Implement CheckConfig/DiffConfig (#577)

This change improves Pulumi's ability to correctly replace dependent resources if the cluster they are deployed to changes. As documented in the DiffConfig comments, this method is not foolproof, but should work in the majority of cases.
pulumi · Jun 4, 2019 · 0872160 · 0872160
1 parent 3722f62
commit 0872160
Show file tree

Hide file tree

Showing 4 changed files with 130 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@
 ### Improvements
 
 -   Enable configuring `ResourceOptions` via `transformations` (https://github.com/pulumi/pulumi-kubernetes/pull/575).
+-   Changing k8s cluster config now correctly causes dependent resources to be replaced (https://github.com/pulumi/pulumi-kubernetes/pull/577).
 
 ### Bug fixes
 

diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/google/gofuzz v1.0.0 // indirect
 	github.com/googleapis/gnostic v0.2.0
 	github.com/gophercloud/gophercloud v0.0.0-20190418141522-bb98932a7b3a // indirect
-	github.com/grpc/grpc-go v0.0.0-00010101000000-000000000000
+	github.com/grpc/grpc-go v0.0.0-00010101000000-000000000000 // indirect
 	github.com/imdario/mergo v0.3.7 // indirect
 	github.com/jinzhu/copier v0.0.0-20180308034124-7e38e58719c3
 	github.com/json-iterator/go v1.1.6 // indirect

diff --git a/pkg/provider/provider.go b/pkg/provider/provider.go
@@ -19,12 +19,12 @@ import (
 	"fmt"
 	"net/url"
 	"os"
+	"reflect"
 	"strings"
 
 	"github.com/golang/glog"
 	pbempty "github.com/golang/protobuf/ptypes/empty"
 	structpb "github.com/golang/protobuf/ptypes/struct"
-	"github.com/grpc/grpc-go/status"
 	pkgerrors "github.com/pkg/errors"
 	"github.com/pulumi/pulumi-kubernetes/pkg/await"
 	"github.com/pulumi/pulumi-kubernetes/pkg/clients"
@@ -109,12 +109,94 @@ func makeKubeProvider(
 
 // CheckConfig validates the configuration for this provider.
 func (k *kubeProvider) CheckConfig(ctx context.Context, req *pulumirpc.CheckRequest) (*pulumirpc.CheckResponse, error) {
-	return nil, status.Error(codes.Unimplemented, "CheckConfig is not yet implemented")
+	return &pulumirpc.CheckResponse{Inputs: req.GetNews()}, nil
 }
 
 // DiffConfig diffs the configuration for this provider.
 func (k *kubeProvider) DiffConfig(ctx context.Context, req *pulumirpc.DiffRequest) (*pulumirpc.DiffResponse, error) {
-	return nil, status.Error(codes.Unimplemented, "DiffConfig is not yet implemented")
+	urn := resource.URN(req.GetUrn())
+	label := fmt.Sprintf("%s.DiffConfig(%s)", k.label(), urn)
+	glog.V(9).Infof("%s executing", label)
+
+	olds, err := plugin.UnmarshalProperties(req.GetOlds(), plugin.MarshalOptions{
+		Label:        fmt.Sprintf("%s.olds", label),
+		KeepUnknowns: true,
+		SkipNulls:    true,
+	})
+	if err != nil {
+		return nil, err
+	}
+	news, err := plugin.UnmarshalProperties(req.GetNews(), plugin.MarshalOptions{
+		Label:        fmt.Sprintf("%s.news", label),
+		KeepUnknowns: true,
+		SkipNulls:    true,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	// We can't tell for sure if a computed value has changed, so we make the conservative choice
+	// and force a replacement.
+	if news["kubeconfig"].IsComputed() {
+		return &pulumirpc.DiffResponse{
+			Changes:  pulumirpc.DiffResponse_DIFF_SOME,
+			Diffs:    []string{"kubeconfig"},
+			Replaces: []string{"kubeconfig"},
+		}, nil
+	}
+
+	var diffs, replaces []string
+
+	oldConfig, err := parseKubeconfigPropertyValue(olds["kubeconfig"])
+	if err != nil {
+		return nil, err
+	}
+	newConfig, err := parseKubeconfigPropertyValue(news["kubeconfig"])
+	if err != nil {
+		return nil, err
+	}
+
+	// Check for differences in provider overrides.
+	if !reflect.DeepEqual(oldConfig, newConfig) {
+		diffs = append(diffs, "kubeconfig")
+	}
+	if olds["context"] != news["context"] {
+		diffs = append(diffs, "context")
+	}
+	if olds["cluster"] != news["cluster"] {
+		diffs = append(diffs, "cluster")
+	}
+
+	// In general, it's not possible to tell from a kubeconfig if the k8s cluster it points to has
+	// changed. k8s clusters do not have a well defined identity, so the best we can do is check
+	// if the settings for the active cluster have changed. This is not a foolproof method; a trivial
+	// counterexample is changing the load balancer or DNS entry pointing to the same cluster.
+	//
+	// Given this limitation, we try to strike a reasonable balance by planning a replacement iff
+	// the active cluster in the kubeconfig changes. This could still plan an erroneous replacement,
+	// but should work for the majority of cases.
+	//
+	// The alternative of ignoring changes to the kubeconfig is untenable; if the k8s cluster has
+	// changed, any dependent resources must be recreated, and ignoring changes prevents that from
+	// happening.
+	oldActiveCluster := getActiveClusterFromConfig(oldConfig, olds)
+	activeCluster := getActiveClusterFromConfig(newConfig, news)
+	if !reflect.DeepEqual(oldActiveCluster, activeCluster) {
+		replaces = diffs
+	}
+	glog.V(7).Infof("%s: diffs %v / replaces %v", label, diffs, replaces)
+
+	if len(diffs) > 0 || len(replaces) > 0 {
+		return &pulumirpc.DiffResponse{
+			Changes:  pulumirpc.DiffResponse_DIFF_SOME,
+			Diffs:    diffs,
+			Replaces: replaces,
+		}, nil
+	}
+
+	return &pulumirpc.DiffResponse{
+		Changes: pulumirpc.DiffResponse_DIFF_NONE,
+	}, nil
 }
 
 // Configure configures the resource provider with "globals" that control its behavior.

diff --git a/pkg/provider/util.go b/pkg/provider/util.go
@@ -7,6 +7,8 @@ import (
 	"github.com/pulumi/pulumi/pkg/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/client-go/tools/clientcmd"
+	clientapi "k8s.io/client-go/tools/clientcmd/api"
 )
 
 func hasComputedValue(obj *unstructured.Unstructured) bool {
@@ -61,3 +63,44 @@ func FqName(namespace, name string) string {
 	}
 	return fmt.Sprintf("%s/%s", namespace, name)
 }
+
+// --------------------------------------------------------------------------
+// Kubeconfig helpers.
+// --------------------------------------------------------------------------
+
+// parseKubeconfigPropertyValue takes a PropertyValue that possibly contains a raw kubeconfig
+// (YAML or JSON) string and attempts to unmarshal it into a Config struct. If the property value
+// is empty, an empty Config is returned.
+func parseKubeconfigPropertyValue(kubeconfig resource.PropertyValue) (*clientapi.Config, error) {
+	if kubeconfig.IsNull() {
+		return &clientapi.Config{}, nil
+	}
+
+	config, err := clientcmd.Load([]byte(kubeconfig.StringValue()))
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse kubeconfig: %v", err)
+	}
+
+	return config, nil
+}
+
+// getActiveClusterFromConfig gets the current cluster from a kubeconfig, accounting for provider overrides.
+func getActiveClusterFromConfig(config *clientapi.Config, overrides resource.PropertyMap) *clientapi.Cluster {
+	if len(config.Clusters) == 0 {
+		return &clientapi.Cluster{}
+	}
+
+	currentContext := config.CurrentContext
+	if val := overrides["context"]; !val.IsNull() {
+		currentContext = val.StringValue()
+	}
+
+	activeClusterName := config.Contexts[currentContext].Cluster
+
+	activeCluster := config.Clusters[activeClusterName]
+	if val := overrides["cluster"]; !val.IsNull() {
+		activeCluster = config.Clusters[val.StringValue()]
+	}
+
+	return activeCluster
+}