Upgrade to v6 major #2367
Merged
Upgrade to v6 major #2367
+172,739
−601,127
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Remove resources as needed. - Add patch to remove resources that were documented as removed but left in the code. - Fix nodejs CosmosDb overlay connection string.
Does the PR have any schema changes?Found 793 breaking changes: Resources
New functions:
Maintainer note: consult the runbook for dealing with any breaking changes. |
danielrbradley
force-pushed
the
upgrade-to-v6-major
branch
from
505e405
to
6dd00ea
Compare
- Fix config warnings, as backported into ci-mgmt: pulumi/ci-mgmt#1064 - The configuration option run.skip-files is deprecated, please use issues.exclude-files. - The linter named "megacheck" is deprecated. It has been split into: gosimple, staticcheck, unused. - Remove go:linkname which was added when we weren't maintaining patches and so had to use a compiler hack to set a value. This variable no longer exists so has no effect. Reported error: SA9009: ineffectual compiler directive due to extraneous space: "// go:linkname is not widely used outside the standard library, but allows us to" (staticcheck)
danielrbradley
force-pushed
the
upgrade-to-v6-major
branch
from
6dd00ea
to
a1602d0
Compare
- Fix code in tests to match SDK changes. - Disable "RunUpdateTest" in nodejs as this can't be used with the LocalProviders configuration as it will always use the local provider binary even when using the old SDK. This option is essentially broken and needs replacing with proper upgrade tests.
danielrbradley
force-pushed
the
upgrade-to-v6-major
branch
from
564f2d8
to
982ad0f
Compare
- It appears we might not have been using the in-memory provider server as YAML programs require a real schema to be served and it was failing with $PATH errors. - Rename state files to stack files to avoid re-recording. - Update snapshots to use more generic stack names.
This is now required **as config** not just an environment variable.
thomas11
reviewed
Aug 30, 2024
| Manages a Microsoft Graph Services Account. | ||
|
|
||
| -!> **NOTE:** This resource has been deprecated in version 3.0 of the AzureRM provider and will be removed in version 4.0. Please use [`azurerm_graph_services_account`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/graph_services_account) resource instead. | ||
| +!> **NOTE:** This resource has been deprecated in version 5.0 of the provider and will be removed in version 6.0. Please use [`azurerm_graph_services_account`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/graph_services_account) resource instead. |
There was a problem hiding this comment.
Those three "NOTES" are still true?
There was a problem hiding this comment.
This might likely have been removed - other docs were, but I think they missed a few.
danielrbradley
force-pushed
the
upgrade-to-v6-major
branch
from
982ad0f
to
f43e999
Compare
danielrbradley
force-pushed
the
upgrade-to-v6-major
branch
from
bd7c7d9
to
c6dedac
Compare
…mer_managed_key, azurerm_databricks_workspace_customer_managed_key, azurerm_graph_account, azurerm_monitor_action_rule_action_group, azurerm_monitor_action_rule_suppression
thomas11
force-pushed
the
upgrade-to-v6-major
branch
from
06f79b9
to
2a36851
Compare
thomas11
force-pushed
the
upgrade-to-v6-major
branch
from
2a36851
to
1ab7310
Compare
- Add how-to-guides from the registry. - Fix Go module version
| Dir: filepath.Join(getCwd(t), "servicebus-migration-test"), | ||
| RunUpdateTest: true, | ||
| Dir: filepath.Join(getCwd(t), "servicebus-migration-test"), | ||
| // RunUpdateTest: true, |
There was a problem hiding this comment.
Did you mean to uncomment this?
There was a problem hiding this comment.
Ah, this was where I found out that our previous "UpdateTest" was installing the older SDK, but then due to the provider binary configuration, was still using the local dev version of the provider ... which broke things while upgrading and was also an ineffective test. We then doubled down on improving our snapshot testing instead.
- Disable "RunUpdateTest" in nodejs as this can't be used with the LocalProviders configuration as it will always use the local provider binary even when using the old SDK. This option is essentially broken and needs replacing with proper upgrade tests.
|
|
||
| func Test_loadbalancer(t *testing.T) { | ||
| test(t, filepath.Join("test-programs", "loadbalancer"), | ||
| optproviderupgrade.NewSourcePath(filepath.Join("test-programs", "loadbalancer", "v6"))) |
There was a problem hiding this comment.
Is this for upgrade tests with known source edits?
There was a problem hiding this comment.
Yup exactly that. The original YAML program has the resource properties for the v5 shape of the properties (or with old case-inacurate values), then the source edit will be applied before running the preview of the captured state with the current (v6+) version of the provider.
| } | ||
|
|
||
| func Test_cosmosdb(t *testing.T) { | ||
| t.Skip("Can't record as all tested regions are returning 'ServiceUnavailable' error") |
There was a problem hiding this comment.
Should this be linked to an issue?
There was a problem hiding this comment.
Yeah, probably. It might just have been a bad day for Azure as it was specifically saying it was unable to allocate resources.
There was a problem hiding this comment.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
| cacheDir := providertest.GetUpgradeCacheDir(filepath.Base(dir), "5.89.0") | ||
| pt := pulumitest.NewPulumiTest(t, dir, | ||
| opttest.AttachProvider("azure", | ||
| rpFactory.ReplayInvokes(filepath.Join(cacheDir, "grpc.json"), false /* allowLiveFallback */))) |
|
|
||
| func Test_loadbalancer(t *testing.T) { | ||
| test(t, filepath.Join("test-programs", "loadbalancer"), | ||
| optproviderupgrade.NewSourcePath(filepath.Join("test-programs", "loadbalancer", "v6"))) |
| Tok: azureResource(azureSiteRecovery, "ReplicatedVM"), | ||
| TransformFromState: func(_ context.Context, pm resource.PropertyMap) (resource.PropertyMap, error) { | ||
| fixEnumCase(pm, "targetDiskType", "Standard_LRS", "Premium_LRS", "StandardSSD_LRS", "UltraSSD_LRS") | ||
| fixEnumCase(pm, "targetReplicaDiskType", "Standard_LRS", "Premium_LRS", "StandardSSD_LRS", "UltraSSD_LRS") |
There was a problem hiding this comment.
Are these TransformFromState for enums necessary for all enums?
There was a problem hiding this comment.
Where I was able to add tests, I confirmed that the test failed without the TransformFromState, however not all resources were possible to get snapshot tests for, so we just added the migration to be safe. There doesn't seem to be much downside as the fixing function is very quick.
VenelinMartinov
approved these changes
Sep 20, 2024
There was a problem hiding this comment.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
VenelinMartinov
approved these changes
Sep 20, 2024
There was a problem hiding this comment.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
VenelinMartinov
approved these changes
Sep 20, 2024
There was a problem hiding this comment.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
|
This PR has been shipped in release v6.0.0. |
This was referenced Sep 23, 2024
Open
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #2348
Fixes #2336
Migration Guide
Version 6 of the Azure Classic provider is the first major release since April 2022. There are some breaking changes which are detailed in this document. Version 6 of the pulumi-azure provider is based on version 4 of the terraform provider. The original release notes can be found in the 4.0 upgrade guide.
Upgrade to version
5.89.0of the provider and resolve any deprecation warnings before moving to version 6.Subscription ID is now mandatory
The subscription id configuration is now always required. This can be set via the environment variable
ARM_SUBSCRIPTION_IDor the provider configuration propertysubscriptionId. This was already required when using any authentication method except for the CLI.Provider Registration Options
The previous version of the provider would automatically register a predefined list of resource providers in Azure, unless disabled with the
skipProviderRegistrationconfiguration option.In version 6, the default set of resource providers is reduced to a smaller default set with the option to specify an alternative pre-defined set and specify a custom list of resource providers.
resourceProviderRegistrationsis the name of the set of resource providers to automatically register.core- A minimal set of RPs that are deemed necessary for a subscription, the list of RPs in this set can be found upstream hereextended- An expanded set of RPs as suggested by the community, the list of RPs in this set can be found upstream hereall- A complete set of RPs that might be needed to utilize any functionality in the provider, the list of RPs in this set can be found upstream herenone- No resource providers should be automatically registeredlegacy- A set of automatically registered RPs from earlier versions of the provider, this is only provided for forwards compatibility and will be removed in a future major version releaseresourceProvidersToRegistersis a list of resource provider names to register in addition to the set specified withresourceProviderRegistrationsCase Sensitive Enums
In the previous upstream version enum strings were made case sensitive for better strictness and to resolve some persistent diff issues. We delayed passing on this change until this next major version to ensure we had a good migration experience which could avoid fixing the case causing replacements.
Once you have upgraded to v6, performing a preview will report any properties with incorrect casing and will indicate the allowed values. The casing will need to be fixed in your program before being able to continue with your deployment.
List of resource properties affected
appservice.AppServicedotnetFrameworkVersionjavaContainermanagedPipelineModeremoteDebuggingVersionappservice.CertificateOrderproductTypeappservice.FunctionAppdotnetFrameworkVersionanalysisservices.ServerquerypoolConnectionModeautomation.RunBookrunbookTypeautomation.SchedulefrequencyweekDaysmonthlyOccurrencecdn.EndpointgeoFilters.actionoptimizationTypecdn.Profileskucompute.ImageosDisk.osTypeosDisk.osStateosDisk.cachingdataDisk.cachingcompute.SnapshotcreateOptioncompute.VirtualMachineDataDiskAttachmentcachingcreateOptioncontainers.ContainerGroupipAddressTypeosTyperestartPolicycontainers.KubernetesClusterloadBalancerSkucosmos.AccountofferTypekindconsistencyPolicy.consistencyLevelcapabilities.namecosmos.GremlinGraphindexingModedns.CaaRecordrecord.tageventhub.Namespaceskueventhub.EventHubencodingnetwork.FirewallPolicyintrusionDetection.trafficBypasses.protocolhdinsight.HBaseClustertierroles.*.vmSizehdinsight.HadoopClustertierroles.*.vmSizehdinsight.InteractiveQueryClustertierroles.*.vmSizehdinsight.KafkaClustertierroles.*.vmSizehdinsight.SparkClustertierroles.*.vmSizeiotcentral.Applicationskuiot.IoTHubendpoint.encodingkeyvault.CertificatecertificatePolicy.keyProperties.keyTypecompute.VirtualMachinelicenseTypestorageOsDisk.osTypestorageOsDisk.managedDiskTypestorageDataDisk.managedDiskTypeosProfileWindowsConfig.winrm.protocolcompute.ScaleSetlicenseTypeupgradePolicyModeprioritystorageProfileOsDisk.managedDiskTypestorageProfileDataDisk.managedDiskTypelb.LoadBalancerskulb.NatPoolprotocollb.NatRuleprotocollb.Probeprotocollb.Ruleprotocolloganalytics.DataSourceWindowsEventeventTypeslogic.IntegrationAccountBatchConfigurationrecurrence.frequencyrecurrence.schedule.monthly.weekdayrecurrence.schedule.weekDayslogic.StandardconnectionString.typedotnetFrameworkVersionlogz.Monitorplan.billingCycleplan.planIdplan.usageTypemedia.ServicesAccountstorageAuthenticationTypekeyDeliveryAccessControl.defaultActionmonitor.MonitorAutoscaleSettingprofile.recurrence.daysmssql.DatabasethreatDetectionPolicy.disabledAlertsthreatDetectionPolicy.emailAccountAdminsthreatDetectionPolicy.statemssql.Elasticpoolsku.namesku.tiersku.familymssql.ServerSecurityAlertPolicystatemysql.Serverversionnetwork.ApplicationGatewaybackendHttpSettings.protocolbackendHttpSettings.cookieBasedAffinityfrontendIpConfiguration.privateIpAddressAllocationhttpListener.protocolprivateLinkConfiguration.ipConfiguration.privateIpAddressAllocationsku.namesku.tierprobe.protocolwafConfiguration.firewallModenetwork.ExpressRouteCircuitsku.tiersku.familynetwork.NetworkSecurityGroupsecurityRule.protocolsecurityRule.accesssecurityRule.directionnetwork.NetworkSecurityRuleprotocolaccessdirectionnetwork.PublicIpPrefixipVersionnetwork.PublicIpipVersionskunetwork.RoutenextHopTypenetwork.RouteTablenextHopTypenetwork.VirtualNetworkGatewayConnectiontypeipsecPolicy.dhGroupipsecPolicy.ikeEncryptionipsecPolicy.ikeIntegritynetwork.VirtualNetworkGatewaytypevpnTypevpnClientConfiguration.vpnClientProtocolsnotificationhub.NotificationHubNamespacenamespaceTypepolicy.PolicyDefinitionpolicyTypepostgresql.Serverversionrecoveryservices.Vaultskurecoveryservices.ReplicatedVMtargetDiskTypetargetReplicaDiskTyperedis.CacheskuNameredis.LinkedServerserverRolesecuritycenter.Automationaction.typeruleSet.rule.operatorruleSet.rule.propertyTypeservicebus.Namespaceskuservicebus.SubscriptionRulefilterTypeservicebus.Topicstatussql.DatabasecreateModeimport.storageKeyTypeimport.authenticationTypeimport.operationModeeditionthreatDetectionPolicy.disabledAlertsthreatDetectionPolicy.emailAccountAdminsthreatDetectionPolicy.statesql.ManagedInstancelicenseTypesql.SqlServerthreatDetectionPolicy.disabledAlertsthreatDetectionPolicy.statestorage.AccountaccountKindaccountTieraccountReplicationTypeaccessTiernetworkRules.bypasssynapse.SqlPoolSecurityAlertPolicypolicyStatesynapse.WorkspaceSecurityAlertPolicypolicyStatetrafficmanager.ProfilemonitorConfig.protocolprofileStatusRemoved Resources
Resources which were previously deprecated have now been removed. Some removed resources have direct replacements which can be directly migrated to by updating your code. Other services have been retired by Azure and therefore have no direct migration to an alternative.
Replaced Resources
These resources were previously deprecated and have now been removed in favor of a new resource. To migrate to the replacement resource, update your Pulumi program to use the new type, leaving the logical name the same, and fix any properties which don’t align, then your existing resource will automatically be migrated.
core.TemplateDeploymentcore.ResourceGroupTemplateDeploymentportal.Dashboardportal.PortalDashboarddatabricks.WorkspaceCustomerManagedKeydatabricks.WorkspaceRootDbfsCustomerManagedKeydatafactory.IntegrationRuntimeManageddatafactory.IntegrationRuntimeSsisgraph.Accountgraph.ServicesAccountmonitoring.ActionRuleActionGroupmonitoring.AlertProcessingRuleActionGroupmonitoring.ActionRuleSuppressionmonitoring.AlertProcessingRuleSuppressionsql.Databasemssql.Databasesql.ElasticPoolmssql.ElasticPoolsql.FailoverGroupmssql.FailoverGroupsql.FirewallRulemssql.FirewallRulesql.ManagedDatabasemssql.ManagedDatabasesql.ManagedInstanceActiveDirectoryAdministratormssql.ManagedInstanceActiveDirectoryAdministratorsql.ManagedInstanceFailoverGroupmssql.ManagedInstanceFailoverGroupsql.ManagedInstancemssql.ManagedInstancesql.SqlServermssql.Serversql.VirtualNetworkRulemssql.VirtualNetworkRuleReplaced Data Sources
hybrid.getComputeMachinearcmachine.getRetired Resources
These resource do not have a direct replacement and the old resource will need to be deleted or removed from state then recreated using alternative resources.
appservice.Environmentcdn.FrontdoorRouteDisableLinkToDefaultDomaincosmosdb.NotebookWorkspacedataboxedge.Orderservicebus.NamespaceNetworkRuleSetsql.ActiveDirectoryAdministratorRetired Services
iotTimeSeriesInsightsAccessPolicyTimeSeriesInsightsEventSourceEventhubTimeSeriesInsightsEventSourceIothubTimeSeriesInsightsGen2EnvironmentTimeSeriesInsightsReferenceDataSetTimeSeriesInsightsStandardEnvironmentlabLabScheduleServicePlanUsermonitoringLogzMonitorLogzSubAccountLogzSubAccountTagRuleLogzTagRulemariadbConfigurationDatabaseFirewallRuleServerVirtualNetworkRulegetMariaDbServermediaAccountFilterAssetFilterAssetContentKeyPolicyJobLiveEventLiveEventOutputServiceAccountStreamingEndpointStreamingLocatorStreamingPolicyTransformmediaservicesAccountmysqlActiveDirectoryAdministratorConfigurationDatabaseFirewallRuleServerServerKeyVirtualNetworkRulegetServervideoanalyzerAnalyzerEdgeModuleResource Property Breaking Changes
About 150 resources saw changes to properties that might require a manual update. For the full list please see the upstream upgrade guide.
Other
Instances of the
apimanagement.ApiTagresource will need to be recreated upon upgrading so that the tag revision can be included in the resource ID.