Allow disabling default providers

[iwahbe]

This is done with an opt-in setting in pulumi config. For example, to
disable default providers for aws, use:

pulumi config set --path pulumi:disable-default-providers[0] aws

To add kubernetes to the disabled list, use

pulumi config set --path pulumi:disable-default-providers[1] kubernetes

To disable all default providers, * can be used.

---

Under the hood, whenever we handle a default provider request (with defaultProviders.handleRequest), we make sure it isn't on the deny list. If it is, we replace the requested reference with a special DenyDefaultProvider reference. We check for this reference whenever we are about to get a provider to do actual work. By intercepting denied providers when references are created, we ensure that we never use a denied provider by accident.

Description

Fixes #3383

Checklist

• I have added tests that prove my fix is effective or that my feature works

• I have updated the CHANGELOG-PENDING file with my change

• Yes, there are changes in this PR that warrants bumping the Pulumi Service API version

[codecov]

Codecov Report

Merging #8829 (d51f499) into master (dbb807f) will increase coverage by 0.01%.
The diff coverage is 65.51%.

@@            Coverage Diff             @@
##           master    #8829      +/-   ##
==========================================
+ Coverage   59.37%   59.39%   +0.01%     
==========================================
  Files         639      639              
  Lines       98237    98289      +52     
  Branches     1389     1389              
==========================================
+ Hits        58328    58377      +49     
+ Misses      36614    36610       -4     
- Partials     3295     3302       +7     

Impacted Files	Coverage Δ
pkg/resource/deploy/step.go	79.34% <0.00%> (-0.51%)	⬇️
pkg/resource/deploy/source_eval.go	72.10% <59.45%> (-0.72%)	⬇️
pkg/resource/deploy/providers/reference.go	85.93% <100.00%> (+2.30%)	⬆️
pkg/resource/deploy/step_generator.go	84.56% <100.00%> (+0.35%)	⬆️
sdk/go/common/diag/errors.go	70.58% <100.00%> (+1.83%)	⬆️
pkg/codegen/hcl2/model/type_eventuals.go	93.01% <0.00%> (+0.43%)	⬆️
sdk/go/common/util/ciutil/github_actions.go	73.52% <0.00%> (+38.23%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update dbb807f...d51f499. Read the comment docs.

[Frassle]

Suggested change

	func DeniedDefaultProvider(ref Reference) string {
	func GetDeniedDefaultProviderName(ref Reference) string {

I wonder if this should just be GetProviderName and allow any provider ref? Or maybe just use ref.URN().Name() inline?

[iwahbe]

It really should be (and now is) called GetDeniedDefaultProviderPkg. I'm just storing the desired property in the ref.URN().Name() field. I clarified the intended behavior in comments.

[Frassle]

Our config is YAML why don't we allow proper array options? String will be fine for now but it would be a nice improvement to config.

[iwahbe]

The config (Pulumi.*.yaml) actually has a proper array. We serialize it to json as some earlier step. I'm not sure why it isn't kept an array.