This PR implements the new policy transforms feature, which allows
policy packs to not only issue warnings and errors in response to policy
violations, but actually fix them by rewriting resource property state.
This can be used, for instance, to auto-tag resources, remove Internet
access on the fly, or apply encryption to storage, among other use
cases.
Similar to how https://github.com/pulumi/pulumi/pull/13953 moves some
code from sdk/go/common to /pkg. This display code is only used in /pkg,
another simple reduction of what's in sdk/go/common.
Pulumi previews now print the summary event if there are diagnostic
messages. The display will not print the summary if there are error
diagnostics.
Fixes#10880
simplifyTypeName now type.DisplayName() is being used in many areas. It
is a pure function, and has a single argument token.Type. This change
improves its discoverability as it needs to be made visible between the
backend and display modules.
Use "tests" for the table, and "tt" for the iteration variable.
Although these names aren't set in stone,
the name of the iteration variable should definitely match the name of
the reassigned variable used in the test function.
Retain on delete currently applies to replaces and deletes. It is
unclear when a resource is retained on delete. To clarify this, this
commit:
- Improves update status messages with "[retain]"
to clarify when a resource is retained on delete and dropped.
- Adds info warning on preview as to which resources will be dropped in the cloud environment.
Add support for using Ctrl+O to open the current update in the browser
for backends that support permalinks.
The keybinding is advertised in the interactive display as part of the
message that displays the permalink:
```
Previewing update (dev)
View in Browser (Ctrl+O): https://<some-url>
Type Name Plan
+ pulumi:pulumi:Stack vpc-dev create
+ ├─ aws:ec2:Vpc vpc create
+ ├─ aws:ec2:SecurityGroup secgroup create
+ ├─ aws:ec2:SecurityGroupRule rule-2 create
+ ├─ aws:ec2:SecurityGroupRule rule-0 create
+ ├─ aws:ec2:SecurityGroupRule rule-1 create
+ └─ aws:ec2:SecurityGroupRule rule-3 create
```
In order to maintain backwards compatibility with older versions of the
Automation API, the message is not changed for non-interactive
scenarios.
Per team discussion, switching to gofumpt.
[gofumpt][1] is an alternative, stricter alternative to gofmt.
It addresses other stylistic concerns that gofmt doesn't yet cover.
[1]: https://github.com/mvdan/gofumpt
See the full list of [Added rules][2], but it includes:
- Dropping empty lines around function bodies
- Dropping unnecessary variable grouping when there's only one variable
- Ensuring an empty line between multi-line functions
- simplification (`-s` in gofmt) is always enabled
- Ensuring multi-line function signatures end with
`) {` on a separate line.
[2]: https://github.com/mvdan/gofumpt#Added-rules
gofumpt is stricter, but there's no lock-in.
All gofumpt output is valid gofmt output,
so if we decide we don't like it, it's easy to switch back
without any code changes.
gofumpt support is built into the tooling we use for development
so this won't change development workflows.
- golangci-lint includes a gofumpt check (enabled in this PR)
- gopls, the LSP for Go, includes a gofumpt option
(see [installation instrutions][3])
[3]: https://github.com/mvdan/gofumpt#installation
This change was generated by running:
```bash
gofumpt -w $(rg --files -g '*.go' | rg -v testdata | rg -v compilation_error)
```
The following files were manually tweaked afterwards:
- pkg/cmd/pulumi/stack_change_secrets_provider.go:
one of the lines overflowed and had comments in an inconvenient place
- pkg/cmd/pulumi/destroy.go:
`var x T = y` where `T` wasn't necessary
- pkg/cmd/pulumi/policy_new.go:
long line because of error message
- pkg/backend/snapshot_test.go:
long line trying to assign three variables in the same assignment
I have included mention of gofumpt in the CONTRIBUTING.md.
Replace direct interaction with the terminal with an abstraction. This
abstraction is tightly constrained to the capabilities needed for the
CLI's display. Using this abstraction allows for straightforward testing
of the interactive renderers.