Gracefully handle ignoreChanges without user needing to refresh a stack

[rquitales]

Note: this is stacked on top of #2570

This PR updates the logic for handling fields added to ignoreChanges. Previously, to accurately ignore a field without hitting an SSA conflict error, the Pulumi user would need to run a refresh BEFORE running pulumi up or pulumi preview. This is due to the provider using the last known value of the ignored field stored in state when computing what should be set in the ignored field when the resource is sent to the k8s API. If drift has occurred on that field and is not reflected in the Pulumi state as it is out of date, then the provider sends old information to the API server resulting in a field conflict error.

As we hit the live server to obtain the resources' up to date resourceVersion, we can also use this API result to gracefully handle fields marked within ignoreChanges. This PR uses the fieldpath package from upstream k8s libraries to parse the serialized json managed fields entries and compares it to a normalized version of the Pulumi program's ignoreFields value.

Fixes: #2542

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[codecov-commenter]

Codecov Report

Merging #2566 (3a915cd) into master (d2a3b8c) will decrease coverage by 0.20%.
Report is 1 commits behind head on master.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #2566      +/-   ##
==========================================
- Coverage   18.64%   18.45%   -0.20%     
==========================================
  Files          47       47              
  Lines        9434     9523      +89     
==========================================
- Hits         1759     1757       -2     
- Misses       7576     7667      +91     
  Partials       99       99              

Files Changed	Coverage Δ
provider/pkg/await/await.go	0.00% <0.00%> (ø)
provider/pkg/provider/provider.go	7.37% <0.00%> (-0.03%)	⬇️

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[iwahbe]

I don't have the context to review on the feature change, but I left some local comments.

[EronWright]

Good job adding the CSA support!

[t0yv0]

I've not a good intuition around liveOldObj *unstructured.Unstructur and *UpdateConfig but this looks kind of similar to what I've seen bridged providers have to do for ignoreChanges.. It makes sense with he comment 👍

[t0yv0]

Are we not worried here, this conversion would just work? ipParsed will have strings or integers (to drill down arrays), for example:

"foo", 0, "barProperty"

Does strings.Split(ipParsed.String(), ".") give you what you expect for the numbers?

[t0yv0]

Will this ever receive '*' as a path fragment? Pulumi docs permit patterns like this one:

foo.*

But we're lacking great SDK API to make it easy to implement. I wonder if the user specifies that will it hit this code or be resolved higher up the stack.

[t0yv0]

Do paths expected by unstructured.NestedFieldCopy map 1:1 to pulumi property paths? No "foo_bar=>fooBar" renaming? No off-by-1 errors? (those may be specific to TF where pulumi paths are shorter than TF paths sometimes).

[t0yv0]

Ah here we go again. Might be worth lifting this comment and the split logic into one helper function so it's in one place.

[t0yv0]

This LGTM, I left some comments per Pulumi side but I lack a good intuition yet around this provider.