From 658527a4c9dc34db1ac1b4f3810de11bd1d69668 Mon Sep 17 00:00:00 2001 From: Anton Tayanovskyy Date: Fri, 22 Sep 2023 14:37:17 -0400 Subject: [PATCH] Fix panics when unknowns are passed into assumeRole (#2824) Fixes #2818 This needs to be reviewed together with https://github.com/pulumi/terraform-plugin-framework/commit/415dcb749c1638aa49c4e61cd68b0d93f4c25383 pulumi/terraform-plugin-framework fork was introduced for this fix specifically. --- examples/examples_nodejs_test.go | 17 +++++++++++++++ examples/regress-2818/Pulumi.yaml | 3 +++ examples/regress-2818/index.ts | 32 +++++++++++++++++++++++++++++ examples/regress-2818/package.json | 16 +++++++++++++++ examples/regress-2818/tsconfig.json | 18 ++++++++++++++++ provider/go.mod | 4 ++++ provider/go.sum | 4 ++-- 7 files changed, 92 insertions(+), 2 deletions(-) create mode 100644 examples/regress-2818/Pulumi.yaml create mode 100644 examples/regress-2818/index.ts create mode 100644 examples/regress-2818/package.json create mode 100644 examples/regress-2818/tsconfig.json diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go index 3594f10cfd7..3c36503f91e 100644 --- a/examples/examples_nodejs_test.go +++ b/examples/examples_nodejs_test.go @@ -461,6 +461,23 @@ func TestRegress1423Ts(t *testing.T) { integration.ProgramTest(t, &test) } +// Regress passing unknowns into an explicit provider configuration, see pulumi/pulumi-aws#2818 +func TestRegress2818(t *testing.T) { + test := getJSBaseOptions(t). + With(integration.ProgramTestOptions{ + Dir: filepath.Join(getCwd(t), "regress-2818"), + }) + // These settings run pulumi preview, as the example is incomplete for running pulumi up. + test.Quick = false + test.SkipRefresh = true + test.SkipUpdate = true + test.SkipExportImport = true + test.SkipEmptyPreviewUpdate = true + // Disable envRegion mangling + test.Config = nil + integration.ProgramTest(t, &test) +} + func getJSBaseOptions(t *testing.T) integration.ProgramTestOptions { envRegion := getEnvRegion(t) base := getBaseOptions() diff --git a/examples/regress-2818/Pulumi.yaml b/examples/regress-2818/Pulumi.yaml new file mode 100644 index 00000000000..cb24f2beeb0 --- /dev/null +++ b/examples/regress-2818/Pulumi.yaml @@ -0,0 +1,3 @@ +name: regress-2818 +runtime: nodejs +description: Regress pulumi/pulumi-aws#2818 diff --git a/examples/regress-2818/index.ts b/examples/regress-2818/index.ts new file mode 100644 index 00000000000..6bab8a6cb3b --- /dev/null +++ b/examples/regress-2818/index.ts @@ -0,0 +1,32 @@ +// Copyright 2016-2023, Pulumi Corporation. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Original repro in https://github.com/pulumi/pulumi-aws/issues/2818 +// Unfortunately CI cannot currently test aws.organizations.Account due to lack of permissions. +// The trimmed down repro simply tries to pass an unknown into assumeRole. +// It only works through preview. + +import * as pulumi from '@pulumi/pulumi' +import * as aws from '@pulumi/aws' + +// Dummy bucket to generate unknowns. +const b = new aws.s3.Bucket('bucket', {}); + +// Pass an unknown into assumeRole.roleArn. +const provider = new aws.Provider("provider", { + assumeRole: {roleArn: b.id.apply(_ => "TODO")}, +}); + +// If the bug is active, this fails because `pulumi preview` panics when trying to create the provider. +new aws.s3.Bucket('bucket2', {}, { provider }) diff --git a/examples/regress-2818/package.json b/examples/regress-2818/package.json new file mode 100644 index 00000000000..ec7368d17db --- /dev/null +++ b/examples/regress-2818/package.json @@ -0,0 +1,16 @@ +{ + "name": "regress-2818", + "version": "0.0.1", + "license": "Apache-2.0", + "scripts": { + "build": "tsc" + }, + "dependencies": { + "@pulumi/pulumi": "^3.0.0", + "@pulumi/aws": "^6.0.0" + }, + "devDependencies": { + "@types/aws-sdk": "^2.7.0", + "@types/node": "^8.0.0" + } +} diff --git a/examples/regress-2818/tsconfig.json b/examples/regress-2818/tsconfig.json new file mode 100644 index 00000000000..ab65afa6135 --- /dev/null +++ b/examples/regress-2818/tsconfig.json @@ -0,0 +1,18 @@ +{ + "compilerOptions": { + "strict": true, + "outDir": "bin", + "target": "es2016", + "module": "commonjs", + "moduleResolution": "node", + "sourceMap": true, + "experimentalDecorators": true, + "pretty": true, + "noFallthroughCasesInSwitch": true, + "noImplicitReturns": true, + "forceConsistentCasingInFileNames": true + }, + "files": [ + "index.ts" + ] +} diff --git a/provider/go.mod b/provider/go.mod index f05223017ae..15722aedd30 100644 --- a/provider/go.mod +++ b/provider/go.mod @@ -17,6 +17,10 @@ require ( ) replace ( + // NOTE: this is currently tracking upstream-v1.4.0 branch in the Pulumi fork. Upgrading + // this dependency is sensitive and is worth doing carefully (such as reading release notes) + // and not simply rely on passing tests for the upgrade. + github.com/hashicorp/terraform-plugin-framework => github.com/pulumi/terraform-plugin-framework v0.0.0-20230922145027-1535d08c1d47 github.com/hashicorp/terraform-plugin-sdk/v2 => github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20230912190043-e6d96b3b8f7e github.com/hashicorp/terraform-provider-aws => ../upstream github.com/hashicorp/vault => github.com/hashicorp/vault v1.2.0 diff --git a/provider/go.sum b/provider/go.sum index b7073ebb49c..bff1f1f0a1c 100644 --- a/provider/go.sum +++ b/provider/go.sum @@ -1821,8 +1821,6 @@ github.com/hashicorp/terraform-exec v0.19.0/go.mod h1:tbxUpe3JKruE9Cuf65mycSIT8K github.com/hashicorp/terraform-json v0.4.0/go.mod h1:eAbqb4w0pSlRmdvl8fOyHAi/+8jnkVYN28gJkSJrLhU= github.com/hashicorp/terraform-json v0.17.1 h1:eMfvh/uWggKmY7Pmb3T85u86E2EQg6EQHgyRwf3RkyA= github.com/hashicorp/terraform-json v0.17.1/go.mod h1:Huy6zt6euxaY9knPAFKjUITn8QxUFIe9VuSzb4zn/0o= -github.com/hashicorp/terraform-plugin-framework v1.4.0 h1:WKbtCRtNrjsh10eA7NZvC/Qyr7zp77j+D21aDO5th9c= -github.com/hashicorp/terraform-plugin-framework v1.4.0/go.mod h1:XC0hPcQbBvlbxwmjxuV/8sn8SbZRg4XwGMs22f+kqV0= github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1 h1:gm5b1kHgFFhaKFhm4h2TgvMUlNzFAtUqlcOWnWPm+9E= github.com/hashicorp/terraform-plugin-framework-timeouts v0.4.1/go.mod h1:MsjL1sQ9L7wGwzJ5RjcI6FzEMdyoBnw+XK8ZnOvQOLY= github.com/hashicorp/terraform-plugin-framework-validators v0.12.0 h1:HOjBuMbOEzl7snOdOoUfE2Jgeto6JOjLVQ39Ls2nksc= @@ -2379,6 +2377,8 @@ github.com/pulumi/schema-tools v0.1.2 h1:Fd9xvUjgck4NA+7/jSk7InqCUT4Kj940+EcnbQK github.com/pulumi/schema-tools v0.1.2/go.mod h1:62lgj52Tzq11eqWTIaKd+EVyYAu5dEcDJxMhTjvMO/k= github.com/pulumi/terraform-diff-reader v0.0.2 h1:kTE4nEXU3/SYXESvAIem+wyHMI3abqkI3OhJ0G04LLI= github.com/pulumi/terraform-diff-reader v0.0.2/go.mod h1:sZ9FUzGO+yM41hsQHs/yIcj/Y993qMdBxBU5mpDmAfQ= +github.com/pulumi/terraform-plugin-framework v0.0.0-20230922145027-1535d08c1d47 h1:sH7ivH4DHxjXkFqdNArt/Qo9JIOUdYc5qpoX8psLz/I= +github.com/pulumi/terraform-plugin-framework v0.0.0-20230922145027-1535d08c1d47/go.mod h1:XC0hPcQbBvlbxwmjxuV/8sn8SbZRg4XwGMs22f+kqV0= github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20230912190043-e6d96b3b8f7e h1:blSirnXqvm8JXLxwxelsBroUNRhOHakDO7cgJUYTdpQ= github.com/pulumi/terraform-plugin-sdk/v2 v2.0.0-20230912190043-e6d96b3b8f7e/go.mod h1:qH/34G25Ugdj5FcM95cSoXzUgIbgfhVLXCcEcYaMwq8= github.com/rakyll/embedmd v0.0.0-20171029212350-c8060a0752a2/go.mod h1:7jOTMgqac46PZcF54q6l2hkLEG8op93fZu61KmxWDV4=