mirror of https://github.com/pulumi/pulumi.git
388 lines
13 KiB
Go
388 lines
13 KiB
Go
// Copyright 2019-2024, Pulumi Corporation.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package diy
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"os"
|
|
"path"
|
|
"path/filepath"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/pulumi/pulumi/pkg/v3/backend"
|
|
"github.com/pulumi/pulumi/pkg/v3/resource/deploy"
|
|
"github.com/pulumi/pulumi/pkg/v3/resource/stack"
|
|
"github.com/pulumi/pulumi/pkg/v3/secrets/b64"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/apitype"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/encoding"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/testing/diagtest"
|
|
)
|
|
|
|
// This file contains copies of old backend tests
|
|
// that were upgraded to run with project support.
|
|
// This duplicates those tests to run with legacy, non-project state,
|
|
// validating that the legacy behavior is preserved.
|
|
|
|
//nolint:paralleltest // mutates environment variables
|
|
func TestListStacksWithMultiplePassphrases_legacy(t *testing.T) {
|
|
// Login to a temp dir diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
ctx := context.Background()
|
|
b, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Create stack "a" and import a checkpoint with a secret
|
|
aStackRef, err := b.ParseStackReference("a")
|
|
assert.NoError(t, err)
|
|
aStack, err := b.CreateStack(ctx, aStackRef, "", nil, nil)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, aStack)
|
|
defer func() {
|
|
t.Setenv("PULUMI_CONFIG_PASSPHRASE", "abc123")
|
|
_, err := b.RemoveStack(ctx, aStack, true)
|
|
assert.NoError(t, err)
|
|
}()
|
|
deployment, err := makeUntypedDeployment("a", "abc123",
|
|
"v1:4iF78gb0nF0=:v1:Co6IbTWYs/UdrjgY:FSrAWOFZnj9ealCUDdJL7LrUKXX9BA==")
|
|
assert.NoError(t, err)
|
|
t.Setenv("PULUMI_CONFIG_PASSPHRASE", "abc123")
|
|
err = b.ImportDeployment(ctx, aStack, deployment)
|
|
assert.NoError(t, err)
|
|
|
|
// Create stack "b" and import a checkpoint with a secret
|
|
bStackRef, err := b.ParseStackReference("b")
|
|
assert.NoError(t, err)
|
|
bStack, err := b.CreateStack(ctx, bStackRef, "", nil, nil)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, bStack)
|
|
defer func() {
|
|
t.Setenv("PULUMI_CONFIG_PASSPHRASE", "123abc")
|
|
_, err := b.RemoveStack(ctx, bStack, true)
|
|
assert.NoError(t, err)
|
|
}()
|
|
deployment, err = makeUntypedDeployment("b", "123abc",
|
|
"v1:C7H2a7/Ietk=:v1:yfAd1zOi6iY9DRIB:dumdsr+H89VpHIQWdB01XEFqYaYjAg==")
|
|
assert.NoError(t, err)
|
|
t.Setenv("PULUMI_CONFIG_PASSPHRASE", "123abc")
|
|
err = b.ImportDeployment(ctx, bStack, deployment)
|
|
assert.NoError(t, err)
|
|
|
|
// Remove the config passphrase so that we can no longer deserialize the checkpoints
|
|
err = os.Unsetenv("PULUMI_CONFIG_PASSPHRASE")
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure that we can list the stacks we created even without a passphrase
|
|
stacks, outContToken, err := b.ListStacks(ctx, backend.ListStacksFilter{}, nil /* inContToken */)
|
|
assert.NoError(t, err)
|
|
assert.Nil(t, outContToken)
|
|
assert.Len(t, stacks, 2)
|
|
for _, stack := range stacks {
|
|
assert.NotNil(t, stack.ResourceCount())
|
|
assert.Equal(t, 1, *stack.ResourceCount())
|
|
}
|
|
}
|
|
|
|
func TestDrillError_legacy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Login to a temp dir diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
ctx := context.Background()
|
|
b, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Get a non-existent stack and expect a nil error because it won't be found.
|
|
stackRef, err := b.ParseStackReference("dev")
|
|
if err != nil {
|
|
t.Fatalf("unexpected error %v when parsing stack reference", err)
|
|
}
|
|
_, err = b.GetStack(ctx, stackRef)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestCancel_legacy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Login to a temp dir diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
ctx := context.Background()
|
|
b, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Check that trying to cancel a stack that isn't created yet doesn't error
|
|
aStackRef, err := b.ParseStackReference("a")
|
|
assert.NoError(t, err)
|
|
err = b.CancelCurrentUpdate(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
|
|
// Check that trying to cancel a stack that isn't locked doesn't error
|
|
aStack, err := b.CreateStack(ctx, aStackRef, "", nil, nil)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, aStack)
|
|
err = b.CancelCurrentUpdate(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
|
|
// Locking and lock checks are only part of the internal interface
|
|
lb, ok := b.(*diyBackend)
|
|
assert.True(t, ok)
|
|
assert.NotNil(t, lb)
|
|
|
|
// Lock the stack and check CancelCurrentUpdate deletes the lock file
|
|
err = lb.Lock(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
// check the lock file exists
|
|
lockExists, err := lb.bucket.Exists(ctx, lb.lockPath(aStackRef))
|
|
assert.NoError(t, err)
|
|
assert.True(t, lockExists)
|
|
// Call CancelCurrentUpdate
|
|
err = lb.CancelCurrentUpdate(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
// Now check the lock file no longer exists
|
|
lockExists, err = lb.bucket.Exists(ctx, lb.lockPath(aStackRef))
|
|
assert.NoError(t, err)
|
|
assert.False(t, lockExists)
|
|
|
|
// Make another diy backend which will have a different lockId
|
|
ob, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
otherBackend, ok := ob.(*diyBackend)
|
|
assert.True(t, ok)
|
|
assert.NotNil(t, lb)
|
|
|
|
// Lock the stack with this new backend, then check that checkForLocks on the first backend now errors
|
|
err = otherBackend.Lock(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
err = lb.checkForLock(ctx, aStackRef)
|
|
assert.Error(t, err)
|
|
// Now call CancelCurrentUpdate and check that checkForLocks no longer errors
|
|
err = lb.CancelCurrentUpdate(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
err = lb.checkForLock(ctx, aStackRef)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func TestRemoveMakesBackups_legacy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Login to a temp dir diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
ctx := context.Background()
|
|
b, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Grab the bucket interface to test with
|
|
lb, ok := b.(*diyBackend)
|
|
assert.True(t, ok)
|
|
assert.NotNil(t, lb)
|
|
|
|
// Check that creating a new stack doesn't make a backup file
|
|
aStackRef, err := lb.parseStackReference("a")
|
|
assert.NoError(t, err)
|
|
aStack, err := b.CreateStack(ctx, aStackRef, "", nil, nil)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, aStack)
|
|
|
|
// Check the stack file now exists, but the backup file doesn't
|
|
stackFileExists, err := lb.bucket.Exists(ctx, lb.stackPath(ctx, aStackRef))
|
|
assert.NoError(t, err)
|
|
assert.True(t, stackFileExists)
|
|
backupFileExists, err := lb.bucket.Exists(ctx, lb.stackPath(ctx, aStackRef)+".bak")
|
|
assert.NoError(t, err)
|
|
assert.False(t, backupFileExists)
|
|
|
|
// Now remove the stack
|
|
removed, err := b.RemoveStack(ctx, aStack, false)
|
|
assert.NoError(t, err)
|
|
assert.False(t, removed)
|
|
|
|
// Check the stack file is now gone, but the backup file exists
|
|
stackFileExists, err = lb.bucket.Exists(ctx, lb.stackPath(ctx, aStackRef))
|
|
assert.NoError(t, err)
|
|
assert.False(t, stackFileExists)
|
|
backupFileExists, err = lb.bucket.Exists(ctx, lb.stackPath(ctx, aStackRef)+".bak")
|
|
assert.NoError(t, err)
|
|
assert.True(t, backupFileExists)
|
|
}
|
|
|
|
func TestRenameWorks_legacy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Login to a temp dir diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
ctx := context.Background()
|
|
b, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Grab the bucket interface to test with
|
|
lb, ok := b.(*diyBackend)
|
|
assert.True(t, ok)
|
|
assert.NotNil(t, lb)
|
|
|
|
// Create a new stack
|
|
aStackRef, err := lb.parseStackReference("a")
|
|
assert.NoError(t, err)
|
|
aStack, err := b.CreateStack(ctx, aStackRef, "", nil, nil)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, aStack)
|
|
|
|
// Check the stack file now exists
|
|
stackFileExists, err := lb.bucket.Exists(ctx, lb.stackPath(ctx, aStackRef))
|
|
assert.NoError(t, err)
|
|
assert.True(t, stackFileExists)
|
|
|
|
// Fake up some history
|
|
err = lb.addToHistory(ctx, aStackRef, backend.UpdateInfo{Kind: apitype.DestroyUpdate})
|
|
assert.NoError(t, err)
|
|
// And pollute the history folder
|
|
err = lb.bucket.WriteAll(ctx, path.Join(aStackRef.HistoryDir(), "randomfile.txt"), []byte{0, 13}, nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Rename the stack
|
|
bStackRefI, err := b.RenameStack(ctx, aStack, "b")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, "b", bStackRefI.String())
|
|
bStackRef := bStackRefI.(*diyBackendReference)
|
|
|
|
// Check the new stack file now exists and the old one is gone
|
|
stackFileExists, err = lb.bucket.Exists(ctx, lb.stackPath(ctx, bStackRef))
|
|
assert.NoError(t, err)
|
|
assert.True(t, stackFileExists)
|
|
stackFileExists, err = lb.bucket.Exists(ctx, lb.stackPath(ctx, aStackRef))
|
|
assert.NoError(t, err)
|
|
assert.False(t, stackFileExists)
|
|
|
|
// Rename again
|
|
bStack, err := b.GetStack(ctx, bStackRef)
|
|
assert.NoError(t, err)
|
|
cStackRefI, err := b.RenameStack(ctx, bStack, "c")
|
|
assert.NoError(t, err)
|
|
assert.Equal(t, "c", cStackRefI.String())
|
|
cStackRef := cStackRefI.(*diyBackendReference)
|
|
|
|
// Check the new stack file now exists and the old one is gone
|
|
stackFileExists, err = lb.bucket.Exists(ctx, lb.stackPath(ctx, cStackRef))
|
|
assert.NoError(t, err)
|
|
assert.True(t, stackFileExists)
|
|
stackFileExists, err = lb.bucket.Exists(ctx, lb.stackPath(ctx, bStackRef))
|
|
assert.NoError(t, err)
|
|
assert.False(t, stackFileExists)
|
|
|
|
// Check we can still get the history
|
|
history, err := b.GetHistory(ctx, cStackRef, 10, 0)
|
|
assert.NoError(t, err)
|
|
assert.Len(t, history, 1)
|
|
assert.Equal(t, apitype.DestroyUpdate, history[0].Kind)
|
|
}
|
|
|
|
// Regression test for https://github.com/pulumi/pulumi/issues/10439
|
|
func TestHtmlEscaping_legacy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
sm := b64.NewBase64SecretsManager()
|
|
resources := []*resource.State{
|
|
{
|
|
URN: resource.NewURN("a", "proj", "d:e:f", "a:b:c", "name"),
|
|
Type: "a:b:c",
|
|
Inputs: resource.PropertyMap{
|
|
resource.PropertyKey("html"): resource.NewStringProperty("<html@tags>"),
|
|
},
|
|
},
|
|
}
|
|
|
|
snap := deploy.NewSnapshot(deploy.Manifest{}, sm, resources, nil, deploy.SnapshotMetadata{})
|
|
ctx := context.Background()
|
|
|
|
sdep, err := stack.SerializeDeployment(ctx, snap, false /* showSecrets */)
|
|
assert.NoError(t, err)
|
|
|
|
data, err := encoding.JSON.Marshal(sdep)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure data has the string contents "<html@tags>"", not "\u003chtml\u0026tags\u003e"
|
|
// ImportDeployment below should not modify the data
|
|
assert.Contains(t, string(data), "<html@tags>")
|
|
|
|
udep := &apitype.UntypedDeployment{
|
|
Version: 3,
|
|
Deployment: json.RawMessage(data),
|
|
}
|
|
|
|
// Login to a temp dir diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
b, err := New(ctx, diagtest.LogSink(t), "file://"+filepath.ToSlash(tmpDir), nil)
|
|
assert.NoError(t, err)
|
|
|
|
// Create stack "a" and import a checkpoint with a secret
|
|
aStackRef, err := b.ParseStackReference("a")
|
|
assert.NoError(t, err)
|
|
aStack, err := b.CreateStack(ctx, aStackRef, "", nil, nil)
|
|
assert.NoError(t, err)
|
|
assert.NotNil(t, aStack)
|
|
err = b.ImportDeployment(ctx, aStack, udep)
|
|
assert.NoError(t, err)
|
|
|
|
// Ensure the file has the string contents "<html@tags>"", not "\u003chtml\u0026tags\u003e"
|
|
|
|
// Grab the bucket interface to read the file with
|
|
lb, ok := b.(*diyBackend)
|
|
assert.True(t, ok)
|
|
assert.NotNil(t, lb)
|
|
|
|
chkpath := lb.stackPath(ctx, aStackRef.(*diyBackendReference))
|
|
bytes, err := lb.bucket.ReadAll(context.Background(), chkpath)
|
|
assert.NoError(t, err)
|
|
state := string(bytes)
|
|
assert.Contains(t, state, "<html@tags>")
|
|
}
|
|
|
|
func TestDIYBackendRejectsStackInitOptions_legacy(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
// Here, we provide options that illegally specify a team on a
|
|
// backend that does not support teams. We expect this to create
|
|
// an error later when we call CreateStack.
|
|
illegalOptions := &backend.CreateStackOptions{Teams: []string{"red-team"}}
|
|
|
|
// • Create a mock diy backend
|
|
tmpDir := markLegacyStore(t, t.TempDir())
|
|
dirURI := "file://" + filepath.ToSlash(tmpDir)
|
|
diy, err := New(context.Background(), diagtest.LogSink(t), dirURI, nil)
|
|
assert.NoError(t, err)
|
|
ctx := context.Background()
|
|
|
|
// • Simulate `pulumi stack init`, passing non-nil init options
|
|
fakeStackRef, err := diy.ParseStackReference("foobar")
|
|
assert.NoError(t, err)
|
|
_, err = diy.CreateStack(ctx, fakeStackRef, "", nil, illegalOptions)
|
|
assert.ErrorIs(t, err, backend.ErrTeamsNotSupported)
|
|
}
|
|
|
|
// markLegacyStore marks the given directory as a legacy store.
|
|
// This is done by dropping a single file into the bookkeeping directory.
|
|
// ensurePulumiMeta will treat this as a legacy store if the directory exists.
|
|
//
|
|
// Returns the directory that was marked.
|
|
func markLegacyStore(t *testing.T, dir string) string {
|
|
metaPath := filepath.Join(dir, pulumiMetaPath)
|
|
require.NoError(t, os.MkdirAll(filepath.Dir(metaPath), 0o755))
|
|
require.NoError(t, os.WriteFile(metaPath, []byte(`version: 0`), 0o600))
|
|
return dir
|
|
}
|