mirror of https://github.com/pulumi/pulumi.git
251 lines
8.0 KiB
Go
251 lines
8.0 KiB
Go
// Copyright 2016-2023, Pulumi Corporation.
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package main
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/spf13/cobra"
|
|
|
|
"github.com/pulumi/pulumi/pkg/v3/backend"
|
|
"github.com/pulumi/pulumi/pkg/v3/backend/display"
|
|
pkgWorkspace "github.com/pulumi/pulumi/pkg/v3/workspace"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/util/cmdutil"
|
|
"github.com/pulumi/pulumi/sdk/v3/go/common/workspace"
|
|
)
|
|
|
|
const (
|
|
possibleSecretsProviderChoices = "The type of the provider that should be used to encrypt and decrypt secrets\n" +
|
|
"(possible choices: default, passphrase, awskms, azurekeyvault, gcpkms, hashivault)"
|
|
)
|
|
|
|
func newStackInitCmd() *cobra.Command {
|
|
var sicmd stackInitCmd
|
|
cmd := &cobra.Command{
|
|
Use: "init [<org-name>/]<stack-name>",
|
|
Args: cmdutil.MaximumNArgs(1),
|
|
Short: "Create an empty stack with the given name, ready for updates",
|
|
Long: "Create an empty stack with the given name, ready for updates\n" +
|
|
"\n" +
|
|
"This command creates an empty stack with the given name. It has no resources,\n" +
|
|
"but afterwards it can become the target of a deployment using the `update` command.\n" +
|
|
"\n" +
|
|
"To create a stack in an organization when logged in to the Pulumi Cloud,\n" +
|
|
"prefix the stack name with the organization name and a slash (e.g. 'acmecorp/dev')\n" +
|
|
"\n" +
|
|
"By default, a stack created using the pulumi.com backend will use the pulumi.com secrets\n" +
|
|
"provider and a stack created using the local or cloud object storage backend will use the\n" +
|
|
"`passphrase` secrets provider. A different secrets provider can be selected by passing the\n" +
|
|
"`--secrets-provider` flag.\n" +
|
|
"\n" +
|
|
"To use the `passphrase` secrets provider with the pulumi.com backend, use:\n" +
|
|
"\n" +
|
|
"* `pulumi stack init --secrets-provider=passphrase`\n" +
|
|
"\n" +
|
|
"To use a cloud secrets provider with any backend, use one of the following:\n" +
|
|
"\n" +
|
|
"* `pulumi stack init --secrets-provider=\"awskms://alias/ExampleAlias?region=us-east-1\"`\n" +
|
|
"* `pulumi stack init --secrets-provider=\"awskms://1234abcd-12ab-34cd-56ef-1234567890ab?region=us-east-1\"`\n" +
|
|
"* `pulumi stack init --secrets-provider=\"azurekeyvault://mykeyvaultname.vault.azure.net/keys/mykeyname\"`\n" +
|
|
"* `pulumi stack init --secrets-provider=\"gcpkms://projects/<p>/locations/<l>/keyRings/<r>/cryptoKeys/<k>\"`\n" +
|
|
"* `pulumi stack init --secrets-provider=\"hashivault://mykey\"`\n" +
|
|
"\n" +
|
|
"A stack can be created based on the configuration of an existing stack by passing the\n" +
|
|
"`--copy-config-from` flag:\n" +
|
|
"\n" +
|
|
"* `pulumi stack init --copy-config-from dev`",
|
|
Run: runCmdFunc(func(cmd *cobra.Command, args []string) error {
|
|
ctx := cmd.Context()
|
|
return sicmd.Run(ctx, args)
|
|
}),
|
|
}
|
|
cmd.PersistentFlags().StringVarP(
|
|
&sicmd.stackName, "stack", "s", "", "The name of the stack to create")
|
|
cmd.PersistentFlags().StringVar(
|
|
&sicmd.secretsProvider, "secrets-provider", "", possibleSecretsProviderChoices)
|
|
cmd.PersistentFlags().StringVar(
|
|
&sicmd.stackToCopy, "copy-config-from", "", "The name of the stack to copy existing config from")
|
|
cmd.PersistentFlags().BoolVar(
|
|
&sicmd.noSelect, "no-select", false, "Do not select the stack")
|
|
cmd.PersistentFlags().StringArrayVar(&sicmd.teams, "teams", nil, "A list of team "+
|
|
"names that should have permission to read and update this stack,"+
|
|
" once created")
|
|
return cmd
|
|
}
|
|
|
|
// stackInitCmd implements the `pulumi stack init` command.
|
|
type stackInitCmd struct {
|
|
secretsProvider string
|
|
stackName string
|
|
stackToCopy string
|
|
noSelect bool
|
|
teams []string
|
|
|
|
// currentBackend is a reference to the top-level currentBackend function.
|
|
// This is used to override the default implementation for testing purposes.
|
|
currentBackend func(
|
|
context.Context, pkgWorkspace.Context, backend.LoginManager, *workspace.Project, display.Options,
|
|
) (backend.Backend, error)
|
|
}
|
|
|
|
func (cmd *stackInitCmd) Run(ctx context.Context, args []string) error {
|
|
if cmd.secretsProvider == "" {
|
|
cmd.secretsProvider = "default"
|
|
}
|
|
if cmd.currentBackend == nil {
|
|
cmd.currentBackend = currentBackend
|
|
}
|
|
currentBackend := cmd.currentBackend // shadow the top-level function
|
|
|
|
opts := display.Options{
|
|
Color: cmdutil.GetGlobalColorization(),
|
|
}
|
|
|
|
ssml := newStackSecretsManagerLoaderFromEnv()
|
|
ws := pkgWorkspace.Instance
|
|
|
|
// Try to read the current project
|
|
project, _, err := ws.ReadProject()
|
|
if err != nil && !errors.Is(err, workspace.ErrProjectNotFound) {
|
|
return err
|
|
}
|
|
|
|
b, err := currentBackend(ctx, ws, DefaultLoginManager, project, opts)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if len(args) > 0 {
|
|
if cmd.stackName != "" {
|
|
return errors.New("only one of --stack or argument stack name may be specified, not both")
|
|
}
|
|
|
|
cmd.stackName = args[0]
|
|
}
|
|
|
|
// Validate secrets provider type
|
|
if err := validateSecretsProvider(cmd.secretsProvider); err != nil {
|
|
return err
|
|
}
|
|
|
|
if cmd.stackName == "" && cmdutil.Interactive() {
|
|
if b.SupportsOrganizations() {
|
|
fmt.Print("Please enter your desired stack name.\n" +
|
|
"To create a stack in an organization, " +
|
|
"use the format <org-name>/<stack-name> (e.g. `acmecorp/dev`).\n")
|
|
}
|
|
|
|
name, nameErr := promptForValue(false, "stack name", "dev", false, b.ValidateStackName, opts)
|
|
if nameErr != nil {
|
|
return nameErr
|
|
}
|
|
cmd.stackName = name
|
|
}
|
|
|
|
if cmd.stackName == "" {
|
|
return errors.New("missing stack name")
|
|
}
|
|
|
|
if err := b.ValidateStackName(cmd.stackName); err != nil {
|
|
return err
|
|
}
|
|
|
|
stackRef, err := b.ParseStackReference(cmd.stackName)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
proj, root, projectErr := ws.ReadProject()
|
|
if projectErr != nil && !errors.Is(projectErr, workspace.ErrProjectNotFound) {
|
|
return projectErr
|
|
}
|
|
|
|
createOpts := newCreateStackOptions(cmd.teams)
|
|
newStack, err := createStack(ctx, ws, b, stackRef, root, createOpts, !cmd.noSelect, cmd.secretsProvider)
|
|
if err != nil {
|
|
if errors.Is(err, backend.ErrTeamsNotSupported) {
|
|
return fmt.Errorf("stack %s uses the %s backend: "+
|
|
"%s does not support --teams", cmd.stackName, b.Name(), b.Name())
|
|
}
|
|
return err
|
|
}
|
|
|
|
if cmd.stackToCopy != "" {
|
|
if projectErr != nil {
|
|
return projectErr
|
|
}
|
|
|
|
// load the old stack and its project
|
|
copyStack, err := requireStack(ctx, ws, DefaultLoginManager, cmd.stackToCopy, stackLoadOnly, opts)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
copyProjectStack, err := loadProjectStack(proj, copyStack)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// get the project for the newly created stack
|
|
newProjectStack, err := loadProjectStack(proj, newStack)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// copy the config from the old to the new
|
|
requiresSaving, err := copyEntireConfigMap(
|
|
ctx,
|
|
ssml,
|
|
copyStack,
|
|
copyProjectStack,
|
|
newStack,
|
|
newProjectStack,
|
|
)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
// The use of `requiresSaving` here ensures that there was actually some config
|
|
// that needed saved, otherwise it's an unnecessary save call
|
|
if requiresSaving {
|
|
err := saveProjectStack(newStack, newProjectStack)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// newCreateStackOptions constructs a backend.CreateStackOptions object
|
|
// from the provided options.
|
|
func newCreateStackOptions(teams []string) *backend.CreateStackOptions {
|
|
// Remove any strings from the list that are empty or just whitespace.
|
|
validTeams := teams[:0] // reuse storage.
|
|
for _, team := range teams {
|
|
team = strings.TrimSpace(team)
|
|
if len(team) > 0 {
|
|
validTeams = append(validTeams, team)
|
|
}
|
|
}
|
|
|
|
return &backend.CreateStackOptions{
|
|
Teams: validTeams,
|
|
}
|
|
}
|