Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
// Copyright 2016-2023, Pulumi Corporation.
|
2018-05-22 19:43:36 +00:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
2018-03-21 17:33:34 +00:00
|
|
|
|
|
|
|
package client
|
|
|
|
|
|
|
|
import (
|
Adds Pulumi AI integrations with Pulumi New (#14685)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Now that we support .zip archive sources for Pulumi New, we have all of
the API surface we need to provide a full Pulumi New experience using
Pulumi AI. This PR introduces a few modes of interacting with Pulumi AI
to generate Pulumi projects.
- The default `pulumi new` experience now begins with a choice between
`ai` and `template` modes - the `template` mode represents the current
state of running `pulumi new`, while `ai` provides an interactive
experience with Pulumi AI.
- The user can iteratively ask questions to improve or change the
resulting program - each time a prompt is completed, they are asked to
`refine`, `no`, or `yes` their session - `refine` allows a follow-on
prompt to be submitted. `no` ends the session without generating a
pulumi project, and `yes` generates a Pulumi project from the most
recent program returned by Pulumi AI.
- Additionally, top-level flags, `--ai` and `--language` are provided to
fill in default values for the AI mode. When a prompt is provided with a
language, it is automatically submitted to Pulumi AI - if either is
missing, the user is prompted for whichever value is missing.
Fixes https://github.com/pulumi/pulumi.ai/issues/441
Fixes https://github.com/pulumi/pulumi.ai/issues/443
Fixes https://github.com/pulumi/pulumi.ai/issues/444
Depends on https://github.com/pulumi/pulumi.ai/pull/472
Depends on https://github.com/pulumi/pulumi.ai/pull/507
Depends on https://github.com/pulumi/pulumi.ai/pull/508
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
---------
Co-authored-by: Aaron Friel <mayreply@aaronfriel.com>
2023-12-20 22:08:09 +00:00
|
|
|
"bytes"
|
2018-05-08 01:23:03 +00:00
|
|
|
"context"
|
2022-03-04 23:51:01 +00:00
|
|
|
"crypto/tls"
|
2018-03-21 17:33:34 +00:00
|
|
|
"encoding/json"
|
2021-11-13 02:37:17 +00:00
|
|
|
"errors"
|
2018-03-21 17:33:34 +00:00
|
|
|
"fmt"
|
2019-07-10 17:55:42 +00:00
|
|
|
"io"
|
2018-03-21 17:33:34 +00:00
|
|
|
"net/http"
|
2023-08-21 15:06:46 +00:00
|
|
|
"net/url"
|
2018-03-21 17:33:34 +00:00
|
|
|
"path"
|
2020-02-25 01:11:56 +00:00
|
|
|
"regexp"
|
|
|
|
"strconv"
|
2018-03-22 17:42:43 +00:00
|
|
|
"time"
|
2018-03-21 17:33:34 +00:00
|
|
|
|
2018-08-02 21:45:50 +00:00
|
|
|
"github.com/blang/semver"
|
2022-09-21 20:45:55 +00:00
|
|
|
"github.com/opentracing/opentracing-go"
|
2018-03-21 17:33:34 +00:00
|
|
|
|
2021-03-17 13:20:05 +00:00
|
|
|
"github.com/pulumi/pulumi/pkg/v3/engine"
|
|
|
|
"github.com/pulumi/pulumi/pkg/v3/util/validation"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/apitype"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/diag"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/diag/colors"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/resource/config"
|
2022-03-28 17:24:51 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/resource/plugin"
|
2021-03-17 13:20:05 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
|
2018-03-21 17:33:34 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Client provides a slim wrapper around the Pulumi HTTP/REST API.
|
|
|
|
type Client struct {
|
2022-03-04 23:51:01 +00:00
|
|
|
apiURL string
|
|
|
|
apiToken apiAccessToken
|
|
|
|
apiUser string
|
|
|
|
apiOrgs []string
|
2023-09-23 12:46:11 +00:00
|
|
|
tokenInfo *workspace.TokenInformation // might be nil if running against old services
|
2022-03-04 23:51:01 +00:00
|
|
|
diag diag.Sink
|
|
|
|
insecure bool
|
|
|
|
restClient restClient
|
|
|
|
httpClient *http.Client
|
2022-11-22 16:47:45 +00:00
|
|
|
|
|
|
|
// If true, do not probe the backend with GET /api/capabilities and assume no capabilities.
|
|
|
|
DisableCapabilityProbing bool
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2022-03-28 18:09:52 +00:00
|
|
|
// newClient creates a new Pulumi API client with the given URL and API token. It is a variable instead of a regular
|
|
|
|
// function so it can be set to a different implementation at runtime, if necessary.
|
2022-03-04 23:51:01 +00:00
|
|
|
var newClient = func(apiURL, apiToken string, insecure bool, d diag.Sink) *Client {
|
|
|
|
var httpClient *http.Client
|
|
|
|
if insecure {
|
|
|
|
tr := &http.Transport{
|
|
|
|
//nolint:gosec // The user has explicitly opted into setting this
|
|
|
|
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
|
|
|
|
}
|
|
|
|
httpClient = &http.Client{Transport: tr}
|
|
|
|
} else {
|
|
|
|
httpClient = http.DefaultClient
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
return &Client{
|
2022-03-04 23:51:01 +00:00
|
|
|
apiURL: apiURL,
|
|
|
|
apiToken: apiAccessToken(apiToken),
|
|
|
|
diag: d,
|
|
|
|
httpClient: httpClient,
|
|
|
|
restClient: &defaultRESTClient{
|
2022-03-28 18:09:52 +00:00
|
|
|
client: &defaultHTTPClient{
|
2022-03-04 23:51:01 +00:00
|
|
|
client: httpClient,
|
2022-03-28 18:09:52 +00:00
|
|
|
},
|
|
|
|
},
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-03-04 23:51:01 +00:00
|
|
|
// Returns true if this client is insecure (i.e. has TLS disabled).
|
|
|
|
func (pc *Client) Insecure() bool {
|
|
|
|
return pc.insecure
|
|
|
|
}
|
|
|
|
|
2022-03-28 18:09:52 +00:00
|
|
|
// NewClient creates a new Pulumi API client with the given URL and API token.
|
2022-03-04 23:51:01 +00:00
|
|
|
func NewClient(apiURL, apiToken string, insecure bool, d diag.Sink) *Client {
|
|
|
|
return newClient(apiURL, apiToken, insecure, d)
|
2022-03-28 18:09:52 +00:00
|
|
|
}
|
|
|
|
|
2019-04-26 18:53:00 +00:00
|
|
|
// URL returns the URL of the API endpoint this client interacts with
|
|
|
|
func (pc *Client) URL() string {
|
|
|
|
return pc.apiURL
|
|
|
|
}
|
|
|
|
|
Adds Pulumi AI integrations with Pulumi New (#14685)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Now that we support .zip archive sources for Pulumi New, we have all of
the API surface we need to provide a full Pulumi New experience using
Pulumi AI. This PR introduces a few modes of interacting with Pulumi AI
to generate Pulumi projects.
- The default `pulumi new` experience now begins with a choice between
`ai` and `template` modes - the `template` mode represents the current
state of running `pulumi new`, while `ai` provides an interactive
experience with Pulumi AI.
- The user can iteratively ask questions to improve or change the
resulting program - each time a prompt is completed, they are asked to
`refine`, `no`, or `yes` their session - `refine` allows a follow-on
prompt to be submitted. `no` ends the session without generating a
pulumi project, and `yes` generates a Pulumi project from the most
recent program returned by Pulumi AI.
- Additionally, top-level flags, `--ai` and `--language` are provided to
fill in default values for the AI mode. When a prompt is provided with a
language, it is automatically submitted to Pulumi AI - if either is
missing, the user is prompted for whichever value is missing.
Fixes https://github.com/pulumi/pulumi.ai/issues/441
Fixes https://github.com/pulumi/pulumi.ai/issues/443
Fixes https://github.com/pulumi/pulumi.ai/issues/444
Depends on https://github.com/pulumi/pulumi.ai/pull/472
Depends on https://github.com/pulumi/pulumi.ai/pull/507
Depends on https://github.com/pulumi/pulumi.ai/pull/508
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
---------
Co-authored-by: Aaron Friel <mayreply@aaronfriel.com>
2023-12-20 22:08:09 +00:00
|
|
|
// do proxies the http client's Do method. This is a low-level construct and should be used sparingly
|
|
|
|
func (pc *Client) do(ctx context.Context, req *http.Request) (*http.Response, error) {
|
|
|
|
return pc.httpClient.Do(req.WithContext(ctx))
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
// restCall makes a REST-style request to the Pulumi API using the given method, path, query object, and request
|
|
|
|
// object. If a response object is provided, the server's response is deserialized into that object.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) restCall(ctx context.Context, method, path string, queryObj, reqObj, respObj interface{}) error {
|
2022-03-04 23:51:01 +00:00
|
|
|
return pc.restClient.Call(ctx, pc.diag, pc.apiURL, method, path, queryObj, reqObj, respObj, pc.apiToken,
|
2022-03-28 18:09:52 +00:00
|
|
|
httpCallOptions{})
|
2018-04-05 19:55:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// restCall makes a REST-style request to the Pulumi API using the given method, path, query object, and request
|
|
|
|
// object. If a response object is provided, the server's response is deserialized into that object.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) restCallWithOptions(ctx context.Context, method, path string, queryObj, reqObj,
|
2023-03-03 16:36:39 +00:00
|
|
|
respObj interface{}, opts httpCallOptions,
|
|
|
|
) error {
|
2022-03-04 23:51:01 +00:00
|
|
|
return pc.restClient.Call(ctx, pc.diag, pc.apiURL, method, path, queryObj, reqObj, respObj, pc.apiToken, opts)
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2018-03-22 17:42:43 +00:00
|
|
|
// updateRESTCall makes a REST-style request to the Pulumi API using the given method, path, query object, and request
|
|
|
|
// object. The call is authorized with the indicated update token. If a response object is provided, the server's
|
|
|
|
// response is deserialized into that object.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) updateRESTCall(ctx context.Context, method, path string, queryObj, reqObj, respObj interface{},
|
2023-03-03 16:36:39 +00:00
|
|
|
token updateToken, httpOptions httpCallOptions,
|
|
|
|
) error {
|
2022-03-04 23:51:01 +00:00
|
|
|
return pc.restClient.Call(ctx, pc.diag, pc.apiURL, method, path, queryObj, reqObj, respObj, token, httpOptions)
|
2018-03-22 17:42:43 +00:00
|
|
|
}
|
|
|
|
|
2019-08-12 09:12:17 +00:00
|
|
|
// getProjectPath returns the API path for the given owner and the given project name joined with path separators
|
|
|
|
// and appended to the stack root.
|
|
|
|
func getProjectPath(owner string, projectName string) string {
|
|
|
|
return fmt.Sprintf("/api/stacks/%s/%s", owner, projectName)
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
// getStackPath returns the API path to for the given stack with the given components joined with path separators
|
|
|
|
// and appended to the stack root.
|
|
|
|
func getStackPath(stack StackIdentifier, components ...string) string {
|
2019-01-18 22:37:05 +00:00
|
|
|
prefix := fmt.Sprintf("/api/stacks/%s/%s/%s", stack.Owner, stack.Project, stack.Stack)
|
|
|
|
return path.Join(append([]string{prefix}, components...)...)
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2020-01-16 20:04:51 +00:00
|
|
|
// listPolicyGroupsPath returns the path for an API call to the Pulumi service to list the Policy Groups
|
|
|
|
// in a Pulumi organization.
|
|
|
|
func listPolicyGroupsPath(orgName string) string {
|
|
|
|
return fmt.Sprintf("/api/orgs/%s/policygroups", orgName)
|
|
|
|
}
|
|
|
|
|
|
|
|
// listPolicyPacksPath returns the path for an API call to the Pulumi service to list the Policy Packs
|
|
|
|
// in a Pulumi organization.
|
|
|
|
func listPolicyPacksPath(orgName string) string {
|
|
|
|
return fmt.Sprintf("/api/orgs/%s/policypacks", orgName)
|
|
|
|
}
|
|
|
|
|
|
|
|
// publishPolicyPackPath returns the path for an API call to the Pulumi service to publish a new Policy Pack
|
|
|
|
// in a Pulumi organization.
|
2019-06-24 04:39:22 +00:00
|
|
|
func publishPolicyPackPath(orgName string) string {
|
|
|
|
return fmt.Sprintf("/api/orgs/%s/policypacks", orgName)
|
|
|
|
}
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
// updatePolicyGroupPath returns the path for an API call to the Pulumi service to update a PolicyGroup
|
|
|
|
// for a Pulumi organization.
|
|
|
|
func updatePolicyGroupPath(orgName, policyGroup string) string {
|
|
|
|
return fmt.Sprintf(
|
|
|
|
"/api/orgs/%s/policygroups/%s", orgName, policyGroup)
|
|
|
|
}
|
|
|
|
|
2020-01-27 18:35:34 +00:00
|
|
|
// deletePolicyPackPath returns the path for an API call to the Pulumi service to delete
|
|
|
|
// all versions of a Policy Pack from a Pulumi organization.
|
|
|
|
func deletePolicyPackPath(orgName, policyPackName string) string {
|
|
|
|
return fmt.Sprintf("/api/orgs/%s/policypacks/%s", orgName, policyPackName)
|
|
|
|
}
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
// deletePolicyPackVersionPath returns the path for an API call to the Pulumi service to delete
|
2020-01-27 18:35:34 +00:00
|
|
|
// a version of a Policy Pack from a Pulumi organization.
|
2020-02-25 01:11:56 +00:00
|
|
|
func deletePolicyPackVersionPath(orgName, policyPackName, versionTag string) string {
|
2020-01-03 22:16:39 +00:00
|
|
|
return fmt.Sprintf(
|
2020-02-25 01:11:56 +00:00
|
|
|
"/api/orgs/%s/policypacks/%s/versions/%s", orgName, policyPackName, versionTag)
|
2020-01-03 22:16:39 +00:00
|
|
|
}
|
|
|
|
|
2019-07-25 17:56:42 +00:00
|
|
|
// publishPolicyPackPublishComplete returns the path for an API call to signal to the Pulumi service
|
|
|
|
// that a PolicyPack to a Pulumi organization.
|
2020-02-25 01:11:56 +00:00
|
|
|
func publishPolicyPackPublishComplete(orgName, policyPackName string, versionTag string) string {
|
2019-07-25 17:56:42 +00:00
|
|
|
return fmt.Sprintf(
|
2020-02-25 01:11:56 +00:00
|
|
|
"/api/orgs/%s/policypacks/%s/versions/%s/complete", orgName, policyPackName, versionTag)
|
2019-07-25 17:56:42 +00:00
|
|
|
}
|
|
|
|
|
2020-03-27 16:54:26 +00:00
|
|
|
// getPolicyPackConfigSchemaPath returns the API path to retrieve the policy pack configuration schema.
|
|
|
|
func getPolicyPackConfigSchemaPath(orgName, policyPackName string, versionTag string) string {
|
|
|
|
return fmt.Sprintf(
|
|
|
|
"/api/orgs/%s/policypacks/%s/versions/%s/schema", orgName, policyPackName, versionTag)
|
|
|
|
}
|
|
|
|
|
Adds Pulumi AI integrations with Pulumi New (#14685)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Now that we support .zip archive sources for Pulumi New, we have all of
the API surface we need to provide a full Pulumi New experience using
Pulumi AI. This PR introduces a few modes of interacting with Pulumi AI
to generate Pulumi projects.
- The default `pulumi new` experience now begins with a choice between
`ai` and `template` modes - the `template` mode represents the current
state of running `pulumi new`, while `ai` provides an interactive
experience with Pulumi AI.
- The user can iteratively ask questions to improve or change the
resulting program - each time a prompt is completed, they are asked to
`refine`, `no`, or `yes` their session - `refine` allows a follow-on
prompt to be submitted. `no` ends the session without generating a
pulumi project, and `yes` generates a Pulumi project from the most
recent program returned by Pulumi AI.
- Additionally, top-level flags, `--ai` and `--language` are provided to
fill in default values for the AI mode. When a prompt is provided with a
language, it is automatically submitted to Pulumi AI - if either is
missing, the user is prompted for whichever value is missing.
Fixes https://github.com/pulumi/pulumi.ai/issues/441
Fixes https://github.com/pulumi/pulumi.ai/issues/443
Fixes https://github.com/pulumi/pulumi.ai/issues/444
Depends on https://github.com/pulumi/pulumi.ai/pull/472
Depends on https://github.com/pulumi/pulumi.ai/pull/507
Depends on https://github.com/pulumi/pulumi.ai/pull/508
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
---------
Co-authored-by: Aaron Friel <mayreply@aaronfriel.com>
2023-12-20 22:08:09 +00:00
|
|
|
// getAIPromptPath returns the API path to create a Pulumi AI prompt.
|
|
|
|
func getAIPromptPath() string {
|
|
|
|
return "/api/ai/template"
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
// getUpdatePath returns the API path to for the given stack with the given components joined with path separators
|
|
|
|
// and appended to the update root.
|
|
|
|
func getUpdatePath(update UpdateIdentifier, components ...string) string {
|
2018-08-30 00:06:48 +00:00
|
|
|
components = append([]string{string(apitype.UpdateUpdate), update.UpdateID}, components...)
|
2018-03-21 17:33:34 +00:00
|
|
|
return getStackPath(update.StackIdentifier, components...)
|
|
|
|
}
|
|
|
|
|
2022-03-31 08:11:19 +00:00
|
|
|
// Copied from https://github.com/pulumi/pulumi-service/blob/master/pkg/apitype/users.go#L7-L16
|
|
|
|
type serviceUserInfo struct {
|
|
|
|
Name string `json:"name"`
|
2022-03-28 18:09:52 +00:00
|
|
|
GitHubLogin string `json:"githubLogin"`
|
2022-03-31 08:11:19 +00:00
|
|
|
AvatarURL string `json:"avatarUrl"`
|
|
|
|
Email string `json:"email,omitempty"`
|
|
|
|
}
|
|
|
|
|
2023-09-23 12:46:11 +00:00
|
|
|
// Copied from https://github.com/pulumi/pulumi-service/blob/master/pkg/apitype/users.go#L20-L37
|
2022-03-31 08:11:19 +00:00
|
|
|
type serviceUser struct {
|
|
|
|
ID string `json:"id"`
|
|
|
|
GitHubLogin string `json:"githubLogin"`
|
|
|
|
Name string `json:"name"`
|
|
|
|
Email string `json:"email"`
|
|
|
|
AvatarURL string `json:"avatarUrl"`
|
|
|
|
Organizations []serviceUserInfo `json:"organizations"`
|
|
|
|
Identities []string `json:"identities"`
|
|
|
|
SiteAdmin *bool `json:"siteAdmin,omitempty"`
|
2023-09-23 12:46:11 +00:00
|
|
|
TokenInfo *serviceTokenInfo `json:"tokenInfo,omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// Copied from https://github.com/pulumi/pulumi-service/blob/master/pkg/apitype/users.go#L39-L43
|
|
|
|
type serviceTokenInfo struct {
|
|
|
|
Name string `json:"name"`
|
|
|
|
Organization string `json:"organization,omitempty"`
|
|
|
|
Team string `json:"team,omitempty"`
|
2022-03-28 18:09:52 +00:00
|
|
|
}
|
|
|
|
|
2024-04-07 12:19:17 +00:00
|
|
|
// GetPulumiAccountDetails returns the user implied by the API token associated with this client.
|
2023-09-23 12:46:11 +00:00
|
|
|
func (pc *Client) GetPulumiAccountDetails(ctx context.Context) (string, []string, *workspace.TokenInformation, error) {
|
2018-04-18 10:19:13 +00:00
|
|
|
if pc.apiUser == "" {
|
2022-03-31 08:11:19 +00:00
|
|
|
resp := serviceUser{}
|
2018-05-08 01:23:03 +00:00
|
|
|
if err := pc.restCall(ctx, "GET", "/api/user", nil, nil, &resp); err != nil {
|
2023-09-23 12:46:11 +00:00
|
|
|
return "", nil, nil, err
|
2018-04-18 10:19:13 +00:00
|
|
|
}
|
|
|
|
|
2018-04-18 18:25:16 +00:00
|
|
|
if resp.GitHubLogin == "" {
|
2023-09-23 12:46:11 +00:00
|
|
|
return "", nil, nil, errors.New("unexpected response from server")
|
2018-04-18 18:25:16 +00:00
|
|
|
}
|
|
|
|
|
2018-04-18 10:19:13 +00:00
|
|
|
pc.apiUser = resp.GitHubLogin
|
2022-03-31 08:11:19 +00:00
|
|
|
pc.apiOrgs = make([]string, len(resp.Organizations))
|
|
|
|
for i, org := range resp.Organizations {
|
|
|
|
if org.GitHubLogin == "" {
|
2023-09-23 12:46:11 +00:00
|
|
|
return "", nil, nil, errors.New("unexpected response from server")
|
2022-03-31 08:11:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
pc.apiOrgs[i] = org.GitHubLogin
|
|
|
|
}
|
2023-09-23 12:46:11 +00:00
|
|
|
if resp.TokenInfo != nil {
|
|
|
|
pc.tokenInfo = &workspace.TokenInformation{
|
|
|
|
Name: resp.TokenInfo.Name,
|
|
|
|
Organization: resp.TokenInfo.Organization,
|
|
|
|
Team: resp.TokenInfo.Team,
|
|
|
|
}
|
|
|
|
}
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
2018-04-18 10:19:13 +00:00
|
|
|
|
2023-09-23 12:46:11 +00:00
|
|
|
return pc.apiUser, pc.apiOrgs, pc.tokenInfo, nil
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2018-08-02 21:45:50 +00:00
|
|
|
// GetCLIVersionInfo asks the service for information about versions of the CLI (the newest version as well as the
|
2023-12-22 16:40:12 +00:00
|
|
|
// oldest version before the CLI should warn about an upgrade, and the current dev version).
|
|
|
|
func (pc *Client) GetCLIVersionInfo(ctx context.Context) (semver.Version, semver.Version, semver.Version, error) {
|
2018-08-02 21:45:50 +00:00
|
|
|
var versionInfo apitype.CLIVersionResponse
|
|
|
|
|
2023-06-20 16:49:03 +00:00
|
|
|
err := pc.restCallWithOptions(
|
|
|
|
ctx,
|
|
|
|
"GET",
|
|
|
|
"/api/cli/version",
|
|
|
|
nil, // query
|
|
|
|
nil, // request
|
|
|
|
&versionInfo, // response
|
|
|
|
httpCallOptions{
|
|
|
|
RetryPolicy: retryNone,
|
|
|
|
},
|
|
|
|
)
|
|
|
|
if err != nil {
|
2023-12-22 16:40:12 +00:00
|
|
|
return semver.Version{}, semver.Version{}, semver.Version{}, err
|
2018-08-02 21:45:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
latestSem, err := semver.ParseTolerant(versionInfo.LatestVersion)
|
|
|
|
if err != nil {
|
2023-12-22 16:40:12 +00:00
|
|
|
return semver.Version{}, semver.Version{}, semver.Version{}, err
|
2018-08-02 21:45:50 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
oldestSem, err := semver.ParseTolerant(versionInfo.OldestWithoutWarning)
|
|
|
|
if err != nil {
|
2023-12-22 16:40:12 +00:00
|
|
|
return semver.Version{}, semver.Version{}, semver.Version{}, err
|
2018-08-02 21:45:50 +00:00
|
|
|
}
|
|
|
|
|
2023-12-22 16:40:12 +00:00
|
|
|
// If there is no dev version, return the latest and oldest
|
|
|
|
// versions. This can happen if the server does not include
|
|
|
|
// https://github.com/pulumi/pulumi-service/pull/17429 yet
|
|
|
|
if versionInfo.LatestDevVersion == "" {
|
|
|
|
return latestSem, oldestSem, semver.Version{}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
devSem, err := semver.ParseTolerant(versionInfo.LatestDevVersion)
|
|
|
|
if err != nil {
|
|
|
|
return semver.Version{}, semver.Version{}, semver.Version{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return latestSem, oldestSem, devSem, nil
|
2018-08-02 21:45:50 +00:00
|
|
|
}
|
|
|
|
|
2019-08-22 20:56:43 +00:00
|
|
|
// ListStacksFilter describes optional filters when listing stacks.
|
|
|
|
type ListStacksFilter struct {
|
|
|
|
Project *string
|
|
|
|
Organization *string
|
|
|
|
TagName *string
|
|
|
|
TagValue *string
|
|
|
|
}
|
2018-05-08 01:23:03 +00:00
|
|
|
|
2019-08-22 20:56:43 +00:00
|
|
|
// ListStacks lists all stacks the current user has access to, optionally filtered by project.
|
|
|
|
func (pc *Client) ListStacks(
|
2023-03-03 16:36:39 +00:00
|
|
|
ctx context.Context, filter ListStacksFilter, inContToken *string,
|
|
|
|
) ([]apitype.StackSummary, *string, error) {
|
2019-08-22 20:56:43 +00:00
|
|
|
queryFilter := struct {
|
2021-07-29 20:37:17 +00:00
|
|
|
Project *string `url:"project,omitempty"`
|
|
|
|
Organization *string `url:"organization,omitempty"`
|
|
|
|
TagName *string `url:"tagName,omitempty"`
|
|
|
|
TagValue *string `url:"tagValue,omitempty"`
|
|
|
|
ContinuationToken *string `url:"continuationToken,omitempty"`
|
2019-08-22 20:56:43 +00:00
|
|
|
}{
|
2021-07-29 20:37:17 +00:00
|
|
|
Project: filter.Project,
|
|
|
|
Organization: filter.Organization,
|
|
|
|
TagName: filter.TagName,
|
|
|
|
TagValue: filter.TagValue,
|
|
|
|
ContinuationToken: inContToken,
|
2018-05-21 23:17:12 +00:00
|
|
|
}
|
2018-04-18 10:19:13 +00:00
|
|
|
|
2019-08-22 20:56:43 +00:00
|
|
|
var resp apitype.ListStacksResponse
|
2018-09-14 03:54:42 +00:00
|
|
|
if err := pc.restCall(ctx, "GET", "/api/user/stacks", queryFilter, nil, &resp); err != nil {
|
2021-07-29 20:37:17 +00:00
|
|
|
return nil, nil, err
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
2018-04-18 10:19:13 +00:00
|
|
|
|
2021-07-29 20:37:17 +00:00
|
|
|
return resp.Stacks, resp.ContinuationToken, nil
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2023-03-03 16:36:39 +00:00
|
|
|
// ErrNoPreviousDeployment is returned when there isn't a previous deployment.
|
|
|
|
var ErrNoPreviousDeployment = errors.New("no previous deployment")
|
2019-04-26 18:43:16 +00:00
|
|
|
|
2022-03-28 18:09:52 +00:00
|
|
|
type getLatestConfigurationResponse struct {
|
|
|
|
Info apitype.UpdateInfo `json:"info,omitempty"`
|
|
|
|
}
|
|
|
|
|
2018-04-26 23:13:52 +00:00
|
|
|
// GetLatestConfiguration returns the configuration for the latest deployment of a given stack.
|
|
|
|
func (pc *Client) GetLatestConfiguration(ctx context.Context, stackID StackIdentifier) (config.Map, error) {
|
2022-03-28 18:09:52 +00:00
|
|
|
latest := getLatestConfigurationResponse{}
|
2018-04-26 23:13:52 +00:00
|
|
|
if err := pc.restCall(ctx, "GET", getStackPath(stackID, "updates", "latest"), nil, nil, &latest); err != nil {
|
|
|
|
if restErr, ok := err.(*apitype.ErrorResponse); ok {
|
|
|
|
if restErr.Code == http.StatusNotFound {
|
2019-04-26 18:43:16 +00:00
|
|
|
return nil, ErrNoPreviousDeployment
|
2018-04-26 23:13:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
cfg := make(config.Map)
|
|
|
|
for k, v := range latest.Info.Config {
|
|
|
|
newKey, err := config.ParseKey(k)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
if v.Object {
|
|
|
|
if v.Secret {
|
|
|
|
cfg[newKey] = config.NewSecureObjectValue(v.String)
|
|
|
|
} else {
|
|
|
|
cfg[newKey] = config.NewObjectValue(v.String)
|
|
|
|
}
|
2018-04-26 23:13:52 +00:00
|
|
|
} else {
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
if v.Secret {
|
|
|
|
cfg[newKey] = config.NewSecureValue(v.String)
|
|
|
|
} else {
|
|
|
|
cfg[newKey] = config.NewValue(v.String)
|
|
|
|
}
|
2018-04-26 23:13:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return cfg, nil
|
|
|
|
}
|
|
|
|
|
2019-08-12 09:12:17 +00:00
|
|
|
// DoesProjectExist returns true if a project with the given name exists, or false otherwise.
|
|
|
|
func (pc *Client) DoesProjectExist(ctx context.Context, owner string, projectName string) (bool, error) {
|
|
|
|
if err := pc.restCall(ctx, "HEAD", getProjectPath(owner, projectName), nil, nil, nil); err != nil {
|
|
|
|
// If this was a 404, return false - project not found.
|
2022-11-21 16:26:09 +00:00
|
|
|
if is404(err) {
|
2019-08-12 09:12:17 +00:00
|
|
|
return false, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return false, err
|
|
|
|
}
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
2018-03-28 19:47:12 +00:00
|
|
|
// GetStack retrieves the stack with the given name.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) GetStack(ctx context.Context, stackID StackIdentifier) (apitype.Stack, error) {
|
2018-03-28 19:47:12 +00:00
|
|
|
var stack apitype.Stack
|
2018-05-08 01:23:03 +00:00
|
|
|
if err := pc.restCall(ctx, "GET", getStackPath(stackID), nil, nil, &stack); err != nil {
|
2018-03-28 19:47:12 +00:00
|
|
|
return apitype.Stack{}, err
|
|
|
|
}
|
|
|
|
return stack, nil
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
// CreateStack creates a stack with the given cloud and stack name in the scope of the indicated project.
|
2018-04-09 16:31:46 +00:00
|
|
|
func (pc *Client) CreateStack(
|
2023-03-17 19:39:45 +00:00
|
|
|
ctx context.Context, stackID StackIdentifier, tags map[apitype.StackTagName]string, teams []string,
|
2023-03-03 16:36:39 +00:00
|
|
|
) (apitype.Stack, error) {
|
2018-04-11 17:08:32 +00:00
|
|
|
// Validate names and tags.
|
Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
if err := validation.ValidateStackTags(tags); err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return apitype.Stack{}, fmt.Errorf("validating stack properties: %w", err)
|
2018-04-11 17:08:32 +00:00
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
stack := apitype.Stack{
|
Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
StackName: stackID.Stack.Q(),
|
2019-01-18 22:37:05 +00:00
|
|
|
ProjectName: stackID.Project,
|
|
|
|
OrgName: stackID.Owner,
|
|
|
|
Tags: tags,
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
createStackReq := apitype.CreateStackRequest{
|
Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
StackName: stackID.Stack.String(),
|
2018-04-09 16:31:46 +00:00
|
|
|
Tags: tags,
|
2023-03-17 19:39:45 +00:00
|
|
|
Teams: teams,
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2019-01-18 22:37:05 +00:00
|
|
|
endpoint := fmt.Sprintf("/api/stacks/%s/%s", stackID.Owner, stackID.Project)
|
2018-05-21 23:17:12 +00:00
|
|
|
if err := pc.restCall(
|
2022-03-28 18:09:52 +00:00
|
|
|
ctx, "POST", endpoint, nil, &createStackReq, nil); err != nil {
|
2018-05-21 23:17:12 +00:00
|
|
|
return apitype.Stack{}, err
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return stack, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteStack deletes the indicated stack. If force is true, the stack is deleted even if it contains resources.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) DeleteStack(ctx context.Context, stack StackIdentifier, force bool) (bool, error) {
|
2018-03-21 17:33:34 +00:00
|
|
|
path := getStackPath(stack)
|
2019-02-07 03:07:31 +00:00
|
|
|
queryObj := struct {
|
|
|
|
Force bool `url:"force"`
|
|
|
|
}{
|
|
|
|
Force: force,
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2019-02-07 03:07:31 +00:00
|
|
|
err := pc.restCall(ctx, "DELETE", path, queryObj, nil, nil)
|
|
|
|
return isStackHasResourcesError(err), err
|
|
|
|
}
|
|
|
|
|
|
|
|
func isStackHasResourcesError(err error) bool {
|
|
|
|
if err == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
errRsp, ok := err.(*apitype.ErrorResponse)
|
|
|
|
if !ok {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
return errRsp.Code == 400 && errRsp.Message == "Bad Request: Stack still contains resources."
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// EncryptValue encrypts a plaintext value in the context of the indicated stack.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) EncryptValue(ctx context.Context, stack StackIdentifier, plaintext []byte) ([]byte, error) {
|
2018-03-21 17:33:34 +00:00
|
|
|
req := apitype.EncryptValueRequest{Plaintext: plaintext}
|
|
|
|
var resp apitype.EncryptValueResponse
|
2024-03-06 08:35:36 +00:00
|
|
|
if err := pc.restCallWithOptions(
|
|
|
|
ctx, "POST", getStackPath(stack, "encrypt"), nil, &req, &resp,
|
|
|
|
httpCallOptions{RetryPolicy: retryAllMethods},
|
|
|
|
); err != nil {
|
2018-03-21 17:33:34 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return resp.Ciphertext, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// DecryptValue decrypts a ciphertext value in the context of the indicated stack.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) DecryptValue(ctx context.Context, stack StackIdentifier, ciphertext []byte) ([]byte, error) {
|
2018-03-21 17:33:34 +00:00
|
|
|
req := apitype.DecryptValueRequest{Ciphertext: ciphertext}
|
|
|
|
var resp apitype.DecryptValueResponse
|
2024-03-06 08:35:36 +00:00
|
|
|
if err := pc.restCallWithOptions(
|
|
|
|
ctx, "POST", getStackPath(stack, "decrypt"), nil, &req, &resp,
|
|
|
|
httpCallOptions{RetryPolicy: retryAllMethods},
|
|
|
|
); err != nil {
|
2018-03-21 17:33:34 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return resp.Plaintext, nil
|
|
|
|
}
|
|
|
|
|
2021-12-15 21:38:56 +00:00
|
|
|
func (pc *Client) Log3rdPartySecretsProviderDecryptionEvent(ctx context.Context, stack StackIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
secretName string,
|
|
|
|
) error {
|
2021-12-15 21:38:56 +00:00
|
|
|
req := apitype.Log3rdPartyDecryptionEvent{SecretName: secretName}
|
all: Fix revive issues
Fixes the following issues found by revive
included in the latest release of golangci-lint.
Full list of issues:
**pkg**
```
backend/display/object_diff.go:47:10: superfluous-else: if block ends with a break statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) (revive)
backend/display/object_diff.go:716:12: redefines-builtin-id: redefinition of the built-in function delete (revive)
backend/display/object_diff.go:742:14: redefines-builtin-id: redefinition of the built-in function delete (revive)
backend/display/object_diff.go:983:10: superfluous-else: if block ends with a continue statement, so drop this else and outdent its block (revive)
backend/httpstate/backend.go:1814:4: redefines-builtin-id: redefinition of the built-in function cap (revive)
backend/httpstate/backend.go:1824:5: redefines-builtin-id: redefinition of the built-in function cap (revive)
backend/httpstate/client/client.go:444:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
backend/httpstate/client/client.go:455:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
cmd/pulumi/org.go:113:4: if-return: redundant if ...; err != nil check, just return error instead. (revive)
cmd/pulumi/util.go:216:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
codegen/docs/gen.go:428:2: redefines-builtin-id: redefinition of the built-in function copy (revive)
codegen/hcl2/model/expression.go:2151:5: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/hcl2/syntax/comments.go:151:2: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/hcl2/syntax/comments.go:329:3: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/hcl2/syntax/comments.go:381:5: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/nodejs/gen.go:1367:5: redefines-builtin-id: redefinition of the built-in function copy (revive)
codegen/python/gen_program_expressions.go:136:2: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/python/gen_program_expressions.go:142:3: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/report/report.go:126:6: redefines-builtin-id: redefinition of the built-in function panic (revive)
codegen/schema/docs_test.go:210:10: superfluous-else: if block ends with a continue statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) (revive)
codegen/schema/schema.go:790:2: redefines-builtin-id: redefinition of the built-in type any (revive)
codegen/schema/schema.go:793:4: redefines-builtin-id: redefinition of the built-in type any (revive)
resource/deploy/plan.go:506:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
resource/deploy/snapshot_test.go:59:3: redefines-builtin-id: redefinition of the built-in function copy (revive)
resource/deploy/state_builder.go:108:2: redefines-builtin-id: redefinition of the built-in function copy (revive)
```
**sdk**
```
go/common/resource/plugin/context.go:142:2: redefines-builtin-id: redefinition of the built-in function copy (revive)
go/common/resource/plugin/plugin.go:142:12: superfluous-else: if block ends with a break statement, so drop this else and outdent its block (revive)
go/common/resource/properties_diff.go:114:2: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:117:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:122:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:127:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:132:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/util/deepcopy/copy.go:30:1: redefines-builtin-id: redefinition of the built-in function copy (revive)
go/common/workspace/creds.go:242:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
go/pulumi-language-go/main.go:569:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
go/pulumi-language-go/main.go:706:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
go/pulumi/run_test.go:925:2: redefines-builtin-id: redefinition of the built-in type any (revive)
go/pulumi/run_test.go:933:3: redefines-builtin-id: redefinition of the built-in type any (revive)
nodejs/cmd/pulumi-language-nodejs/main.go:778:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
python/cmd/pulumi-language-python/main.go:1011:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
python/cmd/pulumi-language-python/main.go:863:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
python/python.go:230:2: redefines-builtin-id: redefinition of the built-in function print (revive)
```
**tests**
```
integration/integration_util_test.go:282:11: superfluous-else: if block ends with a continue statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) (revive)
```
2023-03-20 23:48:02 +00:00
|
|
|
return pc.restCall(
|
|
|
|
ctx, "POST", path.Join(getStackPath(stack, "decrypt"), "log-decryption"),
|
|
|
|
nil, &req, nil)
|
2021-12-15 21:38:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) LogBulk3rdPartySecretsProviderDecryptionEvent(ctx context.Context, stack StackIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
command string,
|
|
|
|
) error {
|
2021-12-15 21:38:56 +00:00
|
|
|
req := apitype.Log3rdPartyDecryptionEvent{CommandName: command}
|
all: Fix revive issues
Fixes the following issues found by revive
included in the latest release of golangci-lint.
Full list of issues:
**pkg**
```
backend/display/object_diff.go:47:10: superfluous-else: if block ends with a break statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) (revive)
backend/display/object_diff.go:716:12: redefines-builtin-id: redefinition of the built-in function delete (revive)
backend/display/object_diff.go:742:14: redefines-builtin-id: redefinition of the built-in function delete (revive)
backend/display/object_diff.go:983:10: superfluous-else: if block ends with a continue statement, so drop this else and outdent its block (revive)
backend/httpstate/backend.go:1814:4: redefines-builtin-id: redefinition of the built-in function cap (revive)
backend/httpstate/backend.go:1824:5: redefines-builtin-id: redefinition of the built-in function cap (revive)
backend/httpstate/client/client.go:444:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
backend/httpstate/client/client.go:455:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
cmd/pulumi/org.go:113:4: if-return: redundant if ...; err != nil check, just return error instead. (revive)
cmd/pulumi/util.go:216:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
codegen/docs/gen.go:428:2: redefines-builtin-id: redefinition of the built-in function copy (revive)
codegen/hcl2/model/expression.go:2151:5: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/hcl2/syntax/comments.go:151:2: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/hcl2/syntax/comments.go:329:3: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/hcl2/syntax/comments.go:381:5: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/nodejs/gen.go:1367:5: redefines-builtin-id: redefinition of the built-in function copy (revive)
codegen/python/gen_program_expressions.go:136:2: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/python/gen_program_expressions.go:142:3: redefines-builtin-id: redefinition of the built-in function close (revive)
codegen/report/report.go:126:6: redefines-builtin-id: redefinition of the built-in function panic (revive)
codegen/schema/docs_test.go:210:10: superfluous-else: if block ends with a continue statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) (revive)
codegen/schema/schema.go:790:2: redefines-builtin-id: redefinition of the built-in type any (revive)
codegen/schema/schema.go:793:4: redefines-builtin-id: redefinition of the built-in type any (revive)
resource/deploy/plan.go:506:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
resource/deploy/snapshot_test.go:59:3: redefines-builtin-id: redefinition of the built-in function copy (revive)
resource/deploy/state_builder.go:108:2: redefines-builtin-id: redefinition of the built-in function copy (revive)
```
**sdk**
```
go/common/resource/plugin/context.go:142:2: redefines-builtin-id: redefinition of the built-in function copy (revive)
go/common/resource/plugin/plugin.go:142:12: superfluous-else: if block ends with a break statement, so drop this else and outdent its block (revive)
go/common/resource/properties_diff.go:114:2: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:117:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:122:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:127:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/resource/properties_diff.go:132:4: redefines-builtin-id: redefinition of the built-in function len (revive)
go/common/util/deepcopy/copy.go:30:1: redefines-builtin-id: redefinition of the built-in function copy (revive)
go/common/workspace/creds.go:242:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
go/pulumi-language-go/main.go:569:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
go/pulumi-language-go/main.go:706:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
go/pulumi/run_test.go:925:2: redefines-builtin-id: redefinition of the built-in type any (revive)
go/pulumi/run_test.go:933:3: redefines-builtin-id: redefinition of the built-in type any (revive)
nodejs/cmd/pulumi-language-nodejs/main.go:778:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
python/cmd/pulumi-language-python/main.go:1011:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
python/cmd/pulumi-language-python/main.go:863:2: if-return: redundant if ...; err != nil check, just return error instead. (revive)
python/python.go:230:2: redefines-builtin-id: redefinition of the built-in function print (revive)
```
**tests**
```
integration/integration_util_test.go:282:11: superfluous-else: if block ends with a continue statement, so drop this else and outdent its block (move short variable declaration to its own line if necessary) (revive)
```
2023-03-20 23:48:02 +00:00
|
|
|
return pc.restCall(
|
|
|
|
ctx, "POST", path.Join(getStackPath(stack, "decrypt"), "log-batch-decryption"),
|
|
|
|
nil, &req, nil)
|
2021-12-15 21:38:56 +00:00
|
|
|
}
|
|
|
|
|
2022-01-24 20:33:40 +00:00
|
|
|
// BulkDecryptValue decrypts a ciphertext value in the context of the indicated stack.
|
|
|
|
func (pc *Client) BulkDecryptValue(ctx context.Context, stack StackIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
ciphertexts [][]byte,
|
|
|
|
) (map[string][]byte, error) {
|
2022-01-24 20:33:40 +00:00
|
|
|
req := apitype.BulkDecryptValueRequest{Ciphertexts: ciphertexts}
|
|
|
|
var resp apitype.BulkDecryptValueResponse
|
2022-09-02 03:14:13 +00:00
|
|
|
if err := pc.restCallWithOptions(ctx, "POST", getStackPath(stack, "batch-decrypt"), nil, &req, &resp,
|
2024-03-06 08:35:36 +00:00
|
|
|
httpCallOptions{GzipCompress: true, RetryPolicy: retryAllMethods}); err != nil {
|
2022-01-24 20:33:40 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return resp.Plaintexts, nil
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
// GetStackUpdates returns all updates to the indicated stack.
|
2021-02-08 21:13:55 +00:00
|
|
|
func (pc *Client) GetStackUpdates(
|
|
|
|
ctx context.Context,
|
|
|
|
stack StackIdentifier,
|
2021-02-10 00:20:01 +00:00
|
|
|
pageSize int,
|
2023-03-03 16:36:39 +00:00
|
|
|
page int,
|
|
|
|
) ([]apitype.UpdateInfo, error) {
|
2018-03-21 17:33:34 +00:00
|
|
|
var response apitype.GetHistoryResponse
|
2021-02-08 18:49:57 +00:00
|
|
|
path := getStackPath(stack, "updates")
|
|
|
|
if pageSize > 0 {
|
2021-02-10 00:20:01 +00:00
|
|
|
if page < 1 {
|
|
|
|
page = 1
|
|
|
|
}
|
|
|
|
path += fmt.Sprintf("?pageSize=%d&page=%d", pageSize, page)
|
2021-02-08 18:49:57 +00:00
|
|
|
}
|
|
|
|
if err := pc.restCall(ctx, "GET", path, nil, nil, &response); err != nil {
|
2018-03-21 17:33:34 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return response.Updates, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// ExportStackDeployment exports the indicated stack's deployment as a raw JSON message.
|
2020-02-13 20:25:57 +00:00
|
|
|
// If version is nil, will export the latest version of the stack.
|
|
|
|
func (pc *Client) ExportStackDeployment(
|
2023-03-03 16:36:39 +00:00
|
|
|
ctx context.Context, stack StackIdentifier, version *int,
|
|
|
|
) (apitype.UntypedDeployment, error) {
|
2022-09-21 20:45:55 +00:00
|
|
|
tracingSpan, childCtx := opentracing.StartSpanFromContext(ctx, "ExportStackDeployment")
|
|
|
|
defer tracingSpan.Finish()
|
|
|
|
|
2020-02-13 20:25:57 +00:00
|
|
|
path := getStackPath(stack, "export")
|
|
|
|
|
|
|
|
// Tack on a specific version as desired.
|
|
|
|
if version != nil {
|
|
|
|
path += fmt.Sprintf("/%d", *version)
|
|
|
|
}
|
2018-05-08 01:23:03 +00:00
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
var resp apitype.ExportStackResponse
|
2022-09-21 20:45:55 +00:00
|
|
|
if err := pc.restCall(childCtx, "GET", path, nil, nil, &resp); err != nil {
|
2018-04-17 23:01:52 +00:00
|
|
|
return apitype.UntypedDeployment{}, err
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2018-04-17 23:01:52 +00:00
|
|
|
return apitype.UntypedDeployment(resp), nil
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ImportStackDeployment imports a new deployment into the indicated stack.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) ImportStackDeployment(ctx context.Context, stack StackIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
deployment *apitype.UntypedDeployment,
|
|
|
|
) (UpdateIdentifier, error) {
|
2018-03-21 17:33:34 +00:00
|
|
|
var resp apitype.ImportStackResponse
|
2022-09-02 03:14:13 +00:00
|
|
|
if err := pc.restCallWithOptions(ctx, "POST", getStackPath(stack, "import"), nil, deployment, &resp,
|
|
|
|
httpCallOptions{GzipCompress: true}); err != nil {
|
2018-03-21 17:33:34 +00:00
|
|
|
return UpdateIdentifier{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return UpdateIdentifier{
|
|
|
|
StackIdentifier: stack,
|
2018-08-30 00:06:48 +00:00
|
|
|
UpdateKind: apitype.UpdateUpdate,
|
2018-03-21 17:33:34 +00:00
|
|
|
UpdateID: resp.UpdateID,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2023-04-14 20:18:49 +00:00
|
|
|
type CreateUpdateDetails struct {
|
|
|
|
Messages []apitype.Message
|
|
|
|
RequiredPolicies []apitype.RequiredPolicy
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
// CreateUpdate creates a new update for the indicated stack with the given kind and assorted options. If the update
|
|
|
|
// requires that the Pulumi program is uploaded, the provided getContents callback will be invoked to fetch the
|
|
|
|
// contents of the Pulumi program.
|
2018-04-14 05:26:01 +00:00
|
|
|
func (pc *Client) CreateUpdate(
|
2019-06-30 23:34:39 +00:00
|
|
|
ctx context.Context, kind apitype.UpdateKind, stack StackIdentifier, proj *workspace.Project,
|
|
|
|
cfg config.Map, m apitype.UpdateMetadata, opts engine.UpdateOptions,
|
2023-03-03 16:36:39 +00:00
|
|
|
dryRun bool,
|
2023-04-14 20:18:49 +00:00
|
|
|
) (UpdateIdentifier, CreateUpdateDetails, error) {
|
2018-03-21 17:33:34 +00:00
|
|
|
// First create the update program request.
|
|
|
|
wireConfig := make(map[string]apitype.ConfigValue)
|
|
|
|
for k, cv := range cfg {
|
|
|
|
v, err := cv.Value(config.NopDecrypter)
|
2023-02-16 20:36:43 +00:00
|
|
|
contract.AssertNoErrorf(err, "error fetching config value for key %v", k)
|
2018-03-21 17:33:34 +00:00
|
|
|
|
2018-08-22 17:55:51 +00:00
|
|
|
wireConfig[k.String()] = apitype.ConfigValue{
|
2018-03-21 17:33:34 +00:00
|
|
|
String: v,
|
|
|
|
Secret: cv.Secure(),
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
Object: cv.Object(),
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
description := ""
|
2018-11-01 15:28:11 +00:00
|
|
|
if proj.Description != nil {
|
|
|
|
description = *proj.Description
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
2018-04-14 05:26:01 +00:00
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
updateRequest := apitype.UpdateProgramRequest{
|
2018-11-01 15:28:11 +00:00
|
|
|
Name: string(proj.Name),
|
|
|
|
Runtime: proj.Runtime.Name(),
|
|
|
|
Main: proj.Main,
|
2018-03-21 17:33:34 +00:00
|
|
|
Description: description,
|
|
|
|
Config: wireConfig,
|
|
|
|
Options: apitype.UpdateOptions{
|
2020-01-30 21:31:41 +00:00
|
|
|
LocalPolicyPackPaths: engine.ConvertLocalPolicyPacksToPaths(opts.LocalPolicyPacks),
|
2018-03-21 17:33:34 +00:00
|
|
|
Color: colors.Raw, // force raw colorization, we handle colorization in the CLI
|
2018-04-14 05:26:01 +00:00
|
|
|
DryRun: dryRun,
|
2018-03-21 17:33:34 +00:00
|
|
|
Parallel: opts.Parallel,
|
|
|
|
ShowConfig: false, // This is a legacy option now, the engine will always emit config information
|
|
|
|
ShowReplacementSteps: false, // This is a legacy option now, the engine will always emit this information
|
|
|
|
ShowSames: false, // This is a legacy option now, the engine will always emit this information
|
|
|
|
},
|
|
|
|
Metadata: m,
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create the initial update object.
|
2018-04-16 22:34:59 +00:00
|
|
|
var endpoint string
|
|
|
|
switch kind {
|
2020-10-14 11:51:53 +00:00
|
|
|
case apitype.UpdateUpdate, apitype.ResourceImportUpdate:
|
2018-08-03 03:13:12 +00:00
|
|
|
endpoint = "update"
|
2018-08-30 00:06:48 +00:00
|
|
|
case apitype.PreviewUpdate:
|
2018-05-09 03:55:51 +00:00
|
|
|
endpoint = "preview"
|
2018-08-30 00:06:48 +00:00
|
|
|
case apitype.RefreshUpdate:
|
2018-05-17 18:44:39 +00:00
|
|
|
endpoint = "refresh"
|
2018-08-30 00:06:48 +00:00
|
|
|
case apitype.DestroyUpdate:
|
2018-04-16 22:34:59 +00:00
|
|
|
endpoint = "destroy"
|
2024-01-23 19:15:29 +00:00
|
|
|
case apitype.StackImportUpdate, apitype.RenameUpdate:
|
|
|
|
contract.Failf("%s updates are not supported", kind)
|
2018-04-16 22:34:59 +00:00
|
|
|
default:
|
|
|
|
contract.Failf("Unknown kind: %s", kind)
|
|
|
|
}
|
|
|
|
|
|
|
|
path := getStackPath(stack, endpoint)
|
2018-03-21 17:33:34 +00:00
|
|
|
var updateResponse apitype.UpdateProgramResponse
|
2018-05-08 01:23:03 +00:00
|
|
|
if err := pc.restCall(ctx, "POST", path, nil, &updateRequest, &updateResponse); err != nil {
|
2023-04-14 20:18:49 +00:00
|
|
|
return UpdateIdentifier{}, CreateUpdateDetails{}, err
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return UpdateIdentifier{
|
2023-04-14 20:18:49 +00:00
|
|
|
StackIdentifier: stack,
|
|
|
|
UpdateKind: kind,
|
|
|
|
UpdateID: updateResponse.UpdateID,
|
|
|
|
}, CreateUpdateDetails{
|
|
|
|
Messages: updateResponse.Messages,
|
|
|
|
RequiredPolicies: updateResponse.RequiredPolicies,
|
|
|
|
}, nil
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2019-10-03 16:13:13 +00:00
|
|
|
// RenameStack renames the provided stack to have the new identifier.
|
|
|
|
func (pc *Client) RenameStack(ctx context.Context, currentID, newID StackIdentifier) error {
|
2019-03-14 22:32:10 +00:00
|
|
|
req := apitype.StackRenameRequest{
|
Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
NewName: newID.Stack.String(),
|
2019-10-03 16:13:13 +00:00
|
|
|
NewProject: newID.Project,
|
2019-03-14 22:32:10 +00:00
|
|
|
}
|
2022-03-28 18:09:52 +00:00
|
|
|
return pc.restCall(ctx, "POST", getStackPath(currentID, "rename"), nil, &req, nil)
|
2019-03-14 22:32:10 +00:00
|
|
|
}
|
|
|
|
|
2018-03-22 17:42:43 +00:00
|
|
|
// StartUpdate starts the indicated update. It returns the new version of the update's target stack and the token used
|
2018-04-09 16:31:46 +00:00
|
|
|
// to authenticate operations on the update if any. Replaces the stack's tags with the updated set.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) StartUpdate(ctx context.Context, update UpdateIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
tags map[apitype.StackTagName]string,
|
|
|
|
) (int, string, error) {
|
2018-04-11 17:08:32 +00:00
|
|
|
// Validate names and tags.
|
Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
if err := validation.ValidateStackTags(tags); err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return 0, "", fmt.Errorf("validating stack properties: %w", err)
|
2018-04-11 17:08:32 +00:00
|
|
|
}
|
|
|
|
|
2018-04-09 16:31:46 +00:00
|
|
|
req := apitype.StartUpdateRequest{
|
|
|
|
Tags: tags,
|
|
|
|
}
|
|
|
|
|
2018-03-21 17:33:34 +00:00
|
|
|
var resp apitype.StartUpdateResponse
|
2018-05-08 01:23:03 +00:00
|
|
|
if err := pc.restCall(ctx, "POST", getUpdatePath(update), nil, req, &resp); err != nil {
|
2018-03-22 17:42:43 +00:00
|
|
|
return 0, "", err
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2018-03-22 17:42:43 +00:00
|
|
|
return resp.Version, resp.Token, nil
|
2018-03-21 17:33:34 +00:00
|
|
|
}
|
|
|
|
|
2020-01-16 20:04:51 +00:00
|
|
|
// ListPolicyGroups lists all `PolicyGroups` the organization has in the Pulumi service.
|
2021-07-29 20:37:17 +00:00
|
|
|
func (pc *Client) ListPolicyGroups(ctx context.Context, orgName string, inContToken *string) (
|
2023-03-03 16:36:39 +00:00
|
|
|
apitype.ListPolicyGroupsResponse, *string, error,
|
|
|
|
) {
|
2021-07-29 20:37:17 +00:00
|
|
|
// NOTE: The ListPolicyGroups API on the Pulumi Service is not currently paginated.
|
2020-01-16 20:04:51 +00:00
|
|
|
var resp apitype.ListPolicyGroupsResponse
|
|
|
|
err := pc.restCall(ctx, "GET", listPolicyGroupsPath(orgName), nil, nil, &resp)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return resp, nil, fmt.Errorf("List Policy Groups failed: %w", err)
|
2020-01-16 20:04:51 +00:00
|
|
|
}
|
2021-07-29 20:37:17 +00:00
|
|
|
return resp, nil, nil
|
2020-01-16 20:04:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ListPolicyPacks lists all `PolicyPack` the organization has in the Pulumi service.
|
2021-07-29 20:37:17 +00:00
|
|
|
func (pc *Client) ListPolicyPacks(ctx context.Context, orgName string, inContToken *string) (
|
2023-03-03 16:36:39 +00:00
|
|
|
apitype.ListPolicyPacksResponse, *string, error,
|
|
|
|
) {
|
2021-07-29 20:37:17 +00:00
|
|
|
// NOTE: The ListPolicyPacks API on the Pulumi Service is not currently paginated.
|
2020-01-16 20:04:51 +00:00
|
|
|
var resp apitype.ListPolicyPacksResponse
|
|
|
|
err := pc.restCall(ctx, "GET", listPolicyPacksPath(orgName), nil, nil, &resp)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return resp, nil, fmt.Errorf("List Policy Packs failed: %w", err)
|
2020-01-16 20:04:51 +00:00
|
|
|
}
|
2021-07-29 20:37:17 +00:00
|
|
|
return resp, nil, nil
|
2020-01-16 20:04:51 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 01:11:56 +00:00
|
|
|
// PublishPolicyPack publishes a `PolicyPack` to the Pulumi service. If it successfully publishes
|
|
|
|
// the Policy Pack, it returns the version of the pack.
|
2019-06-24 04:39:22 +00:00
|
|
|
func (pc *Client) PublishPolicyPack(ctx context.Context, orgName string,
|
2023-03-03 16:36:39 +00:00
|
|
|
analyzerInfo plugin.AnalyzerInfo, dirArchive io.Reader,
|
|
|
|
) (string, error) {
|
2019-06-24 04:39:22 +00:00
|
|
|
//
|
2019-07-25 17:56:42 +00:00
|
|
|
// Step 1: Send POST containing policy metadata to service. This begins process of creating
|
2019-06-24 04:39:22 +00:00
|
|
|
// publishing the PolicyPack.
|
|
|
|
//
|
|
|
|
|
2020-02-25 01:11:56 +00:00
|
|
|
if err := validatePolicyPackVersion(analyzerInfo.Version); err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
2020-03-08 21:11:55 +00:00
|
|
|
policies := make([]apitype.Policy, len(analyzerInfo.Policies))
|
|
|
|
for i, policy := range analyzerInfo.Policies {
|
|
|
|
configSchema, err := convertPolicyConfigSchema(policy.ConfigSchema)
|
|
|
|
if err != nil {
|
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
|
|
|
|
policies[i] = apitype.Policy{
|
|
|
|
Name: policy.Name,
|
|
|
|
DisplayName: policy.DisplayName,
|
|
|
|
Description: policy.Description,
|
|
|
|
EnforcementLevel: policy.EnforcementLevel,
|
|
|
|
Message: policy.Message,
|
|
|
|
ConfigSchema: configSchema,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-06-24 04:39:22 +00:00
|
|
|
req := apitype.CreatePolicyPackRequest{
|
|
|
|
Name: analyzerInfo.Name,
|
|
|
|
DisplayName: analyzerInfo.DisplayName,
|
2020-02-25 01:11:56 +00:00
|
|
|
VersionTag: analyzerInfo.Version,
|
2020-03-08 21:11:55 +00:00
|
|
|
Policies: policies,
|
2019-06-24 04:39:22 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 01:11:56 +00:00
|
|
|
// Print a publishing message. We have to handle the case where an older version of pulumi/policy
|
|
|
|
// is in use, which does not provide a version tag.
|
|
|
|
var versionMsg string
|
|
|
|
if analyzerInfo.Version != "" {
|
2023-12-12 12:19:42 +00:00
|
|
|
versionMsg = " - version " + analyzerInfo.Version
|
2020-02-25 01:11:56 +00:00
|
|
|
}
|
|
|
|
fmt.Printf("Publishing %q%s to %q\n", analyzerInfo.Name, versionMsg, orgName)
|
2019-06-30 23:34:39 +00:00
|
|
|
|
2019-06-24 04:39:22 +00:00
|
|
|
var resp apitype.CreatePolicyPackResponse
|
|
|
|
err := pc.restCall(ctx, "POST", publishPolicyPackPath(orgName), nil, req, &resp)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return "", fmt.Errorf("Publish policy pack failed: %w", err)
|
2019-06-24 04:39:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
//
|
2021-05-28 04:45:35 +00:00
|
|
|
// Step 2: Upload the compressed PolicyPack directory to the pre-signed object storage service URL.
|
|
|
|
// The PolicyPack is now published.
|
2019-06-24 04:39:22 +00:00
|
|
|
//
|
|
|
|
|
2021-05-28 04:45:35 +00:00
|
|
|
putReq, err := http.NewRequest(http.MethodPut, resp.UploadURI, dirArchive)
|
2019-06-24 04:39:22 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return "", fmt.Errorf("Failed to upload compressed PolicyPack: %w", err)
|
2019-06-24 04:39:22 +00:00
|
|
|
}
|
|
|
|
|
2021-05-28 04:45:35 +00:00
|
|
|
for k, v := range resp.RequiredHeaders {
|
|
|
|
putReq.Header.Add(k, v)
|
|
|
|
}
|
|
|
|
|
2022-03-04 23:51:01 +00:00
|
|
|
_, err = pc.httpClient.Do(putReq)
|
2019-06-24 04:39:22 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return "", fmt.Errorf("Failed to upload compressed PolicyPack: %w", err)
|
2019-06-24 04:39:22 +00:00
|
|
|
}
|
|
|
|
|
2019-07-25 17:56:42 +00:00
|
|
|
//
|
|
|
|
// Step 3: Signal to the service that the PolicyPack publish operation is complete.
|
|
|
|
//
|
|
|
|
|
2020-02-25 01:11:56 +00:00
|
|
|
// If the version tag is empty, an older version of pulumi/policy is being used and
|
|
|
|
// we therefore need to use the version provided by the pulumi service.
|
|
|
|
version := analyzerInfo.Version
|
|
|
|
if version == "" {
|
|
|
|
version = strconv.Itoa(resp.Version)
|
|
|
|
fmt.Printf("Published as version %s\n", version)
|
|
|
|
}
|
2019-07-25 17:56:42 +00:00
|
|
|
err = pc.restCall(ctx, "POST",
|
2020-02-25 01:11:56 +00:00
|
|
|
publishPolicyPackPublishComplete(orgName, analyzerInfo.Name, version), nil, nil, nil)
|
2019-07-25 17:56:42 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return "", fmt.Errorf("Request to signal completion of the publish operation failed: %w", err)
|
2019-07-25 17:56:42 +00:00
|
|
|
}
|
|
|
|
|
2020-02-25 01:11:56 +00:00
|
|
|
return version, nil
|
|
|
|
}
|
|
|
|
|
2020-03-08 21:11:55 +00:00
|
|
|
// convertPolicyConfigSchema converts a policy's schema from the analyzer to the apitype.
|
|
|
|
func convertPolicyConfigSchema(schema *plugin.AnalyzerPolicyConfigSchema) (*apitype.PolicyConfigSchema, error) {
|
|
|
|
if schema == nil {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
properties := map[string]*json.RawMessage{}
|
|
|
|
for k, v := range schema.Properties {
|
|
|
|
bytes, err := json.Marshal(v)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
raw := json.RawMessage(bytes)
|
|
|
|
properties[k] = &raw
|
|
|
|
}
|
|
|
|
return &apitype.PolicyConfigSchema{
|
|
|
|
Type: apitype.Object,
|
|
|
|
Properties: properties,
|
|
|
|
Required: schema.Required,
|
|
|
|
}, nil
|
|
|
|
}
|
|
|
|
|
2020-02-25 01:11:56 +00:00
|
|
|
// validatePolicyPackVersion validates the version of a Policy Pack. The version may be empty,
|
|
|
|
// as it is likely an older version of pulumi/policy that does not gather the version.
|
|
|
|
func validatePolicyPackVersion(s string) error {
|
|
|
|
if s == "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
policyPackVersionTagRE := regexp.MustCompile("^[a-zA-Z0-9-_.]{1,100}$")
|
|
|
|
if !policyPackVersionTagRE.MatchString(s) {
|
|
|
|
msg := fmt.Sprintf("invalid version %q - version may only contain alphanumeric, hyphens, or underscores. "+
|
|
|
|
"It must also be between 1 and 100 characters long.", s)
|
|
|
|
return errors.New(msg)
|
|
|
|
}
|
|
|
|
return nil
|
2019-06-24 04:39:22 +00:00
|
|
|
}
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
// ApplyPolicyPack enables a `PolicyPack` to the Pulumi organization. If policyGroup is not empty,
|
|
|
|
// it will enable the PolicyPack on the default PolicyGroup.
|
2020-02-25 01:11:56 +00:00
|
|
|
func (pc *Client) ApplyPolicyPack(ctx context.Context, orgName, policyGroup,
|
2023-03-03 16:36:39 +00:00
|
|
|
policyPackName, versionTag string, policyPackConfig map[string]*json.RawMessage,
|
|
|
|
) error {
|
2020-01-22 23:17:00 +00:00
|
|
|
// If a Policy Group was not specified, we use the default Policy Group.
|
2020-01-03 22:16:39 +00:00
|
|
|
if policyGroup == "" {
|
2020-01-22 23:17:00 +00:00
|
|
|
policyGroup = apitype.DefaultPolicyGroup
|
2020-01-03 22:16:39 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
req := apitype.UpdatePolicyGroupRequest{
|
|
|
|
AddPolicyPack: &apitype.PolicyPackMetadata{
|
2020-02-25 01:11:56 +00:00
|
|
|
Name: policyPackName,
|
|
|
|
VersionTag: versionTag,
|
2020-03-24 20:30:36 +00:00
|
|
|
Config: policyPackConfig,
|
2020-01-03 22:16:39 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
err := pc.restCall(ctx, http.MethodPatch, updatePolicyGroupPath(orgName, policyGroup), nil, req, nil)
|
2019-06-28 17:07:49 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return fmt.Errorf("Enable policy pack failed: %w", err)
|
2019-06-28 17:07:49 +00:00
|
|
|
}
|
2020-01-03 22:16:39 +00:00
|
|
|
return nil
|
|
|
|
}
|
2019-06-28 17:07:49 +00:00
|
|
|
|
2020-03-27 16:54:26 +00:00
|
|
|
// GetPolicyPackSchema gets Policy Pack config schema.
|
|
|
|
func (pc *Client) GetPolicyPackSchema(ctx context.Context, orgName,
|
2023-03-03 16:36:39 +00:00
|
|
|
policyPackName, versionTag string,
|
|
|
|
) (*apitype.GetPolicyPackConfigSchemaResponse, error) {
|
2020-03-27 16:54:26 +00:00
|
|
|
var resp apitype.GetPolicyPackConfigSchemaResponse
|
|
|
|
err := pc.restCall(ctx, http.MethodGet,
|
|
|
|
getPolicyPackConfigSchemaPath(orgName, policyPackName, versionTag), nil, nil, &resp)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return nil, fmt.Errorf("Retrieving policy pack config schema failed: %w", err)
|
2020-03-27 16:54:26 +00:00
|
|
|
}
|
|
|
|
return &resp, nil
|
|
|
|
}
|
|
|
|
|
2020-01-03 22:16:39 +00:00
|
|
|
// DisablePolicyPack disables a `PolicyPack` to the Pulumi organization. If policyGroup is not empty,
|
|
|
|
// it will disable the PolicyPack on the default PolicyGroup.
|
|
|
|
func (pc *Client) DisablePolicyPack(ctx context.Context, orgName string, policyGroup string,
|
2023-03-03 16:36:39 +00:00
|
|
|
policyPackName, versionTag string,
|
|
|
|
) error {
|
2020-01-03 22:16:39 +00:00
|
|
|
// If Policy Group was not specified, use the default Policy Group.
|
|
|
|
if policyGroup == "" {
|
|
|
|
policyGroup = apitype.DefaultPolicyGroup
|
|
|
|
}
|
|
|
|
|
|
|
|
req := apitype.UpdatePolicyGroupRequest{
|
|
|
|
RemovePolicyPack: &apitype.PolicyPackMetadata{
|
2020-02-25 01:11:56 +00:00
|
|
|
Name: policyPackName,
|
|
|
|
VersionTag: versionTag,
|
2020-01-03 22:16:39 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
err := pc.restCall(ctx, http.MethodPatch, updatePolicyGroupPath(orgName, policyGroup), nil, req, nil)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return fmt.Errorf("Request to disable policy pack failed: %w", err)
|
2020-01-03 22:16:39 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-01-27 18:35:34 +00:00
|
|
|
// RemovePolicyPack removes all versions of a `PolicyPack` from the Pulumi organization.
|
|
|
|
func (pc *Client) RemovePolicyPack(ctx context.Context, orgName string, policyPackName string) error {
|
|
|
|
path := deletePolicyPackPath(orgName, policyPackName)
|
|
|
|
err := pc.restCall(ctx, http.MethodDelete, path, nil, nil, nil)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return fmt.Errorf("Request to remove policy pack failed: %w", err)
|
2020-01-27 18:35:34 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// RemovePolicyPackByVersion removes a specific version of a `PolicyPack` from
|
|
|
|
// the Pulumi organization.
|
|
|
|
func (pc *Client) RemovePolicyPackByVersion(ctx context.Context, orgName string,
|
2023-03-03 16:36:39 +00:00
|
|
|
policyPackName string, versionTag string,
|
|
|
|
) error {
|
2020-02-25 01:11:56 +00:00
|
|
|
path := deletePolicyPackVersionPath(orgName, policyPackName, versionTag)
|
2020-01-03 22:16:39 +00:00
|
|
|
err := pc.restCall(ctx, http.MethodDelete, path, nil, nil, nil)
|
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return fmt.Errorf("Request to remove policy pack failed: %w", err)
|
2020-01-03 22:16:39 +00:00
|
|
|
}
|
2019-06-28 17:07:49 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2019-06-30 23:34:39 +00:00
|
|
|
// DownloadPolicyPack applies a `PolicyPack` to the Pulumi organization.
|
2020-12-20 20:54:11 +00:00
|
|
|
func (pc *Client) DownloadPolicyPack(ctx context.Context, url string) (io.ReadCloser, error) {
|
2019-08-07 17:54:46 +00:00
|
|
|
getS3Req, err := http.NewRequest(http.MethodGet, url, nil)
|
2019-06-30 23:34:39 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return nil, fmt.Errorf("Failed to download compressed PolicyPack: %w", err)
|
2019-06-30 23:34:39 +00:00
|
|
|
}
|
|
|
|
|
2022-03-04 23:51:01 +00:00
|
|
|
resp, err := pc.httpClient.Do(getS3Req)
|
2019-08-07 17:54:46 +00:00
|
|
|
if err != nil {
|
2021-11-13 02:37:17 +00:00
|
|
|
return nil, fmt.Errorf("Failed to download compressed PolicyPack: %w", err)
|
2019-08-07 17:54:46 +00:00
|
|
|
}
|
|
|
|
|
2024-06-03 09:34:55 +00:00
|
|
|
if resp.StatusCode != http.StatusOK {
|
|
|
|
return nil, fmt.Errorf("Failed to download compressed PolicyPack: %s", resp.Status)
|
|
|
|
}
|
|
|
|
|
2020-12-20 20:54:11 +00:00
|
|
|
return resp.Body, nil
|
2019-06-30 23:34:39 +00:00
|
|
|
}
|
|
|
|
|
2018-04-20 22:48:23 +00:00
|
|
|
// GetUpdateEvents returns all events, taking an optional continuation token from a previous call.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) GetUpdateEvents(ctx context.Context, update UpdateIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
continuationToken *string,
|
|
|
|
) (apitype.UpdateResults, error) {
|
2018-04-20 22:48:23 +00:00
|
|
|
path := getUpdatePath(update)
|
|
|
|
if continuationToken != nil {
|
2023-12-12 12:19:42 +00:00
|
|
|
path += "?continuationToken=" + *continuationToken
|
2018-04-20 22:48:23 +00:00
|
|
|
}
|
2018-03-21 17:33:34 +00:00
|
|
|
|
|
|
|
var results apitype.UpdateResults
|
2018-05-08 01:23:03 +00:00
|
|
|
if err := pc.restCall(ctx, "GET", path, nil, nil, &results); err != nil {
|
2018-03-21 17:33:34 +00:00
|
|
|
return apitype.UpdateResults{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return results, nil
|
|
|
|
}
|
2018-03-22 17:42:43 +00:00
|
|
|
|
|
|
|
// RenewUpdateLease renews the indicated update lease for the given duration.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) RenewUpdateLease(ctx context.Context, update UpdateIdentifier, token string,
|
2023-03-03 16:36:39 +00:00
|
|
|
duration time.Duration,
|
|
|
|
) (string, error) {
|
2018-03-22 17:42:43 +00:00
|
|
|
req := apitype.RenewUpdateLeaseRequest{
|
|
|
|
Duration: int(duration / time.Second),
|
|
|
|
}
|
|
|
|
var resp apitype.RenewUpdateLeaseResponse
|
2018-05-15 06:44:46 +00:00
|
|
|
|
|
|
|
// While renewing a lease uses POST, it is safe to send multiple requests (consider that we do this multiple times
|
|
|
|
// during a long running update). Since we would fail our update operation if we can't renew our lease, we'll retry
|
|
|
|
// these POST operations.
|
2019-11-05 21:32:31 +00:00
|
|
|
if err := pc.updateRESTCall(ctx, "POST", getUpdatePath(update, "renew_lease"), nil, req, &resp,
|
2023-06-20 16:45:29 +00:00
|
|
|
updateAccessToken(updateTokenStaticSource(token)), httpCallOptions{RetryPolicy: retryAllMethods}); err != nil {
|
2018-03-22 17:42:43 +00:00
|
|
|
return "", err
|
|
|
|
}
|
|
|
|
return resp.Token, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// InvalidateUpdateCheckpoint invalidates the checkpoint for the indicated update.
|
2023-03-01 22:23:20 +00:00
|
|
|
func (pc *Client) InvalidateUpdateCheckpoint(ctx context.Context, update UpdateIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
token UpdateTokenSource,
|
|
|
|
) error {
|
2018-03-22 17:42:43 +00:00
|
|
|
req := apitype.PatchUpdateCheckpointRequest{
|
|
|
|
IsInvalid: true,
|
|
|
|
}
|
2018-05-15 06:44:46 +00:00
|
|
|
|
|
|
|
// It is safe to retry this PATCH operation, because it is logically idempotent.
|
|
|
|
return pc.updateRESTCall(ctx, "PATCH", getUpdatePath(update, "checkpoint"), nil, req, nil,
|
2023-06-20 16:45:29 +00:00
|
|
|
updateAccessToken(token), httpCallOptions{RetryPolicy: retryAllMethods})
|
2018-03-22 17:42:43 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// PatchUpdateCheckpoint patches the checkpoint for the indicated update with the given contents.
|
Implement more precise delete-before-replace semantics. (#2369)
This implements the new algorithm for deciding which resources must be
deleted due to a delete-before-replace operation.
We need to compute the set of resources that may be replaced by a
change to the resource under consideration. We do this by taking the
complete set of transitive dependents on the resource under
consideration and removing any resources that would not be replaced by
changes to their dependencies. We determine whether or not a resource
may be replaced by substituting unknowns for input properties that may
change due to deletion of the resources their value depends on and
calling the resource provider's Diff method.
This is perhaps clearer when described by example. Consider the
following dependency graph:
A
__|__
B C
| _|_
D E F
In this graph, all of B, C, D, E, and F transitively depend on A. It may
be the case, however, that changes to the specific properties of any of
those resources R that would occur if a resource on the path to A were
deleted and recreated may not cause R to be replaced. For example, the
edge from B to A may be a simple dependsOn edge such that a change to
B does not actually influence any of B's input properties. In that case,
neither B nor D would need to be deleted before A could be deleted.
In order to make the above algorithm a reality, the resource monitor
interface has been updated to include a map that associates an input
property key with the list of resources that input property depends on.
Older clients of the resource monitor will leave this map empty, in
which case all input properties will be treated as depending on all
dependencies of the resource. This is probably overly conservative, but
it is less conservative than what we currently implement, and is
certainly correct.
2019-01-28 17:46:30 +00:00
|
|
|
func (pc *Client) PatchUpdateCheckpoint(ctx context.Context, update UpdateIdentifier, deployment *apitype.DeploymentV3,
|
2023-03-03 16:36:39 +00:00
|
|
|
token UpdateTokenSource,
|
|
|
|
) error {
|
2018-07-27 21:22:16 +00:00
|
|
|
rawDeployment, err := json.Marshal(deployment)
|
2018-04-17 22:58:20 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-03-22 17:42:43 +00:00
|
|
|
req := apitype.PatchUpdateCheckpointRequest{
|
Implement more precise delete-before-replace semantics. (#2369)
This implements the new algorithm for deciding which resources must be
deleted due to a delete-before-replace operation.
We need to compute the set of resources that may be replaced by a
change to the resource under consideration. We do this by taking the
complete set of transitive dependents on the resource under
consideration and removing any resources that would not be replaced by
changes to their dependencies. We determine whether or not a resource
may be replaced by substituting unknowns for input properties that may
change due to deletion of the resources their value depends on and
calling the resource provider's Diff method.
This is perhaps clearer when described by example. Consider the
following dependency graph:
A
__|__
B C
| _|_
D E F
In this graph, all of B, C, D, E, and F transitively depend on A. It may
be the case, however, that changes to the specific properties of any of
those resources R that would occur if a resource on the path to A were
deleted and recreated may not cause R to be replaced. For example, the
edge from B to A may be a simple dependsOn edge such that a change to
B does not actually influence any of B's input properties. In that case,
neither B nor D would need to be deleted before A could be deleted.
In order to make the above algorithm a reality, the resource monitor
interface has been updated to include a map that associates an input
property key with the list of resources that input property depends on.
Older clients of the resource monitor will leave this map empty, in
which case all input properties will be treated as depending on all
dependencies of the resource. This is probably overly conservative, but
it is less conservative than what we currently implement, and is
certainly correct.
2019-01-28 17:46:30 +00:00
|
|
|
Version: 3,
|
2018-04-17 22:58:20 +00:00
|
|
|
Deployment: rawDeployment,
|
2018-03-22 17:42:43 +00:00
|
|
|
}
|
2018-05-15 06:44:46 +00:00
|
|
|
|
|
|
|
// It is safe to retry this PATCH operation, because it is logically idempotent, since we send the entire
|
|
|
|
// deployment instead of a set of changes to apply.
|
|
|
|
return pc.updateRESTCall(ctx, "PATCH", getUpdatePath(update, "checkpoint"), nil, req, nil,
|
2023-06-20 16:45:29 +00:00
|
|
|
updateAccessToken(token), httpCallOptions{RetryPolicy: retryAllMethods, GzipCompress: true})
|
2018-03-22 17:42:43 +00:00
|
|
|
}
|
|
|
|
|
2022-09-19 16:44:37 +00:00
|
|
|
// PatchUpdateCheckpointVerbatim is a variant of PatchUpdateCheckpoint that preserves JSON indentation of the
|
|
|
|
// UntypedDeployment transferred over the wire.
|
|
|
|
func (pc *Client) PatchUpdateCheckpointVerbatim(ctx context.Context, update UpdateIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
sequenceNumber int, untypedDeploymentBytes json.RawMessage, token UpdateTokenSource,
|
|
|
|
) error {
|
2022-09-19 16:44:37 +00:00
|
|
|
req := apitype.PatchUpdateVerbatimCheckpointRequest{
|
|
|
|
Version: 3,
|
|
|
|
UntypedDeployment: untypedDeploymentBytes,
|
|
|
|
SequenceNumber: sequenceNumber,
|
|
|
|
}
|
|
|
|
|
|
|
|
reqPayload, err := marshalVerbatimCheckpointRequest(req)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
// It is safe to retry this PATCH operation, because it is logically idempotent, since we send the entire
|
|
|
|
// deployment instead of a set of changes to apply.
|
|
|
|
return pc.updateRESTCall(ctx, "PATCH", getUpdatePath(update, "checkpointverbatim"), nil, reqPayload, nil,
|
2023-06-20 16:45:29 +00:00
|
|
|
updateAccessToken(token), httpCallOptions{RetryPolicy: retryAllMethods, GzipCompress: true})
|
2022-09-19 16:44:37 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// PatchUpdateCheckpointDelta patches the checkpoint for the indicated update with the given contents, just like
|
|
|
|
// PatchUpdateCheckpoint. Unlike PatchUpdateCheckpoint, it uses a text diff-based protocol to conserve bandwidth on
|
|
|
|
// large stack states.
|
|
|
|
func (pc *Client) PatchUpdateCheckpointDelta(ctx context.Context, update UpdateIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
sequenceNumber int, checkpointHash string, deploymentDelta json.RawMessage, token UpdateTokenSource,
|
|
|
|
) error {
|
2022-09-19 16:44:37 +00:00
|
|
|
req := apitype.PatchUpdateCheckpointDeltaRequest{
|
|
|
|
Version: 3,
|
|
|
|
CheckpointHash: checkpointHash,
|
|
|
|
SequenceNumber: sequenceNumber,
|
|
|
|
DeploymentDelta: deploymentDelta,
|
|
|
|
}
|
|
|
|
|
|
|
|
// It is safe to retry because SequenceNumber serves as an idempotency key.
|
|
|
|
return pc.updateRESTCall(ctx, "PATCH", getUpdatePath(update, "checkpointdelta"), nil, req, nil,
|
2023-06-20 16:45:29 +00:00
|
|
|
updateAccessToken(token), httpCallOptions{RetryPolicy: retryAllMethods, GzipCompress: true})
|
2022-09-19 16:44:37 +00:00
|
|
|
}
|
|
|
|
|
2018-04-19 17:09:32 +00:00
|
|
|
// CancelUpdate cancels the indicated update.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) CancelUpdate(ctx context.Context, update UpdateIdentifier) error {
|
2018-05-15 06:44:46 +00:00
|
|
|
// It is safe to retry this PATCH operation, because it is logically idempotent.
|
|
|
|
return pc.restCallWithOptions(ctx, "POST", getUpdatePath(update, "cancel"), nil, nil, nil,
|
2023-06-20 16:45:29 +00:00
|
|
|
httpCallOptions{RetryPolicy: retryAllMethods})
|
2018-04-19 17:09:32 +00:00
|
|
|
}
|
|
|
|
|
2018-03-22 17:42:43 +00:00
|
|
|
// CompleteUpdate completes the indicated update with the given status.
|
2018-05-08 01:23:03 +00:00
|
|
|
func (pc *Client) CompleteUpdate(ctx context.Context, update UpdateIdentifier, status apitype.UpdateStatus,
|
2023-03-03 16:36:39 +00:00
|
|
|
token UpdateTokenSource,
|
|
|
|
) error {
|
2018-03-22 17:42:43 +00:00
|
|
|
req := apitype.CompleteUpdateRequest{
|
|
|
|
Status: status,
|
|
|
|
}
|
2018-05-15 06:44:46 +00:00
|
|
|
|
|
|
|
// It is safe to retry this PATCH operation, because it is logically idempotent.
|
|
|
|
return pc.updateRESTCall(ctx, "POST", getUpdatePath(update, "complete"), nil, req, nil,
|
2023-06-20 16:45:29 +00:00
|
|
|
updateAccessToken(token), httpCallOptions{RetryPolicy: retryAllMethods})
|
2018-03-22 17:42:43 +00:00
|
|
|
}
|
|
|
|
|
2022-10-25 21:44:42 +00:00
|
|
|
// GetUpdateEngineEvents returns the engine events for an update.
|
|
|
|
func (pc *Client) GetUpdateEngineEvents(ctx context.Context, update UpdateIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
continuationToken *string,
|
|
|
|
) (apitype.GetUpdateEventsResponse, error) {
|
2022-10-25 21:44:42 +00:00
|
|
|
path := getUpdatePath(update, "events")
|
|
|
|
if continuationToken != nil {
|
2023-12-12 12:19:42 +00:00
|
|
|
path += "?continuationToken=" + *continuationToken
|
2022-10-25 21:44:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var resp apitype.GetUpdateEventsResponse
|
|
|
|
if err := pc.restCall(ctx, "GET", path, nil, nil, &resp); err != nil {
|
|
|
|
return apitype.GetUpdateEventsResponse{}, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return resp, nil
|
|
|
|
}
|
|
|
|
|
2019-06-28 16:40:21 +00:00
|
|
|
// RecordEngineEvents posts a batch of engine events to the Pulumi service.
|
|
|
|
func (pc *Client) RecordEngineEvents(
|
2023-03-03 16:36:39 +00:00
|
|
|
ctx context.Context, update UpdateIdentifier, batch apitype.EngineEventBatch, token UpdateTokenSource,
|
|
|
|
) error {
|
2018-12-04 22:46:32 +00:00
|
|
|
callOpts := httpCallOptions{
|
2023-06-20 16:45:29 +00:00
|
|
|
GzipCompress: true,
|
|
|
|
RetryPolicy: retryAllMethods,
|
2018-12-04 22:46:32 +00:00
|
|
|
}
|
2018-11-09 18:01:29 +00:00
|
|
|
return pc.updateRESTCall(
|
2019-06-28 16:40:21 +00:00
|
|
|
ctx, "POST", getUpdatePath(update, "events/batch"),
|
|
|
|
nil, batch, nil,
|
2018-12-04 22:46:32 +00:00
|
|
|
updateAccessToken(token), callOpts)
|
2018-11-09 18:01:29 +00:00
|
|
|
}
|
2019-01-04 21:23:47 +00:00
|
|
|
|
|
|
|
// UpdateStackTags updates the stacks's tags, replacing all existing tags.
|
|
|
|
func (pc *Client) UpdateStackTags(
|
2023-03-03 16:36:39 +00:00
|
|
|
ctx context.Context, stack StackIdentifier, tags map[apitype.StackTagName]string,
|
|
|
|
) error {
|
2019-01-04 21:23:47 +00:00
|
|
|
// Validate stack tags.
|
2019-04-26 18:43:16 +00:00
|
|
|
if err := validation.ValidateStackTags(tags); err != nil {
|
2019-01-04 21:23:47 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return pc.restCall(ctx, "PATCH", getStackPath(stack, "tags"), nil, tags, nil)
|
|
|
|
}
|
2022-10-25 21:44:42 +00:00
|
|
|
|
2024-06-13 19:49:49 +00:00
|
|
|
func (pc *Client) UpdateStackDeploymentSettings(ctx context.Context, stack StackIdentifier,
|
|
|
|
deployment apitype.DeploymentSettings,
|
|
|
|
) error {
|
|
|
|
return pc.restCall(ctx, "PUT", getStackPath(stack, "deployments", "settings"), nil, deployment, nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) EncryptStackDeploymentSettingsSecret(ctx context.Context,
|
|
|
|
stack StackIdentifier, secret string,
|
2024-07-03 20:24:26 +00:00
|
|
|
) (*apitype.SecretValue, error) {
|
2024-06-13 19:49:49 +00:00
|
|
|
request := apitype.SecretValue{Value: secret}
|
|
|
|
response := apitype.SecretValue{}
|
|
|
|
err := pc.restCall(ctx, "POST", getStackPath(stack, "deployments", "settings", "encrypt"), nil, &request, &response)
|
|
|
|
if err != nil {
|
2024-07-03 20:24:26 +00:00
|
|
|
return nil, err
|
2024-06-13 19:49:49 +00:00
|
|
|
}
|
|
|
|
|
2024-07-03 20:24:26 +00:00
|
|
|
return &response, nil
|
2024-06-13 19:49:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) DestroyStackDeploymentSettings(ctx context.Context, stack StackIdentifier) error {
|
|
|
|
return pc.restCall(ctx, "DELETE", getStackPath(stack, "deployments", "settings"), nil, nil, nil)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) GetStackDeploymentSettings(ctx context.Context,
|
|
|
|
stack StackIdentifier,
|
|
|
|
) (*apitype.DeploymentSettings, error) {
|
|
|
|
var response apitype.DeploymentSettings
|
|
|
|
|
|
|
|
err := pc.restCall(ctx, "GET", getStackPath(stack, "deployments", "settings"), nil, nil, &response)
|
|
|
|
|
|
|
|
return &response, err
|
|
|
|
}
|
|
|
|
|
2022-10-25 21:44:42 +00:00
|
|
|
func getDeploymentPath(stack StackIdentifier, components ...string) string {
|
2024-04-16 23:23:56 +00:00
|
|
|
prefix := fmt.Sprintf("/api/stacks/%s/%s/%s/deployments", stack.Owner, stack.Project, stack.Stack)
|
2022-10-25 21:44:42 +00:00
|
|
|
return path.Join(append([]string{prefix}, components...)...)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) CreateDeployment(ctx context.Context, stack StackIdentifier,
|
2024-02-20 04:00:01 +00:00
|
|
|
req apitype.CreateDeploymentRequest, deploymentInitiator string,
|
2023-03-03 16:36:39 +00:00
|
|
|
) (*apitype.CreateDeploymentResponse, error) {
|
2022-10-25 21:44:42 +00:00
|
|
|
var resp apitype.CreateDeploymentResponse
|
2024-02-20 04:00:01 +00:00
|
|
|
err := pc.restCallWithOptions(ctx, http.MethodPost, getDeploymentPath(stack), nil, req, &resp, httpCallOptions{
|
|
|
|
Header: map[string][]string{
|
|
|
|
"X-Pulumi-Deployment-Initiator": {deploymentInitiator},
|
|
|
|
},
|
|
|
|
})
|
2022-10-25 21:44:42 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("creating deployment failed: %w", err)
|
|
|
|
}
|
|
|
|
return &resp, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) GetDeploymentLogs(ctx context.Context, stack StackIdentifier, id,
|
2023-03-03 16:36:39 +00:00
|
|
|
token string,
|
|
|
|
) (*apitype.DeploymentLogs, error) {
|
2023-12-12 12:19:42 +00:00
|
|
|
path := getDeploymentPath(stack, id, "logs?continuationToken="+token)
|
2022-10-25 21:44:42 +00:00
|
|
|
var resp apitype.DeploymentLogs
|
|
|
|
err := pc.restCall(ctx, http.MethodGet, path, nil, nil, &resp)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("getting deployment %s logs failed: %w", id, err)
|
|
|
|
}
|
|
|
|
return &resp, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) GetDeploymentUpdates(ctx context.Context, stack StackIdentifier,
|
2023-03-03 16:36:39 +00:00
|
|
|
id string,
|
|
|
|
) ([]apitype.GetDeploymentUpdatesUpdateInfo, error) {
|
2022-10-25 21:44:42 +00:00
|
|
|
path := getDeploymentPath(stack, id, "updates")
|
|
|
|
var resp []apitype.GetDeploymentUpdatesUpdateInfo
|
|
|
|
err := pc.restCall(ctx, http.MethodGet, path, nil, nil, &resp)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("getting deployment %s updates failed: %w", id, err)
|
|
|
|
}
|
|
|
|
return resp, nil
|
|
|
|
}
|
2022-11-21 16:26:09 +00:00
|
|
|
|
|
|
|
func (pc *Client) GetCapabilities(ctx context.Context) (*apitype.CapabilitiesResponse, error) {
|
2022-11-22 16:47:45 +00:00
|
|
|
if pc.DisableCapabilityProbing {
|
|
|
|
return &apitype.CapabilitiesResponse{}, nil
|
|
|
|
}
|
|
|
|
|
2022-11-21 16:26:09 +00:00
|
|
|
var resp apitype.CapabilitiesResponse
|
|
|
|
err := pc.restCall(ctx, http.MethodGet, "/api/capabilities", nil, nil, &resp)
|
|
|
|
if is404(err) {
|
|
|
|
// The client continues to support legacy backends. They do not support /api/capabilities and are
|
|
|
|
// assumed here to have no additional capabilities.
|
|
|
|
return &apitype.CapabilitiesResponse{}, nil
|
|
|
|
}
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("querying capabilities failed: %w", err)
|
|
|
|
}
|
|
|
|
return &resp, nil
|
|
|
|
}
|
|
|
|
|
2023-08-21 15:06:46 +00:00
|
|
|
func getSearchPath(orgName string) string {
|
|
|
|
return fmt.Sprintf("/api/orgs/%s/search/resources", url.PathEscape(orgName))
|
|
|
|
}
|
|
|
|
|
|
|
|
func getNaturalLanguageSearchPath(orgName string) string {
|
|
|
|
return fmt.Sprintf("/api/orgs/%s/search/resources/parse", url.PathEscape(orgName))
|
|
|
|
}
|
|
|
|
|
2023-09-11 16:33:56 +00:00
|
|
|
func getPulumiOrgSearchPath(baseURL string, orgName string) string {
|
|
|
|
return fmt.Sprintf("%s/%s/resources", baseURL, url.PathEscape(orgName))
|
|
|
|
}
|
|
|
|
|
2023-08-21 15:06:46 +00:00
|
|
|
// Pulumi Cloud Search Functions
|
|
|
|
func (pc *Client) GetSearchQueryResults(
|
2023-09-11 16:33:56 +00:00
|
|
|
ctx context.Context, orgName string, queryParams *apitype.PulumiQueryRequest, baseURL string,
|
2023-08-21 15:06:46 +00:00
|
|
|
) (*apitype.ResourceSearchResponse, error) {
|
|
|
|
var resp apitype.ResourceSearchResponse
|
|
|
|
err := pc.restCall(ctx, http.MethodGet, getSearchPath(orgName), queryParams, nil, &resp)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("querying search failed: %w", err)
|
|
|
|
}
|
2023-09-11 16:33:56 +00:00
|
|
|
resp.URL = fmt.Sprintf("%s?query=%s", getPulumiOrgSearchPath(baseURL, orgName), url.QueryEscape(queryParams.Query))
|
2023-08-21 15:06:46 +00:00
|
|
|
return &resp, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (pc *Client) GetNaturalLanguageQueryResults(
|
|
|
|
ctx context.Context, orgName string, queryString string,
|
|
|
|
) (*apitype.PulumiQueryResponse, error) {
|
|
|
|
var resp apitype.PulumiQueryResponse
|
|
|
|
queryParamObject := apitype.PulumiQueryRequest{
|
|
|
|
Query: queryString,
|
|
|
|
}
|
|
|
|
err := pc.restCall(ctx, http.MethodGet, getNaturalLanguageSearchPath(orgName), queryParamObject, nil, &resp)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("querying search failed: %w", err)
|
|
|
|
}
|
|
|
|
return &resp, nil
|
|
|
|
}
|
|
|
|
|
2022-11-21 16:26:09 +00:00
|
|
|
func is404(err error) bool {
|
|
|
|
if err == nil {
|
|
|
|
return false
|
|
|
|
}
|
2022-11-22 16:51:47 +00:00
|
|
|
var errResp *apitype.ErrorResponse
|
|
|
|
if errors.As(err, &errResp) && errResp.Code == http.StatusNotFound {
|
2022-11-21 16:26:09 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
return false
|
|
|
|
}
|
Adds Pulumi AI integrations with Pulumi New (#14685)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Now that we support .zip archive sources for Pulumi New, we have all of
the API surface we need to provide a full Pulumi New experience using
Pulumi AI. This PR introduces a few modes of interacting with Pulumi AI
to generate Pulumi projects.
- The default `pulumi new` experience now begins with a choice between
`ai` and `template` modes - the `template` mode represents the current
state of running `pulumi new`, while `ai` provides an interactive
experience with Pulumi AI.
- The user can iteratively ask questions to improve or change the
resulting program - each time a prompt is completed, they are asked to
`refine`, `no`, or `yes` their session - `refine` allows a follow-on
prompt to be submitted. `no` ends the session without generating a
pulumi project, and `yes` generates a Pulumi project from the most
recent program returned by Pulumi AI.
- Additionally, top-level flags, `--ai` and `--language` are provided to
fill in default values for the AI mode. When a prompt is provided with a
language, it is automatically submitted to Pulumi AI - if either is
missing, the user is prompted for whichever value is missing.
Fixes https://github.com/pulumi/pulumi.ai/issues/441
Fixes https://github.com/pulumi/pulumi.ai/issues/443
Fixes https://github.com/pulumi/pulumi.ai/issues/444
Depends on https://github.com/pulumi/pulumi.ai/pull/472
Depends on https://github.com/pulumi/pulumi.ai/pull/507
Depends on https://github.com/pulumi/pulumi.ai/pull/508
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
---------
Co-authored-by: Aaron Friel <mayreply@aaronfriel.com>
2023-12-20 22:08:09 +00:00
|
|
|
|
|
|
|
// SubmitAIPrompt sends the user's prompt to the Pulumi Service and streams back the response.
|
|
|
|
func (pc *Client) SubmitAIPrompt(ctx context.Context, requestBody interface{}) (*http.Response, error) {
|
|
|
|
url, err := url.Parse(pc.apiURL + getAIPromptPath())
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
marshalledBody, err := json.Marshal(requestBody)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
request, err := http.NewRequestWithContext(ctx, http.MethodPost, url.String(), bytes.NewReader(marshalledBody))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
request.Header.Add("Authorization", fmt.Sprintf("token %s", pc.apiToken))
|
|
|
|
res, err := pc.do(ctx, request)
|
|
|
|
return res, err
|
|
|
|
}
|