Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
// Copyright 2016-2023, Pulumi Corporation.
|
2022-11-03 20:30:35 +00:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
//go:build all
|
2017-11-16 15:49:07 +00:00
|
|
|
|
|
|
|
package ints
|
|
|
|
|
|
|
|
import (
|
2021-10-26 23:21:27 +00:00
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
2018-02-22 20:52:50 +00:00
|
|
|
"fmt"
|
2020-09-30 21:09:20 +00:00
|
|
|
"os"
|
2017-12-11 22:41:57 +00:00
|
|
|
"path/filepath"
|
2023-04-27 08:13:08 +00:00
|
|
|
"strings"
|
2017-11-16 15:49:07 +00:00
|
|
|
"testing"
|
2021-11-15 23:42:04 +00:00
|
|
|
|
2021-05-19 14:11:18 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2023-04-11 13:16:00 +00:00
|
|
|
"github.com/stretchr/testify/require"
|
2021-05-19 14:11:18 +00:00
|
|
|
|
2022-01-05 20:04:39 +00:00
|
|
|
"github.com/pulumi/pulumi/pkg/v3/resource/deploy/providers"
|
2021-03-17 13:20:05 +00:00
|
|
|
"github.com/pulumi/pulumi/pkg/v3/testing/integration"
|
2022-11-03 20:30:35 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/apitype"
|
2023-04-05 18:43:12 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
|
2021-03-17 13:20:05 +00:00
|
|
|
ptesting "github.com/pulumi/pulumi/sdk/v3/go/common/testing"
|
2023-04-05 18:43:12 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
|
2023-04-27 08:13:08 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
|
2021-03-17 13:20:05 +00:00
|
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
|
2017-11-16 15:49:07 +00:00
|
|
|
)
|
|
|
|
|
2018-04-11 17:08:32 +00:00
|
|
|
// TestStackTagValidation verifies various error scenarios related to stack names and tags.
|
|
|
|
func TestStackTagValidation(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2018-04-11 17:08:32 +00:00
|
|
|
t.Run("Error_StackName", func(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
2018-04-11 17:08:32 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
e.RunCommand("git", "init")
|
|
|
|
|
|
|
|
e.ImportDirectory("stack_project_name")
|
Remove the need to `pulumi init` for the local backend
This change removes the need to `pulumi init` when targeting the local
backend. A fair amount of the change lays the foundation that the next
set of changes to stop having `pulumi init` be used for cloud stacks
as well.
Previously, `pulumi init` logically did two things:
1. It created the bookkeeping directory for local stacks, this was
stored in `<repository-root>/.pulumi`, where `<repository-root>` was
the path to what we belived the "root" of your project was. In the
case of git repositories, this was the directory that contained your
`.git` folder.
2. It recorded repository information in
`<repository-root>/.pulumi/repository.json`. This was used by the
cloud backend when computing what project to interact with on
Pulumi.com
The new identity model will remove the need for (2), since we only
need an owner and stack name to fully qualify a stack on
pulumi.com, so it's easy enough to stop creating a folder just for
that.
However, for the local backend, we need to continue to retain some
information about stacks (e.g. checkpoints, history, etc). In
addition, we need to store our workspace settings (which today just
contains the selected stack) somehere.
For state stored by the local backend, we change the URL scheme from
`local://` to `local://<optional-root-path>`. When
`<optional-root-path>` is unset, it defaults to `$HOME`. We create our
`.pulumi` folder in that directory. This is important because stack
names now must be unique within the backend, but we have some tests
using local stacks which use fixed stack names, so each integration
test really wants its own "view" of the world.
For the workspace settings, we introduce a new `workspaces` directory
in `~/.pulumi`. In this folder we write the workspace settings file
for each project. The file name is the name of the project, combined
with the SHA1 of the path of the project file on disk, to ensure that
multiple pulumi programs with the same project name have different
workspace settings.
This does mean that moving a project's location on disk will cause the
CLI to "forget" what the selected stack was, which is unfortunate, but
not the end of the world. If this ends up being a big pain point, we
can certianly try to play games in the future (for example, if we saw
a .git folder in a parent folder, we could store data in there).
With respect to compatibility, we don't attempt to migrate older files
to their newer locations. For long lived stacks managed using the
local backend, we can provide information on where to move things
to. For all stacks (regardless of backend) we'll require the user to
`pulumi stack select` their stack again, but that seems like the
correct trade-off vs writing complicated upgrade code.
2018-04-16 23:15:10 +00:00
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
2018-04-11 17:08:32 +00:00
|
|
|
|
|
|
|
stdout, stderr := e.RunCommandExpectError("pulumi", "stack", "init", "invalid name (spaces, parens, etc.)")
|
|
|
|
assert.Equal(t, "", stdout)
|
2022-09-12 15:42:38 +00:00
|
|
|
assert.Contains(t, stderr,
|
Add tokens.StackName (#14487)
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-11-15 07:44:54 +00:00
|
|
|
"a stack name may only contain alphanumeric, hyphens, underscores, or periods")
|
2018-04-11 17:08:32 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
t.Run("Error_DescriptionLength", func(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
2023-05-10 16:12:55 +00:00
|
|
|
|
|
|
|
// This test requires the service, as only the service supports stack tags.
|
|
|
|
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
|
|
|
|
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
|
|
|
|
}
|
|
|
|
if os.Getenv("PULUMI_TEST_OWNER") == "" {
|
|
|
|
t.Skipf("Skipping: PULUMI_TEST_OWNER is not set")
|
|
|
|
}
|
|
|
|
|
2018-04-11 17:08:32 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
2023-05-10 16:12:55 +00:00
|
|
|
stackName, err := resource.NewUniqueHex("test-", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
2018-04-11 17:08:32 +00:00
|
|
|
|
2023-05-10 16:12:55 +00:00
|
|
|
e.RunCommand("git", "init")
|
2018-04-11 17:08:32 +00:00
|
|
|
e.ImportDirectory("stack_project_name")
|
|
|
|
|
|
|
|
prefix := "lorem ipsum dolor sit amet" // 26
|
|
|
|
prefix = prefix + prefix + prefix + prefix // 104
|
|
|
|
prefix = prefix + prefix + prefix + prefix // 416 + the current Pulumi.yaml's description
|
|
|
|
|
|
|
|
// Change the contents of the Description property of Pulumi.yaml.
|
2019-12-13 12:58:52 +00:00
|
|
|
yamlPath := filepath.Join(e.CWD, "Pulumi.yaml")
|
2023-05-10 16:12:55 +00:00
|
|
|
err = integration.ReplaceInFile("description: ", "description: "+prefix, yamlPath)
|
2018-04-11 17:08:32 +00:00
|
|
|
assert.NoError(t, err)
|
|
|
|
|
2023-05-10 16:12:55 +00:00
|
|
|
stdout, stderr := e.RunCommandExpectError("pulumi", "stack", "init", stackName)
|
2018-04-11 17:08:32 +00:00
|
|
|
assert.Equal(t, "", stdout)
|
|
|
|
assert.Contains(t, stderr, "error: could not create stack:")
|
|
|
|
assert.Contains(t, stderr, "validating stack properties:")
|
2018-05-29 20:52:11 +00:00
|
|
|
assert.Contains(t, stderr, "stack tag \"pulumi:description\" value is too long (max length 256 characters)")
|
2018-04-11 17:08:32 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2021-10-26 15:55:52 +00:00
|
|
|
// TestStackInitValidation verifies various error scenarios related to init'ing a stack.
|
|
|
|
func TestStackInitValidation(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2021-10-26 15:55:52 +00:00
|
|
|
t.Run("Error_InvalidStackYaml", func(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
2021-10-26 15:55:52 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
e.RunCommand("git", "init")
|
|
|
|
|
|
|
|
e.ImportDirectory("stack_project_name")
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
|
|
|
|
// Starting a yaml value with a quote string and then more data is invalid
|
|
|
|
invalidYaml := "\"this is invalid\" yaml because of trailing data after quote string"
|
|
|
|
|
|
|
|
// Change the contents of the Description property of Pulumi.yaml.
|
|
|
|
yamlPath := filepath.Join(e.CWD, "Pulumi.yaml")
|
|
|
|
err := integration.ReplaceInFile("description: ", "description: "+invalidYaml, yamlPath)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
stdout, stderr := e.RunCommandExpectError("pulumi", "stack", "init", "valid-name")
|
|
|
|
assert.Equal(t, "", stdout)
|
2022-09-27 12:33:53 +00:00
|
|
|
assert.Contains(t, stderr, "invalid YAML file")
|
2021-10-26 15:55:52 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
// TestConfigPaths ensures that config commands with paths work as expected.
|
|
|
|
func TestConfigPaths(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
// Initialize an empty stack.
|
|
|
|
path := filepath.Join(e.RootPath, "Pulumi.yaml")
|
|
|
|
err := (&workspace.Project{
|
|
|
|
Name: "testing-config",
|
|
|
|
Runtime: workspace.NewProjectRuntimeInfo("nodejs", nil),
|
|
|
|
}).Save(path)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
e.RunCommand("pulumi", "stack", "init", "testing")
|
|
|
|
|
|
|
|
namespaces := []string{"", "my:"}
|
|
|
|
|
|
|
|
tests := []struct {
|
|
|
|
Key string
|
|
|
|
Value string
|
|
|
|
Secret bool
|
|
|
|
Path bool
|
|
|
|
TopLevelKey string
|
|
|
|
TopLevelExpectedValue string
|
|
|
|
}{
|
|
|
|
{
|
|
|
|
Key: "aConfigValue",
|
|
|
|
Value: "this value is a value",
|
|
|
|
TopLevelKey: "aConfigValue",
|
|
|
|
TopLevelExpectedValue: "this value is a value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "anotherConfigValue",
|
|
|
|
Value: "this value is another value",
|
|
|
|
TopLevelKey: "anotherConfigValue",
|
|
|
|
TopLevelExpectedValue: "this value is another value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bEncryptedSecret",
|
|
|
|
Value: "this super secret is encrypted",
|
|
|
|
Secret: true,
|
|
|
|
TopLevelKey: "bEncryptedSecret",
|
|
|
|
TopLevelExpectedValue: "this super secret is encrypted",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "anotherEncryptedSecret",
|
|
|
|
Value: "another encrypted secret",
|
|
|
|
Secret: true,
|
|
|
|
TopLevelKey: "anotherEncryptedSecret",
|
|
|
|
TopLevelExpectedValue: "another encrypted secret",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "[]",
|
|
|
|
Value: "square brackets value",
|
|
|
|
TopLevelKey: "[]",
|
|
|
|
TopLevelExpectedValue: "square brackets value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "x.y",
|
|
|
|
Value: "x.y value",
|
|
|
|
TopLevelKey: "x.y",
|
|
|
|
TopLevelExpectedValue: "x.y value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "0",
|
|
|
|
Value: "0 value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "0",
|
|
|
|
TopLevelExpectedValue: "0 value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "true",
|
|
|
|
Value: "value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "true",
|
|
|
|
TopLevelExpectedValue: "value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: `["test.Key"]`,
|
|
|
|
Value: "test key value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "test.Key",
|
|
|
|
TopLevelExpectedValue: "test key value",
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: `nested["test.Key"]`,
|
|
|
|
Value: "nested test key value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "nested",
|
|
|
|
TopLevelExpectedValue: `{"test.Key":"nested test key value"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "outer.inner",
|
|
|
|
Value: "value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "outer",
|
|
|
|
TopLevelExpectedValue: `{"inner":"value"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "names[0]",
|
|
|
|
Value: "a",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "names",
|
|
|
|
TopLevelExpectedValue: `["a"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "names[1]",
|
|
|
|
Value: "b",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "names",
|
|
|
|
TopLevelExpectedValue: `["a","b"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "names[2]",
|
|
|
|
Value: "c",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "names",
|
|
|
|
TopLevelExpectedValue: `["a","b","c"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "names[3]",
|
|
|
|
Value: "super secret name",
|
|
|
|
Path: true,
|
|
|
|
Secret: true,
|
|
|
|
TopLevelKey: "names",
|
|
|
|
TopLevelExpectedValue: `["a","b","c","super secret name"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "servers[0].port",
|
|
|
|
Value: "80",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "servers",
|
|
|
|
TopLevelExpectedValue: `[{"port":80}]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "servers[0].host",
|
|
|
|
Value: "example",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "servers",
|
|
|
|
TopLevelExpectedValue: `[{"host":"example","port":80}]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "a.b[0].c",
|
|
|
|
Value: "true",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "a",
|
|
|
|
TopLevelExpectedValue: `{"b":[{"c":true}]}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "a.b[1].c",
|
|
|
|
Value: "false",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "a",
|
|
|
|
TopLevelExpectedValue: `{"b":[{"c":true},{"c":false}]}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "tokens[0]",
|
|
|
|
Value: "shh",
|
|
|
|
Path: true,
|
|
|
|
Secret: true,
|
|
|
|
TopLevelKey: "tokens",
|
|
|
|
TopLevelExpectedValue: `["shh"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo.bar",
|
|
|
|
Value: "don't tell",
|
|
|
|
Path: true,
|
|
|
|
Secret: true,
|
|
|
|
TopLevelKey: "foo",
|
|
|
|
TopLevelExpectedValue: `{"bar":"don't tell"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "semiInner.a.b.c.d",
|
|
|
|
Value: "1",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "semiInner",
|
|
|
|
TopLevelExpectedValue: `{"a":{"b":{"c":{"d":1}}}}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "wayInner.a.b.c.d.e.f.g.h.i.j.k",
|
|
|
|
Value: "false",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "wayInner",
|
|
|
|
TopLevelExpectedValue: `{"a":{"b":{"c":{"d":{"e":{"f":{"g":{"h":{"i":{"j":{"k":false}}}}}}}}}}}`,
|
|
|
|
},
|
2020-04-14 19:40:22 +00:00
|
|
|
{
|
|
|
|
Key: "foo1[0]",
|
|
|
|
Value: "false",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo1",
|
|
|
|
TopLevelExpectedValue: `[false]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo2[0]",
|
|
|
|
Value: "true",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo2",
|
|
|
|
TopLevelExpectedValue: `[true]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo3[0]",
|
|
|
|
Value: "10",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo3",
|
|
|
|
TopLevelExpectedValue: `[10]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo4[0]",
|
|
|
|
Value: "0",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo4",
|
|
|
|
TopLevelExpectedValue: `[0]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo5[0]",
|
|
|
|
Value: "00",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo5",
|
|
|
|
TopLevelExpectedValue: `["00"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo6[0]",
|
|
|
|
Value: "01",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo6",
|
|
|
|
TopLevelExpectedValue: `["01"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "foo7[0]",
|
|
|
|
Value: "0123456",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "foo7",
|
|
|
|
TopLevelExpectedValue: `["0123456"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar1.inner",
|
|
|
|
Value: "false",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar1",
|
|
|
|
TopLevelExpectedValue: `{"inner":false}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar2.inner",
|
|
|
|
Value: "true",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar2",
|
|
|
|
TopLevelExpectedValue: `{"inner":true}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar3.inner",
|
|
|
|
Value: "10",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar3",
|
|
|
|
TopLevelExpectedValue: `{"inner":10}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar4.inner",
|
|
|
|
Value: "0",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar4",
|
|
|
|
TopLevelExpectedValue: `{"inner":0}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar5.inner",
|
|
|
|
Value: "00",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar5",
|
|
|
|
TopLevelExpectedValue: `{"inner":"00"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar6.inner",
|
|
|
|
Value: "01",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar6",
|
|
|
|
TopLevelExpectedValue: `{"inner":"01"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bar7.inner",
|
|
|
|
Value: "0123456",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bar7",
|
|
|
|
TopLevelExpectedValue: `{"inner":"0123456"}`,
|
|
|
|
},
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
|
|
|
|
// Overwriting a top-level string value is allowed.
|
|
|
|
{
|
|
|
|
Key: "aConfigValue.inner",
|
|
|
|
Value: "new value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "aConfigValue",
|
|
|
|
TopLevelExpectedValue: `{"inner":"new value"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "anotherConfigValue[0]",
|
|
|
|
Value: "new value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "anotherConfigValue",
|
|
|
|
TopLevelExpectedValue: `["new value"]`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "bEncryptedSecret.inner",
|
|
|
|
Value: "new value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "bEncryptedSecret",
|
|
|
|
TopLevelExpectedValue: `{"inner":"new value"}`,
|
|
|
|
},
|
|
|
|
{
|
|
|
|
Key: "anotherEncryptedSecret[0]",
|
|
|
|
Value: "new value",
|
|
|
|
Path: true,
|
|
|
|
TopLevelKey: "anotherEncryptedSecret",
|
|
|
|
TopLevelExpectedValue: `["new value"]`,
|
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
validateConfigGet := func(key string, value string, path bool) {
|
|
|
|
args := []string{"config", "get", key}
|
|
|
|
if path {
|
|
|
|
args = append(args, "--path")
|
|
|
|
}
|
|
|
|
stdout, stderr := e.RunCommand("pulumi", args...)
|
2024-04-19 06:20:33 +00:00
|
|
|
assert.Equal(t, value+"\n", stdout)
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
assert.Equal(t, "", stderr)
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, ns := range namespaces {
|
|
|
|
for _, test := range tests {
|
|
|
|
key := fmt.Sprintf("%s%s", ns, test.Key)
|
|
|
|
topLevelKey := fmt.Sprintf("%s%s", ns, test.TopLevelKey)
|
|
|
|
|
|
|
|
// Set the value.
|
|
|
|
args := []string{"config", "set"}
|
|
|
|
if test.Secret {
|
|
|
|
args = append(args, "--secret")
|
|
|
|
}
|
|
|
|
if test.Path {
|
|
|
|
args = append(args, "--path")
|
|
|
|
}
|
|
|
|
args = append(args, key, test.Value)
|
|
|
|
stdout, stderr := e.RunCommand("pulumi", args...)
|
|
|
|
assert.Equal(t, "", stdout)
|
|
|
|
assert.Equal(t, "", stderr)
|
|
|
|
|
|
|
|
// Get the value and validate it.
|
|
|
|
validateConfigGet(key, test.Value, test.Path)
|
|
|
|
|
|
|
|
// Get the top-level value and validate it.
|
|
|
|
validateConfigGet(topLevelKey, test.TopLevelExpectedValue, false /*path*/)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
badKeys := []string{
|
|
|
|
// Syntax errors.
|
|
|
|
"root[",
|
|
|
|
`root["nested]`,
|
|
|
|
"root.array[abc]",
|
|
|
|
|
|
|
|
// First path segment must be a non-empty string.
|
|
|
|
`[""]`,
|
|
|
|
"[0]",
|
2023-10-17 07:20:28 +00:00
|
|
|
".foo",
|
|
|
|
".[0]",
|
Support lists and maps in config (#3342)
This change adds support for lists and maps in config. We now allow
lists/maps (and nested structures) in `Pulumi.<stack>.yaml` (or
`Pulumi.<stack>.json`; yes, we currently support that).
For example:
```yaml
config:
proj:blah:
- a
- b
- c
proj:hello: world
proj:outer:
inner: value
proj:servers:
- port: 80
```
While such structures could be specified in the `.yaml` file manually,
we support setting values in maps/lists from the command line.
As always, you can specify single values with:
```shell
$ pulumi config set hello world
```
Which results in the following YAML:
```yaml
proj:hello world
```
And single value secrets via:
```shell
$ pulumi config set --secret token shhh
```
Which results in the following YAML:
```yaml
proj:token:
secure: v1:VZAhuroR69FkEPTk:isKafsoZVMWA9pQayGzbWNynww==
```
Values in a list can be set from the command line using the new
`--path` flag, which indicates the config key contains a path to a
property in a map or list:
```shell
$ pulumi config set --path names[0] a
$ pulumi config set --path names[1] b
$ pulumi config set --path names[2] c
```
Which results in:
```yaml
proj:names
- a
- b
- c
```
Values can be obtained similarly:
```shell
$ pulumi config get --path names[1]
b
```
Or setting values in a map:
```shell
$ pulumi config set --path outer.inner value
```
Which results in:
```yaml
proj:outer:
inner: value
```
Of course, setting values in nested structures is supported:
```shell
$ pulumi config set --path servers[0].port 80
```
Which results in:
```yaml
proj:servers:
- port: 80
```
If you want to include a period in the name of a property, it can be
specified as:
```
$ pulumi config set --path 'nested["foo.bar"]' baz
```
Which results in:
```yaml
proj:nested:
foo.bar: baz
```
Examples of valid paths:
- root
- root.nested
- 'root["nested"]'
- root.double.nest
- 'root["double"].nest'
- 'root["double"]["nest"]'
- root.array[0]
- root.array[100]
- root.array[0].nested
- root.array[0][1].nested
- root.nested.array[0].double[1]
- 'root["key with \"escaped\" quotes"]'
- 'root["key with a ."]'
- '["root key with \"escaped\" quotes"].nested'
- '["root key with a ."][100]'
Note: paths that contain quotes can be surrounded by single quotes.
When setting values with `--path`, if the value is `"false"` or
`"true"`, it will be saved as the boolean value, and if it is
convertible to an integer, it will be saved as an integer.
Secure values are supported in lists/maps as well:
```shell
$ pulumi config set --path --secret tokens[0] shh
```
Will result in:
```yaml
proj:tokens:
- secure: v1:wpZRCe36sFg1RxwG:WzPeQrCn4n+m4Ks8ps15MxvFXg==
```
Note: maps of length 1 with a key of “secure” and string value are
reserved for storing secret values. Attempting to create such a value
manually will result in an error:
```shell
$ pulumi config set --path parent.secure foo
error: "secure" key in maps of length 1 are reserved
```
**Accessing config values from the command line with JSON**
```shell
$ pulumi config --json
```
Will output:
```json
{
"proj:hello": {
"value": "world",
"secret": false,
"object": false
},
"proj:names": {
"value": "[\"a\",\"b\",\"c\"]",
"secret": false,
"object": true,
"objectValue": [
"a",
"b",
"c"
]
},
"proj:nested": {
"value": "{\"foo.bar\":\"baz\"}",
"secret": false,
"object": true,
"objectValue": {
"foo.bar": "baz"
}
},
"proj:outer": {
"value": "{\"inner\":\"value\"}",
"secret": false,
"object": true,
"objectValue": {
"inner": "value"
}
},
"proj:servers": {
"value": "[{\"port\":80}]",
"secret": false,
"object": true,
"objectValue": [
{
"port": 80
}
]
},
"proj:token": {
"secret": true,
"object": false
},
"proj:tokens": {
"secret": true,
"object": true
}
}
```
If the value is a map or list, `"object"` will be `true`. `"value"` will
contain the object as serialized JSON and a new `"objectValue"` property
will be available containing the value of the object.
If the object contains any secret values, `"secret"` will be `true`, and
just like with scalar values, the value will not be outputted unless
`--show-secrets` is specified.
**Accessing config values from Pulumi programs**
Map/list values are available to Pulumi programs as serialized JSON, so
the existing
`getObject`/`requireObject`/`getSecretObject`/`requireSecretObject`
functions can be used to retrieve such values, e.g.:
```typescript
import * as pulumi from "@pulumi/pulumi";
interface Server {
port: number;
}
const config = new pulumi.Config();
const names = config.requireObject<string[]>("names");
for (const n of names) {
console.log(n);
}
const servers = config.requireObject<Server[]>("servers");
for (const s of servers) {
console.log(s.port);
}
```
2019-11-01 20:41:27 +00:00
|
|
|
|
|
|
|
// Index out of range.
|
|
|
|
"names[-1]",
|
|
|
|
"names[5]",
|
|
|
|
|
|
|
|
// A "secure" key that is a map with a single string value is reserved by the system.
|
|
|
|
"key.secure",
|
|
|
|
"super.nested.map.secure",
|
|
|
|
|
|
|
|
// Type mismatch.
|
|
|
|
"outer[0]",
|
|
|
|
"names.nested",
|
|
|
|
"outer.inner.nested",
|
|
|
|
"outer.inner[0]",
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, ns := range namespaces {
|
|
|
|
for _, badKey := range badKeys {
|
|
|
|
key := fmt.Sprintf("%s%s", ns, badKey)
|
|
|
|
stdout, stderr := e.RunCommandExpectError("pulumi", "config", "set", "--path", key, "value")
|
|
|
|
assert.Equal(t, "", stdout)
|
|
|
|
assert.NotEqual(t, "", stderr)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "rm", "--yes")
|
|
|
|
}
|
|
|
|
|
2023-04-27 08:13:08 +00:00
|
|
|
func testDestroyStackRef(e *ptesting.Environment, organization string) {
|
|
|
|
e.ImportDirectory("large_resource/nodejs")
|
|
|
|
|
|
|
|
stackName, err := resource.NewUniqueHex("rm-test-", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
|
|
|
|
e.RunCommand("yarn", "link", "@pulumi/pulumi")
|
|
|
|
e.RunCommand("yarn", "install")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "up", "--skip-preview", "--yes")
|
|
|
|
e.CWD = os.TempDir()
|
|
|
|
stackRef := stackName
|
|
|
|
if organization != "" {
|
|
|
|
stackRef = organization + "/large_resource_js/" + stackName
|
|
|
|
}
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "destroy", "--skip-preview", "--yes", "-s", stackRef)
|
|
|
|
e.RunCommand("pulumi", "stack", "rm", "--yes", "-s", stackRef)
|
|
|
|
}
|
|
|
|
|
2022-07-11 15:28:53 +00:00
|
|
|
//nolint:paralleltest // uses parallel programtest
|
2023-04-27 08:13:08 +00:00
|
|
|
func TestDestroyStackRef_LocalProject(t *testing.T) {
|
2022-07-11 15:28:53 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
2023-04-27 08:13:08 +00:00
|
|
|
testDestroyStackRef(e, "organization")
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
2024-01-30 09:00:15 +00:00
|
|
|
func TestDestroyStackRef_LocalNonProject_NewEnv(t *testing.T) {
|
2023-04-27 08:13:08 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
2024-01-30 09:00:15 +00:00
|
|
|
e.DeleteIfNotFailed()
|
|
|
|
}()
|
|
|
|
|
|
|
|
t.Setenv("PULUMI_DIY_BACKEND_LEGACY_LAYOUT", "true")
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
testDestroyStackRef(e, "")
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestDestroyStackRef_LocalNonProject_OldEnv(t *testing.T) {
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
e.DeleteIfNotFailed()
|
2023-04-27 08:13:08 +00:00
|
|
|
}()
|
|
|
|
|
|
|
|
t.Setenv("PULUMI_SELF_MANAGED_STATE_LEGACY_LAYOUT", "true")
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
testDestroyStackRef(e, "")
|
|
|
|
}
|
2022-07-11 15:28:53 +00:00
|
|
|
|
2023-04-27 08:13:08 +00:00
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestDestroyStackRef_Cloud(t *testing.T) {
|
|
|
|
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
|
|
|
|
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
|
|
|
|
}
|
2022-07-11 15:28:53 +00:00
|
|
|
|
2023-04-27 08:13:08 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
2022-07-11 15:28:53 +00:00
|
|
|
|
2023-04-27 08:13:08 +00:00
|
|
|
output, _ := e.RunCommand("pulumi", "whoami")
|
|
|
|
organization := strings.TrimSpace(output)
|
|
|
|
testDestroyStackRef(e, organization)
|
2022-07-11 15:28:53 +00:00
|
|
|
}
|
|
|
|
|
2022-03-04 08:17:41 +00:00
|
|
|
//nolint:paralleltest // uses parallel programtest
|
2021-10-26 23:21:27 +00:00
|
|
|
func TestJSONOutput(t *testing.T) {
|
|
|
|
stdout := &bytes.Buffer{}
|
|
|
|
|
|
|
|
// Test without env var for streaming preview (should print previewSummary).
|
|
|
|
integration.ProgramTest(t, &integration.ProgramTestOptions{
|
|
|
|
Dir: filepath.Join("stack_outputs", "nodejs"),
|
|
|
|
Dependencies: []string{"@pulumi/pulumi"},
|
|
|
|
Stdout: stdout,
|
|
|
|
Verbose: true,
|
|
|
|
JSONOutput: true,
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stack integration.RuntimeValidationStackInfo) {
|
|
|
|
output := stdout.String()
|
|
|
|
|
|
|
|
// Check that the previewSummary is present.
|
|
|
|
assert.Regexp(t, previewSummaryRegex, output)
|
|
|
|
|
|
|
|
// Check that each event present in the event stream is also in stdout.
|
|
|
|
for _, evt := range stack.Events {
|
|
|
|
assertOutputContainsEvent(t, evt, output)
|
|
|
|
}
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
2022-01-05 20:04:39 +00:00
|
|
|
func TestProviderDownloadURL(t *testing.T) {
|
2022-03-04 08:17:41 +00:00
|
|
|
t.Parallel()
|
|
|
|
|
2022-01-05 20:04:39 +00:00
|
|
|
validate := func(t *testing.T, stdout []byte) {
|
|
|
|
deployment := &apitype.UntypedDeployment{}
|
|
|
|
err := json.Unmarshal(stdout, deployment)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
data := &apitype.DeploymentV3{}
|
|
|
|
err = json.Unmarshal(deployment.Deployment, data)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
urlKey := "pluginDownloadURL"
|
|
|
|
for _, resource := range data.Resources {
|
|
|
|
switch {
|
|
|
|
case providers.IsDefaultProvider(resource.URN):
|
2022-11-03 20:30:35 +00:00
|
|
|
assert.Equalf(t, "get.example.test", resource.Inputs[urlKey], "Inputs")
|
|
|
|
assert.Equalf(t, "get.example.test", resource.Outputs[urlKey], "Outputs")
|
2022-01-05 20:04:39 +00:00
|
|
|
case providers.IsProviderType(resource.Type):
|
2022-11-03 20:30:35 +00:00
|
|
|
assert.Equalf(t, "get.pulumi.test/providers", resource.Inputs[urlKey], "Inputs")
|
|
|
|
assert.Equal(t, "get.pulumi.test/providers", resource.Outputs[urlKey], "Outputs")
|
2022-01-05 20:04:39 +00:00
|
|
|
default:
|
|
|
|
_, hasURL := resource.Inputs[urlKey]
|
|
|
|
assert.False(t, hasURL)
|
|
|
|
_, hasURL = resource.Outputs[urlKey]
|
|
|
|
assert.False(t, hasURL)
|
|
|
|
}
|
|
|
|
}
|
2022-01-10 23:54:41 +00:00
|
|
|
assert.Greater(t, len(data.Resources), 1, "We should construct more then just the stack")
|
2022-01-05 20:04:39 +00:00
|
|
|
}
|
2022-01-11 16:26:48 +00:00
|
|
|
|
2022-01-05 20:04:39 +00:00
|
|
|
languages := []struct {
|
|
|
|
name string
|
|
|
|
dependency string
|
|
|
|
}{
|
2022-01-11 16:26:48 +00:00
|
|
|
{"python", filepath.Join("..", "..", "sdk", "python", "env", "src")},
|
2022-01-10 23:54:41 +00:00
|
|
|
{"nodejs", "@pulumi/pulumi"},
|
2022-01-05 20:04:39 +00:00
|
|
|
{"go", "github.com/pulumi/pulumi/sdk/v3"},
|
|
|
|
}
|
|
|
|
|
2022-03-04 08:17:41 +00:00
|
|
|
//nolint:paralleltest // uses parallel programtest
|
2022-01-11 16:26:48 +00:00
|
|
|
for _, lang := range languages {
|
2022-03-04 08:17:41 +00:00
|
|
|
lang := lang
|
2022-01-05 20:04:39 +00:00
|
|
|
t.Run(lang.name, func(t *testing.T) {
|
|
|
|
dir := filepath.Join("gather_plugin", lang.name)
|
|
|
|
integration.ProgramTest(t, &integration.ProgramTestOptions{
|
|
|
|
Dir: dir,
|
|
|
|
ExportStateValidator: validate,
|
|
|
|
SkipPreview: true,
|
|
|
|
SkipEmptyPreviewUpdate: true,
|
|
|
|
Dependencies: []string{lang.dependency},
|
|
|
|
})
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-11-03 20:30:35 +00:00
|
|
|
func TestExcludeProtected(t *testing.T) {
|
2022-09-14 02:45:12 +00:00
|
|
|
t.Parallel()
|
2022-02-16 21:39:08 +00:00
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
2022-11-03 20:30:35 +00:00
|
|
|
e.ImportDirectory("exclude_protected")
|
2022-02-16 21:39:08 +00:00
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
|
2022-11-03 20:30:35 +00:00
|
|
|
e.RunCommand("pulumi", "stack", "init", "dev")
|
2022-02-16 21:39:08 +00:00
|
|
|
|
2022-11-03 20:30:35 +00:00
|
|
|
e.RunCommand("yarn", "link", "@pulumi/pulumi")
|
|
|
|
e.RunCommand("yarn", "install")
|
2022-02-16 21:39:08 +00:00
|
|
|
|
2022-11-03 20:30:35 +00:00
|
|
|
e.RunCommand("pulumi", "up", "--skip-preview", "--yes")
|
2022-02-16 21:39:08 +00:00
|
|
|
|
2022-11-03 20:30:35 +00:00
|
|
|
stdout, _ := e.RunCommand("pulumi", "destroy", "--skip-preview", "--yes", "--exclude-protected")
|
|
|
|
assert.Contains(t, stdout, "All unprotected resources were destroyed. There are still 7 protected resources")
|
|
|
|
// We run the command again, but this time there are not unprotected resources to destroy.
|
|
|
|
stdout, _ = e.RunCommand("pulumi", "destroy", "--skip-preview", "--yes", "--exclude-protected")
|
|
|
|
assert.Contains(t, stdout, "There were no unprotected resources to destroy. There are still 7")
|
2022-02-16 21:39:08 +00:00
|
|
|
}
|
2023-01-17 22:13:43 +00:00
|
|
|
|
|
|
|
func TestInvalidPluginError(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
pulumiProject := `
|
|
|
|
name: invalid-plugin
|
|
|
|
runtime: yaml
|
|
|
|
description: A Pulumi program referencing an invalid plugin.
|
|
|
|
plugins:
|
|
|
|
providers:
|
|
|
|
- name: fakeplugin
|
|
|
|
bin: ./does/not/exist/bin # key should be 'path'
|
|
|
|
`
|
|
|
|
|
|
|
|
integration.CreatePulumiRepo(e, pulumiProject)
|
|
|
|
e.SetBackend(e.LocalURL())
|
|
|
|
{
|
|
|
|
_, stderr := e.RunCommandExpectError("pulumi", "stack", "init", "invalid-resources")
|
|
|
|
assert.NotContains(t, stderr, "panic: ")
|
|
|
|
assert.Contains(t, stderr, "error: ")
|
|
|
|
}
|
|
|
|
{
|
|
|
|
_, stderr := e.RunCommandExpectError("pulumi", "pre")
|
|
|
|
assert.NotContains(t, stderr, "panic: ")
|
|
|
|
assert.Contains(t, stderr, "error: ")
|
|
|
|
}
|
|
|
|
}
|
2023-04-11 13:16:00 +00:00
|
|
|
|
|
|
|
// Regression test for https://github.com/pulumi/pulumi/issues/12632.
|
|
|
|
func TestPassphraseSetAllGet(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
e.Passphrase = "test-passphrase"
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
pulumiProject := `
|
|
|
|
name: passphrase-test
|
|
|
|
runtime: yaml
|
|
|
|
description: A Pulumi program testing passphrase config.
|
|
|
|
`
|
|
|
|
|
|
|
|
integration.CreatePulumiRepo(e, pulumiProject)
|
|
|
|
e.SetBackend(e.LocalURL())
|
|
|
|
// Init a new stack, then set a secret config value, then try to get it.
|
|
|
|
e.RunCommand("pulumi", "stack", "init", "passphrase-test")
|
|
|
|
// Clear the config file so that "config set-all" has to re-initialize the passphrase config.
|
|
|
|
err := os.Remove(filepath.Join(e.RootPath, "Pulumi.passphrase-test.yaml"))
|
|
|
|
require.NoError(t, err)
|
|
|
|
// Set a secret config value, then try to get it.
|
|
|
|
e.RunCommand("pulumi", "config", "set-all", "--secret", "foo=bar")
|
|
|
|
stdout, _ := e.RunCommand("pulumi", "config", "get", "foo")
|
|
|
|
assert.Contains(t, stdout, "bar")
|
|
|
|
}
|
|
|
|
|
|
|
|
// Similar to TestPassphraseSetAllGet but covering for "set" instead of "set-all".
|
|
|
|
func TestPassphraseSetGet(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
e.Passphrase = "test-passphrase"
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
pulumiProject := `
|
|
|
|
name: passphrase-test
|
|
|
|
runtime: yaml
|
|
|
|
description: A Pulumi program testing passphrase config.
|
|
|
|
`
|
|
|
|
|
|
|
|
integration.CreatePulumiRepo(e, pulumiProject)
|
|
|
|
e.SetBackend(e.LocalURL())
|
|
|
|
// Init a new stack, then set a secret config value, then try to get it.
|
|
|
|
e.RunCommand("pulumi", "stack", "init", "passphrase-test")
|
|
|
|
// Clear the config file so that "config set" has to re-initialize the passphrase config.
|
|
|
|
err := os.Remove(filepath.Join(e.RootPath, "Pulumi.passphrase-test.yaml"))
|
|
|
|
require.NoError(t, err)
|
|
|
|
// Set a secret config value, then try to get it.
|
|
|
|
e.RunCommand("pulumi", "config", "set", "--secret", "foo", "bar")
|
|
|
|
stdout, _ := e.RunCommand("pulumi", "config", "get", "foo")
|
|
|
|
assert.Contains(t, stdout, "bar")
|
|
|
|
}
|
2023-04-05 18:43:12 +00:00
|
|
|
|
|
|
|
// Regression test for https://github.com/pulumi/pulumi/issues/12593.
|
|
|
|
//
|
|
|
|
// Verifies that a "provider" option passed to a remote component
|
|
|
|
// is properly propagated to the component's children.
|
|
|
|
//
|
|
|
|
// Language-specific tests should call this function with the
|
|
|
|
// appropriate parameters.
|
|
|
|
func testConstructProviderPropagation(t *testing.T, lang string, deps []string) {
|
|
|
|
const (
|
|
|
|
testDir = "construct_component_provider_propagation"
|
|
|
|
componentDir = "testcomponent-go"
|
|
|
|
)
|
|
|
|
runComponentSetup(t, testDir)
|
|
|
|
|
|
|
|
integration.ProgramTest(t, &integration.ProgramTestOptions{
|
|
|
|
Dir: filepath.Join(testDir, lang),
|
|
|
|
Dependencies: deps,
|
|
|
|
LocalProviders: []integration.LocalDependency{
|
|
|
|
{
|
|
|
|
Package: "testcomponent",
|
|
|
|
Path: filepath.Join(testDir, componentDir),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Quick: true,
|
|
|
|
NoParallel: true, // already called by tests
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
2023-11-20 08:59:00 +00:00
|
|
|
gotProviders := make(map[string]string) // resource name => provider name
|
2023-04-05 18:43:12 +00:00
|
|
|
|
|
|
|
for _, res := range stackInfo.Deployment.Resources {
|
|
|
|
if res.URN.Type() == "testprovider:index:Random" {
|
2023-11-20 08:59:00 +00:00
|
|
|
ref, err := providers.ParseReference(res.Provider)
|
|
|
|
assert.NoError(t, err)
|
|
|
|
if err == nil {
|
|
|
|
gotProviders[res.URN.Name()] = ref.URN().Name()
|
|
|
|
}
|
2023-04-05 18:43:12 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-11-20 08:59:00 +00:00
|
|
|
assert.Equal(t, map[string]string{
|
2023-04-05 18:43:12 +00:00
|
|
|
"uses_default": "default",
|
|
|
|
"uses_provider": "explicit",
|
|
|
|
"uses_providers": "explicit",
|
|
|
|
"uses_providers_map": "explicit",
|
|
|
|
}, gotProviders)
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
2023-04-18 19:24:22 +00:00
|
|
|
|
|
|
|
// Test to validate that various resource options are propagated for MLCs.
|
|
|
|
func testConstructResourceOptions(t *testing.T, dir string, deps []string) {
|
|
|
|
const (
|
|
|
|
testDir = "construct_component_resource_options"
|
|
|
|
componentDir = "testcomponent-go"
|
|
|
|
)
|
|
|
|
runComponentSetup(t, testDir)
|
|
|
|
|
|
|
|
validate := func(t *testing.T, resources []apitype.ResourceV3) {
|
2023-11-20 08:59:00 +00:00
|
|
|
urns := make(map[string]resource.URN) // name => URN
|
2023-04-18 19:24:22 +00:00
|
|
|
for _, res := range resources {
|
|
|
|
urns[res.URN.Name()] = res.URN
|
|
|
|
}
|
|
|
|
|
|
|
|
for _, res := range resources {
|
|
|
|
switch name := res.URN.Name(); name {
|
|
|
|
case "Protect":
|
|
|
|
assert.True(t, res.Protect, "Protect(%s)", name)
|
|
|
|
|
|
|
|
case "DependsOn":
|
|
|
|
wantDeps := []resource.URN{urns["Dep1"], urns["Dep2"]}
|
|
|
|
assert.ElementsMatch(t, wantDeps, res.Dependencies,
|
|
|
|
"DependsOn(%s)", name)
|
2023-04-14 22:32:02 +00:00
|
|
|
|
|
|
|
case "AdditionalSecretOutputs":
|
|
|
|
assert.Equal(t,
|
|
|
|
[]resource.PropertyKey{"foo"}, res.AdditionalSecretOutputs,
|
|
|
|
"AdditionalSecretOutputs(%s)", name)
|
|
|
|
|
|
|
|
case "CustomTimeouts":
|
|
|
|
if ct := res.CustomTimeouts; assert.NotNil(t, ct, "CustomTimeouts(%s)", name) {
|
|
|
|
assert.Equal(t, float64(60), ct.Create, "CustomTimeouts.Create(%s)", name)
|
|
|
|
assert.Equal(t, float64(120), ct.Update, "CustomTimeouts.Update(%s)", name)
|
|
|
|
assert.Equal(t, float64(180), ct.Delete, "CustomTimeouts.Delete(%s)", name)
|
|
|
|
}
|
|
|
|
|
|
|
|
case "DeletedWith":
|
|
|
|
assert.Equal(t, urns["getDeletedWithMe"], res.DeletedWith, "DeletedWith(%s)", name)
|
|
|
|
|
|
|
|
case "RetainOnDelete":
|
|
|
|
assert.True(t, res.RetainOnDelete, "RetainOnDelete(%s)", name)
|
2023-04-18 19:24:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
integration.ProgramTest(t, &integration.ProgramTestOptions{
|
|
|
|
Dir: filepath.Join(testDir, dir),
|
|
|
|
Dependencies: deps,
|
|
|
|
LocalProviders: []integration.LocalDependency{
|
|
|
|
{
|
|
|
|
Package: "testcomponent",
|
|
|
|
Path: filepath.Join(testDir, componentDir),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Quick: true,
|
|
|
|
NoParallel: true, // already called by tests
|
|
|
|
DestroyExcludeProtected: true, // test contains protected resources
|
|
|
|
SkipStackRemoval: true, // protected resources prevent stack removal
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
|
|
|
validate(t, stackInfo.Deployment.Resources)
|
|
|
|
},
|
|
|
|
})
|
|
|
|
}
|
2023-05-29 11:29:08 +00:00
|
|
|
|
|
|
|
func testProjectRename(e *ptesting.Environment, organization string) {
|
|
|
|
e.ImportDirectory("large_resource/nodejs")
|
|
|
|
|
|
|
|
stackName, err := resource.NewUniqueHex("rm-test-", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
|
|
|
|
e.RunCommand("yarn", "link", "@pulumi/pulumi")
|
|
|
|
e.RunCommand("yarn", "install")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "up", "--skip-preview", "--yes")
|
|
|
|
newProjectName := "new_large_resource_js"
|
|
|
|
stackRef := organization + "/" + newProjectName + "/" + stackName
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "rename", stackRef)
|
|
|
|
|
|
|
|
// Rename the project name in the yaml file
|
|
|
|
projFilename := filepath.Join(e.CWD, "Pulumi.yaml")
|
|
|
|
proj, err := workspace.LoadProject(projFilename)
|
|
|
|
require.NoError(e, err)
|
|
|
|
proj.Name = tokens.PackageName(newProjectName)
|
|
|
|
err = proj.Save(projFilename)
|
|
|
|
require.NoError(e, err)
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "up", "--skip-preview", "--yes", "--expect-no-changes", "-s", stackRef)
|
|
|
|
e.RunCommand("pulumi", "stack", "rm", "--force", "--yes", "-s", stackRef)
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestProjectRename_LocalProject(t *testing.T) {
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer e.DeleteIfNotFailed()
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
testProjectRename(e, "organization")
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestProjectRename_Cloud(t *testing.T) {
|
|
|
|
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
|
|
|
|
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
|
|
|
|
}
|
|
|
|
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer e.DeleteIfNotFailed()
|
|
|
|
|
|
|
|
output, _ := e.RunCommand("pulumi", "whoami")
|
|
|
|
organization := strings.TrimSpace(output)
|
|
|
|
testProjectRename(e, organization)
|
|
|
|
}
|
2023-06-16 19:10:44 +00:00
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestParentRename_issue13179(t *testing.T) {
|
|
|
|
// This test is a reproduction of the issue reported in
|
|
|
|
// https://github.com/pulumi/pulumi/issues/13179.
|
|
|
|
//
|
|
|
|
// It creates a stack with a resource that has a parent
|
|
|
|
// and then renames the parent resource with 'pulumi state rename'.
|
|
|
|
|
|
|
|
var parentURN resource.URN
|
|
|
|
pt := integration.ProgramTestManualLifeCycle(t, &integration.ProgramTestOptions{
|
|
|
|
Dir: "state_rename_parent",
|
|
|
|
Dependencies: []string{
|
|
|
|
"github.com/pulumi/pulumi/sdk/v3",
|
|
|
|
},
|
|
|
|
LocalProviders: []integration.LocalDependency{
|
|
|
|
{Package: "testprovider", Path: filepath.Join("..", "testprovider")},
|
|
|
|
},
|
|
|
|
// Only run up:
|
|
|
|
SkipRefresh: true,
|
|
|
|
Quick: true,
|
|
|
|
ExtraRuntimeValidation: func(t *testing.T, stackInfo integration.RuntimeValidationStackInfo) {
|
|
|
|
for _, res := range stackInfo.Deployment.Resources {
|
|
|
|
if res.URN.Name() == "parent" {
|
|
|
|
parentURN = res.URN
|
|
|
|
}
|
|
|
|
}
|
|
|
|
},
|
|
|
|
})
|
|
|
|
|
|
|
|
require.NoError(t, pt.TestLifeCyclePrepare(), "prepare")
|
|
|
|
t.Cleanup(pt.TestCleanUp)
|
|
|
|
|
|
|
|
require.NoError(t, pt.TestLifeCycleInitialize(), "initialize")
|
|
|
|
|
|
|
|
require.NoError(t, pt.TestPreviewUpdateAndEdits(), "update")
|
|
|
|
|
|
|
|
// PreviewUpdateAndEdits calls ExtraRuntimeValidation,
|
|
|
|
// so we should have captured the parent URN.
|
|
|
|
require.NotEmpty(t, parentURN, "no parent URN captured")
|
|
|
|
|
|
|
|
// Rename the parent resource.
|
|
|
|
require.NoError(t,
|
|
|
|
pt.RunPulumiCommand("state", "rename", "-y", string(parentURN), "newParent"),
|
|
|
|
"rename failed")
|
|
|
|
}
|
2023-06-21 09:30:47 +00:00
|
|
|
|
|
|
|
func testStackRmConfig(e *ptesting.Environment, organization string) {
|
|
|
|
// We need to create two projects for this test
|
|
|
|
goDir := filepath.Join(e.RootPath, "large_resource_go")
|
|
|
|
err := os.Mkdir(goDir, 0o700)
|
|
|
|
require.NoError(e, err)
|
|
|
|
|
|
|
|
jsDir := filepath.Join(e.RootPath, "large_resource_js")
|
|
|
|
err = os.Mkdir(jsDir, 0o700)
|
|
|
|
require.NoError(e, err)
|
|
|
|
|
|
|
|
stackName, err := resource.NewUniqueHex("rm-test-", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
|
|
|
|
|
|
|
// Create a stack in the go project
|
|
|
|
e.CWD = goDir
|
|
|
|
e.ImportDirectory("large_resource/go")
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
// Create a config value to ensure there's a Pulumi.<name>.yaml file.
|
|
|
|
e.RunCommand("pulumi", "config", "set", "key", "value")
|
|
|
|
|
|
|
|
// Now create the js project
|
|
|
|
e.CWD = jsDir
|
|
|
|
e.ImportDirectory("large_resource/nodejs")
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
// Create a config value to ensure there's a Pulumi.<name>.yaml file.
|
|
|
|
e.RunCommand("pulumi", "config", "set", "key", "value")
|
|
|
|
|
|
|
|
// Now try and remove the go stack while still in the js directory
|
|
|
|
stackRef := organization + "/large_resource_go/" + stackName
|
|
|
|
e.RunCommand("pulumi", "stack", "rm", "--yes", "-s", stackRef)
|
|
|
|
|
|
|
|
// And check that Pulumi.<name>.yaml file is still there for the js project
|
|
|
|
_, err = os.Stat(filepath.Join(jsDir, "Pulumi."+stackName+".yaml"))
|
|
|
|
assert.NoError(e, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestStackRmConfig_LocalProject(t *testing.T) {
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
testStackRmConfig(e, "organization")
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestStackRmConfig_Cloud(t *testing.T) {
|
|
|
|
if os.Getenv("PULUMI_ACCESS_TOKEN") == "" {
|
|
|
|
t.Skipf("Skipping: PULUMI_ACCESS_TOKEN is not set")
|
|
|
|
}
|
|
|
|
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
defer func() {
|
|
|
|
if !t.Failed() {
|
|
|
|
e.DeleteEnvironment()
|
|
|
|
}
|
|
|
|
}()
|
|
|
|
|
|
|
|
output, _ := e.RunCommand("pulumi", "whoami")
|
|
|
|
organization := strings.TrimSpace(output)
|
|
|
|
testStackRmConfig(e, organization)
|
|
|
|
}
|
2023-11-20 14:08:32 +00:00
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestAdvisoryPolicyPack(t *testing.T) {
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
e.ImportDirectory("single_resource")
|
|
|
|
e.ImportDirectory("policy")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
|
|
|
|
stackName, err := resource.NewUniqueHex("advisory-policy-pack", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
|
|
|
|
_, _, err = e.GetCommandResultsIn(filepath.Join(e.CWD, "advisory_policy_pack"), "npm", "install")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
e.RunCommand("yarn", "link", "@pulumi/pulumi")
|
|
|
|
e.RunCommand("yarn", "install")
|
|
|
|
|
2023-11-28 16:43:48 +00:00
|
|
|
stdout, _, err := e.GetCommandResults(
|
|
|
|
"pulumi", "up", "--skip-preview", "--yes", "--policy-pack", "advisory_policy_pack")
|
2023-11-20 14:08:32 +00:00
|
|
|
assert.NoError(t, err)
|
|
|
|
assert.Contains(t, stdout, "Failing advisory policy pack for testing\n foobar")
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestMandatoryPolicyPack(t *testing.T) {
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
e.ImportDirectory("single_resource")
|
|
|
|
e.ImportDirectory("policy")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
|
|
|
|
stackName, err := resource.NewUniqueHex("mandatory-policy-pack", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
|
|
|
|
_, _, err = e.GetCommandResultsIn(filepath.Join(e.CWD, "mandatory_policy_pack"), "npm", "install")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
e.RunCommand("yarn", "link", "@pulumi/pulumi")
|
|
|
|
e.RunCommand("yarn", "install")
|
|
|
|
|
2023-11-28 16:43:48 +00:00
|
|
|
stdout, _, err := e.GetCommandResults(
|
|
|
|
"pulumi", "up", "--skip-preview", "--yes", "--policy-pack", "mandatory_policy_pack")
|
2023-11-20 14:08:32 +00:00
|
|
|
assert.Error(t, err)
|
|
|
|
assert.Contains(t, stdout, "error: update failed")
|
|
|
|
assert.Contains(t, stdout, "❌ typescript@v0.0.1 (local: mandatory_policy_pack)")
|
|
|
|
}
|
|
|
|
|
|
|
|
//nolint:paralleltest // uses parallel programtest
|
|
|
|
func TestMultiplePolicyPacks(t *testing.T) {
|
|
|
|
e := ptesting.NewEnvironment(t)
|
|
|
|
e.ImportDirectory("single_resource")
|
|
|
|
e.ImportDirectory("policy")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "login", "--cloud-url", e.LocalURL())
|
|
|
|
|
|
|
|
stackName, err := resource.NewUniqueHex("multiple-policy-pack", 8, -1)
|
|
|
|
contract.AssertNoErrorf(err, "resource.NewUniqueHex should not fail with no maximum length is set")
|
|
|
|
|
|
|
|
e.RunCommand("pulumi", "stack", "init", stackName)
|
|
|
|
|
|
|
|
_, _, err = e.GetCommandResultsIn(filepath.Join(e.CWD, "advisory_policy_pack"), "npm", "install")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
_, _, err = e.GetCommandResultsIn(filepath.Join(e.CWD, "mandatory_policy_pack"), "npm", "install")
|
|
|
|
assert.NoError(t, err)
|
|
|
|
|
|
|
|
e.RunCommand("yarn", "link", "@pulumi/pulumi")
|
|
|
|
e.RunCommand("yarn", "install")
|
|
|
|
|
|
|
|
stdout, _, err := e.GetCommandResults("pulumi", "up", "--skip-preview", "--yes",
|
|
|
|
"--policy-pack", "advisory_policy_pack",
|
|
|
|
"--policy-pack", "mandatory_policy_pack")
|
|
|
|
assert.Error(t, err)
|
|
|
|
assert.Contains(t, stdout, "Failing advisory policy pack for testing\n foobar")
|
|
|
|
assert.Contains(t, stdout, "error: update failed")
|
2024-03-04 14:02:25 +00:00
|
|
|
assert.Contains(t, stdout, "❌ typescript@v0.0.1 (local: advisory_policy_pack; mandatory_policy_pack)")
|
2023-11-20 14:08:32 +00:00
|
|
|
}
|