This change adds a command, `pulumi config env init`, that creates a new
environment for a stack based on the stack's configuration values.
From the usage:
* `pulumi config env init`
Creates an environment for a specific stack based on the stack's
configuration values, then replaces the stack's configuration values
with a reference to that environment. The environment will be created in
the same organization as the stack.
These changes include any configuration values sourced from a stack's
ESC environment to the output of `pulumi config`.
These changes also add an `ENVIRONMENT` block to the output of `pulumi
config` for stacks that reference environments. This block shows the
definition of the stack's environment.
Finally, these changes add a warning to `pulumi config` if the stack's
ESC environment does not define any of the `environmentVariables`,
`files`, or `pulumiConfig` properties.
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This adds a new type `tokens.StackName` which is a relatively strongly
typed container for a stack name. The only weakly typed aspect of it is
Go will always allow the "zero" value to be created for a struct, which
for a stack name is the empty string which is invalid. To prevent
introducing unexpected empty strings when working with stack names the
`String()` method will panic for zero initialized stack names.
Apart from the zero value, all other instances of `StackName` are via
`ParseStackName` which returns a descriptive error if the string is not
valid.
This PR only updates "pkg/" to use this type. There are a number of
places in "sdk/" which could do with this type as well, but there's no
harm in doing a staggered roll out, and some parts of "sdk/" are user
facing and will probably have to stay on the current `tokens.Name` and
`tokens.QName` types.
There are two places in the system where we panic on invalid stack
names, both in the http backend. This _should_ be fine as we've had long
standing validation that stacks created in the service are valid stack
names.
Just in case people have managed to introduce invalid stack names, there
is the `PULUMI_DISABLE_VALIDATION` environment variable which will turn
off the validation _and_ panicing for stack names. Users can use that to
temporarily disable the validation and continue working, but it should
only be seen as a temporary measure. If they have invalid names they
should rename them, or if they think they should be valid raise an issue
with us to change the validation code.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
File backends currently do not support indicating whether an operation
is currently in progress or not. In the `stack ls --json` output we
always end up with a "updateInProgress = false" field, even when an
update is in progress. This is misleading.
Disable showing this erroneous and misleading output.
Fixes#10677
Based on Luke's comments in that issue, I believe we should merge this
as bug fix for the issue, and then open a separate feature request
tracking the implementation of tracking whether an update is in progress
in the file backend.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
These changes add support for ESC environments to the Pulumi CLI. This
involves two major changes:
- Support for the `env` subcommand
- Support for the `environment` stanza in stack config files
The former reuses the command from `esc` itself with a little
rebranding.
The latter adds support to stack config files for an `environment`
property of the form:
```yaml
environment:
- list
- of
- environment
- names
```
If this property is present in a stack's config file, the CLI will open
the and merge the listed environments during `pulumi up` et. al. If an
object-valued `pulumiConfig` property is present in the opened
environment, its values will be merged on top of the stack's config
prior to whatever operation is to be performed. If an object-valued
`environmentVariables` property is present inthe opened environment, its
values will be published as environment variables prior to the Pulumi
operation. Any values in the open environment's `pulumiConfig` or
`environmentVariables` that are marked as secret will be encrypted in
the resulting config and will be filtered from the command's logs.
# Description
Currently even if the user has set a default-org, `pulumi policy push`
without an argument is trying to push the policy to the user, which
fails. Make it so that the default org is used if available.
Fixes#14032
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
There's currently no tests for the policy publish command, and I'm not
sure where to add them.
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Fixes https://github.com/pulumi/pulumi-cloud-requests/issues/236
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
Backends themselves don't actually need any logout logic. Logging out is
mearly a function of deleting the account from the credentials file and
is the same for filestate, httpstate and probably any other state we
introduce.
This also simplifies the code "logout --all" which used to try and
lookup the project, make up a dummy httpstate object, and then call
LogoutAll to call workspace.DeleteAllAccounts. Now it goes straight to
that last call.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
Similar to how https://github.com/pulumi/pulumi/pull/13953 moves some
code from sdk/go/common to /pkg. This display code is only used in /pkg,
another simple reduction of what's in sdk/go/common.
Fixes https://github.com/pulumi/pulumi/issues/12714.
The empty project created for destroy operations when no Pulumi.yaml is
found still needs to have it's name filled in so that project name
consistency checks work.
Our tests didn't pick this up because for filestate we were still
searching from the working directory for consistency checks rather than
checking the backends current project. I have _not_ changed that in this
changeset as previosly that triggered total breakage of the filestate
backend when not in project mode (see
https://github.com/pulumi/pulumi/issues/12760).
Fixes https://github.com/pulumi/pulumi/issues/12714
The empty project created for destroy operations when no Pulumi.yaml is
found still needs to have it's name filled in so that project name
consistency checks work.
Our tests didn't pick this up because for filestate we were still
searching from the working directory for consistency checks rather than
checking the backends current project. I've also fixed that up as part
of this change.
This deletes the SupportsTeams method added in #11974.
It came up during review that we want to avoid too many new
"SupportsFoo" methods.
Instead, we'll let each backend report whether it supports teams
by returning ErrTeamsNotSupported.
As a result of this change, validateCreateStackOpts cannot error,
so it's been renamed to newCreateStackOptions.
Testing:
There's already a test (added in the #12499 refactor)
that verifies that we report the appropriate error
when the backend doesn't support --teams.
This updates the mock in that test.
This PR adds a --teams flag to `pulumi stack init` which accepts
a string. This flag can be provided multiple times. Each team that
is provided is assigned read/write permissions on the stack after
it has been initialized.
Rather than passing a `*workspace.Project` to most backend methods, just
say that backends have a "current project" property. We set this on
creation (because we normally have a project before creating a backend)
but we also add a `SetCurrentProject` method for `pulumi new` to use
because it's the (currently) one place where we need a backend before we
have the project to go with it.
Per team discussion, switching to gofumpt.
[gofumpt][1] is an alternative, stricter alternative to gofmt.
It addresses other stylistic concerns that gofmt doesn't yet cover.
[1]: https://github.com/mvdan/gofumpt
See the full list of [Added rules][2], but it includes:
- Dropping empty lines around function bodies
- Dropping unnecessary variable grouping when there's only one variable
- Ensuring an empty line between multi-line functions
- simplification (`-s` in gofmt) is always enabled
- Ensuring multi-line function signatures end with
`) {` on a separate line.
[2]: https://github.com/mvdan/gofumpt#Added-rules
gofumpt is stricter, but there's no lock-in.
All gofumpt output is valid gofmt output,
so if we decide we don't like it, it's easy to switch back
without any code changes.
gofumpt support is built into the tooling we use for development
so this won't change development workflows.
- golangci-lint includes a gofumpt check (enabled in this PR)
- gopls, the LSP for Go, includes a gofumpt option
(see [installation instrutions][3])
[3]: https://github.com/mvdan/gofumpt#installation
This change was generated by running:
```bash
gofumpt -w $(rg --files -g '*.go' | rg -v testdata | rg -v compilation_error)
```
The following files were manually tweaked afterwards:
- pkg/cmd/pulumi/stack_change_secrets_provider.go:
one of the lines overflowed and had comments in an inconvenient place
- pkg/cmd/pulumi/destroy.go:
`var x T = y` where `T` wasn't necessary
- pkg/cmd/pulumi/policy_new.go:
long line because of error message
- pkg/backend/snapshot_test.go:
long line trying to assign three variables in the same assignment
I have included mention of gofumpt in the CONTRIBUTING.md.
This means the secret providers just work in terms of
workspace.ProjectStack, mutate as they wish and let the higher level
work out if it should save the file or not. Rather than having each
secret manager maintain "should I save the file" code.
All uses of stack.DefaultSecretsProvider are now in pkg/cmd, every other
use has been changed to take a secrets.Provider as a parameter in
someway.
I renamed a load of variables from "stack" to "stackName" as part of
this because it clashed with the "stack" module that
DefaultSecretsProvider is currently defined in, but I think this is
probably a good change anyway given these were `string`s not `Stack`s.
* Moving previewDigest and exporting it, closes#9851
* Moving previewDigest and exporting it, closes#9851
* Updating changelog-pending
* Go Mod Tidy
* replacing to local
* more go.mod changes
* reseting go mod
* full move
* Fixing golint
* No go.mod changes needed
* Return organizations from Backend.CurrentUser
Organizations are shown by `pulumi about` and `pulumi whoami --verbose`
e.g.
```
$ pulumi whoami --verbose
User: Frassle
Organizations: Frassle
Backend URL: https://app.pulumi.com/Frassle
```
Like usernames these are cached in the credentials file.
* lint
* Add to CHANGELOG
* Don't type test for stack tags in pulumi new
Move Tags to just be on Stack. Saves a type test in `pulumi new`.
Given Tags doesn't actually do a fetch the only error you can really get
back from it is that the backed doesn't support tags.
* Add SupportsTags
* Remove error result from Tags
* Implement resource plans in the engine
* Plumb plans through the CLI.
* Update wording
* plan renderer
* constraints
* Renames
* Update message
* fixes for rebase breaks and diffs
* WIP: outputs in plans
* fix diff
* fixup
* Liniting and test fixing
* Test and fix PropertyPath.String()
* Fix colors
* Fix cmdutil.PrintTable to handle non-simple strings
* More tests
* Readd test_plan.go
* lint
* Test expected deletes
* Test expected delete
* Test missing create
* Fix test for missing creates
* rm Paths()
* property set shrink test
* notes
* More tests
* Pop op before constraint check
* Delete plan cmd, rename arguments to preview and up
* Hide behind envvars
* typo
* Better constraint diffs
* Adds/Deletes/Updates
* Fix aliased
* Check more constraints
* fix test
* revert stack changes
* Resource sames test
* Fix same resource test
* Fix more tests
* linting
* Update pkg/cmd/pulumi/up.go
Co-authored-by: Alex Mullans <a.mullans@pulumi.com>
* Update pkg/cmd/pulumi/preview.go
Co-authored-by: Alex Mullans <a.mullans@pulumi.com>
* Auto refresh if using plans
* Fix TestGetRefreshOption
* Fix TestExplicitDeleteBeforeReplace
* lint
* More copying in tests because I do not trust myself to get mutation correct
* Small preview plan test
* Add TestPlannedUpdateChangedStack
* Revert auto-refresh changes
* Validate outputs don't change
* omitempty
* Add manifest to plan
* Add proper Plan type
* wip config work
* Config and manifest serder
* linting
* Asset NoError
* Actually check error
* Fix clone
* Test diag message
* Start on more tests
* Add String and GoString to Result
I got fed up assert errors in tests that looked like:
```
Expected nil, but got: &result.simpleResult{err:(*errors.fundamental)(0xc0002fa5d0)}
```
It was very hard to work out at a glance what had gone wrong and I kept
having to hook a debugger just to look at what the error was.
With GoString these now print something like:
```
Expected nil, but got: &simpleResult{err: Unexpected diag message: <{%reset%}>resource violates plan: properties changed: -zed, -baz, -foo<{%reset%}>
}
```
Which is much more ussful.
* Add test error text
* Fix reporting of unseen op errors
* Fix unneeded deletes
* Fix unexpected deletes
* Fix up tests
* Fix merge conflict
* lint
* Fix nil map error
* Fix serialisation typo
* Diff against old inputs
* Diff against checked goal
* Diff against empty for creates
* Fix test
* inputs not outputs
* Seperate PlanDiff type
* Add properties
* Fix input diffs
* Handle creates
* lint
* Add plan message
* Clone plan for update preview
* Save and serialise env vars in plans
* lint
* pretty print json
* input output difference test
* test alias
* fix typo in for loop
* Handle resource plans with nil goal
* go mod tidy
* typo
* Auto use plans from up previews in experimental mode
* Don't preview if we have plan
* Don't run previews with plans now
* fixing tests
* Handle diffs and goals
* Update copystructure
* tests/go.sum
* Revert mod changes
* Add copystructure to tests/go.sum
* includeUnknowns
* go mod tidy
* Make plans for imports
* Remove unused function
* Move code more locally
* Handle nil in serialize
* Handle empty output diffs
* Add test for dropping computed values
* Allow computed properties to become deletes
* if out the generation of plans unless experimental mode is opt'd into
* lint
* typo
* Revert back to plans not skipping previews, this is orthognal to --skip-preview
* Trying to work out non-determinism
* Remove notes.txt
* Hacking with check idea
* Pass checked inputs back to Check from plan file
* Include resource urn in constraint error
* Give much more informative errors when plans fail
* lint
* Update expected diag strings in tests
* Remove unused code
* Duplicate Diff and DeepEquals methods for plans
* Add comment about check ops with failures
* Fix CheckedInputs comment
* OutputDiff doesn't need to be a pointer
* Fix checks against computed
* diffStringSets
* lint
* lint pkg
* Use 4 space indent
* Don't wrap Buffer in Writer
* Mark flags hidden rather than disabled
* Remove envvars from plans
* Assert MarkHidden error
* Add to changelog
* Note plan/save-plan is experimental
Co-authored-by: Pat Gavlin <pat@pulumi.com>
Co-authored-by: Alex Mullans <a.mullans@pulumi.com>
Adds a `--limit` flag to `pulumi stack history. This allows limiting to the last few entries rather than fetching the entirety of a stack's update history (which can be quite slow for stacks with lots of updates). Example: `pulumi stack history --limit 1` fetches the last history entry only.
`stack.up` and related operations in the Automation API have been updated to consume this change, drastically reducing overhead.
* Correctly rename stack files during a rename
This fixespulumi/pulumi#4463, by renaming a stack's configuration
file based on its stack-part, and ignoring the owner-part. Our
workspace system doesn't recognize configuration files with fully
qualified names. That, by the way, causes problems if we have
multiple stacks in different organizations that share a stack-part.
The fix here is simple: propagate the new StackReference from the
Rename operation and rely on the backend's normalization to a
simple name, and then use that the same way we are using a
StackReference to determine the path for the origin stack.
An alternative fix is to recognize fully qualified config files,
however, there's a fair bit of cleanup we will be doing as part of
https://github.com/pulumi/pulumi/issues/2522 and
https://github.com/pulumi/pulumi/issues/4605, so figured it is best
to make this work the way the system expects first, and revisit it
as part of those overall workstreams. I also suspect we may want to
consider changing the default behavior here as part of
https://github.com/pulumi/pulumi/issues/5731.
Tests TBD; need some advice on how best to test this since it
only happens with our HTTP state backend -- all integration tests
appear to use the local filestate backend at the moment.
* Add a changelog entry for bug fix
* Add some stack rename tests
* Fix a typo
* Address CR feedback
* Make some logic clearer
Use "parsedName" instead of "qn", add a comment explaining why
we're doing this, and also explicitly ignore the error rather
than implicitly doing so with _.
* Make `async:true` the default for `invoke` calls (#3750)
* Switch away from native grpc impl. (#3728)
* Remove usage of the 'deasync' library from @pulumi/pulumi. (#3752)
* Only retry as long as we get unavailable back. Anything else continues. (#3769)
* Handle all errors for now. (#3781)
* Do not assume --yes was present when using pulumi in non-interactive mode (#3793)
* Upgrade all paths for sdk and pkg to v2
* Backport C# invoke classes and other recent gen changes (#4288)
Adjust C# generation
* Replace IDeployment with a sealed class (#4318)
Replace IDeployment with a sealed class
* .NET: default to args subtype rather than Args.Empty (#4320)
* Adding system namespace for Dotnet code gen
This is required for using Obsolute attributes for deprecations
```
Iam/InstanceProfile.cs(142,10): error CS0246: The type or namespace name 'ObsoleteAttribute' could not be found (are you missing a using directive or an assembly reference?) [/Users/stack72/code/go/src/github.com/pulumi/pulumi-aws/sdk/dotnet/Pulumi.Aws.csproj]
Iam/InstanceProfile.cs(142,10): error CS0246: The type or namespace name 'Obsolete' could not be found (are you missing a using directive or an assembly reference?) [/Users/stack72/code/go/src/github.com/pulumi/pulumi-aws/sdk/dotnet/Pulumi.Aws.csproj]
```
* Fix the nullability of config type properties in C# codegen (#4379)
Adds a new experimental `pulumi watch` CLI command which can be used for inner loop development on a Pulumi stack. This command is only available currently via `PULUMI_EXPERIMENTAL=true` while in active development.
The `watch` command does the following:
1. Watches the workspace (the tree rooted at the `Pulumi.yaml` file) for changes
2. Triggers an `update` to the stack whenever there is a change
3. Streams output containing summaries of key update events as well as logs from any resources under management into a combined CLI output
Part of https://github.com/pulumi/pulumi/issues/3448.
The PULUMI_EXPERIMENTAL flag also makes`query` and `policy` available.