mirror of https://github.com/pulumi/pulumi.git
48 Commits
Author | SHA1 | Message | Date |
---|---|---|---|
Justin Van Patten |
61c5b03dc7
|
Bump go modules (#16051)
This is a replacement of https://github.com/pulumi/pulumi/pull/16043, with an additional commit that includes the changes after running `make tidy`. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
|
Thomas Gummerer |
fbfe3904a5
|
Upgrade gocloud.dev to 0.37 (#15924)
Upgrade gocloud.dev to 0.37. Given what I found in https://github.com/pulumi/pulumi/issues/15786#issuecomment-2051667094, I don't believe this will help with this issue, but we should probably upgrade this to the latest version anyway. This should not be merged until https://github.com/pulumi/pulumi/pull/15906 is also merged. |
|
Thomas Gummerer |
80f6ea9686
|
Add AWS access key to environment variables (#15909)
This should make the AWS tests actually be run in CI instead of them being skipped. Fixes: https://github.com/pulumi/pulumi/issues/15908 |
|
Zaid Ajaj |
00b685606d
|
[docs] Implement Java constructor syntax examples (#15805)
# Description This PR implements Java constructor syntax examples, rendering them into the docs. It upgrades pulumi-java to 0.10.0 which includes features from https://github.com/pulumi/pulumi-java/pull/1338 It also updates contructor syntax generator to emit an unbound variable for resource-typed properties. We use the name of the resource as the name of the variable: ```typescript const example = new Resource("name", { pet: randomPet }) ```` where `pet` is a property that is typed as `random.RandomPet` so it gets assigned the (unbound) variable called `randomPet` Previously we would skip emitting any code for resource-typed properties. I think this gives better docs even though it doesn't compile ## Checklist - [ ] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
Ian Wahbe |
41e38c9a27
|
Fix coming soon misrender (#15783)
<!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description Fixes a render bug when `Coming soon!` is written. Fixes https://github.com/pulumi/registry/issues/4202 ## Checklist - [X] I have run `make tidy` to update any new dependencies - [X] I have run `make lint` to verify my code passes the lint check - [X] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [X] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [X] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
Justin Van Patten |
14babed82b
|
Bump google.golang.org/protobuf, golang.org/x/crypto, and github.com/moby/moby (#15717)
Bumps google.golang.org/protobuf, [golang.org/x/crypto](https://github.com/golang/crypto) and [github.com/moby/moby](https://github.com/moby/moby). Replaces #15688 -- running the acceptance tests on that PR is having problems Fixes #15674 --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
|
Fraser Waters |
7bb2a3c2ac
|
Auto-fix encrypted keys in the wrong format due to gocloud.dev upgrade regression (#15334)
When attempting another gocloud.dev upgrade, some users ran into a regression related to the format change of encrypted keys between gocloud versions, which part of the system was not accounting for. This PR addresses the issue and includes a fix that automatically fixes forward state that has an encrypted key in the wrong format, and includes a regression test and test for the auto-fix behavior. Fixes #15329 Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com> |
|
Justin Van Patten |
d1904beb14
|
Revert gocloud.dev upgrade (#15333)
Still regressions happening associated with upgrading gocloud.dev. This reverts https://github.com/pulumi/pulumi/pull/15202. Fixes #15329 |
|
Thomas Gummerer |
927b7efef5
|
upgrade gocloud.dev take 2 (#15202)
Another attempt at upgrading gocloud.dev to the latest version. We've identified and added tests for the issues that came up in the last attempt to do the upgrade in https://github.com/pulumi/pulumi/pull/15161 and https://github.com/pulumi/pulumi/pull/15187. The problem with the SAS key appears to have been fixed in gocloud.dev 0.36.0 (The previous upgrade tried 0.28.0), and I've added additional fixes for the azure key vault problem during pulumi refresh in this PR. This needs https://github.com/pulumi/pulumi/pull/15161 to be merged first, but I wanted to open a PR in the meantime. Fixes #15138 Fixes https://github.com/pulumi/pulumi/issues/14647 Fixes https://github.com/pulumi/pulumi/issues/13161 Fixes https://github.com/pulumi/pulumi/issues/14431 Fixes https://github.com/pulumi/pulumi/issues/14541 ## Checklist - [x] I have run `make tidy` to update any new dependencies - [ ] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
dependabot[bot] |
bd93fcf91a
|
Bump the go_modules group across 29 directories with 1 update (#15131)
Bumps the go_modules group with 1 update in the /cmd/pulumi-test-language directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /sdk/go/pulumi-language-go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /sdk/nodejs/cmd/pulumi-language-nodejs directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /sdk/python/cmd/pulumi-language-python directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/benchmarks/go-alias-norm directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/about/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/config_basic/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/config_missing/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/config_secrets_warn/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_configure_provider/testcomponent-go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_methods/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_methods_errors/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_methods_provider/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_methods_resources/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_methods_unknown/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_output_values/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_plain/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_provider/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_provider_explicit/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_provider_propagation/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_resource_options/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_component_unknown/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/construct_nested_component/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/deleted_with/go directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/rotate_passphrase directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Bumps the go_modules group with 1 update in the /tests/integration/state_rename_parent directory: [github.com/cloudflare/circl](https://github.com/cloudflare/circl). Updates `github.com/cloudflare/circl` from 1.3.3 to 1.3.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/cloudflare/circl/releases">github.com/cloudflare/circl's releases</a>.</em></p> <blockquote> <h2>CIRCL v1.3.7</h2> <h3>What's Changed</h3> <ul> <li>build(deps): bump golang.org/x/crypto from 0.3.1-0.20221117191849-2c476679df9a to 0.17.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/467">cloudflare/circl#467</a></li> <li>kyber: remove division by q in ciphertext compression by <a href="https://github.com/bwesterb"><code>@bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/468">cloudflare/circl#468</a></li> <li>Releasing CIRCL v1.3.7 by <a href="https://github.com/armfazh"><code>@armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/469">cloudflare/circl#469</a></li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/dependabot"><code>@dependabot</code></a> made their first contribution in <a href="https://redirect.github.com/cloudflare/circl/pull/467">cloudflare/circl#467</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7">https://github.com/cloudflare/circl/compare/v1.3.6...v1.3.7</a></p> <h2>CIRCL v1.3.6</h2> <h3>What's Changed</h3> <ul> <li>internal: add TurboShake{128,256} by <a href="https://github.com/bwesterb"><code>@bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/430">cloudflare/circl#430</a></li> <li>Kangaroo12 draft -10 by <a href="https://github.com/bwesterb"><code>@bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/431">cloudflare/circl#431</a></li> <li>Add K12 as XOF by <a href="https://github.com/bwesterb"><code>@bwesterb</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/437">cloudflare/circl#437</a></li> <li>xof/k12: Fix a typo in the package documentation by <a href="https://github.com/cjpatton"><code>@cjpatton</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/438">cloudflare/circl#438</a></li> <li>Set CIRCL version for generated assembler code. by <a href="https://github.com/armfazh"><code>@armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/440">cloudflare/circl#440</a></li> <li>Add tkn20 benchmarks by <a href="https://github.com/tanyav2"><code>@tanyav2</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/442">cloudflare/circl#442</a></li> <li>Add partially blind RSA implementation by <a href="https://github.com/chris-wood"><code>@chris-wood</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/445">cloudflare/circl#445</a></li> <li>Update doc.go by <a href="https://github.com/nadimkobeissi"><code>@nadimkobeissi</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/447">cloudflare/circl#447</a></li> <li>tss/rsa: key generation for threshold RSA (safe primes) by <a href="https://github.com/armfazh"><code>@armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/450">cloudflare/circl#450</a></li> <li>Bumping Go version for CI jobs. by <a href="https://github.com/armfazh"><code>@armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/457">cloudflare/circl#457</a></li> <li>Spelling by <a href="https://github.com/jsoref"><code>@jsoref</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/456">cloudflare/circl#456</a></li> <li>blindrsa: updating blindrsa to be compliant with RFC9474 by <a href="https://github.com/armfazh"><code>@armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/464">cloudflare/circl#464</a></li> <li>Releasing CIRCL v1.3.6 by <a href="https://github.com/armfazh"><code>@armfazh</code></a> in <a href="https://redirect.github.com/cloudflare/circl/pull/465">cloudflare/circl#465</a></li> </ul> <h3>New Contributors</h3> <ul> <li><a href="https://github.com/nadimkobeissi"><code>@nadimkobeissi</code></a> made their first contribution in <a href="https://redirect.github.com/cloudflare/circl/pull/447">cloudflare/circl#447</a></li> <li><a href="https://github.com/jsoref"><code>@jsoref</code></a> made their first contribution in <a href="https://redirect.github.com/cloudflare/circl/pull/456">cloudflare/circl#456</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6">https://github.com/cloudflare/circl/compare/v1.3.3...v1.3.6</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
|
Thomas Gummerer |
c48ed3ba49
|
Revert "upgrade gocloud.dev to latest version" (#15128)
Reverts pulumi/pulumi#15011 /xref https://github.com/pulumi/pulumi/issues/15126 /xref https://github.com/pulumi/pulumi/issues/15127 |
|
Thomas Gummerer |
d7b1a1d9b1
|
upgrade gocloud.dev to latest version (#15011)
Upgrade gocloud.dev to the latest version. This requires a bit of a workaround, since `gocloud.dev` changed its expectations how the encryption key is stored for Azure. In v0.27.0 and earlier, gocloud.dev accepted an encryption key that was wrapped in base64.RawURLEncoding (and produced one that was wrapped as such. However in v0.28.0 that changed and the encryption key was no longer wrapped in gocloud.dev, and as such it also didn't expect a wrapped key anymore . To keep compatibility we'll keep wrapping the azure key for gocloud.dev in an inner encoding, which seems to be the path of least resistance. Alternatively we could introduce a `v2` encoding by prefixing the string, but that ends up being messier than just keeping the strings compatible. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> Tests were introduced in https://github.com/pulumi/pulumi/pull/14649, I've updated them slightly to cover the new code as well. - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
Fraser Waters |
40b45ecc85
|
Add test for azure secrets (#14649)
Add a test showing the problems we ran into when upgrading from gocloud.dev 0.27.0 to 0.28.0 and 0.29.0. It's a little bit awkward, since the issue only happens when upgrading form an encrypted key generated with the old version of gocloud.dev to a newer version of gocloud.dev. Fixes https://github.com/pulumi/pulumi/issues/11986 --------- Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com> |
|
Justin Van Patten |
37e6ad44d0
|
Upgrade go-git to v5.11.0 (#15013)
Bumps github.com/go-git/go-git/v5 to 5.11.0 to address https://github.com/go-git/go-git/security/advisories/GHSA-mw99-9chc-xw7r Co-authored-by: Roy Reznik <roy@wiz.io> |
|
Justin Van Patten |
53244f09ae
|
Bump golang.org/x/crypto to 0.17.0 (#14962)
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) to 0.17.0. Replaces all the dependabot PRs in the repo with this single PR. Also bumped `github.com/pulumi/pulumi/sdk/v3` in `tests/integration/transformations/go/simple/go.mod` from v3.97.0 to v3.98.0 to use esc v0.6.1, and avoid the appdash issue. |
|
Justin Van Patten |
9853228bc9
|
Update esc to v0.6.2 (#14960)
Update to the latest version of esc. |
|
Justin Van Patten |
b0c276ece0
|
Update esc to v0.6.1 (#14939)
First step in addressing https://github.com/pulumi/pulumi/issues/14873 Note: I suspect I'll need to temporarily disable some codegen tests to get this merged, and then once we release v3.98.0 and the next version of esc, we can re-enable. |
|
Fraser Waters |
29bf5d694b
|
Replace ResourceSet with a generic set type (#14724)
<!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> We've got a few "Set" types written up from before generics. We should be able to replace them all with just one generic set container now. This replaces `graph.ResourceSet` (which is only used in pkg) with a generic set type (github.com/deckarep/golang-set). |
|
Fraser Waters |
d078735823
|
Reimport appdash from our mirror (#14701)
Fixes https://github.com/pulumi/pulumi/issues/14646. |
|
Pat Gavlin |
064fb93587
|
[esc] Add commands for managing stack environments (#14628)
These changes add two commands for managing a stack's environments: - `pulumi config env add`, which adds environments to a stack's import list - `pulumi config env rm`, which removes an environment from a stack's import list As implied by their paths, these commands hang off of a new sub-command of `pulumi config`, `pulumi config env`. From the usage: * `pulumi config env add` Adds environments to the end of a stack's import list. Imported environments are merged in order per the ESC merge rules. The list of stacks behaves as if it were the import list in an anonymous environment. * `pulumi config env rm` Removes an environment from a stack's import list. Each of these commands previews the new stack environment and shows the environment definition. These commands print a warning if the stack's environment does not define any of the `environmentVariables`, `files`, or `pulumiConfig` properties. |
|
Pat Gavlin |
ecb58cc9f7
|
[cli] Include config from ESC in `pulumi config` (#14560)
These changes include any configuration values sourced from a stack's ESC environment to the output of `pulumi config`. These changes also add an `ENVIRONMENT` block to the output of `pulumi config` for stacks that reference environments. This block shows the definition of the stack's environment. Finally, these changes add a warning to `pulumi config` if the stack's ESC environment does not define any of the `environmentVariables`, `files`, or `pulumiConfig` properties. |
|
Fraser Waters |
84ac5036d9
|
Update esc to v0.6.0 (#14591)
Should help with the `cli.PrepareEnvironment` build issues some people have been seeing. |
|
Bryce Lampe |
cbcad3277e
|
Allow shallow clones for local workspaces (#14312)
<!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description This exposes a GitRepo option to enable shallow cloning repositories. This is helpful in cases where the repo has a large history. ## Checklist - [ ] I have run `make tidy` to update any new dependencies - [ ] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [ ] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
Thomas Gummerer |
4a577563ef
|
upgrade pulumi-yaml to 1.4.0 (#14425)
Upgrade pulumi-yaml to the latest version |
|
Pat Gavlin |
06f1154a82
|
[esc] update to v0.5.7 (#14430)
Co-authored-by: Justin Van Patten <jvp@justinvp.com> |
|
Justin Van Patten |
9d653491f6
|
[chore] update esc (#14284)
Pin to v0.5.6 to pick up the CLI doc generation fix, and other improvements. Fixes #14237 |
|
Fraser Waters |
2c74dddc91
|
Switch to use env.Env in filestate (#14044)
Internal refactor to use `env.Env` directly in filestate rather than mocking `os.Getenv`. |
|
Pat Gavlin |
7e189e3a78
|
[chore] update esc (#14155)
Pin to v0.5.2 to pick up a couple of bug fixes and a new command-line option for `env init`. |
|
Pat Gavlin |
4d3b82cb9f
|
[cli] Add support for environments (#14140)
These changes add support for ESC environments to the Pulumi CLI. This involves two major changes: - Support for the `env` subcommand - Support for the `environment` stanza in stack config files The former reuses the command from `esc` itself with a little rebranding. The latter adds support to stack config files for an `environment` property of the form: ```yaml environment: - list - of - environment - names ``` If this property is present in a stack's config file, the CLI will open the and merge the listed environments during `pulumi up` et. al. If an object-valued `pulumiConfig` property is present in the opened environment, its values will be merged on top of the stack's config prior to whatever operation is to be performed. If an object-valued `environmentVariables` property is present inthe opened environment, its values will be published as environment variables prior to the Pulumi operation. Any values in the open environment's `pulumiConfig` or `environmentVariables` that are marked as secret will be encrypted in the resulting config and will be filtered from the command's logs. |
|
Joe Duffy |
96a9a77167
|
Policy remediations feature (#14080)
This PR implements the new policy transforms feature, which allows policy packs to not only issue warnings and errors in response to policy violations, but actually fix them by rewriting resource property state. This can be used, for instance, to auto-tag resources, remove Internet access on the fly, or apply encryption to storage, among other use cases. |
|
Pat Gavlin |
6756c12fd0
|
[config] Clean up implementation (#13814)
These changes replace the idiosyncratic implementation of some of the config Map and Value APIs with (hopefully) more straightforward code. The fundamental representation of a config.Value remains a (value, secure, object) tuple, where value is either a plain, possible-encrypted string value or the JSON encoding of an object value. All operations on values that need to observe the object value itself still decode the JSON representation into a richer representation. This richer representation, however, is no longer composed of `any` values: instead, it is composed of `object` values. These values contain a restricted set of types and directly track whether or not their contents are a secure string value. The object-based representation allows for much clearer implementations of the marshaling and traversal code without breaking compatibility. In addition to the new implementation for config.Value, these changes add a config.Plaintext type that represents a plaintext config value. A Plaintext value can be created manually or by decrypting a Value, and can be encrypted and converted to a Value. This allows for more natural creation and manipulation of config values. |
|
Fraser Waters |
bf601d2070
|
Update golang.org/x/mod (#14068)
<!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Go 1.21.1 is now adding new toolchain declarations to go.mod files. This updates our dependency for this so users shouldn't hit errors due to toolchain bits in their go.mod files. ## Checklist - [x] I have run `make tidy` to update any new dependencies - [ ] I have run `make lint` to verify my code passes the lint check - [ ] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [ ] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
Kyle Dixler |
779f82dfdd
|
[`pulumi new` wrapping] Fix pulumi new selector wrapping on narrow terminals. (#13979)
<!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Fixes https://github.com/pulumi/pulumi/issues/8169 Fixes https://github.com/pulumi/pulumi/issues/11812 Bump survey to v2.3.7 which contains a fix for https://github.com/go-survey/survey/issues/101 Old: https://asciinema.org/a/jhHadL382jrzrLiU9vAsV7YR9 New: https://asciinema.org/a/lEVkdm1UdMXwUWdpipMxLGOga ## Checklist - [x] I have run `make tidy` to update any new dependencies - [x] I have run `make lint` to verify my code passes the lint check - [x] I have formatted my code using `gofumpt` <!--- Please provide details if the checkbox below is to be left unchecked. --> - [ ] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Cloud, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Cloud API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. --> |
|
Kyle Dixler |
e78f98e2ab
|
Revert "PoC: cli/new: Use bubbletea for template list" (#13961)
Reverts pulumi/pulumi#13816 Temporarily reverting this until we make some improvements to the experience. |
|
Abhinav Gupta |
630a790a23
|
PoC: cli/new: Use bubbletea for template list (#13816)
Switches the survey-based list picker we use to pick a template to use bubbletea with the bubbles/list widget. Instead of using any of the default bubbles/list renderings, this implements a custom renderer for list items (the delegate) that provides an experience closer in look to the 'pulumi new' today. Related to #13815 in spirit. Fixes #11812 Fixes #8169 --- Demos <details> <summary>Basic usage</summary> [![asciicast](https://asciinema.org/a/NeecyanZP2iyzlrAOKRiKckJZ.svg)](https://asciinema.org/a/NeecyanZP2iyzlrAOKRiKckJZ) </details> <details> <summary>Handling of really small terminals</summary> [![asciicast](https://asciinema.org/a/RZW3NfX5SQ8rL4mR1iRLQ6yi1.svg)](https://asciinema.org/a/RZW3NfX5SQ8rL4mR1iRLQ6yi1) </details> |
|
Abhinav Gupta |
b51caa6ab4
|
cmdutil.ReadConsole[NoEcho]: Use bubbletea (#13815)
Switch the cmdutil.ReadConsole and cmdutil.ReadConsoleNoEcho functions to use the bubbletea library to render the prompt, using the textinput widget provided by the accompanying bubbles library. The resulting input widgets support arrow keys, back space, and some basic readline-style bindings including Ctrl-A, Alt-B, etc. I went through all uses of ReadConsole or ReadConsoleNoEcho. Only the one in new.go had a non-compliant prompt that I had to adjust. Note: One divergence in behavior I opted for was that password prompts will echo '*' characters as the user is typing and then no echo once they've accepted or canceled the value. Previously, the prompt did not echo anything in either case. <details> <summary> Introduction if you're unfamiliar with bubbletea </summary> bubbletea operates by modeling the widget state as an immutable data structure that receives messages for events. On receiving a message (key press, e.g.) the model's Update method returns a new model instance representing its new state. Update may also optionally return additional commands for the program, e.g. stop running, or print something and move on. The model's View method returns what should be drawn in the terminal based on the model's current state. This programming model makes it reasonably straightforward to unit test some of the core functionality of independent widgets as demonstrated in this PR. </details> Resolves #1565 --- Demos: <details> <summary>Plain text</summary> ![prompt-plain](https://github.com/pulumi/pulumi/assets/41730/66258fc8-f772-4d01-bc7c-1f7b116aebaa) </details> <details> <summary>Secret</summary> ![prompt-secret](https://github.com/pulumi/pulumi/assets/41730/372f862e-9186-4d47-ba7d-0107c47f52f6) </details> <details> <summary>Secret prompt with padding</summary> ![prompt-secret-2](https://github.com/pulumi/pulumi/assets/41730/e9b7c253-4c9d-4235-9fa6-197aa0522033) </details> |
|
Levi Smith | 35e7745f46 | update aws-sdk to sso session supported version | |
Abhinav Gupta |
91a079851b
|
deps: Upgrade google.golang.org/{genproto, grpc}
Updates to the latest versions of google.golang.org/genproto and google.golang.org/grpc in all submodules in the repository. This is necessary because in a recent change, genproto split out some of its subpackages into independent submodules. (https://github.com/googleapis/go-genproto/issues/1015) As a result of this, some users may see the error: ``` google.golang.org/genproto/googleapis/rpc/status: ambiguous import: found package google.golang.org/genproto/googleapis/rpc/status in multiple modules: google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 (/home/runner/go/pkg/mod/google.golang.org/genproto@v0.0.0-20230410155749-daa745c078e1/googleapis/rpc/status) google.golang.org/genproto/googleapis/rpc v0.0.0-20230725213213-b022f6e96895 ``` Because pu/pu is using 20230410155749, which has googleapis/rpc as a subpackage, but another dependency references the independent submodule (20230725213213), so the system doesn't know which module to use for the import path, google.golang.org/genproto/googleapis/rpc/status. This is a problem for codegen tests and ProgramTest-based tests for Pulumi Go programs that do not have a go.mod in the test directory. This issue was encountered by @thomas11 while attempting to upgrade dependencies in pulumi-docker (pulumi/pulumi-docker#700). The grpc upgrade is necessary because the current version of grpc also pulls the outdated version of genproto. |
|
Kyle Dixler | 658021f5ff |
Add `pulumi state edit` utility.
Fixes #13088 Adds `pulumi state edit` an experimental utility for manually editing pulumi stack state. The command mimics the `git commit` flow by opening the stack's state in the text editor specified by the EDITOR environment variable and then previews the file to be saved. There are TODO comments detailing remaining steps to un-hide `pulumi state edit`. Namely testing round-tripping unicode. |
|
Abhinav Gupta |
f59ab49fc5
|
deps(go): Upgrade to grpc 1.56.1
Upgrades to gRPC Go 1.56.1 to resolve the influx of dependabot PRs. Supersedes all dependabot PRs created for this. Fixes CVE-2023-32731 |
|
Abhinav Gupta |
d5fea1783b
|
cli(state upgrade): Prompt for project names for detached stacks
When running 'pulumi state upgrade', supply the ProjectsForDetachedStacks option to the file state backend so that we get asked to fill in project names for stacks where we could not guess them automatically. The implementation of the prompt is straightforward: For each stack, ask a question with the survey package and feed the result back to the filestate backend. Testing this is a bit complicated because terminals are involved. The test for this uses the go-expect and vt10x libraries recommended in the documentation for survey. It uses them to simulate a terminal emulator and acts on the output. The pty library is used to create a compatible pseduo-terminal. Unfortunately, these test libraries rely on Unix APIs and are not available on Windows, so the test will not run on Windows machines. Resolves #12600 |
|
Fraser Waters | c604b56ace |
Revert "Merge #13167"
Fixes https://github.com/pulumi/pulumi/issues/13181 Fixes https://github.com/pulumi/pulumi/issues/13183 This reverts commit |
|
Mateo Davis | 144efaf5ce | update gocloud.dev | |
Abhinav Gupta |
d05dc76f69
|
filestate: Add re-usable worker pool
The filestate backend's Upgrade method currently does some manual goroutine management to ensure that it uses a fixed number of goroutines as it attempts to upgrade all stacks in parallel. This was fine while the upgrade step was just one phase: Roughly: for _, stack := range stacks { go upgrade(stack) } // Using a pool instead of a new goroutine for each upgrade. However, this will not suffice with upcoming changes to address #12600 because the upgrade process will now have multiple phases: gather information, fill missing information with a prompt, upgrade. Only the first and last phases of this are parallelizable. Attempting to do that using the existing pattern in Upgrade will lead to code that is quite difficult to read, so this change introduces a simple shared worker pool abstraction. It operates like a mix of `sync.WaitGroup` and [errgroup][1]. Namely: - supports multiple `Wait` and `Enqueue` phases (like WaitGroup) - supports functions that return errors (like errgroup) [1]: https://pkg.go.dev/golang.org/x/sync@v0.1.0/errgroup This makes it very easy to adapt code that looks like the following: wg := &errgroup.Group{} for _, x := range xs { x := x wg.Go(func() error { return f(x) }) } if err := wg.Wait(); err != nil { return err } wg = &errgroup.Group{} for _, y := range ys { y := y wg.Go(func() error { return f(y) }) } if err := wg.Wait(); err != nil { return err } Into the following: pool := newWorkerPool(..) defer pool.Close() for _, x := range xs { x := x pool.Enqueue(func() error { return f(x) }) } if err := pool.Wait(); err != nil { return err } for _, y := range ys { y := y pool.Enqueue(func() error { return f(y) }) } if err := pool.Wait(); err != nil { return err } The workerPool-based version looks similar, but it'll spawn a fixed number of goroutines once at the start and re-use them for all tasks. |
|
Kyle Dixler |
9a9cee9250
|
Upgraded pulumi-java go dependency to v0.9.4 | |
Fraser Waters | 8446f2208c |
Allow mapping requests to install plugins
Enabling fix for https://github.com/pulumi/pulumi-terraform-bridge/issues/1130 This adds two new bits of logic to the plugin mapper. Firstly when getting a mapping request for a given package X, as well as searching to see if we have an X plugin already installed to call it's `GetMapping` method first, we now also try to install X if we don't already have it. The install failing is not considered an error, we'll just try the other plugins to see if they map and then possibly return empty (as before). Secondly the converter can pass a hint to what the pulumi plugin for the ecosystem plugin is. If no hint is given we assume the pulumi plugin name is the same as the ecosystem name. But this can be used for example in the terraform converter to tell the engine that for example the terraform provider "azurerm" is called "azure" in pulumi. The hint is just a hint, if the name doesn't match all the other plugins will be searched as before. |
|
Pat Gavlin | a8f41f031b |
[sdk] Update uniseg
The latest version of this module dramatically improves its allocation volume and offers a friendlier API for measuring string width. |
|
Fraser Waters | 7e485f5d3d | Plumb codegen rpc into nodejs |