-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow disabling default providers #8829
Conversation
This is done with an opt-in setting in `pulumi config`. For example, to disable default providers for `aws`, use: ```sh pulumi config set --path pulumi:disable-default-providers[0] aws ``` To add `kubernetes` to the disabled list, use ```sh pulumi config set --path pulumi:disable-default-providers[1] kubernetes ``` To disable all default providers, `*` can be used. --- Under the hood, whenever we handle a default provider request (with `defaultProviders.handleRequest`), we make sure it isn't on the deny list. If it is, we replace the requested reference with a special `DenyDefaultProvider` reference. We check for this reference whenever we are about to get a provider to do actual work. By intercepting denied providers when references are created, we ensure that we never use a denied provider.
Codecov Report
@@ Coverage Diff @@
## master #8829 +/- ##
==========================================
+ Coverage 59.37% 59.39% +0.01%
==========================================
Files 639 639
Lines 98237 98289 +52
Branches 1389 1389
==========================================
+ Hits 58328 58377 +49
+ Misses 36614 36610 -4
- Partials 3295 3302 +7
Continue to review full report at Codecov.
|
// Retrieves the name of the denied provider. | ||
// | ||
// Panics if called on a provider that is not a DenyDefaultProvider. | ||
func DeniedDefaultProvider(ref Reference) string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func DeniedDefaultProvider(ref Reference) string { | |
func GetDeniedDefaultProviderName(ref Reference) string { |
I wonder if this should just be GetProviderName
and allow any provider ref? Or maybe just use ref.URN().Name() inline?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It really should be (and now is) called GetDeniedDefaultProviderPkg
. I'm just storing the desired property in the ref.URN().Name()
field. I clarified the intended behavior in comments.
if !value.IsString() { | ||
return true, fmt.Errorf("Unexpected endecoding of pulumi:disable-default-providers") | ||
} | ||
if err := json.Unmarshal([]byte(value.StringValue()), &array); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Our config is YAML why don't we allow proper array options? String will be fine for now but it would be a nice improvement to config.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The config (Pulumi.*.yaml
) actually has a proper array. We serialize it to json as some earlier step. I'm not sure why it isn't kept an array.
This is done with an opt-in setting in
pulumi config
. For example, todisable default providers for
aws
, use:pulumi config set --path pulumi:disable-default-providers[0] aws
To add
kubernetes
to the disabled list, usepulumi config set --path pulumi:disable-default-providers[1] kubernetes
To disable all default providers,
*
can be used.Under the hood, whenever we handle a default provider request (with
defaultProviders.handleRequest
), we make sure it isn't on the deny list. If it is, we replace the requested reference with a specialDenyDefaultProvider
reference. We check for this reference whenever we are about to get a provider to do actual work. By intercepting denied providers when references are created, we ensure that we never use a denied provider by accident.Description
Fixes #3383
Checklist