-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[CLI] - Add commands for config set-all and rm-all #6373
Conversation
95e02e1
to
35e2d7c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One edge case for parsing that we should add test cases for at a minimum.
That sort of leads me to the question of whether or not we should be using the formal:
--plaintext k=v --secret plain=v
You could imagine it also looking like:
k v k1 v2 --secret k3 v3 k4 v4 --secret k5 v5
But this would require setting DisableFlagParsing
and then manually handling the flags via the args function. Definitely reasons not to do this, and not sure if it would be considered idiomatic or not. Requiring --plaintext
is a little annoying, but the cases we have in mind are more machine-oriented so I'm a little less concerned about it.
I could really see things going either way, curious to hear your thoughts.
pkg/cmd/pulumi/config.go
Outdated
Long: "Remove multiple configuration values.\n\n" + | ||
"The `--path` flag indicates that keys should be parsed within maps or lists:\n\n" + | ||
" - `pulumi config rm-all outer.inner foo[0] key1` will remove the " + | ||
"`outer.inner`, `foo[0]` and `key1` keys\n" + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am having a hard time parsing this. Just to clarify this means that without the path key, these keys ("outer.inner", "foo[0]", ..) are treated as string literals and are not evaluated for index expressions?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. There's a little more context over in the issue around how we got here. If you have ideas on how to make this clearer, let me know.
} | ||
} | ||
|
||
return saveProjectStack(s, ps) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It isn't entirely clear to me from reading the code, but where does the underlying network traffic come from? Is it ps.Config.Remove
or saveProjectStack
? At a surface level it looks like both of them are just writing to disk.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's a network call every time there's a secret encrypted or decrypted... but other than that it seems that the network call only happens when there's an up
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I read through the code again, and I don't think this is going to help with the underlying latency issues. Secrets are the bottle-neck here it seems and this implementation loops through encrypting values one at a time for set-all --secret
, which should be more or less equivalent to running pulumi config set --secret
sequentially. We might need to think about spawing a go routine to do this in parallel, or creating a bulk config encryption endpoint in the service if one doesn't already exist.
It would be helpful to do some benchmarking here to understand performance impacts for a few different scenarios (bulk set plaintext, bulk set a bunch of secrets, etc).
In addition, the other underlying issue that I thought we were tackling with this, but didn't see mentioned in #6329 was the parallelism issues with setting config. Running config command async in a loop across stacks was causing things to get garbled because stack selection was changing. Does this change help with that? I notice that these two methods use setCurrent true
when getting the stack so I'm not sure. Would probably be good to test as well.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know with certainty that this greatly improves the latency experienced by automation api: #6042 (comment)
But yes, I'll do additional benchmarking with plaintext only + secret only bulk setting and consider the go routine as an additional improvement if this isn't satisfactory.
I notice that these two methods use setCurrent true when getting the stack so I'm not sure.
That's a mistake, it should be false
. In fact, set-all
is false, I just made an error here. The consuming functions in automation api use --stack
to specify the stack rather than selectStack
before setting the config values, so stack selection does not change and we avoid the aforementioned parallelization issues.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, since my other profiling test was in python, I did some in Go this time.
Before
- Mixed (10 secret, 10 plain): 11.69s
- Mixed (20 secret, 20 plain): 24.85s
- Plain (20 plain): 11.25s
- Plain (40 plain): 26.39s
- Secret (20 secret): 12.29s
- Secret (40 secret): 25.36s
After
- Mixed (10 secret, 10 plain): 1.18s
- Mixed (20 secret, 20 plain): 1.55s
- Plain (20 plain): 1.05s
- Plain (40 plain): 1.20s
- Secret (20 secret): 1.51s
- Secret (40 secret): 2.54s
I think the results speak for themselves. This mirrors what I saw in python and leads me to conclude that the majority of the time lost here is in running the pulumi [blah]
commands serially, not in the network calls.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry I missed that profiling data in the linked issue. Glad to hear we've got this sorted out!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My only feedback here is that the use of --plaintext
feels like it's a bit more overhead for users - I'm not disagreeing with the implementation but just thinking from a user perspective
Fair feedback @stack72 and @EvanBoyle. The reason behind enforcing The edge case that @EvanBoyle brings up (where there is a |
Totally not something I am going to die on either :) I was just thinking about the existing functionality of config set but this has a slightly different use case |
35e2d7c
to
b781df0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
Fixes: #6329