Forklift buildx provider

2024-03-25 11:40:33 -07:00
parent 2b348f84e4
commit d50d156bd8
349 changed files with 61549 additions and 1141 deletions
--- a/provider/internal/deprecated/configencoding.go
+++ b/provider/internal/deprecated/configencoding.go
@@ -0,0 +1,211 @@
+// Copyright 2024, Pulumi Corporation.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package deprecated
+
+import (
+	"encoding/json"
+	"fmt"
+	"sort"
+
+	"google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/pulumi/pulumi/pkg/v3/codegen/schema"
+	"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
+	"github.com/pulumi/pulumi/sdk/v3/go/common/resource/plugin"
+)
+
+// ConfigEncoding handles unmarshaling legacy JSON provider config.
+type ConfigEncoding struct {
+	schema schema.ConfigSpec
+}
+
+// New constructs a new config encoder for the provided spec.
+func New(s schema.ConfigSpec) *ConfigEncoding {
+	return &ConfigEncoding{schema: s}
+}
+
+func (*ConfigEncoding) tryUnwrapSecret(encoded any) (any, bool) {
+	m, ok := encoded.(map[string]any)
+	if !ok {
+		return nil, false
+	}
+	sig, ok := m["4dabf18193072939515e22adb298388d"]
+	if !ok {
+		return nil, false
+	}
+	ss, ok := sig.(string)
+	if !ok {
+		return nil, false
+	}
+	if ss != "1b47061264138c4ac30d75fd1eb44270" {
+		return nil, false
+	}
+	value, ok := m["value"]
+	return value, ok
+}
+
+func (enc *ConfigEncoding) convertStringToPropertyValue(s string, prop schema.PropertySpec) (
+	resource.PropertyValue, error,
+) {
+	// If the schema expects a string, we can just return this as-is.
+	if prop.Type == "string" {
+		return resource.NewStringProperty(s), nil
+	}
+
+	// Otherwise, we will attempt to deserialize the input string as JSON and convert the result into a Pulumi
+	// property. If the input string is empty, we will return an appropriate zero value.
+	if s == "" {
+		return enc.zeroValue(prop.Type), nil
+	}
+
+	var jsonValue interface{}
+	if err := json.Unmarshal([]byte(s), &jsonValue); err != nil {
+		return resource.PropertyValue{}, err
+	}
+
+	opts := enc.unmarshalOpts()
+
+	// Instead of using resource.NewPropertyValue, specialize it to detect nested json-encoded secrets.
+	var replv func(encoded any) (resource.PropertyValue, bool)
+	replv = func(encoded any) (resource.PropertyValue, bool) {
+		encodedSecret, isSecret := enc.tryUnwrapSecret(encoded)
+		if !isSecret {
+			return resource.NewNullProperty(), false
+		}
+
+		v := resource.NewPropertyValueRepl(encodedSecret, nil, replv)
+		if opts.KeepSecrets {
+			v = resource.MakeSecret(v)
+		}
+
+		return v, true
+	}
+
+	return resource.NewPropertyValueRepl(jsonValue, nil, replv), nil
+}
+
+func (*ConfigEncoding) zeroValue(typ string) resource.PropertyValue {
+	switch typ {
+	case "boolean":
+		return resource.NewPropertyValue(false)
+	case "integer", "number":
+		return resource.NewPropertyValue(0)
+	case "array":
+		return resource.NewPropertyValue([]interface{}{})
+	default:
+		return resource.NewPropertyValue(map[string]interface{}{})
+	}
+}
+
+func (enc *ConfigEncoding) unmarshalOpts() plugin.MarshalOptions {
+	return plugin.MarshalOptions{
+		Label:        "config",
+		KeepUnknowns: true,
+		SkipNulls:    true,
+		RejectAssets: true,
+	}
+}
+
+// Like plugin.UnmarshalPropertyValue but overrides string parsing with convertStringToPropertyValue.
+func (enc *ConfigEncoding) unmarshalPropertyValue(key resource.PropertyKey,
+	v *structpb.Value,
+) (*resource.PropertyValue, error) {
+	opts := enc.unmarshalOpts()
+
+	pv, err := plugin.UnmarshalPropertyValue(key, v, enc.unmarshalOpts())
+	if err != nil {
+		return nil, fmt.Errorf("error unmarshalling property %q: %w", key, err)
+	}
+
+	prop, ok := enc.schema.Variables[string(key)]
+
+	// Only apply JSON-encoded recognition for known fields.
+	if !ok {
+		return pv, nil
+	}
+
+	var jsonString string
+	var jsonStringDetected, jsonStringSecret bool
+
+	if pv.IsString() {
+		jsonString = pv.StringValue()
+		jsonStringDetected = true
+	}
+
+	if opts.KeepSecrets && pv.IsSecret() && pv.SecretValue().Element.IsString() {
+		jsonString = pv.SecretValue().Element.StringValue()
+		jsonStringDetected = true
+		jsonStringSecret = true
+	}
+
+	if jsonStringDetected {
+		v, err := enc.convertStringToPropertyValue(jsonString, prop)
+		if err != nil {
+			return nil, fmt.Errorf("error unmarshalling property %q: %w", key, err)
+		}
+		if jsonStringSecret {
+			s := resource.MakeSecret(v)
+			return &s, nil
+		}
+		return &v, nil
+	}
+
+	// Computed sentinels are coming in as always having an empty string, but the encoding coerses them to a zero
+	// value of the appropriate type.
+	if pv.IsComputed() {
+		el := pv.V.(resource.Computed).Element
+		if el.IsString() && el.StringValue() == "" {
+			res := resource.MakeComputed(enc.zeroValue(prop.Type))
+			return &res, nil
+		}
+	}
+
+	return pv, nil
+}
+
+// UnmarshalProperties is copied from plugin.UnmarshalProperties substituting plugin.UnmarshalPropertyValue.
+func (enc *ConfigEncoding) UnmarshalProperties(props *structpb.Struct) (resource.PropertyMap, error) {
+	opts := enc.unmarshalOpts()
+
+	result := make(resource.PropertyMap)
+
+	// First sort the keys so we enumerate them in order (in case errors happen, we want determinism).
+	var keys []string
+	if props != nil {
+		for k := range props.Fields {
+			keys = append(keys, k)
+		}
+		sort.Strings(keys)
+	}
+
+	// And now unmarshal every field it into the map.
+	for _, key := range keys {
+		pk := resource.PropertyKey(key)
+		v, err := enc.unmarshalPropertyValue(pk, props.Fields[key])
+		if err != nil {
+			return nil, err
+		} else if v != nil {
+			if opts.SkipNulls && v.IsNull() {
+				continue
+			}
+			if opts.SkipInternalKeys && resource.IsInternalPropertyKey(pk) {
+				continue
+			}
+			result[pk] = *v
+		}
+	}
+
+	return result, nil
+}
--- a/provider/internal/deprecated/configencoding_test.go
+++ b/provider/internal/deprecated/configencoding_test.go
@@ -0,0 +1,295 @@
+// Copyright 2024, Pulumi Corporation.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package deprecated
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	structpb "google.golang.org/protobuf/types/known/structpb"
+
+	"github.com/pulumi/pulumi/pkg/v3/codegen/schema"
+	"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
+	"github.com/pulumi/pulumi/sdk/v3/go/common/resource/plugin"
+)
+
+func TestConfigEncoding(t *testing.T) {
+	t.Parallel()
+
+	type testCase struct {
+		ty schema.TypeSpec
+		v  *structpb.Value
+		pv resource.PropertyValue
+	}
+
+	knownKey := "mykey"
+
+	makeEnc := func(typ schema.TypeSpec) *ConfigEncoding {
+		return New(
+			schema.ConfigSpec{
+				Variables: map[string]schema.PropertySpec{
+					knownKey: {
+						TypeSpec: typ,
+					},
+				},
+			},
+		)
+	}
+
+	makeValue := func(x any) *structpb.Value {
+		vv, err := structpb.NewValue(x)
+		assert.NoErrorf(t, err, "structpb.NewValue failed")
+		return vv
+	}
+
+	checkUnmarshal := func(t *testing.T, tc testCase) {
+		enc := makeEnc(tc.ty)
+		pv, err := enc.unmarshalPropertyValue(resource.PropertyKey(knownKey), tc.v)
+		assert.NoError(t, err)
+		assert.NotNil(t, pv)
+		assert.Equal(t, tc.pv, *pv)
+	}
+
+	turnaroundTestCases := []testCase{
+		{
+			schema.TypeSpec{Type: "boolean"},
+			makeValue(`true`),
+			resource.NewBoolProperty(true),
+		},
+		{
+			schema.TypeSpec{Type: "boolean"},
+			makeValue(`false`),
+			resource.NewBoolProperty(false),
+		},
+		{
+			schema.TypeSpec{Type: "integer"},
+			makeValue(`0`),
+			resource.NewNumberProperty(0),
+		},
+		{
+			schema.TypeSpec{Type: "integer"},
+			makeValue(`42`),
+			resource.NewNumberProperty(42),
+		},
+		{
+			schema.TypeSpec{Type: "number"},
+			makeValue(`0`),
+			resource.NewNumberProperty(0.0),
+		},
+		{
+			schema.TypeSpec{Type: "number"},
+			makeValue(`42.5`),
+			resource.NewNumberProperty(42.5),
+		},
+		{
+			schema.TypeSpec{Type: "string"},
+			structpb.NewStringValue(""),
+			resource.NewStringProperty(""),
+		},
+		{
+			schema.TypeSpec{Type: "string"},
+			structpb.NewStringValue("hello"),
+			resource.NewStringProperty("hello"),
+		},
+		{
+			schema.TypeSpec{Type: "array"},
+			makeValue(`[]`),
+			resource.NewArrayProperty([]resource.PropertyValue{}),
+		},
+		{
+			schema.TypeSpec{Type: "array"},
+			makeValue(`["hello","there"]`),
+			resource.NewArrayProperty([]resource.PropertyValue{
+				resource.NewStringProperty("hello"),
+				resource.NewStringProperty("there"),
+			}),
+		},
+		{
+			schema.TypeSpec{Type: "object"},
+			makeValue(`{}`),
+			resource.NewObjectProperty(resource.PropertyMap{}),
+		},
+		{
+			schema.TypeSpec{Type: "object"},
+			makeValue(`{"key":"value"}`),
+			resource.NewObjectProperty(resource.PropertyMap{
+				"key": resource.NewStringProperty("value"),
+			}),
+		},
+	}
+
+	t.Run("turnaround", func(t *testing.T) {
+		for i, tc := range turnaroundTestCases {
+			tc := tc
+
+			t.Run(fmt.Sprintf("UnmarshalPropertyValue/%d", i), func(t *testing.T) {
+				t.Parallel()
+				checkUnmarshal(t, tc)
+			})
+		}
+	})
+
+	t.Run("zero_values", func(t *testing.T) {
+		// Historically the encoding was able to convert empty strings into type-appropriate zero values.
+		cases := []testCase{
+			{
+				schema.TypeSpec{Type: "boolean"},
+				makeValue(""),
+				resource.NewBoolProperty(false),
+			},
+			{
+				schema.TypeSpec{Type: "number"},
+				makeValue(""),
+				resource.NewNumberProperty(0.),
+			},
+			{
+				schema.TypeSpec{Type: "integer"},
+				makeValue(""),
+				resource.NewNumberProperty(0),
+			},
+			{
+				schema.TypeSpec{Type: "string"},
+				makeValue(""),
+				resource.NewStringProperty(""),
+			},
+			{
+				schema.TypeSpec{Type: "object"},
+				makeValue(""),
+				resource.NewObjectProperty(make(resource.PropertyMap)),
+			},
+			{
+				schema.TypeSpec{Type: "array"},
+				makeValue(""),
+				resource.NewArrayProperty([]resource.PropertyValue{}),
+			},
+		}
+		for _, tc := range cases {
+			tc := tc
+
+			t.Run(fmt.Sprintf("%v", tc.ty), func(t *testing.T) {
+				t.Parallel()
+				checkUnmarshal(t, tc)
+			})
+		}
+	})
+
+	t.Run("computed", func(t *testing.T) {
+		unk := makeValue(plugin.UnknownStringValue)
+
+		for i, tc := range turnaroundTestCases {
+			tc := tc
+
+			t.Run(fmt.Sprintf("UnmarshalPropertyValue/%d", i), func(t *testing.T) {
+				t.Parallel()
+				// Unknown sentinel unmarshals to a Computed with a type-appropriate zero value.
+				checkUnmarshal(t, testCase{
+					tc.ty,
+					unk,
+					resource.MakeComputed(makeEnc(tc.ty).zeroValue(tc.ty.Type)),
+				})
+			})
+		}
+	})
+
+	t.Run("secret", func(t *testing.T) {
+		// Unmarshalling happens with KeepSecrets=false, replacing them with the underlying values. This case
+		// does not need to be tested.
+		//
+		// Marhalling however supports sending secrets back to the engine, intending to mark values as secret
+		// that happen on paths that are declared as secret in the schema. Due to the limitation of the
+		// JSON-in-proto-encoding, secrets are communicated imprecisely as an approximation: if any nested
+		// element of a property is secret, the entire property is marshalled as secret.
+
+		var secretCases []testCase
+
+		pbSecret := func(v *structpb.Value) *structpb.Value {
+			return structpb.NewStructValue(&structpb.Struct{Fields: map[string]*structpb.Value{
+				"4dabf18193072939515e22adb298388d": makeValue("1b47061264138c4ac30d75fd1eb44270"),
+				"value":                            v,
+			}})
+		}
+
+		for _, tc := range turnaroundTestCases {
+			secretCases = append(secretCases, testCase{
+				tc.ty,
+				pbSecret(tc.v),
+				resource.MakeSecret(tc.pv),
+			})
+		}
+
+		for i, tc := range secretCases {
+			tc := tc
+
+			t.Run(fmt.Sprintf("secret/UnmarshalPropertyValue/%d", i), func(t *testing.T) {
+				t.Parallel()
+
+				// Unmarshallin will remove secrts, so the expected value needs to be modified.
+				tc.pv = tc.pv.SecretValue().Element
+				checkUnmarshal(t, tc)
+			})
+		}
+
+		t.Run("tolerate secrets in Configure", func(t *testing.T) {
+			// This is a bit of a histirocal quirk: the engine may send secrets to Configure before
+			// receiving the response from Configure indicating that the provider does not want to receive
+			// secrets. These are simply ignored. The engine does not currently send secrets to CheckConfig.
+			// The engine does take care of making sure the secrets are stored as such in the statefile.
+			//
+			// Check here that unmarshalilng such values removes the secrets.
+			checkUnmarshal(t, testCase{
+				schema.TypeSpec{Type: "object"},
+				pbSecret(makeValue(`{"key":"val"}`)),
+				resource.NewObjectProperty(resource.PropertyMap{
+					"key": resource.NewStringProperty("val"),
+				}),
+			})
+		})
+	})
+
+	regressUnmarshalTestCases := []testCase{
+		{
+			schema.TypeSpec{Type: "array"},
+			makeValue(`
+			[
+			  {
+			    "address": "somewhere.org",
+			    "password": {
+			      "4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
+			      "value": "some-password"
+			    },
+			    "username": "some-user"
+			  }
+			]`),
+			resource.NewArrayProperty([]resource.PropertyValue{
+				resource.NewObjectProperty(resource.PropertyMap{
+					"address":  resource.NewStringProperty("somewhere.org"),
+					"password": resource.NewStringProperty("some-password"),
+					"username": resource.NewStringProperty("some-user"),
+				}),
+			}),
+		},
+	}
+
+	t.Run("regress-unmarshal", func(t *testing.T) {
+		for i, tc := range regressUnmarshalTestCases {
+			tc := tc
+			t.Run(fmt.Sprintf("UnmarshalPropertyValue/%d", i), func(t *testing.T) {
+				t.Parallel()
+				checkUnmarshal(t, tc)
+			})
+		}
+	})
+}
--- a/provider/internal/deprecated/doc.go
+++ b/provider/internal/deprecated/doc.go
@@ -0,0 +1,19 @@
+// Copyright 2024, Pulumi Corporation.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package deprecated vendors config parsing from pulumi-terraform-bridge.
+//
+// Originally taken from here:
+// https://github.com/pulumi/pulumi-terraform-bridge/blob/90733a0c7/pkg/tfbridge/config_encoding.go
+package deprecated