Commit Graph

317 Commits

Author SHA1 Message Date
Sean Yeh fd77fa0e32
Improve invalid credentials error message ()
We're seeing this error from esc
([issue](https://github.com/pulumi/esc/issues/401)) which is confusing
because it recommends `pulumi login` when using `esc login`.
Additionally, rerunning `pulumi login` (or `esc login`) as the message
suggests doesn't actually fix anything. I think a better error message
is to suggest fixing or deleting the invalid credentials file - open to
suggestions though

Testing:
```
❯ go run ./cmd/pulumi login
error: could not determine current cloud: failed to read Pulumi credentials file. Please fix or delete invalid credentials file: '/Users/sean/.pulumi/credentials.json': invalid character 'a' looking for beginning of value
exit status 255
```
2024-10-11 19:23:35 +00:00
Will Jones c496921d44
Enable some more linting rules ()
Issue  lists a number of extra linting checks that we could enable
in order to make our Go code more robust. This commit implements as many
as seem sensible:

* `durationcheck`, which checks for multiplication of `time.Duration`s,
which can lead to unexpected behaviour (e.g. `time.Second * time.Second`
is *not* one second)
* `goprintffuncname`, which checks that `Printf`-like functions are
appropriately suffixed with `f` to indicate as such
* `tenv`, which checks for `os.Setenv` in tests where `t.Setenv` is
generally a better solution
* `wastedassign`, which checks for assignments whose values are never
used (such as initial values before an `if` where both branches then
overwrite the value)
* `whitespace`, which checks for blank lines at the beginning and end of
blocks such as functions, `if`s, `for`s and so on.

This commit does *not* enable the following checks listed in :

* `wrapcheck`, which insists that third-party library errors are always
`%w`rapped -- we have a lot of cases where we don't do this and it's
probably a bit more involved than "just wrap them" in terms of making
sure we don't break anything (maybe)
* `predeclared`, which checks for shadowing of existing Go identifiers
-- we use `old` and `new` a lot, especially in step generation, so this
is probably a slightly bigger clean-up/one we might want to opt out of
* `mnd` (magic number detection) -- we have a lot of failures on this
* `nilnil` -- we only have a couple of failures on this; these could
probably be handled with `//nolint` but for now I've opted not to take
this route.
2024-10-03 17:37:13 +00:00
Brandon Pollack 1e39fa9d0a
Preserve ordering when editing stack config. ()
This fix does not append new nodes when encountered but instead adds
them to the end after all nodes are processed.

I also took to opportunity to rename new to newNode to not shadow the
keyword. Suprising that go even allows this.

Fixes: 
2024-10-02 13:31:10 +00:00
Will Jones 5792409b15
Check zipped templates for `Pulumi.yaml` files ()
This commit strengthens the validation of project templates supplied as
`.zip` archives, checking them for a `Pulumi.yaml` before copying the
contents.

Closes 

Co-authored-by: Derek Schaller <d_a_schaller@yahoo.com>
2024-10-01 12:44:07 +00:00
Fraser Waters 9d54d48236
Invalidate GITHUB_TOKEN on 401 ()
Part one of fixing https://github.com/pulumi/pulumi/issues/17217. This
disables and retries the plugin http request without GITUHB_TOKEN if we
get a 401 error.

This should help with cases where people have tokens that don't have
access to public resources. We'll see the 401 and retry without the
token set.

This doesn't fix the other part of  to retry 403 error without the
token.

---------

Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com>
2024-09-26 20:28:27 +00:00
Fraser Waters 92ec92201f
Just use errors.Is instead of As and Is ()
Pointed out in
https://github.com/pulumi/pulumi/pull/17239#discussion_r1756396738. We
can just use `Is` here we don't need to unwrap with `As` first.
2024-09-12 23:52:26 +00:00
Will Jones b85a92cd5c
Have `Host.Provider` accept a `PackageDescriptor` ()
Plugins are the core means by which Pulumi may be extended. Language
hosts, resource providers, analyzers, and converters, for instance, are
all kinds of plugin. Plugins are loaded by a plugin `Host`, which also
offers convenience methods for loading specific kinds of plugin such as
those mentioned above.

The `Provider` method on `Host` currently accepts a name and version.
This is not ideal, since there are several other parameters that may
affect the plugin to be loaded, as well as what operations may be run on
it when it is loaded:

* Custom download URLs and checksums may be desirable to control where a
plugin is retrieved from, and to verify a plugin's integrity.
* Parameterization means that while the `aws` provider is desired, it is
actually provided by a dynamically-bridging `terraform` plugin which is
to be supplied with a parameter such as
`{"name":"aws","version":"..."}`.

This PR begins reworking the `Host` interface so that its `Provider`
method accepts a more complete `PackageDescriptor`, consisting of a full
`PluginSpec` and an optional `Parameterization`. Presently this PR just
replicates existing call sites to use the new data structure -- if this
merges successfully then several of these call sites can likely be
cleaned up further by moving duplicated logic that handles things like
custom download URLs, etc. _into_ the newly capable `Provider`
implementation.
2024-09-12 13:17:30 +00:00
Julien 68524af701
Enable goheader rule and add missing license headers ()
This commit adds the `goheader` rule to `golangci-lint` to enforce that
all our Go source code includes appropriate licence headers, fixing up
files that currently fail that check.

---------

Co-authored-by: Will Jones <will@sacharissa.co.uk>
2024-09-09 12:05:45 +00:00
Will Jones 6e396ecf35
Recover from zero-byte `credentials.json` files ()
Pulumi stores credentials in a `credentials.json`. If a non-atomic
operation that writes this file is interrupted, we may end up with a
zero-byte `credentials.json` file. Presently, this will create a
situation where the user has to manually remove the file before e.g.
`pulumi login` will work and retrieve new credentials again (see 
for an example). This commit changes this behaviour, spotting empty
credentials files and returning an empty set of credentials instead of
throwing an error.

Fixes 
2024-09-06 09:57:33 +00:00
Thomas Gummerer c5889864c7
plugins: don't panic when the given path is not clean ()
When the user specifies a provider with a specific path in the
`Pulumi.yaml`, we later in the program assert that the path that was
passed in also matches with the path where we found the plugin. We do
this by using a string comparison, however that doesn't work if the path
the user passes is not clean, e.g. has a trailing slash, or has a double
slash, or some such.

Fix this by using `filepath.Clean` on the user supplied path, which
these things up.

I was also briefly wondering if this works properly if the user passes
in a path that is a symlink (it does), and wrote a test for that,
checking that behaviour.

Fixes https://github.com/pulumi/pulumi/issues/17130
2024-09-04 10:08:44 +00:00
Justin Van Patten de437b1f81
Switch back to `os/user` to get the current user ()
This change switches back to using the stdlib's `os/user` to get the
current user. We originally used `os/user` but moved to a drop-in
replacement (https://github.com/tweekmonster/luser) in  which
worked better without `cgo` at the time. However,
https://github.com/tweekmonster/luser no longer appears to be maintained
and the stdlib's `os/user` has a pure Go implementation (which doesn't
require `cgo`) which has improved since then, so we should be able to
switch back to it now.

Commits:
1. Update the *.go files
2. Result of running `make tidy`

Fixes 
2024-08-31 18:54:35 +00:00
Fraser Waters f8d05644e3
Fix GetPluginInfo with shimless project plugins ()
Before this fix GetPluginInfo would error because stat on the expected
`pulumi-resource-exe` file would fail (because it didn't exist). This
fixes it to fallback to looking at the folder instead.
2024-08-30 15:51:15 +00:00
Fraser Waters a3ac0efc47
Move GetCloudInsecure to pkg workspace ()
A really simple method to move across to the pkg workspace.
2024-08-30 14:19:07 +00:00
Fraser Waters 9aeb43476e
Move GetCurrentCloudURL to pkg workspace ()
This moves GetCurrentCloudURL to the pkg workspace, and updates all
calls in pkg to use the interface method.

This allowed the writing of some unit test for GetCurrentCloudURL.
2024-08-30 11:58:09 +00:00
Fraser Waters 0155f07a92
Move GetBackendConfigDefaultOrg to pkg workspace ()
In preparation for moving `workspace.GetCurrentCloudURL` to the package
workspace we need to move `GetBackendConfigDefaultOrg` first.

(N.B. this also uses `workspace.GetPulumiConfig` which we also want to
move, but will take a bit longer)
2024-08-29 13:22:56 +00:00
Fraser Waters 6a9f938087
Make a PULUMI_BACKEND_URL an env.Var instance ()
Looking into writing some mocked tests for `state destroy` this env var
is touched on the login path and is currently not in our "env" system so
tricky to mock out. This is a small PR to just lift it into the env
system without worrying about plumbing the env instance all the way down
to where it's used (yet).

---------

Co-authored-by: Will Jones <will@sacharissa.co.uk>
2024-08-29 11:09:16 +00:00
Julien 7e2ccd8757
Prepare golangci-lint upgrade ()
The latest version of golangci-lint (1.60.3) flags a bunch of new issues
in our code base. This PR addresses part of them ahead of the upgrade.

* A dynamic string passed to printf style functions as first argument,
this can lead to bad `%` interpolations. The fix is typically to use
`"%s"` as first argument and pass the dynamic string as 2nd argument.
* Using `os.ModePerm` in tests instead of more restricted file
permissions. The fix is to use 0o600 for files, or 0o700 for
directories.
* Int conversion overflows. The fix has to be done case by case,
checking that no overflow can occur.
2024-08-28 07:57:38 +00:00
Julien 487b4a8494
Install missing python versions using pyenv during installation ()
Adds the flag `--use-language-version-tools` to `pulumi install`. When
passed, and `pyenv` is installed, and a `.python-version` file is in the
project directory or any of its parent directories, Pulumi will install
the requested python version if it is not already installed.

`LanguageRuntime.InstallDependencies` now takes a struct
`InstallDependenciesRequest` as argument to make it easier to extend
this call with options.

See https://github.com/pulumi/pulumi-docker-containers/pull/232

---------

Co-authored-by: Thomas Gummerer <t.gummerer@gmail.com>
2024-08-19 15:55:54 +00:00
Julien 1cdd2315de
Don't search upwards for policy packs when determining required plugins ()
We don't need to search upwards for PolicyPack files, we already know
that there aren't any since we don't recurse into policy packs. The
directory traversal is plenty fast on Linux, however it is much slower
on Windows. Node modules often have fairly wide and deep directory
structures, so this can considerably slow down any Pulumi operation that
runs `GetRequiredPlugins`.

Fixes https://github.com/pulumi/pulumi/issues/16863

On an `was-typescript` example, we can see the impact with
`Measure-Command {start-process pulumi -argumentlist "about" -Wait}`,
which goes from 25 seconds to 2 seconds on an Azure Windows VM.
2024-08-02 11:49:16 +00:00
Mikhail Shilkov d4f1cf5c87
URL-based plugin source overrides via env var ()
### Motivation

Pulumi plugin binaries can be downloaded by the CLI from multiple
sources. By default, it's downloaded from Pulumi's GitHub releases or
get.pulumi.com, but plugins can also specify their binary sources via
the `PluginDownloadURL` schema option. They can point to custom GitHub,
Gitlab, or HTTP locations.

Enterprise customers ask for a way to isolate the CLI from downloads
from random locations and to configure the CLI to go to their internal
pre-approved artefact location instead. This way, Pulumi can run in
"air-gapped" environments (which still have access to Cloud APIs, of
course).

Related issues:
- https://github.com/pulumi/pulumi/issues/14459
- https://github.com/pulumi/pulumi/issues/16240

Currently, there is a basic mechanism to do so via the variable
`pluginDownloadURLOverrides`, but it has two major limitations:
- The variable value is set via a compile-time flag, so it requires a
custom build of the CLI
- The overrides are based on the plugin name, so the rules must be
defined without access to the original URL, which makes it hard to
provide universal rules and still distinguish between first-party,
public third-party, or private in-house plugins
- We ignore overrides for all plugins that have `PluginDownloadURL` set
- Overrides can set a plugin replacement redirect only to HTTP(s)
addresses

### Proposal

This PR makes two sets of changes:

1. It allows passing overrides via the
`PULUMI_PLUGIN_DOWNLOAD_URL_OVERRIDES` environment variable. The
compile-time flag is still supported, but the env var takes priority.

More configuration levers could be supported, but it not clear if we
have good ones until [Support .pulumirc file for global
config](https://github.com/pulumi/pulumi/issues/13484) is implemented. I
don't expect users to want to set this via their stack configs, but I'm
curious what others think. In any case, more sources can be added later.

2. The overrides now apply based on the original download URL, not just
on plugin names. Actually, it's the base URL of a download source that
is passed to the regexp matcher. Examples of possible options are:

- `github://api.github.com/pulumi/pulumi-xyz` for a first-party plugin
(note that we don't pass `get.pulumi.com`
- `github://api.github.com/pulumiverse/pulumi-grafana` for a community
plugin that sets `PluginDownloadURL`
- `gitlab://gitlab-host/proj-name` for a community plugin hosted on
Gitlab
    - `https://example.com/downloads/` for HTTP sources

So, the override
`^github://api.github.com/pulumi/pulumi-xyz=https://example.com/downloads/pulumi-xyz/`
will override the single provider URL from our GitHub releases to the
given HTTP location.

On top of that, regular expressions may contain name groups to capture
and use templated values. For example,
`^github://api.github.com/(?P<org>[^/]+)/(?P<repo>[^/]+)=https://example.com/downloads/${org}/${repo}`
captures any GitHub plugin and redirects it to its corresponding HTTP
location. Group indices are also supported: the above override can also
be written as
`^github://api.github.com/(?P<org>[^/]+)/(?P<repo>[^/]+)=https://example.com/downloads/$1/$2`,
with `$0` meaning the full match.

The override URLs have the same semantics as `PluginDownloadURL`, so
they can point to GitHub, Gitlab, HTTP, or anything we introduce in the
future.

### Impact

Technically, this is a breaking change, because name-based overrides
will stop working. However, we are fairly certain that we have a single
customer using the existing compile-time approach, and they indicated
that they don't need the name-based overrides if they have URL-based
overrides. I reviewed this PR with them and made sure they can migrate
immediately after the change is released.

Backwards compatibility is slightly tricky, because we'd need to keep
name-based override _and_ not applying them to third-party plugins. But
we can do it if necessary.

Resolve 
2024-07-26 10:37:09 +00:00
Germán Lena a7d5e238b8
New deployment settings wizards and environment variables management comands ()
- Turns `deployment settings init` command a wizard
- Adds new `deployment settings env` command to manage env variables
(including secrets encryption)
- Adds new `deployment settings set` command to configure individual
settings (including secrets encryption)

https://asciinema.org/a/QhuWHAvkmeAmVJkYqkCP0P6wb

Fix https://github.com/pulumi/pulumi-service/issues/20567
Fix https://github.com/pulumi/pulumi-service/issues/20576
2024-07-03 20:24:26 +00:00
Julien P 98b90f1902
Add packagemanager prompt to pulumi new for nodejs ()
https://github.com/pulumi/pulumi/pull/16346 introduced the capability to
query the language runtime for additional prompts. We use this to let
the user pick a package manager among npm, yarn and pnpm during `pulumi
new` when using the nodejs runtime.

When there is no explicitly configured package manager, we re-use the
previous behaviour for determining the package manager (check
`PULUMI_PREFER_YARN` env variable, look for lock files).

Defaults to `npm` when running `new` in non-interactive mode.
2024-06-21 11:35:06 +00:00
Germán Lena 64d9266deb
Update pu/pu to support the new settings pull command + new deployment file ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

- Add new deployment settings pull command: this command will pull the
deployment settings from pulumi cloud and generate the new deployment
file. For now it will be hidden until we have completed the whole
feature.
- Add support for the new deployment file, this will contain all the
deployment related information (for now just the settings), example:

```
settings:
  -executorContext: {}
    sourceContext:
      git:
        branch: main
        repoDir: .
    gitHub:
      repository: glena/test-action
      deployCommits: true
      previewPullRequests: false
    operationContext:
      preRunCommands: []
      operation: ""
      environmentVariables: {}
      options:
        skipInstallDependencies: false
        skipIntermediateDeployments: true
        shell: ""
        deleteAfterDestroy: false
        remediateIfDriftDetected: false
    agentPoolID: ...
```

Fixes https://github.com/pulumi/pulumi-service/issues/20306

## Checklist

- [ ] I have run `make tidy` to update any new dependencies
- [ ] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->

---------

Co-authored-by: Komal <komal@pulumi.com>
Co-authored-by: Will Jones <will@sacharissa.co.uk>
2024-06-18 13:24:01 +00:00
Zaid Ajaj 2766475bd1
[cli/plugin] Fix plugin install command when plugin type is tool ()
# Description

When trying to install a plugin of type `tool` from GitHub, the Pulumi
convention is to have these plugins available in repositories named
`pulumi-tool-<name>` so that we can install them via the CLI as follows:
```
pulumi plugin install tool <name>
```
However, today this fails because we don't prefix the repository name
correctly with `"pulumi-tool-"`. This PR fixes that. Tested against
[Zaid-Ajaj/pulumi-tool-importer](https://github.com/Zaid-Ajaj/pulumi-tool-importer)

Also removes hardcoded plugin download URL for known converter plugins
of mine. These are moved to the `pulumi` organisation and no longer
require a separate URL.

## Checklist

- [ ] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-06-17 13:25:57 +00:00
Paul C. Roberts f0fffe6fb2
Better error messages for schema validation ()
This PR improves the error messages produced during project schema
validation so that, where possible, we suggest valid attribute names
that the user may have meant to type. For instance, if they provide a
"Name" attribute where we wanted "name" (lowercase "n"), we'll now say
so. Where there is not a close match, we'll enumerate the full list of
valid names to try and guide the user.

Matching is implemented using Levenshtein distances and ignores case.
Some examples of the new functionality:

* `{"Name": ...}` yields `project is missing a 'name' attribute; found
'Name' instead`
* `{..., "rutnime": ...}` yields `project is missing a 'runtime'
attribute; found 'rutnime' instead`
* `{..., "template": {"displayNameDisplayName": ...}, ...}` yields
`'displayNameDisplayName' not allowed; the allowed attributes are
'config', 'description', 'displayName', 'important', 'metadata' and
'quickstart'`

Co-authored-by: Will Jones <will@sacharissa.co.uk>
2024-06-14 09:03:22 +00:00
Mikhail Shilkov 642cb5b5c7
Revert "Prefer pluginDownloadURLOverrides over PluginDownloadURL specified in the package" ()
Reverts 
Resolves https://github.com/pulumi/pulumi/issues/16316
2024-06-04 17:37:34 +00:00
Julien P 578e0937a9
[Python] Move existing dependency installation and python command invocation to a Toolchain interface ()
# Description

This PR refactors the existing Python dependency installation and
command running code to use the `Toolchain` interface. This will make it
possible to swap out the default Pip based toolchain for a Poetry based
toolchain.

Fixes https://github.com/pulumi/pulumi/issues/16285
Ref https://github.com/pulumi/pulumi/issues/15937

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`
2024-06-03 13:52:27 +00:00
Mikhail Shilkov 3e0aedeee2
Prefer pluginDownloadURLOverrides over PluginDownloadURL specified in the package ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

Overriding plugin download URLs with compilation flags was originally
added in . Its intent was allowing our customers to override
download locations for all plugins, so that only trusted pre-approved
plugins could be downloaded.

Since then, we've added `PluginDownloadURL` for a package, which is the
default URL for that package's binary if it's shipped outside our Pulumi
org. Currently, `PluginDownloadURL` takes precedence over
`pluginDownloadURLOverrides`, which means it's impossible to override
third-party package binary locations.

This PR changes plugin source resolution to flip the priority of those
two. If an override matches regex, its URL will take priority over the
default `PluginDownloadURL` specified in the package.

I have added tests to verify `pluginDownloadURLOverrides` with and
without `PluginDownloadURL`. The second one fails before my change.

Resolves 

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-05-13 14:35:44 +00:00
Germán Lena d7f24dfcfb
Refactor: move plugin kind to apitype ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

This PR moves PluginKind to apitype to prevent circular dependencies
when adding apitype as a dependency of the workspace module.
It also re-exports PluginKind to keep backward compatibility

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-04-25 17:30:30 +00:00
Fraser Waters b6645b372f
Lift context parameter for ApplyProjectConfig ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

`mergeConfig` uses `Crypter.Encrypt` that needs a context and was using
`context.TODO()`. This lifts that to a context parameter and fixes up
all call sites.

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-04-22 06:37:34 +00:00
Gilad Maymon f72e2763e2
Fix panic when looking up home ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

https://github.com/pulumi/pulumi/pull/15160 tries to fix
https://github.com/pulumi/pulumi/issues/15159 by checking that user is
nil or user.HomeDir is nil. Given github.com/tweekmonster/luser embeds
the builtin Golang User type as pointer, it still possible that
user.User is nil and calling user.HomeDir causes a nil pointer access.
this PR checks the embedded pointer explicitly

Fixes https://github.com/pulumi/pulumi/issues/15159

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-04-09 04:10:55 +00:00
Thomas Gummerer bc70928f67
Remove trustDependencies option ()
This option is always true these days, and we don't expect to set it
false for anything. Remove the flag for a bit of code cleanup.
2024-03-21 10:14:07 +00:00
​Andrzej Ressel 77e8d8ffee
Append .exe when installing local language plugins ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Fixes 

## Checklist

- [ ] I have run `make tidy` to update any new dependencies
- [ ] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [X] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-03-17 22:26:22 +00:00
Fraser Waters 721d61115b
Add `plugin run` command ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Mostly for providers to experiment with, currently hidden behind
"PULUMI_DEV".
2024-02-05 08:35:48 +00:00
Steve Zesch a3738fb251
local workspace project validation should include error message ()
# Description

If project settings are not valid `contract.Requiref(proj.Validate() ==
nil, "proj", "Validate()")` just returns `Validate()` which makes it
difficult to debug why the call to `proj.Validate()` failed. This change
captures the error returned by `proj.Validate()` and includes that as
part of the message.

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`
- [ ] I have added tests that prove my fix is effective or that my
feature works
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version

---------

Co-authored-by: Fraser Waters <frassle@gmail.com>
2024-01-28 15:29:14 +00:00
Sam Myers 9a51dce107
Improve Go Automation SDK ProjectBackend documentation ()
# Description

I had a question about how to configure the Go Automation SDK to use
Pulumi Cloud as a backend. This adds documentation to make things easier
for the next person with the same question by clarifying what values to
use in different situations.

## Checklist

Doc change only.

- [ ] I have run `make tidy` to update any new dependencies
- [ ] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-01-25 20:58:12 +00:00
Aaron Friel b0afaae388
Enable finding Pulumi projects created from Templates ()
This modifies `pulumi new` to add a `pulumi:template` stack tag, set to
the name or URL of the template.
2024-01-24 16:47:12 +00:00
Thomas Gummerer e4c5d250fa
add a CR before when finishing the progress bar ()
We are using our terminal in raw mode, which means we're not getting CRs
automatically added. Add one after a progress bar has finished to
improve the output slightly.

The final output after this looks like: 

```
$ pulumi preview                     
Please choose a stack, or create a new one: dev
Previewing update (dev):
Downloading plugin: 18.39 MiB / 18.39 MiB [========================] 100.00% 15s

[resource plugin docker-3.6.1] installing
Downloading plugin: 20.19 MiB / 20.19 MiB [========================] 100.00% 15s

[resource plugin awsx-1.0.5] installing
Downloading plugin: 164.18 MiB / 164.18 MiB [======================] 100.00% 32s

[resource plugin aws-5.42.0] installing
[...]
```

Which seems slightly better, but not a huge improvement, and the
progress bar is unfortunately also still jumpy. I'll write down the rest
of my learnings here in https://github.com/pulumi/pulumi/issues/14250.

I'm not entirely sure it's even worth merging this, but I'm putting this
up as a PR for further discussion and to show where the investigation
led.
2024-01-23 09:27:26 +00:00
Thomas Gummerer baecc85eaf
turn on the golangci-lint exhaustive linter ()
Turn on the golangci-lint exhaustive linter.  This is the first step
towards catching more missing cases during development rather than
in tests, or in production.

This might be best reviewed commit-by-commit, as the first commit turns
on the linter with the `default-signifies-exhaustive: true` option set,
which requires a lot less changes in the current codebase.

I think it's probably worth doing the second commit as well, as that
will get us the real benefits, even though we end up with a little bit
more churn. However it means all the `switch` statements are covered,
which isn't the case after the first commit, since we do have a lot of
`default` statements that just call `assert.Fail`.
 
Fixes  

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-01-17 16:50:41 +00:00
Fraser Waters e4fe1315fd
Fix panic when looking up home ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Fixes https://github.com/pulumi/pulumi/issues/15159.

`user.Current()` can potentially return nil in cases where the user
lookup fails, further there's a chance that `HomeDir` might be empty
even if a user is found. This makes both of these cases an error,
preventing a panic in the former and preventing trying to use
"/.pulumi/" in the later.

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2024-01-17 09:19:49 +00:00
Kyle Pitzen c94390112a
Adds Pulumi AI integrations with Pulumi New ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Now that we support .zip archive sources for Pulumi New, we have all of
the API surface we need to provide a full Pulumi New experience using
Pulumi AI. This PR introduces a few modes of interacting with Pulumi AI
to generate Pulumi projects.

- The default `pulumi new` experience now begins with a choice between
`ai` and `template` modes - the `template` mode represents the current
state of running `pulumi new`, while `ai` provides an interactive
experience with Pulumi AI.
- The user can iteratively ask questions to improve or change the
resulting program - each time a prompt is completed, they are asked to
`refine`, `no`, or `yes` their session - `refine` allows a follow-on
prompt to be submitted. `no` ends the session without generating a
pulumi project, and `yes` generates a Pulumi project from the most
recent program returned by Pulumi AI.
- Additionally, top-level flags, `--ai` and `--language` are provided to
fill in default values for the AI mode. When a prompt is provided with a
language, it is automatically submitted to Pulumi AI - if either is
missing, the user is prompted for whichever value is missing.

Fixes https://github.com/pulumi/pulumi.ai/issues/441
Fixes https://github.com/pulumi/pulumi.ai/issues/443
Fixes https://github.com/pulumi/pulumi.ai/issues/444

Depends on https://github.com/pulumi/pulumi.ai/pull/472
Depends on https://github.com/pulumi/pulumi.ai/pull/507
Depends on https://github.com/pulumi/pulumi.ai/pull/508

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->

---------

Co-authored-by: Aaron Friel <mayreply@aaronfriel.com>
2023-12-20 22:08:09 +00:00
Fraser Waters 3560333ae6
Clean up uses of .Error() ()
Combination of a few cleanups.

1. Don't call .Error() on errors that are being passed to "%s" format
functions. Format will call `Error()` itself.
2. Don't call assert.Error then assert.Equal/Contains, just use
assert.ErrorEqual/ErrorContains instead.
3. Use "%w" if appropriate, instead of "%v"/"%s".
2023-12-20 15:54:06 +00:00
Komal 37bb032282
Add pulumi config env ls command ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Adds a `pulumi config env ls` command to list the environments imported
into the stack configuration.

Fixes  

## Checklist

- [ ] I have run `make tidy` to update any new dependencies
- [ ] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-12-19 22:09:38 +00:00
Fraser Waters 797ab3d099
Replace some more uses of assert.Contains(err.Error()) with assert.ErrorContains () 2023-12-15 17:45:32 +00:00
Fraser Waters 16d9f4c167
Enable perfsprint linter ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Prompted by a comment in another review:
https://github.com/pulumi/pulumi/pull/14654#discussion_r1419995945

This lints that we don't use `fmt.Errorf` when `errors.New` will
suffice, it also covers a load of other cases where `Sprintf` is
sub-optimal.

Most of these edits were made by running `perfsprint --fix`.

## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [x] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [ ] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [ ] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-12-12 12:19:42 +00:00
Fraser Waters 0f4ddc2ccf
Use EqualError/ErrorContains instead of Error ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

This is a pass over all of /sdk to replace asserts that just checked we
had an error with asserts for what the error value is.

Just checking for an error is a weak test that can result in error paths
being broken and tests not detecting it.
2023-12-08 06:40:14 +00:00
Fraser Waters 1f28042b2d
Prefer stable plugin release to pre-releases ()
<!--- 
Thanks so much for your contribution! If this is your first time
contributing, please ensure that you have read the
[CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md)
documentation.
-->

# Description

<!--- Please include a summary of the change and which issue is fixed.
Please also include relevant motivation and context. -->

Fixes https://github.com/pulumi/pulumi/issues/14680.

Updated the plugin logic (which we still use when no explict version is
given) to prefer selecting a stable version over a pre-release version
when no explict requested version is given.


## Checklist

- [x] I have run `make tidy` to update any new dependencies
- [x] I have run `make lint` to verify my code passes the lint check
  - [ ] I have formatted my code using `gofumpt`

<!--- Please provide details if the checkbox below is to be left
unchecked. -->
- [x] I have added tests that prove my fix is effective or that my
feature works
<!--- 
User-facing changes require a CHANGELOG entry.
-->
- [x] I have run `make changelog` and committed the
`changelog/pending/<file>` documenting my change
<!--
If the change(s) in this PR is a modification of an existing call to the
Pulumi Cloud,
then the service should honor older versions of the CLI where this
change would not exist.
You must then bump the API version in
/pkg/backend/httpstate/client/api.go, as well as add
it to the service.
-->
- [ ] Yes, there are changes in this PR that warrants bumping the Pulumi
Cloud API version
<!-- @Pulumi employees: If yes, you must submit corresponding changes in
the service repo. -->
2023-12-03 09:15:07 +00:00
Fraser Waters 11f98d9af0
Fix some lint issues in plugins_install_test.go ()
This isn't currently getting picked up by the linter because it's behind
a build tag and the linter doesn't run with those set.

It _should_ because it turns out loads of test files aren't being linted
right now, but there's quite a few fixes that need to happen so linting
doesn't then fail, so this is just one step towards that.
2023-11-27 09:44:46 +00:00
Pat Gavlin 064fb93587
[esc] Add commands for managing stack environments ()
These changes add two commands for managing a stack's environments:

- `pulumi config env add`, which adds environments to a stack's import
list
- `pulumi config env rm`, which removes an environment from a stack's
import list

As implied by their paths, these commands hang off of a new sub-command
of `pulumi config`, `pulumi config env`.

From the usage:

* `pulumi config env add`

Adds environments to the end of a stack's import list. Imported
environments are merged in order per the ESC merge rules. The list of
stacks behaves as if it were the import list in an anonymous
environment.

* `pulumi config env rm`

Removes an environment from a stack's import list.

Each of these commands previews the new stack environment and shows the
environment definition. These commands print a warning if the stack's
environment does not define any of the `environmentVariables`, `files`,
or `pulumiConfig` properties.
2023-11-22 05:04:14 +00:00
Pat Gavlin ecb58cc9f7
[cli] Include config from ESC in `pulumi config` ()
These changes include any configuration values sourced from a stack's
ESC environment to the output of `pulumi config`.

These changes also add an `ENVIRONMENT` block to the output of `pulumi
config` for stacks that reference environments. This block shows the
definition of the stack's environment.

Finally, these changes add a warning to `pulumi config` if the stack's
ESC environment does not define any of the `environmentVariables`,
`files`, or `pulumiConfig` properties.
2023-11-21 10:44:45 +00:00