/
config.go
315 lines (277 loc) 路 8.41 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
package workspace
import (
"context"
"encoding/json"
"fmt"
"sort"
"strings"
"github.com/pulumi/esc"
"github.com/pulumi/pulumi/sdk/v3/go/common/resource/config"
"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
)
func formatMissingKeys(missingKeys []string) string {
if len(missingKeys) == 1 {
return fmt.Sprintf("'%v'", missingKeys[0])
}
sort.Strings(missingKeys)
formattedMissingKeys := ""
for index, key := range missingKeys {
// if last index, then use and before the key
if index == len(missingKeys)-1 {
formattedMissingKeys += fmt.Sprintf("and '%s'", key)
} else if index == len(missingKeys)-2 {
// no comma before the last key
formattedMissingKeys += fmt.Sprintf("'%s' ", key)
} else {
formattedMissingKeys += fmt.Sprintf("'%s', ", key)
}
}
return formattedMissingKeys
}
func missingStackConfigurationKeysError(missingKeys []string, stackName string) error {
valueOrValues := "value"
if len(missingKeys) > 1 {
valueOrValues = "values"
}
return fmt.Errorf(
"Stack '%v' is missing configuration %v %v",
stackName,
valueOrValues,
formatMissingKeys(missingKeys))
}
type (
StackName = string
ProjectConfigKey = string
)
func validateStackConfigValue(
stackName string,
projectConfigKey string,
projectConfigType ProjectConfigType,
stackValue config.Value,
dec config.Decrypter,
) error {
if dec == nil {
return nil
}
// First check if the project says this should be secret, and if so that the stack value is
// secure.
if projectConfigType.Secret && !stackValue.Secure() {
validationError := fmt.Errorf(
"Stack '%v' with configuration key '%v' must be encrypted as it's secret",
stackName,
projectConfigKey)
return validationError
}
value, err := stackValue.Value(dec)
if err != nil {
return err
}
// Content will be a JSON string if object is true, so marshal that back into an actual structure
var content interface{} = value
if stackValue.Object() {
err = json.Unmarshal([]byte(value), &content)
if err != nil {
return err
}
}
if !ValidateConfigValue(*projectConfigType.Type, projectConfigType.Items, content) {
typeName := InferFullTypeName(*projectConfigType.Type, projectConfigType.Items)
validationError := fmt.Errorf(
"Stack '%v' with configuration key '%v' must be of type '%v'",
stackName,
projectConfigKey,
typeName)
return validationError
}
return nil
}
func parseConfigKey(projectName, key string) (config.Key, error) {
if strings.Contains(key, ":") {
// key is already namespaced
return config.ParseKey(key)
}
// key is not namespaced
// use the project as default namespace
return config.MustMakeKey(projectName, key), nil
}
func createConfigValue(rawValue interface{}) (config.Value, error) {
if isPrimitiveValue(rawValue) {
configValueContent := fmt.Sprintf("%v", rawValue)
return config.NewValue(configValueContent), nil
}
value, err := SimplifyMarshalledValue(rawValue)
if err != nil {
return config.Value{}, err
}
configValueJSON, jsonError := json.Marshal(value)
if jsonError != nil {
return config.Value{}, jsonError
}
return config.NewObjectValue(string(configValueJSON)), nil
}
func envConfigValue(v esc.Value) config.Plaintext {
if v.Unknown {
if v.Secret {
return config.NewSecurePlaintext("[unknown]")
}
return config.NewPlaintext("[unknown]")
}
switch repr := v.Value.(type) {
case nil:
return config.Plaintext{}
case bool:
return config.NewPlaintext(repr)
case json.Number:
if i, err := repr.Int64(); err == nil {
return config.NewPlaintext(i)
} else if f, err := repr.Float64(); err == nil {
return config.NewPlaintext(f)
}
// TODO(pdg): this disagrees with config unmarshaling semantics. Should probably fail.
return config.NewPlaintext(string(repr))
case string:
if v.Secret {
return config.NewSecurePlaintext(repr)
}
return config.NewPlaintext(repr)
case []esc.Value:
vs := make([]config.Plaintext, len(repr))
for i, v := range repr {
vs[i] = envConfigValue(v)
}
return config.NewPlaintext(vs)
case map[string]esc.Value:
vs := make(map[string]config.Plaintext, len(repr))
for k, v := range repr {
vs[k] = envConfigValue(v)
}
return config.NewPlaintext(vs)
default:
contract.Failf("unexpected environments value of type %T", repr)
return config.Plaintext{}
}
}
func mergeConfig(
stackName string,
project *Project,
stackEnv esc.Value,
stackConfig config.Map,
encrypter config.Encrypter,
decrypter config.Decrypter,
validate bool,
) error {
missingConfigurationKeys := make([]string, 0)
projectName := project.Name.String()
keys := make([]string, 0, len(project.Config))
for k := range project.Config {
keys = append(keys, k)
}
sort.Strings(keys)
// First merge the stack environment and the stack config together.
if envMap, ok := stackEnv.Value.(map[string]esc.Value); ok {
for rawKey, value := range envMap {
key, err := parseConfigKey(projectName, rawKey)
if err != nil {
return err
}
envValue, err := envConfigValue(value).Encrypt(context.TODO(), encrypter)
if err != nil {
return err
}
stackValue, foundOnStack, err := stackConfig.Get(key, false)
if err != nil {
return fmt.Errorf("getting stack config value for key '%v': %w", key.String(), err)
}
if !foundOnStack {
err = stackConfig.Set(key, envValue, false)
} else {
merged, mergeErr := stackValue.Merge(envValue)
if mergeErr != nil {
return fmt.Errorf("merging environment config for key '%v': %w", key.String(), err)
}
err = stackConfig.Set(key, merged, false)
}
if err != nil {
return fmt.Errorf("setting merged config value for key '%v': %w", key.String(), err)
}
}
}
// Next validate the merged config and merge in the project config.
for _, projectConfigKey := range keys {
projectConfigType := project.Config[projectConfigKey]
key, err := parseConfigKey(projectName, projectConfigKey)
if err != nil {
return err
}
stackValue, foundOnStack, err := stackConfig.Get(key, true)
if err != nil {
return fmt.Errorf("getting stack config value for key '%v': %w", key.String(), err)
}
hasDefault := projectConfigType.Default != nil
hasValue := projectConfigType.Value != nil
if !foundOnStack && !hasValue && !hasDefault && key.Namespace() == projectName {
// add it to the list of missing project configuration keys in the stack
// which are required by the project
// then return them as a single error
missingConfigurationKeys = append(missingConfigurationKeys, projectConfigKey)
continue
}
if !foundOnStack && (hasValue || hasDefault) {
// either value or default value is provided
var value interface{}
if hasValue {
value = projectConfigType.Value
}
if hasDefault {
value = projectConfigType.Default
}
// it is not found on the stack we are currently validating / merging values with
// then we assign the value to that stack whatever that value is
configValue, err := createConfigValue(value)
if err != nil {
return err
}
setError := stackConfig.Set(key, configValue, true)
if setError != nil {
return setError
}
continue
}
// Validate stack level value against the config defined at the project level
if validate && projectConfigType.IsExplicitlyTyped() {
err := validateStackConfigValue(stackName, projectConfigKey, projectConfigType, stackValue, decrypter)
if err != nil {
return err
}
}
}
if len(missingConfigurationKeys) > 0 {
// there are missing configuration keys in the stack
// return them as a single error.
return missingStackConfigurationKeysError(missingConfigurationKeys, stackName)
}
return nil
}
func ValidateStackConfigAndApplyProjectConfig(
stackName string,
project *Project,
stackEnv esc.Value,
stackConfig config.Map,
encrypter config.Encrypter,
decrypter config.Decrypter,
) error {
return mergeConfig(stackName, project, stackEnv, stackConfig, encrypter, decrypter, true)
}
// ApplyConfigDefaults applies the default values for the project configuration onto the stack configuration
// without validating the contents of stack config values.
// This is because sometimes during pulumi config ls and pulumi config get, if users are
// using PassphraseDecrypter, we don't want to always prompt for the values when not necessary
func ApplyProjectConfig(
stackName string,
project *Project,
stackEnv esc.Value,
stackConfig config.Map,
encrypter config.Encrypter,
) error {
return mergeConfig(stackName, project, stackEnv, stackConfig, encrypter, nil, false)
}