mirrors
/
pulumi
mirror of https://github.com/pulumi/pulumi.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
pulumi/pkg/resource/deploy/step_generator.go

2299 lines
93 KiB
Go
Raw Permalink Blame History

// Copyright 2016-2024, Pulumi Corporation.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package deploy
import (
"context"
cryptorand "crypto/rand"
"errors"
"fmt"
"slices"
"strings"
"time"
mapset "github.com/deckarep/golang-set/v2"
"github.com/pulumi/pulumi/pkg/v3/resource/deploy/providers"
"github.com/pulumi/pulumi/pkg/v3/resource/graph"
"github.com/pulumi/pulumi/sdk/v3/go/common/apitype"
"github.com/pulumi/pulumi/sdk/v3/go/common/diag"
"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
"github.com/pulumi/pulumi/sdk/v3/go/common/resource/plugin"
"github.com/pulumi/pulumi/sdk/v3/go/common/slice"
"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
"github.com/pulumi/pulumi/sdk/v3/go/common/util/logging"
"github.com/pulumi/pulumi/sdk/v3/go/common/util/result"
)
// stepGenerator is responsible for turning resource events into steps that can be fed to the deployment executor.
// It does this by consulting the deployment and calculating the appropriate step action based on the requested goal
// state and the existing state of the world.
type stepGenerator struct {
deployment *Deployment // the deployment to which this step generator belongs
// signals that one or more errors have been reported to the user, and the deployment should terminate
// in error. This primarily allows `preview` to aggregate many policy violation events and
// report them all at once.
sawError bool
urns map[resource.URN]bool // set of URNs discovered for this deployment
reads map[resource.URN]bool // set of URNs read for this deployment
deletes map[resource.URN]bool // set of URNs deleted in this deployment
replaces map[resource.URN]bool // set of URNs replaced in this deployment
updates map[resource.URN]bool // set of URNs updated in this deployment
creates map[resource.URN]bool // set of URNs created in this deployment
sames map[resource.URN]bool // set of URNs that were not changed in this deployment
// set of URNs that would have been created, but were filtered out because the user didn't
// specify them with --target
skippedCreates map[resource.URN]bool
pendingDeletes map[*resource.State]bool // set of resources (not URNs!) that are pending deletion
providers map[resource.URN]*resource.State // URN map of providers that we have seen so far.
// a map from URN to a list of property keys that caused the replacement of a dependent resource during a
// delete-before-replace.
dependentReplaceKeys map[resource.URN][]resource.PropertyKey
// a map from old names (aliased URNs) to the new URN that aliased to them.
aliased map[resource.URN]resource.URN
// a map from current URN of the resource to the old URN that it was aliased from.
aliases map[resource.URN]resource.URN
// targetsActual is the set of targets explicitly targeted by the engine. This
// can be different from deployment.opts.targets if --target-dependents is
// true. This does _not_ include resources that have been implicitly targeted,
// like providers.
targetsActual UrnTargets
}
// isTargetedForUpdate returns if `res` is targeted for update. The function accommodates
// `--target-dependents`.
func (sg *stepGenerator) isTargetedForUpdate(res *resource.State) bool {
if sg.deployment.opts.Targets.Contains(res.URN) {
return true
} else if !sg.deployment.opts.TargetDependents {
return false
}
ref, allDeps := res.GetAllDependencies()
if ref != "" {
proivderRef, err := providers.ParseReference(ref)
contract.AssertNoErrorf(err, "failed to parse provider reference: %v", ref)
providerURN := proivderRef.URN()
if sg.targetsActual.Contains(providerURN) {
return true
}
}
for _, dep := range allDeps {
if sg.targetsActual.Contains(dep.URN) {
return true
}
}
return false
}
func (sg *stepGenerator) isTargetedReplace(urn resource.URN) bool {
return sg.deployment.opts.ReplaceTargets.IsConstrained() && sg.deployment.opts.ReplaceTargets.Contains(urn)
}
func (sg *stepGenerator) Errored() bool {
return sg.sawError
}
// checkParent checks that the parent given is valid for the given resource type, and returns a default parent
// if there is one.
func (sg *stepGenerator) checkParent(parent resource.URN, resourceType tokens.Type) (resource.URN, error) {
// Some goal settings are based on the parent settings so make sure our parent is correct.
// TODO(fraser): I think every resource but the RootStack should have a parent, however currently a
// number of our tests do not create a RootStack resource, feels odd that it's possible for the engine
// to run without a RootStack resource. I feel this ought to be fixed by making the engine always
// create the RootStack before running the user program, however that leaves some questions of what to
// do if we ever support changing any of the settings (such as the provider map) on the RootStack
// resource. For now we set it to the root stack if we can find it, but we don't error on blank parents
// If it is set check the parent exists.
if parent != "" {
// The parent for this resource hasn't been registered yet. That's an error and we can't continue.
if _, hasParent := sg.urns[parent]; !hasParent {
return "", fmt.Errorf("could not find parent resource %v", parent)
}
} else { //nolint:staticcheck // https://github.com/pulumi/pulumi/issues/10950
// Else try and set it to the root stack
// TODO: It looks like this currently has some issues with state ordering (see
// https://github.com/pulumi/pulumi/issues/10950). Best I can guess is the stack resource is
// hitting the step generator and so saving it's URN to sg.urns and issuing a Create step but not
// actually getting to writing it's state to the snapshot. Then in parallel with this something
// else is causing a pulumi:providers:pulumi default provider to be created, this picks up the
// stack URN from sg.urns and so sets it's parent automatically, but then races the step executor
// to write itself to state before the stack resource manages to. Long term we want to ensure
// there's always a stack resource present, and so that all resources (except the stack) have a
// parent (this will save us some work in each SDK), but for now lets just turn this support off.
//for urn := range sg.urns {
// if urn.Type() == resource.RootStackType {
// return urn, nil
// }
//}
}
return parent, nil
}
// bailDiag prints the given diagnostic to the error stream and then returns a bail error with the same message.
func (sg *stepGenerator) bailDiag(diag *diag.Diag, args ...interface{}) error {
sg.deployment.Diag().Errorf(diag, args...)
return result.BailErrorf(diag.Message, args...)
}
// generateURN generates a URN for a new resource and confirms we haven't seen it before in this deployment.
func (sg *stepGenerator) generateURN(
parent resource.URN, ty tokens.Type, name string,
) (resource.URN, error) {
// Generate a URN for this new resource, confirm we haven't seen it before in this deployment.
urn := sg.deployment.generateURN(parent, ty, name)
if sg.urns[urn] {
// TODO[pulumi/pulumi-framework#19]: improve this error message!
return "", sg.bailDiag(diag.GetDuplicateResourceURNError(urn), urn)
}
sg.urns[urn] = true
return urn, nil
}
// GenerateReadSteps is responsible for producing one or more steps required to service
// a ReadResourceEvent coming from the language host.
func (sg *stepGenerator) GenerateReadSteps(event ReadResourceEvent) ([]Step, error) {
// Some event settings are based on the parent settings so make sure our parent is correct.
parent, err := sg.checkParent(event.Parent(), event.Type())
if err != nil {
return nil, err
}
urn, err := sg.generateURN(parent, event.Type(), event.Name())
if err != nil {
return nil, err
}
newState := resource.NewState(event.Type(),
urn,
true, /*custom*/
false, /*delete*/
event.ID(),
event.Properties(),
make(resource.PropertyMap), /* outputs */
parent,
false, /*protect*/
true, /*external*/
event.Dependencies(),
nil, /* initErrors */
event.Provider(),
nil, /* propertyDependencies */
false, /* deleteBeforeCreate */
event.AdditionalSecretOutputs(),
nil, /* aliases */
nil, /* customTimeouts */
"", /* importID */
false, /* retainOnDelete */
"", /* deletedWith */
nil, /* created */
nil, /* modified */
event.SourcePosition(),
nil, /* ignoreChanges */
)
old, hasOld := sg.deployment.Olds()[urn]
if newState.ID == "" {
return nil, fmt.Errorf("Expected an ID for %v", urn)
}
// If the snapshot has an old resource for this URN and it's not external, we're going
// to have to delete the old resource and conceptually replace it with the resource we
// are about to read.
//
// We accomplish this through the "read-replacement" step, which atomically reads a resource
// and marks the resource it is replacing as pending deletion.
//
// In the event that the new "read" resource's ID matches the existing resource,
// we do not need to delete the resource - we know exactly what resource we are going
// to get from the read.
//
// This operation is tentatively called "relinquish" - it semantically represents the
// release of a resource from the management of Pulumi.
if hasOld && !old.External && old.ID != event.ID() {
logging.V(7).Infof(
"stepGenerator.GenerateReadSteps(...): replacing existing resource %s, ids don't match", urn)
sg.replaces[urn] = true
return []Step{
NewReadReplacementStep(sg.deployment, event, old, newState),
NewReplaceStep(sg.deployment, old, newState, nil, nil, nil, true),
}, nil
}
if bool(logging.V(7)) && hasOld && old.ID == event.ID() {
logging.V(7).Infof("stepGenerator.GenerateReadSteps(...): recognized relinquish of resource %s", urn)
}
sg.reads[urn] = true
return []Step{
NewReadStep(sg.deployment, event, old, newState),
}, nil
}
// GenerateSteps produces one or more steps required to achieve the goal state specified by the
// incoming RegisterResourceEvent.
//
// If the given resource is a custom resource, the step generator will invoke Diff and Check on the
// provider associated with that resource. If those fail, an error is returned.
func (sg *stepGenerator) GenerateSteps(event RegisterResourceEvent) ([]Step, error) {
steps, err := sg.generateSteps(event)
if err != nil {
contract.Assertf(len(steps) == 0, "expected no steps if there is an error")
return nil, err
}
// Check each proposed step against the relevant resource plan, if any
for _, s := range steps {
logging.V(5).Infof("Checking step %s for %s", s.Op(), s.URN())
if sg.deployment.plan != nil {
if resourcePlan, ok := sg.deployment.plan.ResourcePlans[s.URN()]; ok {
if len(resourcePlan.Ops) == 0 {
return nil, fmt.Errorf("%v is not allowed by the plan: no more steps were expected for this resource", s.Op())
}
constraint := resourcePlan.Ops[0]
// We remove the Op from the list before doing the constraint check.
// This is because we look at Ops at the end to see if any expected operations didn't attempt to happen.
// This op has been attempted, it just might fail its constraint.
resourcePlan.Ops = resourcePlan.Ops[1:]
if !ConstrainedTo(s.Op(), constraint) {
return nil, fmt.Errorf("%v is not allowed by the plan: this resource is constrained to %v", s.Op(), constraint)
}
} else {
if !ConstrainedTo(s.Op(), OpSame) {
return nil, fmt.Errorf("%v is not allowed by the plan: no steps were expected for this resource", s.Op())
}
}
}
// If we're generating plans add the operation to the plan being generated
if sg.deployment.opts.GeneratePlan {
// Resource plan might be aliased
urn, isAliased := sg.aliased[s.URN()]
if !isAliased {
urn = s.URN()
}
if resourcePlan, ok := sg.deployment.newPlans.get(urn); ok {
// If the resource is in the plan, add the operation to the plan.
resourcePlan.Ops = append(resourcePlan.Ops, s.Op())
} else if !ConstrainedTo(s.Op(), OpSame) {
return nil, fmt.Errorf("Expected a new resource plan for %v", urn)
}
}
}
// TODO(dixler): `--replace a` currently is treated as a targeted update, but this is not correct.
// Removing `|| sg.replaceTargetsOpt.IsConstrained()` would result in a behavior change
// that would require some thinking to fully understand the repercussions.
if !(sg.deployment.opts.Targets.IsConstrained() || sg.deployment.opts.ReplaceTargets.IsConstrained()) {
return steps, nil
}
// If we get to this point, we are performing a targeted update. If any of the steps we are about to execute depend on
// resources that need to be created, but which won't be due to the --target list (so-called "skipped creates"), we
// need to abort with an error informing the user which creates are necessary to proceed. The exception to this is
// steps that are *themselves* skipped creates -- that is, if B depends on A, and both the creation of A and B will be
// skipped, we don't need to error out.
for _, step := range steps {
if step.New() == nil {
continue
}
// If this step is a skipped create (which under the hood is a SameStep), we don't need to error out, since its
// execution won't result in any updates to dependencies which don't exist.
if sameStep, ok := step.(*SameStep); ok && sameStep.Op() == OpSame && sameStep.IsSkippedCreate() {
continue
}
provider, allDeps := step.New().GetAllDependencies()
allDepURNs := make([]resource.URN, len(allDeps))
for i, dep := range allDeps {
allDepURNs[i] = dep.URN
}
if provider != "" {
prov, err := providers.ParseReference(provider)
if err != nil {
return nil, fmt.Errorf(
"could not parse provider reference %s for %s: %w",
provider, step.New().URN, err)
}
allDepURNs = append(allDepURNs, prov.URN())
}
for _, urn := range allDepURNs {
if sg.skippedCreates[urn] {
// Targets were specified, but didn't include this resource to create. And a
// resource we are producing a step for does depend on this created resource.
// Give a particular error in that case to let them know. Also mark that we're
// in an error state so that we eventually will error out of the entire
// application run.
d := diag.GetResourceWillBeCreatedButWasNotSpecifiedInTargetList(step.URN())
sg.deployment.Diag().Errorf(d, step.URN(), urn)
sg.sawError = true
if !sg.deployment.opts.DryRun {
// In preview we keep going so that the user will hear about all the problems and can then
// fix up their command once (as opposed to adding a target, rerunning, adding a target,
// rerunning, etc. etc.).
//
// Doing a normal run. We should not proceed here at all. We don't want to create
// something the user didn't ask for.
return nil, result.BailErrorf("untargeted create")
}
// Remove the resource from the list of skipped creates so that we do not issue duplicate diagnostics.
delete(sg.skippedCreates, urn)
}
}
}
return steps, nil
}
func (sg *stepGenerator) collapseAliasToUrn(goal *resource.Goal, alias resource.Alias) resource.URN {
if alias.URN != "" {
return alias.URN
}
n := alias.Name
if n == "" {
n = goal.Name
}
t := alias.Type
if t == "" {
t = string(goal.Type)
}
parent := alias.Parent
if parent == "" {
parent = goal.Parent
} else {
// If the parent used an alias then use it's old URN here, as that will be this resource old URN as well.
if parentAlias, has := sg.aliases[parent]; has {
parent = parentAlias
}
}
parentIsRootStack := parent != "" && parent.QualifiedType() == resource.RootStackType
if alias.NoParent || parentIsRootStack {
parent = ""
}
project := alias.Project
if project == "" {
project = sg.deployment.source.Project().String()
}
stack := alias.Stack
if stack == "" {
stack = sg.deployment.Target().Name.String()
}
return resource.CreateURN(n, t, parent, project, stack)
}
// inheritedChildAlias computes the alias that should be applied to a child based on an alias applied to it's
// parent. This may involve changing the name of the resource in cases where the resource has a named derived
// from the name of the parent, and the parent name changed.
func (sg *stepGenerator) inheritedChildAlias(
childType tokens.Type,
childName, parentName string,
parentAlias resource.URN,
) resource.URN {
// If the child name has the parent name as a prefix, then we make the assumption that
// it was constructed from the convention of using '{name}-details' as the name of the
// child resource. To ensure this is aliased correctly, we must then also replace the
// parent aliases name in the prefix of the child resource name.
//
// For example:
// * name: "newapp-function"
// * options.parent.__name: "newapp"
// * parentAlias: "urn:pulumi:stackname::projectname::awsx:ec2:Vpc::app"
// * parentAliasName: "app"
// * aliasName: "app-function"
// * childAlias: "urn:pulumi:stackname::projectname::aws:s3/bucket:Bucket::app-function"
aliasName := childName
if strings.HasPrefix(childName, parentName) {
aliasName = parentAlias.Name() + strings.TrimPrefix(childName, parentName)
}
return resource.NewURN(
sg.deployment.Target().Name.Q(),
sg.deployment.source.Project(),
parentAlias.QualifiedType(),
childType,
aliasName)
}
func (sg *stepGenerator) generateAliases(goal *resource.Goal) []resource.URN {
var result []resource.URN
aliases := make(map[resource.URN]struct{}, 0)
addAlias := func(alias resource.URN) {
if _, has := aliases[alias]; !has {
aliases[alias] = struct{}{}
result = append(result, alias)
}
}
for _, alias := range goal.Aliases {
urn := sg.collapseAliasToUrn(goal, alias)
addAlias(urn)
}
// Now multiply out any aliases our parent had.
if goal.Parent != "" {
if parentAlias, has := sg.aliases[goal.Parent]; has {
addAlias(sg.inheritedChildAlias(goal.Type, goal.Name, goal.Parent.Name(), parentAlias))
for _, alias := range goal.Aliases {
childAlias := sg.collapseAliasToUrn(goal, alias)
aliasedChildType := childAlias.Type()
aliasedChildName := childAlias.Name()
inheritedAlias := sg.inheritedChildAlias(aliasedChildType, aliasedChildName, goal.Parent.Name(), parentAlias)
addAlias(inheritedAlias)
}
}
}
return result
}
func (sg *stepGenerator) generateSteps(event RegisterResourceEvent) ([]Step, error) {
var invalid bool // will be set to true if this object fails validation.
goal := event.Goal()
// Some goal settings are based on the parent settings so make sure our parent is correct.
parent, err := sg.checkParent(goal.Parent, goal.Type)
if err != nil {
return nil, err
}
goal.Parent = parent
urn, err := sg.generateURN(goal.Parent, goal.Type, goal.Name)
if err != nil {
return nil, err
}
// Generate the aliases for this resource.
aliases := sg.generateAliases(goal)
// Log the aliases we're going to use to help with debugging aliasing issues.
logging.V(7).Infof("Generated aliases for %s: %v", urn, aliases)
if previousAliasURN, alreadyAliased := sg.aliased[urn]; alreadyAliased {
// This resource is claiming to be X but we've already seen another resource claim that via aliases
invalid = true
sg.deployment.Diag().Errorf(diag.GetDuplicateResourceAliasedError(urn), urn, previousAliasURN)
}
// Check for an old resource so that we can figure out if this is a create, delete, etc., and/or
// to diff. We look up first by URN and then by any provided aliases. If it is found using an
// alias, record that alias so that we do not delete the aliased resource later.
var oldInputs resource.PropertyMap
var oldOutputs resource.PropertyMap
var old *resource.State
var hasOld bool
var alias []resource.Alias
var createdAt, modifiedAt *time.Time
// Important: Check the URN first, then aliases. Otherwise we may pick the wrong resource which
// could lead to a corrupt snapshot.
for _, urnOrAlias := range append([]resource.URN{urn}, aliases...) {
old, hasOld = sg.deployment.Olds()[urnOrAlias]
if hasOld {
oldInputs = old.Inputs
oldOutputs = old.Outputs
createdAt = old.Created
modifiedAt = old.Modified
if urnOrAlias != urn {
if _, alreadySeen := sg.urns[urnOrAlias]; alreadySeen {
// This resource is claiming to X but we've already seen that urn created
invalid = true
sg.deployment.Diag().Errorf(diag.GetDuplicateResourceAliasError(urn), urnOrAlias, urn, urn)
}
if previousAliasURN, alreadyAliased := sg.aliased[urnOrAlias]; alreadyAliased {
// This resource is claiming to be X but we've already seen another resource claim that
invalid = true
sg.deployment.Diag().Errorf(diag.GetDuplicateResourceAliasError(urn), urnOrAlias, urn, previousAliasURN)
}
sg.aliased[urnOrAlias] = urn
// register the alias with the provider registry
sg.deployment.providers.RegisterAlias(urn, urnOrAlias)
// NOTE: we save the URN of the existing resource so that the snapshotter can replace references to the
// existing resource with the URN of the newly-registered resource. We do not need to save any of the
// resource's other possible aliases.
alias = []resource.Alias{{URN: urnOrAlias}}
// Save the alias actually being used so we can look it up later if anything has this as a parent
sg.aliases[urn] = urnOrAlias
// Log the alias we matched to help with debugging aliasing issues.
logging.V(7).Infof("Matched alias %v resolving to %v for resource %v", urnOrAlias, old.URN, urn)
}
break
}
}
// Create the desired inputs from the goal state
inputs := goal.Properties
if hasOld {
// Set inputs back to their old values (if any) for any "ignored" properties
processedInputs, err := processIgnoreChanges(inputs, oldInputs, goal.IgnoreChanges)
if err != nil {
return nil, err
}
inputs = processedInputs
}
aliasUrns := make([]resource.URN, len(alias))
for i, a := range alias {
aliasUrns[i] = a.URN
}
// Produce a new state object that we'll build up as operations are performed. Ultimately, this is what will
// get serialized into the checkpoint file.
new := resource.NewState(goal.Type, urn, goal.Custom, false, "", inputs, nil, goal.Parent, goal.Protect, false,
goal.Dependencies, goal.InitErrors, goal.Provider, goal.PropertyDependencies, false,
goal.AdditionalSecretOutputs, aliasUrns, &goal.CustomTimeouts, "", goal.RetainOnDelete, goal.DeletedWith,
createdAt, modifiedAt, goal.SourcePosition, goal.IgnoreChanges)
// Mark the URN/resource as having been seen. So we can run analyzers on all resources seen, as well as
// lookup providers for calculating replacement of resources that use the provider.
sg.deployment.goals.Store(urn, goal)
if providers.IsProviderType(goal.Type) {
sg.providers[urn] = new
for _, aliasURN := range aliasUrns {
sg.providers[aliasURN] = new
}
}
// Fetch the provider for this resource.
prov, err := sg.loadResourceProvider(urn, goal.Custom, goal.Provider, goal.Type)
if err != nil {
return nil, err
}
// We only allow unknown property values to be exposed to the provider if we are performing an update preview.
allowUnknowns := sg.deployment.opts.DryRun
// We may be re-creating this resource if it got deleted earlier in the execution of this deployment.
_, recreating := sg.deletes[urn]
// We may be creating this resource if it previously existed in the snapshot as an External resource
wasExternal := hasOld && old.External
// If we have a plan for this resource we need to feed the saved seed to Check to remove non-determinism
var randomSeed []byte
if sg.deployment.plan != nil {
if resourcePlan, ok := sg.deployment.plan.ResourcePlans[urn]; ok {
randomSeed = resourcePlan.Seed
}
}
// If the above didn't set the seed, generate a new random one. If we're running with plans but this
// resource was missing a seed then if the seed is used later checks will fail.
if randomSeed == nil {
randomSeed = make([]byte, 32)
n, err := cryptorand.Read(randomSeed)
contract.AssertNoErrorf(err, "failed to generate random seed")
contract.Assertf(n == len(randomSeed),
"generated fewer (%d) than expected (%d) random bytes", n, len(randomSeed))
}
// If the goal contains an ID, this may be an import. An import occurs if there is no old resource or if the old
// resource's ID does not match the ID in the goal state.
var oldImportID resource.ID
if hasOld {
oldImportID = old.ID
// If the old resource has an ImportID, look at that rather than the ID, since some resources use a different
// format of identifier for the import input than the ID property.
if old.ImportID != "" {
oldImportID = old.ImportID
}
}
isImport := goal.Custom && goal.ID != "" && (!hasOld || old.External || oldImportID != goal.ID)
if isImport {
// TODO(seqnum) Not sure how sequence numbers should interact with imports
// Write the ID of the resource to import into the new state and return an ImportStep or an
// ImportReplacementStep
new.ID = goal.ID
new.ImportID = goal.ID
// If we're generating plans create a plan, Imports have no diff, just a goal state
if sg.deployment.opts.GeneratePlan {
newResourcePlan := &ResourcePlan{
Seed: randomSeed,
Goal: NewGoalPlan(nil, goal),
}
sg.deployment.newPlans.set(urn, newResourcePlan)
}
if isReplace := hasOld && !recreating; isReplace {
return []Step{
NewImportReplacementStep(sg.deployment, event, old, new, goal.IgnoreChanges, randomSeed),
NewReplaceStep(sg.deployment, old, new, nil, nil, nil, true),
}, nil
}
return []Step{NewImportStep(sg.deployment, event, new, goal.IgnoreChanges, randomSeed)}, nil
}
isImplicitlyTargetedResource := providers.IsProviderType(urn.Type()) || urn.QualifiedType() == resource.RootStackType
// Internally managed resources are under Pulumi's control and changes or creations should be invisible to
// the user, we also implicitly target providers (both default and explicit, see
// https://github.com/pulumi/pulumi/issues/13557 and https://github.com/pulumi/pulumi/issues/13591 for
// context on why).
// Resources are targeted by default
isTargeted := true
if sg.deployment.opts.Targets.IsConstrained() && !isImplicitlyTargetedResource {
isTargeted = sg.isTargetedForUpdate(new)
}
// Ensure the provider is okay with this resource and fetch the inputs to pass to subsequent methods.
if prov != nil {
var resp plugin.CheckResponse
checkInputs := prov.Check
if !isTargeted {
// If not targeted, stub out the provider check and use the old inputs directly.
checkInputs = func(context.Context, plugin.CheckRequest) (plugin.CheckResponse, error) {
return plugin.CheckResponse{Properties: oldInputs}, nil
}
}
// If we are re-creating this resource because it was deleted earlier, the old inputs are now
// invalid (they got deleted) so don't consider them. Similarly, if the old resource was External,
// don't consider those inputs since Pulumi does not own them. Finally, if the resource has been
// targeted for replacement, ignore its old state.
if recreating || wasExternal || sg.isTargetedReplace(urn) || !hasOld {
resp, err = checkInputs(context.TODO(), plugin.CheckRequest{
URN: urn,
News: goal.Properties,
AllowUnknowns: allowUnknowns,
RandomSeed: randomSeed,
})
} else {
resp, err = checkInputs(context.TODO(), plugin.CheckRequest{
URN: urn,
Olds: oldInputs,
News: inputs,
AllowUnknowns: allowUnknowns,
RandomSeed: randomSeed,
})
}
inputs = resp.Properties
if err != nil {
return nil, err
} else if issueCheckErrors(sg.deployment, new, urn, resp.Failures) {
invalid = true
}
new.Inputs = inputs
}
// If the resource is valid and we're generating plans then generate a plan
if !invalid && sg.deployment.opts.GeneratePlan {
if recreating || wasExternal || sg.isTargetedReplace(urn) || !hasOld {
oldInputs = nil
}
inputDiff := oldInputs.Diff(inputs)
// Generate the output goal plan, if we're recreating this it should already exist
if recreating {
plan, ok := sg.deployment.newPlans.get(urn)
if !ok {
return nil, fmt.Errorf("no plan for resource %v", urn)
}
// The plan will have had it's Ops already partially filled in for the delete operation, but we
// now have the information needed to fill in Seed and Goal.
plan.Seed = randomSeed
plan.Goal = NewGoalPlan(inputDiff, goal)
} else {
newResourcePlan := &ResourcePlan{
Seed: randomSeed,
Goal: NewGoalPlan(inputDiff, goal),
}
sg.deployment.newPlans.set(urn, newResourcePlan)
}
}
// If there is a plan for this resource, validate that the program goal conforms to the plan.
// If theres no plan for this resource check that nothing has been changed.
// We don't check plans if the resource is invalid, it's going to fail anyway.
if !invalid && sg.deployment.plan != nil {
resourcePlan, ok := sg.deployment.plan.ResourcePlans[urn]
if !ok {
if old == nil {
// We could error here, but we'll trigger an error later on anyway that Create isn't valid here
} else if err := checkMissingPlan(old, inputs, goal); err != nil {
return nil, fmt.Errorf("resource %s violates plan: %w", urn, err)
}
} else {
if err := resourcePlan.checkGoal(oldInputs, inputs, goal); err != nil {
return nil, fmt.Errorf("resource %s violates plan: %w", urn, err)
}
}
}
// Send the resource off to any Analyzers before being operated on. We do two passes: first we perform
// remediatoins, and *then* we do analysis, since we want analyzers to run on the final resource states.
analyzers := sg.deployment.ctx.Host.ListAnalyzers()
for _, remediate := range []bool{true, false} {
for _, analyzer := range analyzers {
r := plugin.AnalyzerResource{
URN: new.URN,
Type: new.Type,
Name: new.URN.Name(),
Properties: inputs,
Options: plugin.AnalyzerResourceOptions{
Protect: new.Protect,
IgnoreChanges: goal.IgnoreChanges,
DeleteBeforeReplace: goal.DeleteBeforeReplace,
AdditionalSecretOutputs: new.AdditionalSecretOutputs,
Aliases: new.GetAliases(),
CustomTimeouts: new.CustomTimeouts,
},
}
providerResource := sg.getProviderResource(new.URN, new.Provider)
if providerResource != nil {
r.Provider = &plugin.AnalyzerProviderResource{
URN: providerResource.URN,
Type: providerResource.Type,
Name: providerResource.URN.Name(),
Properties: providerResource.Inputs,
}
}
if remediate {
// During the first pass, perform remediations. This ensures subsequent analyzers run
// against the transformed properties, ensuring nothing circumvents the analysis checks.
tresults, err := analyzer.Remediate(r)
if err != nil {
return nil, fmt.Errorf("failed to run remediation: %w", err)
} else if len(tresults) > 0 {
for _, tresult := range tresults {
if tresult.Diagnostic != "" {
// If there is a diagnostic, we have a warning to display.
sg.deployment.events.OnPolicyViolation(new.URN, plugin.AnalyzeDiagnostic{
PolicyName: tresult.PolicyName,
PolicyPackName: tresult.PolicyPackName,
PolicyPackVersion: tresult.PolicyPackVersion,
Description: tresult.Description,
Message: tresult.Diagnostic,
EnforcementLevel: apitype.Advisory,
URN: new.URN,
})
} else if tresult.Properties != nil {
// Emit a nice message so users know what was remediated.
sg.deployment.events.OnPolicyRemediation(new.URN, tresult, inputs, tresult.Properties)
// Use the transformed inputs rather than the old ones from this point onwards.
inputs = tresult.Properties
new.Inputs = tresult.Properties
}
}
}
} else {
// During the second pass, perform analysis. This happens after remediations so that
// analyzers see properties as they were after the transformations have occurred.
diagnostics, err := analyzer.Analyze(r)
if err != nil {
return nil, fmt.Errorf("failed to run policy: %w", err)
}
for _, d := range diagnostics {
if d.EnforcementLevel == apitype.Remediate {
// If we ran a remediation, but we are still somehow triggering a violation,
// "downgrade" the level we report from remediate to mandatory.
d.EnforcementLevel = apitype.Mandatory
}
if d.EnforcementLevel == apitype.Mandatory {
if !sg.deployment.opts.DryRun {
invalid = true
}
sg.sawError = true
}
// For now, we always use the URN we have here rather than a URN specified with the diagnostic.
sg.deployment.events.OnPolicyViolation(new.URN, d)
}
}
}
}
// If the resource isn't valid, don't proceed any further.
if invalid {
return nil, result.BailErrorf("resource %s is invalid", urn)
}
// There are four cases we need to consider when figuring out what to do with this resource.
//
// Case 1: recreating
// In this case, we have seen a resource with this URN before and we have already issued a
// delete step for it. This happens when the engine has to delete a resource before it has
// enough information about whether that resource still exists. A concrete example is
// when a resource depends on a resource that is delete-before-replace: the engine must first
// delete the dependent resource before depending the DBR resource, but the engine can't know
// yet whether the dependent resource is being replaced or deleted.
//
// In this case, we are seeing the resource again after deleting it, so it must be a replacement.
//
// Logically, recreating implies hasOld, since in order to delete something it must have
// already existed.
contract.Assertf(!recreating || hasOld, "cannot recreate a resource that doesn't exist")
if recreating {
logging.V(7).Infof("Planner decided to re-create replaced resource '%v' deleted due to dependent DBR", urn)
// Unmark this resource as deleted, we now know it's being replaced instead.
delete(sg.deletes, urn)
sg.replaces[urn] = true
keys := sg.dependentReplaceKeys[urn]
return []Step{
NewReplaceStep(sg.deployment, old, new, nil, nil, nil, false),
NewCreateReplacementStep(sg.deployment, event, old, new, keys, nil, nil, false),
}, nil
}
// Case 2: wasExternal
// In this case, the resource we are operating upon exists in the old snapshot, but it
// was "external" - Pulumi does not own its lifecycle. Conceptually, this operation is
// akin to "taking ownership" of a resource that we did not previously control.
//
// Since we are not allowed to manipulate the existing resource, we must create a resource
// to take its place. Since this is technically a replacement operation, we pend deletion of
// read until the end of the deployment.
if wasExternal {
logging.V(7).Infof("Planner recognized '%s' as old external resource, creating instead", urn)
sg.creates[urn] = true
if err != nil {
return nil, err
}
return []Step{
NewCreateReplacementStep(sg.deployment, event, old, new, nil, nil, nil, true),
NewReplaceStep(sg.deployment, old, new, nil, nil, nil, true),
}, nil
}
// This looks odd that we have to recheck isTargetedForUpdate but it's to cover implicitly targeted
// resources like providers (where isTargeted is always true), but which might have been _explicitly_
// targeted due to being in the --targets list or being explicitly pulled in by --target-dependents.
if isTargeted && sg.isTargetedForUpdate(new) {
// Transitive dependencies are not initially targeted, ensure that they are in the Targets so that the
// step_generator identifies that the URN is targeted if applicable
sg.targetsActual.addLiteral(urn)
}
// Case 3: hasOld
// In this case, the resource we are operating upon now exists in the old snapshot.
// It must be an update or a replace. Which operation we do depends on the the specific change made to the
// resource's properties:
//
// - if the user has requested that only specific resources be updated, and this resource is
// not in that set, do no 'Diff' and just treat the resource as 'same' (i.e. unchanged).
//
// - If the resource's provider reference changed, the resource must be replaced. This behavior is founded upon
// the assumption that providers are recreated iff their configuration changed in such a way that they are no
// longer able to manage existing resources.
//
// - Otherwise, we invoke the resource's provider's `Diff` method. If this method indicates that the resource must
// be replaced, we do so. If it does not, we update the resource in place.
if hasOld {
contract.Assertf(old != nil, "must have old resource if hasOld is true")
// If the user requested only specific resources to update, and this resource was not in
// that set, then we should emit a SameStep for it.
if !isTargeted {
logging.V(7).Infof(
"Planner decided not to update '%v' due to not being in target group (same) (inputs=%v)", urn, new.Inputs)
// We need to check that we have the provider for this resource.
if old.Provider != "" {
ref, err := providers.ParseReference(old.Provider)
if err != nil {
return nil, err
}
_, has := sg.deployment.GetProvider(ref)
if !has {
// This provider hasn't been registered yet. This happens when a user changes the default
// provider version in a targeted update. See https://github.com/pulumi/pulumi/issues/15704
// for more information.
var providerResource *resource.State
for _, r := range sg.deployment.olds {
if r.URN == ref.URN() && r.ID == ref.ID() {
providerResource = r
break
}
}
if providerResource == nil {
return nil, fmt.Errorf("could not find provider %v in old state", ref)
}
// Return a more friendly error to the user explaining this isn't supported.
return nil, fmt.Errorf("provider %s for resource %s has not been registered yet, this is "+
"due to a change of providers mixed with --target. "+
"Change your program back to the original providers", ref, urn)
}
}
// When emitting a SameStep for an untargeted resource, we must also check
// for dependencies of the resource that may have been both deleted and
// not targeted. Consider:
//
// * When a resource is deleted from a program, no resource registration
// will be sent for it. Moreover, no other resource in the program can
// refer to it (since it forms no part of the program source).
//
// * In the event of an untargeted update, resources that previously
// referred to the now-deleted resource will be updated and the
// dependencies removed. The deleted resource will be removed from the
// state later in the operation.
//
// HOWEVER, in the event of a targeted update that targets _neither the
// deleted resource nor its dependencies_:
//
// * The dependencies will have SameSteps emitted and their old states
// will be copied into the new state.
//
// * The deleted resource will not have a resource registration sent for
// it. However, by virtue of not being targeted, it will (correctly) not
// be deleted from the state. Thus, its old state will be copied over
// before the new snapshot is written. Alas, it will therefore appear
// after the resources that depend upon it in the new snapshot, which is
// invalid!
//
// We therefore have a special case where we can't rely on previous steps
// to have copied our dependencies over for us. We address this by
// manually traversing the dependencies of untargeted resources with old
// state and ensuring that they have SameSteps emitted before we emit our
// own.
//
// Note:
//
// * This traversal has to be depth-first -- we need to push steps for our
// dependencies before we push a step for ourselves.
//
// * "Dependencies" here includes parents, dependencies, property
// dependencies, and deleted-with relationships.
//
// * There is at least one edge case where we might see a resource that is
// marked for deletion (that is, with Delete: true). Such resources are
// produced as part of create-before-replace operations -- once a new
// resource has been created, the old is marked as Delete: true before a
// provider Delete() is attempted. This means that, in the event
// deletion fails, the resource can safely remain in the state so that
// Pulumi can retry the deletion in a subsequent operation. Setting
// Delete: true is done in-place on the old resource. Ordinarily, this
// is of no consequence -- the resource won't be examined again until it
// is time to persist the snapshot, at which point everything is fine.
//
// In our scenario, however, where we are manually traversing
// dependencies "back up" the state, we might revisit an old resource
// that was marked for deletion. In such cases, NewSameStep will panic,
// since it does not permit copying resources that are marked for
// deletion. Indeed, there is no need -- as just mentioned, they will be
// handled by the snapshot persistence layer. In the case that we
// identify a resource marked for deletion then, we skip it. Its
// dependencies (if there are any) must also be marked for deletion
// (something old cannot depend on something new), so skipping them is
// also safe/necessary.
var getDependencySteps func(old *resource.State, event RegisterResourceEvent) ([]Step, error)
getDependencySteps = func(old *resource.State, event RegisterResourceEvent) ([]Step, error) {
var steps []Step
if old.Delete {
return steps, nil
}
// We need to track old URNs for the following reasons:
//
// * In sg.urns, in order to allow checkParent to find parents that may
// have changed in the program, but not targeted. This is possible if
// a parent is removed and its child is aliased to its
// (previously-parented) URN.
//
// * In sg.sames, in order to avoid emitting duplicate SameSteps in the
// presence of aliased resources.
sg.urns[old.URN] = true
sg.sames[urn] = true
sg.sames[old.URN] = true
_, allDeps := old.GetAllDependencies()
for _, dep := range allDeps {
generatedDep := sg.hasGeneratedStep(dep.URN)
if !generatedDep {
depOld, has := sg.deployment.Olds()[dep.URN]
if !has {
var message string
switch dep.Type {
case resource.ResourceParent:
message = fmt.Sprintf("parent %s of untargeted resource %s has no old state", dep.URN, urn)
case resource.ResourceDependency:
message = fmt.Sprintf("dependency %s of untargeted resource %s has no old state", dep.URN, urn)
case resource.ResourcePropertyDependency:
message = fmt.Sprintf(
"property dependency %s of untargeted resource %s's property %s has no old state",
dep.URN, urn, dep.Key,
)
case resource.ResourceDeletedWith:
message = fmt.Sprintf(
"deleted with dependency %s of untargeted resource %s has no old state",
dep.URN, urn,
)
}
//nolint:govet
return nil, result.BailErrorf(message)
}
depSteps, err := getDependencySteps(depOld, nil)
if err != nil {
return nil, err
}
steps = append(steps, depSteps...)
}
}
rootStep := NewSameStep(sg.deployment, event, old, old)
steps = append(steps, rootStep)
return steps, nil
}
steps, err := getDependencySteps(old, event)
if err != nil {
return nil, err
}
return steps, nil
}
updateSteps, err := sg.generateStepsFromDiff(
event, urn, old, new, oldInputs, oldOutputs, inputs, prov, goal, randomSeed)
if err != nil {
return nil, err
}
if len(updateSteps) > 0 {
// 'Diff' produced update steps. We're done at this point.
return updateSteps, nil
}
// Diff didn't produce any steps for this resource. Fall through and indicate that it
// is same/unchanged.
logging.V(7).Infof("Planner decided not to update '%v' after diff (same) (inputs=%v)", urn, new.Inputs)
// No need to update anything, the properties didn't change.
sg.sames[urn] = true
return []Step{NewSameStep(sg.deployment, event, old, new)}, nil
}
// Case 4: Not Case 1, 2, or 3
// If a resource isn't being recreated and it's not being updated or replaced,
// it's just being created.
// We're in the create stage now. In a normal run just issue a 'create step'. If, however, the
// user is doing a run with `--target`s, then we need to operate specially here.
//
// 1. If the user did include this resource urn in the --target list, then we can proceed
// normally and issue a create step for this.
//
// 2. However, if they did not include the resource in the --target list, then we want to flat
// out ignore it (just like we ignore updates to resource not in the --target list). This has
// interesting implications though. Specifically, what to do if a prop from this resource is
// then actually needed by a property we *are* doing a targeted create/update for.
//
// In that case, we want to error to force the user to be explicit about wanting this resource
// to be created. However, we can't issue the error until later on when the resource is
// referenced. So, to support this we create a special "same" step here for this resource. That
// "same" step has a bit on it letting us know that it is for this case. If we then later see a
// resource that depends on this resource, we will issue an error letting the user know.
//
// We will also not record this non-created resource into the checkpoint as it doesn't actually
// exist.
if !isTargeted {
sg.sames[urn] = true
sg.skippedCreates[urn] = true
return []Step{NewSkippedCreateStep(sg.deployment, event, new)}, nil
}
sg.creates[urn] = true
logging.V(7).Infof("Planner decided to create '%v' (inputs=%v)", urn, new.Inputs)
return []Step{NewCreateStep(sg.deployment, event, new)}, nil
}
func (sg *stepGenerator) generateStepsFromDiff(
event RegisterResourceEvent, urn resource.URN, old, new *resource.State,
oldInputs, oldOutputs, inputs resource.PropertyMap,
prov plugin.Provider, goal *resource.Goal, randomSeed []byte,
) ([]Step, error) {
// We only allow unknown property values to be exposed to the provider if we are performing an update preview.
allowUnknowns := sg.deployment.opts.DryRun
diff, err := sg.diff(urn, old, new, oldInputs, oldOutputs, inputs, prov, allowUnknowns, goal.IgnoreChanges)
// If the plugin indicated that the diff is unavailable, assume that the resource will be updated and
// report the message contained in the error.
if _, ok := err.(plugin.DiffUnavailableError); ok {
diff = plugin.DiffResult{Changes: plugin.DiffSome}
sg.deployment.ctx.Diag.Warningf(diag.RawMessage(urn, err.Error()))
} else if err != nil {
return nil, err
}
// Ensure that we received a sensible response.
if diff.Changes != plugin.DiffNone && diff.Changes != plugin.DiffSome {
return nil, fmt.Errorf(
"unrecognized diff state for %s: %d", urn, diff.Changes)
}
hasInitErrors := len(old.InitErrors) > 0
// Update the diff to apply any replaceOnChanges annotations and to include initErrors in the diff.
diff, err = applyReplaceOnChanges(diff, goal.ReplaceOnChanges, hasInitErrors)
if err != nil {
return nil, err
}
// If there were changes check for a replacement vs. an in-place update.
if diff.Changes == plugin.DiffSome || old.PendingReplacement {
if diff.Replace() || old.PendingReplacement {
// If this resource is protected we can't replace it because that entails a delete
// Note that we do allow unprotecting and replacing to happen in a single update
// cycle, we don't look at old.Protect here.
if new.Protect && old.Protect {
message := fmt.Sprintf("unable to replace resource %q\n"+
"as it is currently marked for protection. To unprotect the resource, "+
"remove the `protect` flag from the resource in your Pulumi "+
"program and run `pulumi up`", urn)
sg.deployment.ctx.Diag.Errorf(diag.StreamMessage(urn, message, 0))
sg.sawError = true
// In Preview, we mark the deployment as Error but continue to next steps,
// so that the preview is shown to the user and they can see the diff causing it.
// In Update mode, we bail to stop any further actions immediately. If we don't bail and
// we're doing a create before delete replacement we'll execute the create before getting
// to the delete error.
if !sg.deployment.opts.DryRun {
return nil, result.BailErrorf("%s", message)
}
}
// If the goal state specified an ID, issue an error: the replacement will change the ID, and is
// therefore incompatible with the goal state.
if goal.ID != "" {
const message = "previously-imported resources that still specify an ID may not be replaced; " +
"please remove the `import` declaration from your program"
if sg.deployment.opts.DryRun {
sg.deployment.ctx.Diag.Warningf(diag.StreamMessage(urn, message, 0))
} else {
return nil, errors.New(message)
}
}
sg.replaces[urn] = true
// If we are going to perform a replacement, we need to recompute the default values. The above logic
// had assumed that we were going to carry them over from the old resource, which is no longer true.
//
// Note that if we're performing a targeted replace, we already have the correct inputs.
if prov != nil && !sg.isTargetedReplace(urn) {
resp, err := prov.Check(context.TODO(), plugin.CheckRequest{
URN: urn,
News: goal.Properties,
AllowUnknowns: allowUnknowns,
RandomSeed: randomSeed,
})
failures := resp.Failures
inputs := resp.Properties
if err != nil {
return nil, err
} else if issueCheckErrors(sg.deployment, new, urn, failures) {
return nil, result.BailErrorf("resource %v has check errors: %v", urn, failures)
}
new.Inputs = inputs
}
if logging.V(7) {
logging.V(7).Infof("Planner decided to replace '%v' (oldprops=%v inputs=%v replaceKeys=%v)",
urn, oldInputs, new.Inputs, diff.ReplaceKeys)
}
// We have two approaches to performing replacements:
//
// * CreateBeforeDelete: the default mode first creates a new instance of the resource, then
// updates all dependent resources to point to the new one, and finally after all of that,
// deletes the old resource. This ensures minimal downtime.
//
// * DeleteBeforeCreate: this mode can be used for resources that cannot be tolerate having
// side-by-side old and new instances alive at once. This first deletes the resource and
// then creates the new one. This may result in downtime, so is less preferred.
//
// The provider is responsible for requesting which of these two modes to use. The user can override
// the provider's decision by setting the `deleteBeforeReplace` field of `ResourceOptions` to either
// `true` or `false`.
deleteBeforeReplace := diff.DeleteBeforeReplace
if goal.DeleteBeforeReplace != nil {
deleteBeforeReplace = *goal.DeleteBeforeReplace
}
if deleteBeforeReplace {
logging.V(7).Infof("Planner decided to delete-before-replacement for resource '%v'", urn)
contract.Assertf(sg.deployment.depGraph != nil,
"dependency graph must be available for delete-before-replace")
// DeleteBeforeCreate implies that we must immediately delete the resource. For correctness,
// we must also eagerly delete all resources that depend directly or indirectly on the resource
// being replaced and would be replaced by a change to the relevant dependency.
//
// To do this, we'll utilize the dependency information contained in the snapshot if it is
// trustworthy, which is interpreted by the DependencyGraph type.
var steps []Step
toReplace, err := sg.calculateDependentReplacements(old)
if err != nil {
return nil, err
}
// Deletions must occur in reverse dependency order, and `deps` is returned in dependency
// order, so we iterate in reverse.
for i := len(toReplace) - 1; i >= 0; i-- {
dependentResource := toReplace[i].res
// If we already deleted this resource due to some other DBR, don't do it again.
if sg.pendingDeletes[dependentResource] {
continue
}
// If we're generating plans create a plan for this delete
if sg.deployment.opts.GeneratePlan {
if _, ok := sg.deployment.newPlans.get(dependentResource.URN); !ok {
// We haven't see this resource before, create a new
// resource plan for it with no goal (because it's going to be a delete)
resourcePlan := &ResourcePlan{}
sg.deployment.newPlans.set(dependentResource.URN, resourcePlan)
}
}
sg.dependentReplaceKeys[dependentResource.URN] = toReplace[i].keys
logging.V(7).Infof("Planner decided to delete '%v' due to dependence on condemned resource '%v'",
dependentResource.URN, urn)
// This resource might already be pending-delete
if dependentResource.Delete {
steps = append(steps, NewDeleteStep(sg.deployment, sg.deletes, dependentResource))
} else {
// Check if the resource is protected, if it is we can't do this replacement chain.
if dependentResource.Protect {
message := fmt.Sprintf("unable to replace resource %q as part of replacing %q "+
"as it is currently marked for protection. To unprotect the resource, "+
"remove the `protect` flag from the resource in your Pulumi "+
"program and run `pulumi up`, or use the command:\n"+
"`pulumi state unprotect %q`",
dependentResource.URN, urn, dependentResource.URN)
sg.deployment.ctx.Diag.Errorf(diag.StreamMessage(urn, message, 0))
sg.sawError = true
return nil, result.BailErrorf("%s", message)
}
steps = append(steps, NewDeleteReplacementStep(sg.deployment, sg.deletes, dependentResource, true))
}
// Mark the condemned resource as deleted. We won't know until later in the deployment whether
// or not we're going to be replacing this resource.
sg.deletes[dependentResource.URN] = true
sg.pendingDeletes[dependentResource] = true
}
// We're going to delete the old resource before creating the new one. We need to make sure
// that the old provider is loaded.
err = sg.deployment.EnsureProvider(old.Provider)
if err != nil {
return nil, fmt.Errorf("could not load provider for resource %v: %w", old.URN, err)
}
// If the resource is already pending replacement we don't need to emit any step. The "old"
// currently pending replace resource will get removed from the state when the CreateReplacementStep is
// successful.
if !old.PendingReplacement {
steps = append(steps, NewDeleteReplacementStep(sg.deployment, sg.deletes, old, true))
}
return append(steps,
NewReplaceStep(sg.deployment, old, new, diff.ReplaceKeys, diff.ChangedKeys, diff.DetailedDiff, false),
NewCreateReplacementStep(
sg.deployment, event, old, new, diff.ReplaceKeys, diff.ChangedKeys, diff.DetailedDiff, false),
), nil
}
return []Step{
NewCreateReplacementStep(
sg.deployment, event, old, new, diff.ReplaceKeys, diff.ChangedKeys, diff.DetailedDiff, true),
NewReplaceStep(sg.deployment, old, new, diff.ReplaceKeys, diff.ChangedKeys, diff.DetailedDiff, true),
// note that the delete step is generated "later" on, after all creates/updates finish.
}, nil
}
// If we fell through, it's an update.
sg.updates[urn] = true
if logging.V(7) {
logging.V(7).Infof("Planner decided to update '%v' (oldprops=%v inputs=%v)", urn, oldInputs, new.Inputs)
}
return []Step{
NewUpdateStep(sg.deployment, event, old, new, diff.StableKeys, diff.ChangedKeys, diff.DetailedDiff,
goal.IgnoreChanges),
}, nil
}
// If resource was unchanged, but there were initialization errors, generate an empty update
// step to attempt to "continue" awaiting initialization.
if hasInitErrors {
sg.updates[urn] = true
return []Step{NewUpdateStep(sg.deployment, event, old, new, diff.StableKeys, nil, nil, nil)}, nil
}
// Else there are no changes needed
return nil, nil
}
func (sg *stepGenerator) GenerateDeletes(targetsOpt UrnTargets) ([]Step, error) {
// To compute the deletion list, we must walk the list of old resources *backwards*. This is because the list is
// stored in dependency order, and earlier elements are possibly leaf nodes for later elements. We must not delete
// dependencies prior to their dependent nodes.
var dels []Step
if prev := sg.deployment.prev; prev != nil {
for i := len(prev.Resources) - 1; i >= 0; i-- {
// If this resource is explicitly marked for deletion or wasn't seen at all, delete it.
res := prev.Resources[i]
if res.Delete {
// The below assert is commented-out because it's believed to be wrong.
//
// The original justification for this assert is that the author (swgillespie) believed that
// it was impossible for a single URN to be deleted multiple times in the same program.
// This has empirically been proven to be false - it is possible using today engine to construct
// a series of actions that puts arbitrarily many pending delete resources with the same URN in
// the snapshot.
//
// It is not clear whether or not this is OK. I (swgillespie), the author of this comment, have
// seen no evidence that it is *not* OK. However, concerns were raised about what this means for
// structural resources, and so until that question is answered, I am leaving this comment and
// assert in the code.
//
// Regardless, it is better to admit strange behavior in corner cases than it is to crash the CLI
// whenever we see multiple deletes for the same URN.
// contract.Assert(!sg.deletes[res.URN])
if sg.pendingDeletes[res] {
logging.V(7).Infof(
"Planner ignoring pending-delete resource (%v, %v) that was already deleted", res.URN, res.ID)
continue
}
if sg.deletes[res.URN] {
logging.V(7).Infof(
"Planner is deleting pending-delete urn '%v' that has already been deleted", res.URN)
}
logging.V(7).Infof("Planner decided to delete '%v' due to replacement", res.URN)
sg.deletes[res.URN] = true
dels = append(dels, NewDeleteReplacementStep(sg.deployment, sg.deletes, res, false))
} else if _, aliased := sg.aliased[res.URN]; !sg.sames[res.URN] && !sg.updates[res.URN] && !sg.replaces[res.URN] &&
!sg.reads[res.URN] && !aliased {
// NOTE: we deliberately do not check sg.deletes here, as it is possible for us to issue multiple
// delete steps for the same URN if the old checkpoint contained pending deletes.
logging.V(7).Infof("Planner decided to delete '%v'", res.URN)
sg.deletes[res.URN] = true
if !res.PendingReplacement {
dels = append(dels, NewDeleteStep(sg.deployment, sg.deletes, res))
} else {
dels = append(dels, NewRemovePendingReplaceStep(sg.deployment, res))
}
}
// We just added a Delete step, so we need to ensure the provider for this resource is available.
if sg.deletes[res.URN] {
err := sg.deployment.EnsureProvider(res.Provider)
if err != nil {
return nil, fmt.Errorf("could not load provider for resource %v: %w", res.URN, err)
}
}
}
}
// Check each proposed delete against the relevant resource plan
for _, s := range dels {
if sg.deployment.plan != nil {
if resourcePlan, ok := sg.deployment.plan.ResourcePlans[s.URN()]; ok {
if len(resourcePlan.Ops) == 0 {
return nil, fmt.Errorf("%v is not allowed by the plan: no more steps were expected for this resource", s.Op())
}
constraint := resourcePlan.Ops[0]
// We remove the Op from the list before doing the constraint check.
// This is because we look at Ops at the end to see if any expected operations didn't attempt to happen.
// This op has been attempted, it just might fail its constraint.
resourcePlan.Ops = resourcePlan.Ops[1:]
if !ConstrainedTo(s.Op(), constraint) {
return nil, fmt.Errorf("%v is not allowed by the plan: this resource is constrained to %v", s.Op(), constraint)
}
} else {
if !ConstrainedTo(s.Op(), OpSame) {
return nil, fmt.Errorf("%v is not allowed by the plan: no steps were expected for this resource", s.Op())
}
}
}
// If we're generating plans add a delete op to the plan for this resource
if sg.deployment.opts.GeneratePlan {
resourcePlan, ok := sg.deployment.newPlans.get(s.URN())
if !ok {
// TODO(pdg-plan): using the program inputs means that non-determinism could sneak in as part of default
// application. However, it is necessary in the face of computed inputs.
resourcePlan = &ResourcePlan{}
sg.deployment.newPlans.set(s.URN(), resourcePlan)
}
resourcePlan.Ops = append(resourcePlan.Ops, s.Op())
}
}
// If -target was provided to either `pulumi update` or `pulumi destroy` then only delete
// resources that were specified.
allowedResourcesToDelete, err := sg.determineAllowedResourcesToDeleteFromTargets(targetsOpt)
if err != nil {
return nil, err
}
if allowedResourcesToDelete != nil {
filtered := []Step{}
for _, step := range dels {
if _, has := allowedResourcesToDelete[step.URN()]; has {
filtered = append(filtered, step)
}
}
dels = filtered
}
deletingUnspecifiedTarget := false
for _, step := range dels {
urn := step.URN()
if !targetsOpt.Contains(urn) && !sg.deployment.opts.TargetDependents {
d := diag.GetResourceWillBeDestroyedButWasNotSpecifiedInTargetList(urn)
// Targets were specified, but didn't include this resource to create. Report all the
// problematic targets so the user doesn't have to keep adding them one at a time and
// re-running the operation.
//
// Mark that step generation entered an error state so that the entire app run fails.
sg.deployment.Diag().Errorf(d, urn)
sg.sawError = true
deletingUnspecifiedTarget = true
}
}
if deletingUnspecifiedTarget && !sg.deployment.opts.DryRun {
// In preview we keep going so that the user will hear about all the problems and can then
// fix up their command once (as opposed to adding a target, rerunning, adding a target,
// rerunning, etc. etc.).
//
// Doing a normal run. We should not proceed here at all. We don't want to delete
// something the user didn't ask for.
return nil, result.BailErrorf("delete untargeted resource")
}
return dels, nil
}
// getTargetDependents returns the (transitive) set of dependents on the target resources.
// This includes both implicit and explicit dependents in the DAG itself, as well as children.
func (sg *stepGenerator) getTargetDependents(targetsOpt UrnTargets) map[resource.URN]bool {
// Seed the list with the initial set of targets.
var frontier []*resource.State
for _, res := range sg.deployment.prev.Resources {
if targetsOpt.Contains(res.URN) {
frontier = append(frontier, res)
}
}
// Produce a dependency graph of resources.
dg := graph.NewDependencyGraph(sg.deployment.prev.Resources)
// Now accumulate a list of targets that are implicated because they depend upon the targets.
targets := make(map[resource.URN]bool)
for len(frontier) > 0 {
// Pop the next to explore, mark it, and skip any we've already seen.
next := frontier[0]
frontier = frontier[1:]
if _, has := targets[next.URN]; has {
continue
}
targets[next.URN] = true
// Compute the set of resources depending on this one, either implicitly, explicitly,
// or because it is a child resource. Add them to the frontier to keep exploring.
deps := dg.DependingOn(next, targets, true)
frontier = append(frontier, deps...)
}
return targets
}
// determineAllowedResourcesToDeleteFromTargets computes the full (transitive) closure of resources
// that need to be deleted to permit the full list of targetsOpt resources to be deleted. This list
// will include the targetsOpt resources, but may contain more than just that, if there are dependent
// or child resources that require the targets to exist (and so are implicated in the deletion).
func (sg *stepGenerator) determineAllowedResourcesToDeleteFromTargets(
targetsOpt UrnTargets,
) (map[resource.URN]bool, error) {
if !targetsOpt.IsConstrained() {
// no specific targets, so we won't filter down anything
return nil, nil
}
// Produce a map of targets and their dependents, including explicit and implicit
// DAG dependencies, as well as children (transitively).
targets := sg.getTargetDependents(targetsOpt)
logging.V(7).Infof("Planner was asked to only delete/update '%v'", targetsOpt)
resourcesToDelete := make(map[resource.URN]bool)
// Now actually use all the requested targets to figure out the exact set to delete.
for target := range targets {
current := sg.deployment.olds[target]
if current == nil {
// user specified a target that didn't exist. they will have already gotten a warning
// about this when we called checkTargets. explicitly ignore this target since it won't
// be something we could possibly be trying to delete, nor could have dependents we
// might need to replace either.
continue
}
resourcesToDelete[target] = true
// the item the user is asking to destroy may cause downstream replacements. Clean those up
// as well. Use the standard delete-before-replace computation to determine the minimal
// set of downstream resources that are affected.
deps, err := sg.calculateDependentReplacements(current)
if err != nil {
return nil, err
}
for _, dep := range deps {
logging.V(7).Infof("GenerateDeletes(...): Adding dependent: %v", dep.res.URN)
resourcesToDelete[dep.res.URN] = true
}
}
if logging.V(7) {
keys := []resource.URN{}
for k := range resourcesToDelete {
keys = append(keys, k)
}
logging.V(7).Infof("Planner will delete all of '%v'", keys)
}
return resourcesToDelete, nil
}
// ScheduleDeletes takes a list of steps that will delete resources and "schedules" them by producing a list of list of
// steps, where each list can be executed in parallel but a previous list must be executed to completion before
// advancing to the next list.
//
// In lieu of tracking per-step dependencies and orienting the step executor around these dependencies, this function
// provides a conservative approximation of what deletions can safely occur in parallel. The insight here is that the
// resource dependency graph is a partially-ordered set and all partially-ordered sets can be easily decomposed into
// antichains - subsets of the set that are all not comparable to one another. (In this definition, "not comparable"
// means "do not depend on one another").
//
// The algorithm for decomposing a poset into antichains is:
// 1. While there exist elements in the poset,
// 1a. There must exist at least one "maximal" element of the poset. Let E_max be those elements.
// 2a. Remove all elements E_max from the poset. E_max is an antichain.
// 3a. Goto 1.
//
// Translated to our dependency graph:
// 1. While the set of condemned resources is not empty:
// 1a. Remove all resources with no outgoing edges from the graph and add them to the current antichain.
// 2a. Goto 1.
//
// The resulting list of antichains is a list of list of steps that can be safely executed in parallel. Since we must
// process deletes in reverse (so we don't delete resources upon which other resources depend), we reverse the list and
// hand it back to the deployment executor for safe execution.
func (sg *stepGenerator) ScheduleDeletes(deleteSteps []Step) []antichain {
var antichains []antichain // the list of parallelizable steps we intend to return.
dg := sg.deployment.depGraph // the current deployment's dependency graph.
condemned := mapset.NewSet[*resource.State]() // the set of condemned resources.
stepMap := make(map[*resource.State]Step) // a map from resource states to the steps that delete them.
logging.V(7).Infof("Planner trusts dependency graph, scheduling deletions in parallel")
// For every step we've been given, record it as condemned and save the step that will be used to delete it. We'll
// iteratively place these steps into antichains as we remove elements from the condemned set.
for _, step := range deleteSteps {
condemned.Add(step.Res())
stepMap[step.Res()] = step
}
for !condemned.IsEmpty() {
var steps antichain
logging.V(7).Infof("Planner beginning schedule of new deletion antichain")
for res := range condemned.Iter() {
// Does res have any outgoing edges to resources that haven't already been removed from the graph?
condemnedDependencies := dg.DependenciesOf(res).Intersect(condemned)
if condemnedDependencies.IsEmpty() {
// If not, it's safe to delete res at this stage.
logging.V(7).Infof("Planner scheduling deletion of '%v'", res.URN)
steps = append(steps, stepMap[res])
}
// If one of this resource's dependencies or this resource's parent hasn't been removed from the graph yet,
// it can't be deleted this round.
}
// For all resources that are to be deleted in this round, remove them from the graph.
for _, step := range steps {
condemned.Remove(step.Res())
}
antichains = append(antichains, steps)
}
// Up until this point, all logic has been "backwards" - we're scheduling resources for deletion when all of their
// dependencies finish deletion, but that's exactly the opposite of what we need to do. We can only delete a
// resource when all *resources that depend on it* complete deletion. Our solution is still correct, though, it's
// just backwards.
//
// All we have to do here is reverse the list and then our solution is correct.
slices.Reverse(antichains)
return antichains
}
// providerChanged diffs the Provider field of old and new resources, returning true if the rest of the step generator
// should consider there to be a diff between these two resources.
func (sg *stepGenerator) providerChanged(urn resource.URN, old, new *resource.State) (bool, error) {
// If a resource's Provider field has changed, we may need to show a diff and we may not. This is subtle. See
// pulumi/pulumi#2753 for more details.
//
// Recent versions of Pulumi allow for language hosts to pass a plugin version to the engine. The purpose of this is
// to ensure that the plugin that the engine uses for a particular resource is *exactly equal* to the version of the
// SDK that the language host used to produce the resource registration. This is critical for correct versioning
// semantics; it is generally an error for a language SDK to produce a registration that is serviced by a
// differently versioned plugin, since the two version in complete lockstep and there is no guarantee that the two
// will work correctly together when not the same version.
if old.Provider == new.Provider {
return false, nil
}
logging.V(stepExecutorLogLevel).Infof("sg.diffProvider(%s, ...): observed provider diff", urn)
logging.V(stepExecutorLogLevel).Infof("sg.diffProvider(%s, ...): %v => %v", urn, old.Provider, new.Provider)
// If we're changing from a component resource to a non-component resource, there is no old provider to
// diff against and trigger a delete but we need to Create the new custom resource. If we're changing from
// a custom resource to a component resource, we should always trigger a replace.
if old.Provider == "" || new.Provider == "" {
return true, nil
}
oldRef, err := providers.ParseReference(old.Provider)
if err != nil {
return false, err
}
newRef, err := providers.ParseReference(new.Provider)
if err != nil {
return false, err
}
if alias, ok := sg.aliased[oldRef.URN()]; ok && alias == newRef.URN() {
logging.V(stepExecutorLogLevel).Infof(
"sg.diffProvider(%s, ...): observed an aliased provider from %q to %q", urn, oldRef.URN(), newRef.URN())
return false, nil
}
// If one or both of these providers are not default providers, we will need to accept the diff and replace
// everything. This might not be strictly necessary, but it is conservatively correct.
if !providers.IsDefaultProvider(oldRef.URN()) || !providers.IsDefaultProvider(newRef.URN()) {
logging.V(stepExecutorLogLevel).Infof(
"sg.diffProvider(%s, ...): reporting provider diff due to change in default provider status", urn)
logging.V(stepExecutorLogLevel).Infof(
"sg.diffProvider(%s, ...): old provider %q is default: %v",
urn, oldRef.URN(), providers.IsDefaultProvider(oldRef.URN()))
logging.V(stepExecutorLogLevel).Infof(
"sg.diffProvider(%s, ...): new provider %q is default: %v",
urn, newRef.URN(), providers.IsDefaultProvider(newRef.URN()))
return true, err
}
// If both of these providers are default providers, use the *new provider* to diff the config and determine if
// this provider requires replacement.
//
// Note that, if we have many resources managed by the same provider that is getting replaced in this manner,
// this will call DiffConfig repeatedly with the same arguments for every resource. If this becomes a
// performance problem, this result can be cached.
newProv, ok := sg.deployment.providers.GetProvider(newRef)
if !ok {
return false, fmt.Errorf("failed to resolve provider reference: %q", oldRef.String())
}
oldRes, ok := sg.deployment.olds[oldRef.URN()]
contract.Assertf(ok, "old state didn't have provider, despite resource using it?")
newRes, ok := sg.providers[newRef.URN()]
contract.Assertf(ok, "new deployment didn't have provider, despite resource using it?")
diff, err := newProv.DiffConfig(context.TODO(), plugin.DiffConfigRequest{
URN: newRef.URN(),
OldInputs: oldRes.Inputs,
OldOutputs: oldRes.Outputs,
NewInputs: newRes.Inputs,
AllowUnknowns: true,
})
if err != nil {
return false, err
}
// If there is a replacement diff, we must also replace this resource.
if diff.Replace() {
logging.V(stepExecutorLogLevel).Infof(
"sg.diffProvider(%s, ...): new provider's DiffConfig reported replacement", urn)
return true, nil
}
// Otherwise, it's safe to allow this new provider to replace our old one.
logging.V(stepExecutorLogLevel).Infof(
"sg.diffProvider(%s, ...): both providers are default, proceeding with resource diff", urn)
return false, nil
}
// diff returns a DiffResult for the given resource.
func (sg *stepGenerator) diff(urn resource.URN, old, new *resource.State, oldInputs, oldOutputs,
newInputs resource.PropertyMap, prov plugin.Provider, allowUnknowns bool,
ignoreChanges []string,
) (plugin.DiffResult, error) {
// If this resource is marked for replacement, just return a "replace" diff that blames the id.
if sg.isTargetedReplace(urn) {
return plugin.DiffResult{Changes: plugin.DiffSome, ReplaceKeys: []resource.PropertyKey{"id"}}, nil
}
// Before diffing the resource, diff the provider field. If the provider field changes, we may or may
// not need to replace the resource.
providerChanged, err := sg.providerChanged(urn, old, new)
if err != nil {
return plugin.DiffResult{}, err
} else if providerChanged {
return plugin.DiffResult{Changes: plugin.DiffSome, ReplaceKeys: []resource.PropertyKey{"provider"}}, nil
}
// Apply legacy diffing behavior if requested. In this mode, if the provider-calculated inputs for a resource did
// not change, then the resource is considered to have no diff between its desired and actual state.
if sg.deployment.opts.UseLegacyDiff && oldInputs.DeepEquals(newInputs) {
return plugin.DiffResult{Changes: plugin.DiffNone}, nil
}
// If there is no provider for this resource (which should only happen for component resources), simply return a
// "diffs exist" result.
if prov == nil {
if oldInputs.DeepEquals(newInputs) {
return plugin.DiffResult{Changes: plugin.DiffNone}, nil
}
return plugin.DiffResult{Changes: plugin.DiffSome}, nil
}
return diffResource(urn, old.ID, oldInputs, oldOutputs, newInputs, prov, allowUnknowns, ignoreChanges)
}
// diffResource invokes the Diff function for the given custom resource's provider and returns the result.
func diffResource(urn resource.URN, id resource.ID, oldInputs, oldOutputs,
newInputs resource.PropertyMap, prov plugin.Provider, allowUnknowns bool,
ignoreChanges []string,
) (plugin.DiffResult, error) {
contract.Requiref(prov != nil, "prov", "must not be nil")
// Grab the diff from the provider. At this point we know that there were changes to the Pulumi inputs, so if the
// provider returns an "unknown" diff result, pretend it returned "diffs exist".
diff, err := prov.Diff(context.TODO(), plugin.DiffRequest{
URN: urn,
ID: id,
OldInputs: oldInputs,
OldOutputs: oldOutputs,
NewInputs: newInputs,
AllowUnknowns: allowUnknowns,
IgnoreChanges: ignoreChanges,
})
if err != nil {
return diff, err
}
if diff.Changes == plugin.DiffUnknown {
new, res := processIgnoreChanges(newInputs, oldInputs, ignoreChanges)
if res != nil {
return plugin.DiffResult{}, err
}
tmp := oldInputs.Diff(new)
if tmp.AnyChanges() {
diff.Changes = plugin.DiffSome
diff.ChangedKeys = tmp.ChangedKeys()
diff.DetailedDiff = plugin.NewDetailedDiffFromObjectDiff(tmp, true /* inputDiff */)
} else {
diff.Changes = plugin.DiffNone
}
}
return diff, nil
}
// issueCheckErrors prints any check errors to the diagnostics error sink.
func issueCheckErrors(deployment *Deployment, new *resource.State, urn resource.URN,
failures []plugin.CheckFailure,
) bool {
return issueCheckFailures(deployment.Diag().Errorf, new, urn, failures)
}
// issueCheckErrors prints any check errors to the given printer function.
func issueCheckFailures(printf func(*diag.Diag, ...interface{}), new *resource.State, urn resource.URN,
failures []plugin.CheckFailure,
) bool {
if len(failures) == 0 {
return false
}
inputs := new.Inputs
for _, failure := range failures {
if failure.Property != "" {
printf(diag.GetResourcePropertyInvalidValueError(urn),
new.Type, urn.Name(), failure.Property, inputs[failure.Property], failure.Reason)
} else {
printf(
diag.GetResourceInvalidError(urn), new.Type, urn.Name(), failure.Reason)
}
}
return true
}
// processIgnoreChanges sets the value for each ignoreChanges property in inputs to the value from oldInputs. This has
// the effect of ensuring that no changes will be made for the corresponding property.
func processIgnoreChanges(inputs, oldInputs resource.PropertyMap,
ignoreChanges []string,
) (resource.PropertyMap, error) {
ignoredInputs := inputs.Copy()
var invalidPaths []string
for _, ignoreChange := range ignoreChanges {
path, err := resource.ParsePropertyPath(ignoreChange)
if err != nil {
continue
}
ok := path.Reset(oldInputs, ignoredInputs)
if !ok {
invalidPaths = append(invalidPaths, ignoreChange)
}
}
if len(invalidPaths) != 0 {
return nil, fmt.Errorf("cannot ignore changes to the following properties because one or more elements of "+
"the path are missing: %q", strings.Join(invalidPaths, ", "))
}
return ignoredInputs, nil
}
func (sg *stepGenerator) loadResourceProvider(
urn resource.URN, custom bool, provider string, typ tokens.Type,
) (plugin.Provider, error) {
// If this is not a custom resource, then it has no provider by definition.
if !custom {
return nil, nil
}
// If this resource is a provider resource, use the deployment's provider registry for its CRUD operations.
// Otherwise, resolve the the resource's provider reference.
if providers.IsProviderType(typ) {
return sg.deployment.providers, nil
}
contract.Assertf(provider != "", "must have a provider for custom resource %v", urn)
ref, refErr := providers.ParseReference(provider)
if refErr != nil {
return nil, sg.bailDiag(diag.GetBadProviderError(urn), provider, urn, refErr)
}
if providers.IsDenyDefaultsProvider(ref) {
pkg := providers.GetDeniedDefaultProviderPkg(ref)
return nil, sg.bailDiag(diag.GetDefaultProviderDenied(urn), pkg, urn)
}
p, ok := sg.deployment.GetProvider(ref)
if !ok {
return nil, sg.bailDiag(diag.GetUnknownProviderError(urn), provider, urn)
}
return p, nil
}
func (sg *stepGenerator) getProviderResource(urn resource.URN, provider string) *resource.State {
if provider == "" {
return nil
}
// All callers of this method are on paths that have previously validated that the provider
// reference can be parsed correctly and has a provider resource in the map.
ref, err := providers.ParseReference(provider)
contract.AssertNoErrorf(err, "failed to parse provider reference")
result := sg.providers[ref.URN()]
contract.Assertf(result != nil, "provider missing from step generator providers map")
return result
}
// initErrorSpecialKey is a special property key used to indicate that a diff is due to
// initialization errors existing in the old state instead of due to a specific property
// diff between old and new states.
const initErrorSpecialKey = "#initerror"
// applyReplaceOnChanges adjusts a DiffResult returned from a provider to apply the ReplaceOnChange
// settings in the desired state and init errors from the previous state.
func applyReplaceOnChanges(diff plugin.DiffResult,
replaceOnChanges []string, hasInitErrors bool,
) (plugin.DiffResult, error) {
// No further work is necessary for DiffNone unless init errors are present.
if diff.Changes != plugin.DiffSome && !hasInitErrors {
return diff, nil
}
replaceOnChangePaths := slice.Prealloc[resource.PropertyPath](len(replaceOnChanges))
for _, p := range replaceOnChanges {
path, err := resource.ParsePropertyPath(p)
if err != nil {
return diff, err
}
replaceOnChangePaths = append(replaceOnChangePaths, path)
}
// Calculate the new DetailedDiff
var modifiedDiff map[string]plugin.PropertyDiff
if diff.DetailedDiff != nil {
modifiedDiff = map[string]plugin.PropertyDiff{}
for p, v := range diff.DetailedDiff {
diffPath, err := resource.ParsePropertyPath(p)
if err != nil {
return diff, err
}
changeToReplace := false
for _, replaceOnChangePath := range replaceOnChangePaths {
if replaceOnChangePath.Contains(diffPath) {
changeToReplace = true
break
}
}
if changeToReplace {
v = v.ToReplace()
}
modifiedDiff[p] = v
}
}
// Calculate the new ReplaceKeys
modifiedReplaceKeysMap := map[resource.PropertyKey]struct{}{}
for _, k := range diff.ReplaceKeys {
modifiedReplaceKeysMap[k] = struct{}{}
}
for _, k := range diff.ChangedKeys {
for _, replaceOnChangePath := range replaceOnChangePaths {
keyPath, err := resource.ParsePropertyPath(string(k))
if err != nil {
continue
}
if replaceOnChangePath.Contains(keyPath) {
modifiedReplaceKeysMap[k] = struct{}{}
}
}
}
modifiedReplaceKeys := slice.Prealloc[resource.PropertyKey](len(modifiedReplaceKeysMap))
for k := range modifiedReplaceKeysMap {
modifiedReplaceKeys = append(modifiedReplaceKeys, k)
}
// Add init errors to modified diff results
modifiedChanges := diff.Changes
if hasInitErrors {
for _, replaceOnChangePath := range replaceOnChangePaths {
initErrPath, err := resource.ParsePropertyPath(initErrorSpecialKey)
if err != nil {
continue
}
if replaceOnChangePath.Contains(initErrPath) {
modifiedReplaceKeys = append(modifiedReplaceKeys, initErrorSpecialKey)
if modifiedDiff != nil {
modifiedDiff[initErrorSpecialKey] = plugin.PropertyDiff{
Kind: plugin.DiffUpdateReplace,
InputDiff: false,
}
}
// If an init error is present on a path that causes replacement, then trigger a replacement.
modifiedChanges = plugin.DiffSome
}
}
}
return plugin.DiffResult{
DetailedDiff: modifiedDiff,
ReplaceKeys: modifiedReplaceKeys,
ChangedKeys: diff.ChangedKeys,
Changes: modifiedChanges,
DeleteBeforeReplace: diff.DeleteBeforeReplace,
StableKeys: diff.StableKeys,
}, nil
}
type dependentReplace struct {
res *resource.State
keys []resource.PropertyKey
}
func (sg *stepGenerator) calculateDependentReplacements(root *resource.State) ([]dependentReplace, error) {
// We need to compute the set of resources that may be replaced by a change to the resource
// under consideration. We do this by taking the complete set of transitive dependents on the
// resource under consideration and removing any resources that would not be replaced by changes
// to their dependencies. We determine whether or not a resource may be replaced by substituting
// unknowns for input properties that may change due to deletion of the resources their value
// depends on and calling the resource provider's `Diff` method.
//
// This is perhaps clearer when described by example. Consider the following dependency graph:
//
// A
// __|__
// B C
// | _|_
// D E F
//
// In this graph, all of B, C, D, E, and F transitively depend on A. It may be the case,
// however, that changes to the specific properties of any of those resources R that would occur
// if a resource on the path to A were deleted and recreated may not cause R to be replaced. For
// example, the edge from B to A may be a simple `dependsOn` edge such that a change to B does
// not actually influence any of B's input properties. More commonly, the edge from B to A may
// be due to a property from A being used as the input to a property of B that does not require
// B to be replaced upon a change. In these cases, neither B nor D would need to be deleted
// before A could be deleted.
var toReplace []dependentReplace
replaceSet := map[resource.URN]bool{root.URN: true}
requiresReplacement := func(r *resource.State) (bool, []resource.PropertyKey, error) {
// Neither component nor external resources require replacement.
if !r.Custom || r.External {
return false, nil, nil
}
// If the resource's provider is in the replace set, we must replace this resource.
if r.Provider != "" {
ref, err := providers.ParseReference(r.Provider)
if err != nil {
return false, nil, err
}
if replaceSet[ref.URN()] {
// We need to use the old provider configuration to delete this resource so ensure it's loaded.
err := sg.deployment.EnsureProvider(r.Provider)
if err != nil {
return false, nil, fmt.Errorf("could not load provider for resource %v: %w", r.URN, err)
}
return true, nil, nil
}
}
// Scan the properties of this resource in order to determine whether or not any of them depend on a resource
// that requires replacement and build a set of input properties for the provider diff.
hasDependencyInReplaceSet, inputsForDiff := false, resource.PropertyMap{}
for pk, pv := range r.Inputs {
for _, propertyDep := range r.PropertyDependencies[pk] {
if replaceSet[propertyDep] {
hasDependencyInReplaceSet = true
pv = resource.MakeComputed(resource.NewStringProperty("<unknown>"))
}
}
inputsForDiff[pk] = pv
}
// If none of this resource's properties depend on a resource in the replace set, then none of the properties
// may change and this resource does not need to be replaced.
if !hasDependencyInReplaceSet {
return false, nil, nil
}
// We're going to have to call diff on this resources provider so ensure that we have it created
if !providers.IsProviderType(r.Type) {
err := sg.deployment.EnsureProvider(r.Provider)
if err != nil {
return false, nil, fmt.Errorf("could not load provider for resource %v: %w", r.URN, err)
}
} else {
// This is a provider itself so load it so that Diff below is possible
err := sg.deployment.SameProvider(r)
if err != nil {
return false, nil, fmt.Errorf("create provider %v: %w", r.URN, err)
}
}
// Otherwise, fetch the resource's provider. Since we have filtered out component resources, this resource must
// have a provider.
prov, err := sg.loadResourceProvider(r.URN, r.Custom, r.Provider, r.Type)
if err != nil {
return false, nil, err
}
contract.Assertf(prov != nil, "resource %v has no provider", r.URN)
// Call the provider's `Diff` method and return.
diff, err := prov.Diff(context.TODO(), plugin.DiffRequest{
URN: r.URN,
ID: r.ID,
OldInputs: r.Inputs,
OldOutputs: r.Outputs,
NewInputs: inputsForDiff,
AllowUnknowns: true,
})
if err != nil {
return false, nil, err
}
return diff.Replace(), diff.ReplaceKeys, nil
}
// Walk the root resource's dependents in order and build up the set of resources that require replacement.
//
// NOTE: the dependency graph we use for this calculation is based on the dependency graph from the last snapshot.
// If there are resources in this graph that used to depend on the root but have been re-registered such that they
// no longer depend on the root, we may make incorrect decisions. To avoid that, we rely on the observation that
// dependents can only have been _removed_ from the base dependency graph: for a dependent to have been added,
// it would have had to have been registered prior to the root, which is not a valid operation. This means that
// any resources that depend on the root must not yet have been registered, which in turn implies that resources
// that have already been registered must not depend on the root. Thus, we ignore these resources if they are
// encountered while walking the old dependency graph to determine the set of dependents.
impossibleDependents := sg.urns
for _, d := range sg.deployment.depGraph.DependingOn(root, impossibleDependents, false) {
replace, keys, err := requiresReplacement(d)
if err != nil {
return nil, err
}
if replace {
toReplace, replaceSet[d.URN] = append(toReplace, dependentReplace{res: d, keys: keys}), true
}
}
// Return the list of resources to replace.
return toReplace, nil
}
func (sg *stepGenerator) AnalyzeResources() error {
var resources []plugin.AnalyzerStackResource
sg.deployment.news.Range(func(urn resource.URN, v *resource.State) bool {
goal, ok := sg.deployment.goals.Load(urn)
contract.Assertf(ok, "failed to load goal for %s", urn)
resource := plugin.AnalyzerStackResource{
AnalyzerResource: plugin.AnalyzerResource{
URN: v.URN,
Type: v.Type,
Name: v.URN.Name(),
// Unlike Analyze, AnalyzeStack is called on the final outputs of each resource,
// to verify the final stack is in a compliant state.
Properties: v.Outputs,
Options: plugin.AnalyzerResourceOptions{
Protect: v.Protect,
IgnoreChanges: goal.IgnoreChanges,
DeleteBeforeReplace: goal.DeleteBeforeReplace,
AdditionalSecretOutputs: v.AdditionalSecretOutputs,
Aliases: v.GetAliases(),
CustomTimeouts: v.CustomTimeouts,
},
},
Parent: v.Parent,
Dependencies: v.Dependencies,
PropertyDependencies: v.PropertyDependencies,
}
providerResource := sg.getProviderResource(v.URN, v.Provider)
if providerResource != nil {
resource.Provider = &plugin.AnalyzerProviderResource{
URN: providerResource.URN,
Type: providerResource.Type,
Name: providerResource.URN.Name(),
Properties: providerResource.Inputs,
}
}
resources = append(resources, resource)
return true
})
analyzers := sg.deployment.ctx.Host.ListAnalyzers()
for _, analyzer := range analyzers {
diagnostics, err := analyzer.AnalyzeStack(resources)
if err != nil {
return err
}
for _, d := range diagnostics {
if d.EnforcementLevel == apitype.Remediate {
// Stack policies cannot be remediated, so treat the level as mandatory.
d.EnforcementLevel = apitype.Mandatory
}
sg.sawError = sg.sawError || (d.EnforcementLevel == apitype.Mandatory)
// If a URN was provided and it is a URN associated with a resource in the stack, use it.
// Otherwise, if the URN is empty or is not associated with a resource in the stack, use
// the default root stack URN.
var urn resource.URN
if d.URN != "" {
if _, ok := sg.deployment.news.Load(d.URN); ok {
urn = d.URN
}
}
if urn == "" {
urn = resource.DefaultRootStackURN(sg.deployment.Target().Name.Q(), sg.deployment.source.Project())
}
sg.deployment.events.OnPolicyViolation(urn, d)
}
}
return nil
}
// hasGeneratedStep returns true if and only if the step generator has generated a step for the given URN.
func (sg *stepGenerator) hasGeneratedStep(urn resource.URN) bool {
return sg.creates[urn] ||
sg.sames[urn] ||
sg.updates[urn] ||
sg.deletes[urn] ||
sg.replaces[urn] ||
sg.reads[urn]
}
// newStepGenerator creates a new step generator that operates on the given deployment.
func newStepGenerator(deployment *Deployment) *stepGenerator {
return &stepGenerator{
deployment: deployment,
urns: make(map[resource.URN]bool),
reads: make(map[resource.URN]bool),
creates: make(map[resource.URN]bool),
sames: make(map[resource.URN]bool),
replaces: make(map[resource.URN]bool),
updates: make(map[resource.URN]bool),
deletes: make(map[resource.URN]bool),
skippedCreates: make(map[resource.URN]bool),
pendingDeletes: make(map[*resource.State]bool),
providers: make(map[resource.URN]*resource.State),
dependentReplaceKeys: make(map[resource.URN][]resource.PropertyKey),
aliased: make(map[resource.URN]resource.URN),
aliases: make(map[resource.URN]resource.URN),
// We clone the targets passed as options because we will modify this set as
// we compute the full set (e.g. by expanding globs, or traversing
// dependents).
targetsActual: deployment.opts.Targets.Clone(),
}
}
Reference in New Issue View Git Blame Copy Permalink