Deprecation warning for `PermissionTarget` with resource being moved to another provider

[zbuchheit]

Describe what happened

The resource PermissionTarget has been deprecated in favor for a new resource, Permission, but the new resource has been moved to the jfrog/platform provider which we do not currently bridge. This poses a problem for users who leverage this resource today, but have no path to workaround the issue.

Sample program

Use the PermissionTarget resource and receive the following warning

 warning: urn:pulumi:dev::artifactory::artifactory:index/permissionTarget:PermissionTarget{...redacted} verification warning: This resource has been deprecated in favor of "platform_permission" (https://registry.terraform.io/providers/jfrog/platform/latest/docs/resources/permission) resource.

Log output

No response

Affected Resource(s)

PermissionTarget

Output of pulumi about

N/A

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[iwahbe]

Hi @zbuchheit. I think the quickest way to get past this is to dynamically bridge jfrog/platform:

$ pulumi package add jfrog/platform

[zbuchheit]

The user is using yaml which I believe is a limitation for using dynamically bridge providers at the moment.

[iwahbe]

The user is using yaml which I believe is a limitation for using dynamically bridge providers at the moment.

Ah, yeah. That should be fixed soon, but right now they are not compatable.

[mjeffryes]

Is this concern primarily about needing access to the new resource in jfrog/platform or about suppressing the warning?

If the former, we should link the user request to https://github.com/pulumi/pulumi-yaml/issues/626 which would unblock the use of local packages from YAML programs.

[zbuchheit]

It is a bit of both. Originally the user just wanted to suppress the warning, but failed to realize the warning is saying that the resource will be removed in the future and replaced by a resource in another package that we don't currently bridge.

Having YAML support should in theory unblock the user, but it is unclear if they will be accepting of that workaround because of other potential limitations. I will link the other issue and follow up with the user once it is fixed to see if it will work for them.

[zbuchheit]

related question, is there a way to generate/output pulumi-style schema with dynamic providers, and what would be the way to download/pin a specific provider version?

[mjeffryes]

You can specify a version to fetch when generating the SDK:

$ pulumi package add terraform-provider [<registry>/]<author>/<name> [version]

(https://www.pulumi.com/registry/packages/terraform-provider/installation-configuration/)

I would recommend checking in the generated SDKs as well. (Not strictly nescessary to pin the provider version, but insulates from any Pulumi codegen change. Alternatively; pining the versions of pulumi and the pulumi-terraform-provider plugin is also sufficient.)

[mjeffryes]

I think we should treat this issue as the request to suppress the warning and the https://github.com/pulumi/business-development/issues/181 issue as the request for supporting the provider where this resource is moving.

[iwahbe]

related question, is there a way to generate/output pulumi-style schema with dynamic providers, and what would be the way to download/pin a specific provider version?

Yes:

$ pulumi package get-schema terraform-provider [<registry>/]<author>/<name> [version]

This will pipe the generated schema to stdout. You can redirect to a file (with > schema.json) as needed.

[iwahbe]

We can suppress the warning for the final release of v7, but PermissionTarget has been removed in v8 (upstream v12.0.0), which is about ready to release.

[mjeffryes]

I'd say we should not bother with the warning then, but will need to stay on our toes for https://github.com/pulumi/business-development/issues/181 in case we can't meet the need with just pulumi-terraform-provider

[zbuchheit]

The deprecation warning is disruptive enough that it is clogging up useful logging for the user. Shipping https://github.com/pulumi/pulumi-artifactory/commit/472fab7ee0487ea9f59eb7fb53ad61e5cd30b246 should alleviate that pressure, and give the user some space to prepare for the breaking resource move.

[pulumi-bot]

This issue has been addressed in PR #889 and shipped in release v7.10.0.