Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run credentials validation only once #2949

Merged
merged 5 commits into from Nov 3, 2023
Merged

Run credentials validation only once #2949

merged 5 commits into from Nov 3, 2023

Conversation

VenelinMartinov
Copy link
Contributor

This should address the error duplication reported in #2285 as suggested by @t0yv0.

We now have a global counter which guard the credentials check and makes sure we only run it once.

For testing, I ran a few programs both with and without errors and it does seem to do the right thing.

Previewing update (dedev)

View in Browser (Ctrl+O): https://app.pulumi.com/venelin-pulumi-corp/aws_bucket_go/dedev/previews/88831526-f63f-42f2-98d9-957fbea78fc0

     Type                     Name                 Plan     Info
     pulumi:pulumi:Stack      aws_bucket_go-dedev           4 war
     └─ pulumi:providers:aws  default                       1 err

Diagnostics:
  pulumi:providers:aws (default):
    error: rpc error: code = Unknown desc = unable to validate AWS credentials.
    Details: No valid credential sources found. Please see https://www.pulumi.com/registry/packages/aws/installation-configuration/
    for more information about providing credentials.

    Error: failed to refresh cached credentials, failed to read cached SSO token file, open /Users/vvm/.aws/sso/cache/55357933a7310d2db90c3fa1ed0970a7bb34ed39.json: no such file or directory

    Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.

  pulumi:pulumi:Stack (aws_bucket_go-dedev):
    warning: using pulumi-language-go from $PATH at /opt/homebrew/bin/pulumi-language-go
    warning: using pulumi-resource-aws from $PATH at /Users/vvm/code/pulumi-aws/bin/pulumi-resource-aws
    warning: using pulumi-language-go from $PATH at /opt/homebrew/bin/pulumi-language-go
    warning: using pulumi-resource-aws from $PATH at /Users/vvm/code/pulumi-aws/bin/pulumi-resource-aws

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 2, 2023

Does the PR have any schema changes?

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

Maintainer note: consult the runbook for dealing with any breaking changes.

@t0yv0
Copy link
Member

t0yv0 commented Nov 2, 2023

Thank you this looks good. This is an incredibly high-visibility issue, and we do not want to regress on this ever again, so in light of this please add a ProgramTest level coverage that asserts that the expected warning falls out of the un-configured provider. TYVM.

t0yv0
t0yv0 requested changes Nov 2, 2023
View reviewed changes
Copy link
Member

@t0yv0 t0yv0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but need to test.

iwahbe
iwahbe reviewed Nov 2, 2023
View reviewed changes
Copy link
Member

@iwahbe iwahbe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with t0yv0, tests are needed to merge.

provider/resources.go Outdated
@@ -626,6 +615,30 @@ func preConfigureCallback(vars resource.PropertyMap, c shim.ResourceConfig) erro
return nil
}

// We should only run the validation once to avoid duplicating the reported errors.
var credentialsValidationCounter atomic.Int32
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: We have atomic.Bool with if !credentialsValidated.CompareAndSwap(false, true) { return nil }

We also have sync.OnceFunc that exists to do exactly what you have implemented in atomics.

Neither of these options are vulnerable to overflow (though I doubt that will be a problem).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sync.Once is nice actually, I forgot that one.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great suggestion, thank you! I think OnceFunc would be a bit tricky to use here but sync.Once worked well and made it clearer.

provider/resources.go
return nil
}

func validateCredentials(vars resource.PropertyMap, c shim.ResourceConfig) error {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I appreciate the separation here.

t0yv0
t0yv0 reviewed Nov 3, 2023
View reviewed changes
examples/diagnostic_test.go Outdated Show resolved Hide resolved
iwahbe
iwahbe reviewed Nov 3, 2023
View reviewed changes
provider/resources.go Outdated
return nil
}

var err error = nil
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The zero value is implicit.

Suggested change
var err error = nil
var err error

@iwahbe
Copy link
Member

iwahbe commented Nov 3, 2023

Looks like tests failed due to the GH outage. I'm re-running now

@t0yv0 t0yv0 self-requested a review November 3, 2023 21:19
@VenelinMartinov VenelinMartinov merged commit c776901 into master Nov 3, 2023
18 checks passed
@VenelinMartinov VenelinMartinov deleted the vvm/run_credentials_validation_only_once branch November 3, 2023 21:36
@VenelinMartinov VenelinMartinov mentioned this pull request Nov 6, 2023
Closed
@lukehoban lukehoban mentioned this pull request Nov 27, 2023
Closed
@t0yv0 t0yv0 mentioned this pull request Dec 28, 2023
Closed
@VenelinMartinov VenelinMartinov mentioned this pull request Jan 24, 2024
Merged
VenelinMartinov added a commit to pulumi/pulumi-gcp that referenced this pull request Jan 27, 2024
@VenelinMartinov
Dedup gcp preconfigure check (#1552)
f147fd6 
similar to pulumi/pulumi-aws#2949

Run preconfigure check only once. This removes duplication of config
warnings.

Before:
```
Diagnostics:
  pulumi:pulumi:Stack (gcp_vm-dev):
    warning: unable to detect a global setting for GCP Project;
    Pulumi will rely on per-resource settings for this operation.
    Set the GCP Project by using:
        `pulumi config set gcp:project <project>`
    warning: unable to detect a global setting for GCP Project;
    Pulumi will rely on per-resource settings for this operation.
    Set the GCP Project by using:
        `pulumi config set gcp:project <project>`
    error: preview failed
```

After:
```
Diagnostics:
  pulumi:pulumi:Stack (gcp_vm-dev):
    warning: unable to detect a global setting for GCP Project;
    Pulumi will rely on per-resource settings for this operation.
    Set the GCP Project by using:
    	`pulumi config set gcp:project <project>`
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iwahbe iwahbe iwahbe left review comments

@t0yv0 t0yv0 t0yv0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@VenelinMartinov @t0yv0 @iwahbe