search

pulumi / pulumi-azure-native

Azure Native Provider
Apache License 2.0
125 stars 33 forks source link

Fix parsing nested path ids #3375

Closed danielrbradley closed 3 months ago

danielrbradley commented 3 months ago

Fixes https://github.com/pulumi/pulumi-azure-native/issues/3368

This will currently result in an additional input being generated during the import. This then appears during the next up as a property deletion, though it actually has no effect.

Demonstration

Using the examples/keyvault-accesspolicies/ example:

  1. Perform up gives the state (inputs and outputs): 
                     "policy": {
                    "objectId": "xxxx",
                    "permissions": {
                        "keys": [
                            "get",
                            "create",
                            "delete",
                            "list"
                        ],
                        "secrets": [
                            "get",
                            "list",
                            "set",
                            "delete"
                        ]
                    },
                    "tenantId": "xxxx"
                },
                "resourceGroupName": "rgxxxx",
                "vaultName": "vaultxxxx"
  2. Delete the resource from the state: pulumi state delete urn:pulumi:dev::scratch::azure-native:keyvault:AccessPolicy::ap1
  3. Import the resource: pulumi import resource ap1 "/subscriptions/xxxx/resourceGroups/rgxxxx/providers/Microsoft.KeyVault/vaults/vaultxxxx/accessPolicy/xxxx"
  4. Check the state with pulumi stack export, the inputs now include object.Id: 
                    "policy": { ... },
                "policy.objectId": "xxxx",
                "resourceGroupName": "rgxxxx",
                "vaultName": "vaultxxxx"
  5. Perform another up (pulumi up). Preview shows removal of policy => ObjectId: image

    State inputs revert to remove policy.objectId: 

                    "policy": { ... },
                "resourceGroupName": "rgxxxx",
                "vaultName": "vaultxxxx"

Tracing usage of ParseResourceID

The result from this function is used here:

https://github.com/pulumi/pulumi-azure-native/blob/e8feca2c41d0e5d904eee9cc13eeea774d51ec1d/provider/pkg/provider/provider.go#L1080-L1087

The pathItems are passed into ResponseToSdkInputs where they are used if they match one of the parameters in the metadata:

https://github.com/pulumi/pulumi-azure-native/blob/e8feca2c41d0e5d904eee9cc13eeea774d51ec1d/provider/pkg/convert/responseToSdkInputs.go#L18-L24

This will match: https://github.com/pulumi/pulumi-azure-native/blob/e8feca2c41d0e5d904eee9cc13eeea774d51ec1d/provider/pkg/resources/customresources/custom_keyvault_accesspolicy.go#L67

github-actions[bot] commented 3 months ago

Does the PR have any schema changes?

Looking good! No breaking changes found. No new resources/functions.

codecov[bot] commented 3 months ago

Codecov Report

Attention: Patch coverage is 81.81818% with 2 lines in your changes missing coverage. Please review.

Project coverage is 56.88%. Comparing base (9366e2d) to head (674dc7c).

Files Patch % Lines
provider/pkg/resources/parseResourceId.go 81.81% 1 Missing and 1 partial :warning:
Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #3375 +/- ## ========================================== + Coverage 56.87% 56.88% +0.01% ========================================== Files 66 66 Lines 8092 8099 +7 ========================================== + Hits 4602 4607 +5 - Misses 3055 3056 +1 - Partials 435 436 +1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

scp-mb commented 3 weeks ago

@danielrbradley I am currently trying to import some access policies in a c# stack programmatically, but it seems to think the import will fail due to policy.objectId being missing, despite being specified. I'm assuming a bug from this change.

pulumi import on the cli has the following output for the preview, note the duplicated objectId on both the root and nested under policy.

policy           : {
            objectId   : "xxx"
            permissions: {
                certificates: [
                    [0]: "All"
                ]
                keys        : [
                    [0]: "All"
                ]
                secrets     : [
                    [0]: "All"
                ]
            }
            tenantId   : "xxx"
        }
        policy.objectId  : "xxx"
        resourceGroupName: "xxx"
        vaultName        : "xxx"

Attempting to import via code, with Policy.ObjectId set correctly via AccessPolicyEntryArgs:

warning: inputs to import do not match the existing resource; importing this resource will fail
    = azure-native:keyvault:AccessPolicy: (import)
        [id=/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx/accessPolicy/xxx]
        [urn=urn:pulumi:dev::Api::azure-native:keyvault:AccessPolicy::xxx]
        [provider=urn:pulumi:dev::Api::pulumi:providers:azure-native::default_2_59_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
      - policy.objectId: "xxx"