lbialy
commented
1 year ago Here are some of the issues that we have encountered while implementing all of the JVM-based Pulumi SDKs (Java, Kotlin, Scala). Most of them are related to provider package schemas but some apply to general architectural decisions and feature support.
-
Sometimes references to types seem to have an invalid (according to the spec) or at least ambiguous format, e.g. (in
aws):"$ref": "aws:index/region:Region"or$ref": "aws:apigateway/restApi:RestApi"instead of"$ref": "#types/aws:index/region:Region"and$ref": "#resources/aws:apigateway/restApi:RestApi"Can we rely on some kind of heuristic to fix such references? What if some type references abbreviated in this way were defined in both types and resources sections of a schema? -
Even with the possible heuristic shown above, references to some types can’t be resolved as they are not defined in a given schema at all, e.g. (in
aws):"$ref": "aws:index/aRN:ARN" -
There are also issues regarding letter casing that lead to similar ambiguities, ie:
azure-native:network:IPAllocationMethodvsazure-native:network:IpAllocationMethod. Is there any explicit rule regarding resource types that says they should be considered lower-case equal or are those just exceptions? -
What is the expected semantic of empty types, e.g. (in
aws-native):"aws-native:databrew:RecipeParameterMap": { "type": "object" }
Should this really result in generation of an empty class? Some usages of such types seem to suggest something different, e.g. (inside the definition of aws-native:databrew:RecipeAction):
"parameters": {
"oneOf": [
{
"$ref": "#/types/aws-native:databrew:RecipeParameters"
},
{
"$ref": "#/types/aws-native:databrew:RecipeParameterMap"
}
]
}The intent of using RecipeParameterMap in an alternative seems to be to allow passing arbitrary parameters not defined in RecipeParameters so should RecipeParameterMap be in fact just a map/dictionary?
-
Definitions of some types cause us to run into some quantitative limitations of JVM, e.g. a) too many parameters for a method, where each parameter corresponds to a (input) property of a type or resource, e.g. for
aws:config/endpoints:endpointsb) too long names of types resulting in classfile names exceeding the typical maximal length of a file name for an operating system’s file system, e.g (inaws): “TemplateDefinitionSheetVisualScatterPlotVisualChartConfigurationFieldWellsScatterPlotCategoricallyAggregatedFieldWellsCategoryCategoricalDimensionFieldFormatConfigurationNumericFormatConfigurationCurrencyDisplayFormatConfigurationNullValueFormatConfiguration” - 259 characters Is there some generic mechanism for excluding problematic types like the one mentioned above from code generation? E.g. java doesn’t generate a class for this type. However, other languages which are not directly bound by these limitations, e.g. typescript, don’t include this type in their codegen either. -
Some methods available on resources, e.g. event handlers for AWS lambdas like
aws.s3.Bucket.onObjectCreateddon’t seem to be specified in the schemas of particular providers. How can we know what methods should be generated and what their exact signatures should be? More generally speaking: some providers do seem to contain non-generated code. Is there some kind of knowledge base or at least a list of github issues / PRs that introduce these features into provider package codebases so that we can reimplement those? -
Do descriptions of types, properties, etc. have any fixed semantic structure? According to the developers’ docs, descriptions are “Interpreted as Markdown”. However sometimes they seem to have some sections delimited by
{{% examples %}}or{{% example %}}. Is this some official (undocumented?) syntax? Does it support some other types of structures which might require special handling in code generation (e.g. removing unnecessary example snippets for other languages)? Again, more generally speaking, how can makers of community-driven language SDKs “hijack” this to provide their own docs in generated provider libraries as the current mechanism seems limited to languages officially supported by Pulumi. -
Some parts of providers’ schemas can have language-specific extensions like
"language": { "nodejs": { "requiredOutputs": [ "contains", "criteria", "eqs", "exists", "neqs" ] }Is there an exhaustive list of such extensions so that we can figure out which of them we could reuse in our code generation? E.g. currently we reuse the mapping of package names from java.
-
Do particular components of the Pulumi stack (Pulumi engine, SDKs for languages, schemas for providers, automation API, etc.) use a common and consistent schema of versioning to guarantee specific levels of compatibility? E.g. is semantic versioning enforced? Can changes in a language SDK enforce a (breaking) version bump for a provider’s SDK? Should adding an optional (input) property to a resource in a schema have a guarantee of preserving binary compatibility in signatures of generated methods? Our concern regards the situation in which there are user-built component libraries released as binaries (jars) with dependencies on both SDK and other provider packages. JVM has a flat classpath, this means that there’s a large potential for version conflicts between provider packages used between user-build libraries. These will lead to binary compatibility errors at runtime.
-
Remote components implementation design issues - in what cases can arbitrary resources be deserialized from wire? There’s a branch in pulumi-java code that was rewritten from C#. It references ResourcePackages class that contains a capability to find all classes on classpath that are annotated with a
@Resourceannotation and then to find, via further reflective calls, constructors and instantiate resource instances reflectively. In what situations is this branch executed? When can a Resource class arrive serialized to a language SDK from Pulumi engine? From what we can see the only data that we get are: resource type, urn and resource/package version. Should the resource always be rehydrated from the engine by issuing a ReadResource gRPC call after it arrives in this fashion? In current implementation of Pulumi-java it seems to be the case but the resource is initialized with ResourceOptions containing only the urn parameter leading to a readResource call. We are aware that this is somehow related to the mechanics of multi-language components but were under the impression that this feature is only limited to actual component resources and resources, in general, don’t expose other resources via their properties, only plain objects (is this understanding correct?). We have an idea how we can deal with this problem on the JVM without reflection (we are committed not to use runtime reflection in pulumi-scala as we consider it too error-prone) by leveraging Java SPI mechanism and code-generating a service provider implementation in each of pulumi-scala packages that will expose factories by resource type (cuts down unsafety to a single, relatively safe type downcast - from Resource to particular resource type bound to resource type). This is however a relatively large issue for languages like Rust that, AFAIK, have no way to do anything resembling classpath search. I’m guessing only stuff like dynamic loading could help in this case but I’m definitely not an expert in Rust.
In general, remote resources as a feature seem quite complex and hard to understand. For instance, is it possible, in case of import of a foreign stack, that a serialized resource will be received that has a resource type that is not available in the currently executing Pulumi program (i.e. an AWS EC2 instance resource will arrive in a Pulumi program using Java or Scala SDK that has no direct dependency on AWS package (so no jar added to classpath and subsequently no Instance class available). If not, how so?
-
There's a bunch of options available on
RegisterResourceRequestthat do not seem to have any relevancy in implementations we've been basing our work on (js, go, java), e.g.acceptSecretsorsupportsPartialValues. Is there some kind of documentation available that would explain those flags and parameters in depth? -
Going deeper on the implementation side of things - are the semantics of propagation of properties like secretness or protect flag declared (as rules that implementations have to follow) anywhere? While secretness is generally quite understandable (anything derived from a secret must be a secret unless user explicitly makes the output abandon secrecy) it's not that obvious in case of protect flag. Java implementation does something that seems to make rational sense, it checkes whether the parent resource is protected and if it is, the child inherits the protection. That's not what happens in pulumi-go for instance, each resource has protect flag set separately.
Frassle
rigzba21
Hello!
Issue details
We have a number of issues requesting new languages:
It is not feasible for Pulumi (the company) to build and maintain support for every language. However we would like to support engineers writing Pulumi programs in the language of their choice, and so need to support the community building their own language plugins.
Currently languages are heavily coupled to the pulumi cli itself:
All of this needs fixing to allow the community to have a good experience building and publishing their own language plugins. The best way to support this is that our language plugins should not be privileged, that is the cli should not know about any of our languages. Everything should be done via the language plugin interface.
We made some progress cleaning up things in this space last year (a lot of language specific code in
pulumi newfor example got moved across to the language plugins, and all of it inpulumi aboutwas moved across).As well as all of the above that really must be done for the community to have a chance of building their own languages we should also invest in making it so language SDKs need less manual work to be complete. This should be done in two ways: