This commit introduces a `Metadata` field to state snapshots. The
initial use case for this field will be tracking snapshot integrity
errors, so that better messages can be produced for users and better
diagnostic information preserved for contributors. When this commit is
merged, support for persisting the field will be added to backends
appropriately, before use cases such as the above can be implemented.
There are a number of cases where it would be useful to be able to seed
a newly-created stack with an initial state. #17037 and its underlying
issue, for instance, could be resolved by persisting a non-default
secrets manager as part of stack initialisation rather than as a
separate subsequent operation. Now that `Backend.CreateStack` accepts an
initial state, we can modify implementations to actually persist the new
parameter. This commit does so for the DIY backend.
There are a number of cases where it would be useful to be able to seed
a newly-created stack with an initial state. #17037 and its underlying
issue, for instance, could be resolved by persisting a non-default
secrets manager as part of stack initialisation rather than as a
separate subsequent operation. This commit starts the journey to
enabling this, adding an `initialState` parameter to the
`Backend.CreateStack` interface method.
This commit adds the `goheader` rule to `golangci-lint` to enforce that
all our Go source code includes appropriate licence headers, fixing up
files that currently fail that check.
---------
Co-authored-by: Will Jones <will@sacharissa.co.uk>
This change switches back to using the stdlib's `os/user` to get the
current user. We originally used `os/user` but moved to a drop-in
replacement (https://github.com/tweekmonster/luser) in #5065 which
worked better without `cgo` at the time. However,
https://github.com/tweekmonster/luser no longer appears to be maintained
and the stdlib's `os/user` has a pure Go implementation (which doesn't
require `cgo`) which has improved since then, so we should be able to
switch back to it now.
Commits:
1. Update the *.go files
2. Result of running `make tidy`
Fixes#17123
The latest version of golangci-lint (1.60.3) flags a bunch of new issues
in our code base. This PR addresses part of them ahead of the upgrade.
* A dynamic string passed to printf style functions as first argument,
this can lead to bad `%` interpolations. The fix is typically to use
`"%s"` as first argument and pass the dynamic string as 2nd argument.
* Using `os.ModePerm` in tests instead of more restricted file
permissions. The fix is to use 0o600 for files, or 0o700 for
directories.
* Int conversion overflows. The fix has to be done case by case,
checking that no overflow can occur.
When renaming a stack, we need to rewrite URN references to use the new
stack name instead of the old one. Presently such references can occur
as:
* `Parent` references
* `Provider` references
* `Dependencies`
* `PropertyDependencies`
* `DeletedWith` references
The current renaming implementation fails to rewrite `DeletedWith`
references. Previously this went unnoticed since such references were
also omitted when checking snapshot integrity. Now that integrity checks
correctly inspect `DeletedWith` properties, the omission during rename
has been surfaced. This commit fixes renaming to handle `DeletedWith`
correctly. A follow-up should also ensure that renaming checks integrity
itself prior to operation completion.
Fixes#16215
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
SerializePropertyValue needed a `context.Context` object to pass to the
`config.Encrypter`. It was using `context.TODO()`, this change instead
accepts a context on the parameters and lifts that up to
SerializeProperties, SerializeResource, SerializeOperation, and
SerializeDeployment.
There were a few call sites for those methods that already had a context
on hand, and they now pass that context. The other calls sites now use
`context.TODO()`, we should continue to iterate in this area to ensure
everywhere that needs a context has one passed in.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [ ] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
This commit adds the `--fully-qualify-stack-names` (or `-Q` for short)
global command-line argument, which when supplied will always print
stack names in the fully-qualified form of `organization/project/stack`.
Fixes#11081.
## Checklist
- [X] I have run `make tidy` to update any new dependencies
- [X] I have run `make lint` to verify my code passes the lint check
- [X] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [X] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
<!---
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->
# Description
<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->
There were a number of places where we passed a `Snapshot` and a
`secret.Manager` as arguments to a method, where if the `Manger` was nil
we'd fall back to the `Snapshot.SecretManager` (which could also be
nil).
Turns out in all but one place this was always passed as nil or just as
directly the snapshot's `SecretManager` field.
The one place it differed was in
`pkg/cmd/pulumi/stack_change_secrets_provider.go` where we're changing
the secret manager, but it's fine to just set the snapshot's
`SecretManager` field to the new manager.
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
In gocloud.dev 0.34.0 the behaviour for file:// URLs changed, making
pulumi fail when the state is supposed to be written to a mounted
directory. See also https://github.com/pulumi/pulumi/issues/15352.
Restore the old behaviour by adding a `no_tmp_dir=true` flag to the URL,
unless the user provided it themselves. We also allow users to pass
`no_tmp_dir=false` in the parameters, which will opt in to the new
behaviour.
This actually implements option 2 from the linked issue since it was
easy enough to do, though I don't expect may users to make use of it,
since I don't think a lot of people care about the contents of whatever
directory the state is stored in anyway, so additional temp files there
don't really matter.
Fixes https://github.com/pulumi/pulumi/issues/15352
## Checklist
- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
- [x] I have formatted my code using `gofumpt`
<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!---
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
---------
Co-authored-by: Justin Van Patten <jvp@justinvp.com>
This goes through the codebase to try and be consistent about names for
the diy/filestate/local/selfmanaged backend. Every reference to this
backend should now use the terms "DIY". There are a couple of places
that still say "local DIY backend" this is referring to a DIY backend
using the local filesystem (i.e. `pulumi login --local`).