulumiCloudURL, &workspace.Project{Name: "testproj"}, false)
require.NoError(t, err)
Fix merge failures #2 (#15543) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Fixes https://github.com/pulumi/pulumi/issues/15528 See https://github.com/pulumi/pulumi/pull/15540 & https://github.com/pulumi/pulumi/pull/15531 Re-creating this as a PR with `ci/test` label so we can get it merged. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> --------- Co-authored-by: Justin Van Patten <jvp@justinvp.com> Co-authored-by: Anton Tayanovskyy <anton@pulumi.com> Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com>
2024-02-29 21:06:24 +00:00
stackName := ptesting.RandomStackName()
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
ref, err := b.ParseStackReference(stackName)
require.NoError(t, err)
s, err := b.CreateStack(ctx, ref, "", nil)
require.NoError(t, err)
// make up a bad stack
deployment := apitype.UntypedDeployment{
Version: 3,
Deployment: json.RawMessage(`{
"resources": [
{
"urn": "urn:pulumi:stack::proj::type::name1",
"type": "type",
"parent": "urn:pulumi:stack::proj::type::name2"
},
{
"urn": "urn:pulumi:stack::proj::type::name2",
"type": "type"
}
]
}`),
}
// Import deployment doesn't verify the deployment
err = b.ImportDeployment(ctx, s, &deployment)
require.NoError(t, err)
backend.DisableIntegrityChecking = false
Add Base64SecretsProvider for testing (#15017) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> To support plugin based secret providers like (e.g. AGE https://github.com/pulumi/pulumi/issues/11493) the default secrets provider will need to become more complicated, requiring access to a plugin host at least. As such for tests it will be simpler to have a basic secrets provider that only supports base64 and can be created without any setup. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [ ] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2024-01-05 08:32:56 +00:00
snap, err := s.Snapshot(ctx, b64.Base64SecretsProvider)
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
require.ErrorContains(t, err,
"child resource urn:pulumi:stack::proj::type::name1's parent urn:pulumi:stack::proj::type::name2 comes after it")
assert.Nil(t, snap)
backend.DisableIntegrityChecking = true
Add Base64SecretsProvider for testing (#15017) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> To support plugin based secret providers like (e.g. AGE https://github.com/pulumi/pulumi/issues/11493) the default secrets provider will need to become more complicated, requiring access to a plugin host at least. As such for tests it will be simpler to have a basic secrets provider that only supports base64 and can be created without any setup. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [ ] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2024-01-05 08:32:56 +00:00
snap, err = s.Snapshot(ctx, b64.Base64SecretsProvider)
Validate snapshots from service on load (#14046) <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> In the filestate code we would always run loaded snapshots through VerifyIntegrity before using them. The httpstate didn't have any similar checks. This brings the two backends into alignment, reusing the option from before that was just for filestate (--disable-integrity-checking). At some point we should further align these so that httpstate also validates the snapshots it has written out, like filestate does today. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->
2023-12-04 15:12:56 +00:00
require.NoError(t, err)
assert.NotNil(t, snap)
}