-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Upgrade to v6 major #2367
Upgrade to v6 major #2367
Conversation
- Remove resources as needed. - Add patch to remove resources that were documented as removed but left in the code. - Fix nodejs CosmosDb overlay connection string.
Does the PR have any schema changes?Found 793 breaking changes: Resources
New functions:
Maintainer note: consult the runbook for dealing with any breaking changes. |
505e405
to
6dd00ea
Compare
- Fix config warnings, as backported into ci-mgmt: pulumi/ci-mgmt#1064 - The configuration option run.skip-files is deprecated, please use issues.exclude-files. - The linter named "megacheck" is deprecated. It has been split into: gosimple, staticcheck, unused. - Remove go:linkname which was added when we weren't maintaining patches and so had to use a compiler hack to set a value. This variable no longer exists so has no effect. Reported error: SA9009: ineffectual compiler directive due to extraneous space: "// go:linkname is not widely used outside the standard library, but allows us to" (staticcheck)
6dd00ea
to
a1602d0
Compare
- Fix code in tests to match SDK changes. - Disable "RunUpdateTest" in nodejs as this can't be used with the LocalProviders configuration as it will always use the local provider binary even when using the old SDK. This option is essentially broken and needs replacing with proper upgrade tests.
564f2d8
to
982ad0f
Compare
- It appears we might not have been using the in-memory provider server as YAML programs require a real schema to be served and it was failing with $PATH errors. - Rename state files to stack files to avoid re-recording. - Update snapshots to use more generic stack names.
This is now required **as config** not just an environment variable.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should probably update the p-azure dependency in all the examples. ProgramTest substitutes the local build anyways, but using them stand-alone will break.
Manages a Microsoft Graph Services Account. | ||
|
||
-!> **NOTE:** This resource has been deprecated in version 3.0 of the AzureRM provider and will be removed in version 4.0. Please use [`azurerm_graph_services_account`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/graph_services_account) resource instead. | ||
+!> **NOTE:** This resource has been deprecated in version 5.0 of the provider and will be removed in version 6.0. Please use [`azurerm_graph_services_account`](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/graph_services_account) resource instead. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Those three "NOTES" are still true?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might likely have been removed - other docs were, but I think they missed a few.
982ad0f
to
f43e999
Compare
bd7c7d9
to
c6dedac
Compare
…mer_managed_key, azurerm_databricks_workspace_customer_managed_key, azurerm_graph_account, azurerm_monitor_action_rule_action_group, azurerm_monitor_action_rule_suppression
06f79b9
to
2a36851
Compare
2a36851
to
1ab7310
Compare
- Add how-to-guides from the registry. - Fix Go module version
Dir: filepath.Join(getCwd(t), "servicebus-migration-test"), | ||
RunUpdateTest: true, | ||
Dir: filepath.Join(getCwd(t), "servicebus-migration-test"), | ||
// RunUpdateTest: true, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Did you mean to uncomment this?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, this was where I found out that our previous "UpdateTest" was installing the older SDK, but then due to the provider binary configuration, was still using the local dev version of the provider ... which broke things while upgrading and was also an ineffective test. We then doubled down on improving our snapshot testing instead.
- Disable "RunUpdateTest" in nodejs as this can't be used with the LocalProviders configuration as it will always use the local provider binary even when using the old SDK. This option is essentially broken and needs replacing with proper upgrade tests.
|
||
func Test_loadbalancer(t *testing.T) { | ||
test(t, filepath.Join("test-programs", "loadbalancer"), | ||
optproviderupgrade.NewSourcePath(filepath.Join("test-programs", "loadbalancer", "v6"))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this for upgrade tests with known source edits?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yup exactly that. The original YAML program has the resource properties for the v5 shape of the properties (or with old case-inacurate values), then the source edit will be applied before running the preview of the captured state with the current (v6+) version of the provider.
} | ||
|
||
func Test_cosmosdb(t *testing.T) { | ||
t.Skip("Can't record as all tested regions are returning 'ServiceUnavailable' error") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be linked to an issue?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, probably. It might just have been a bad day for Azure as it was specifically saying it was unable to allocate resources.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
cacheDir := providertest.GetUpgradeCacheDir(filepath.Base(dir), "5.89.0") | ||
pt := pulumitest.NewPulumiTest(t, dir, | ||
opttest.AttachProvider("azure", | ||
rpFactory.ReplayInvokes(filepath.Join(cacheDir, "grpc.json"), false /* allowLiveFallback */))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very cool
|
||
func Test_loadbalancer(t *testing.T) { | ||
test(t, filepath.Join("test-programs", "loadbalancer"), | ||
optproviderupgrade.NewSourcePath(filepath.Join("test-programs", "loadbalancer", "v6"))) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very nice
Tok: azureResource(azureSiteRecovery, "ReplicatedVM"), | ||
TransformFromState: func(_ context.Context, pm resource.PropertyMap) (resource.PropertyMap, error) { | ||
fixEnumCase(pm, "targetDiskType", "Standard_LRS", "Premium_LRS", "StandardSSD_LRS", "UltraSSD_LRS") | ||
fixEnumCase(pm, "targetReplicaDiskType", "Standard_LRS", "Premium_LRS", "StandardSSD_LRS", "UltraSSD_LRS") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are these TransformFromState for enums necessary for all enums?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where I was able to add tests, I confirmed that the test failed without the TransformFromState
, however not all resources were possible to get snapshot tests for, so we just added the migration to be safe. There doesn't seem to be much downside as the fixing function is very quick.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for adding the state transformation tests!
Can you say a few words on the upgrade tests with source edits? We recently ran into this with GCP and copied over some code from AWS but it looks like pulumiTest supports this now - are there limitations there?
This PR has been shipped in release v6.0.0. |
Fixes #2348
Fixes #2336
Migration Guide
Version 6 of the Azure Classic provider is the first major release since April 2022. There are some breaking changes which are detailed in this document. Version 6 of the pulumi-azure provider is based on version 4 of the terraform provider. The original release notes can be found in the 4.0 upgrade guide.
Upgrade to version
5.89.0
of the provider and resolve any deprecation warnings before moving to version 6.Subscription ID is now mandatory
The subscription id configuration is now always required. This can be set via the environment variable
ARM_SUBSCRIPTION_ID
or the provider configuration propertysubscriptionId
. This was already required when using any authentication method except for the CLI.Provider Registration Options
The previous version of the provider would automatically register a predefined list of resource providers in Azure, unless disabled with the
skipProviderRegistration
configuration option.In version 6, the default set of resource providers is reduced to a smaller default set with the option to specify an alternative pre-defined set and specify a custom list of resource providers.
resourceProviderRegistrations
is the name of the set of resource providers to automatically register.core
- A minimal set of RPs that are deemed necessary for a subscription, the list of RPs in this set can be found upstream hereextended
- An expanded set of RPs as suggested by the community, the list of RPs in this set can be found upstream hereall
- A complete set of RPs that might be needed to utilize any functionality in the provider, the list of RPs in this set can be found upstream herenone
- No resource providers should be automatically registeredlegacy
- A set of automatically registered RPs from earlier versions of the provider, this is only provided for forwards compatibility and will be removed in a future major version releaseresourceProvidersToRegisters
is a list of resource provider names to register in addition to the set specified withresourceProviderRegistrations
Case Sensitive Enums
In the previous upstream version enum strings were made case sensitive for better strictness and to resolve some persistent diff issues. We delayed passing on this change until this next major version to ensure we had a good migration experience which could avoid fixing the case causing replacements.
Once you have upgraded to v6, performing a preview will report any properties with incorrect casing and will indicate the allowed values. The casing will need to be fixed in your program before being able to continue with your deployment.
List of resource properties affected
appservice.AppService
dotnetFrameworkVersion
javaContainer
managedPipelineMode
remoteDebuggingVersion
appservice.CertificateOrder
productType
appservice.FunctionApp
dotnetFrameworkVersion
analysisservices.Server
querypoolConnectionMode
automation.RunBook
runbookType
automation.Schedule
frequency
weekDays
monthlyOccurrence
cdn.Endpoint
geoFilters.action
optimizationType
cdn.Profile
sku
compute.Image
osDisk.osType
osDisk.osState
osDisk.caching
dataDisk.caching
compute.Snapshot
createOption
compute.VirtualMachineDataDiskAttachment
caching
createOption
containers.ContainerGroup
ipAddressType
osType
restartPolicy
containers.KubernetesCluster
loadBalancerSku
cosmos.Account
offerType
kind
consistencyPolicy.consistencyLevel
capabilities.name
cosmos.GremlinGraph
indexingMode
dns.CaaRecord
record.tag
eventhub.Namespace
sku
eventhub.EventHub
encoding
network.FirewallPolicy
intrusionDetection.trafficBypasses.protocol
hdinsight.HBaseCluster
tier
roles.*.vmSize
hdinsight.HadoopCluster
tier
roles.*.vmSize
hdinsight.InteractiveQueryCluster
tier
roles.*.vmSize
hdinsight.KafkaCluster
tier
roles.*.vmSize
hdinsight.SparkCluster
tier
roles.*.vmSize
iotcentral.Application
sku
iot.IoTHub
endpoint.encoding
keyvault.Certificate
certificatePolicy.keyProperties.keyType
compute.VirtualMachine
licenseType
storageOsDisk.osType
storageOsDisk.managedDiskType
storageDataDisk.managedDiskType
osProfileWindowsConfig.winrm.protocol
compute.ScaleSet
licenseType
upgradePolicyMode
priority
storageProfileOsDisk.managedDiskType
storageProfileDataDisk.managedDiskType
lb.LoadBalancer
sku
lb.NatPool
protocol
lb.NatRule
protocol
lb.Probe
protocol
lb.Rule
protocol
loganalytics.DataSourceWindowsEvent
eventTypes
logic.IntegrationAccountBatchConfiguration
recurrence.frequency
recurrence.schedule.monthly.weekday
recurrence.schedule.weekDays
logic.Standard
connectionString.type
dotnetFrameworkVersion
logz.Monitor
plan.billingCycle
plan.planId
plan.usageType
media.ServicesAccount
storageAuthenticationType
keyDeliveryAccessControl.defaultAction
monitor.MonitorAutoscaleSetting
profile.recurrence.days
mssql.Database
threatDetectionPolicy.disabledAlerts
threatDetectionPolicy.emailAccountAdmins
threatDetectionPolicy.state
mssql.Elasticpool
sku.name
sku.tier
sku.family
mssql.ServerSecurityAlertPolicy
state
mysql.Server
version
network.ApplicationGateway
backendHttpSettings.protocol
backendHttpSettings.cookieBasedAffinity
frontendIpConfiguration.privateIpAddressAllocation
httpListener.protocol
privateLinkConfiguration.ipConfiguration.privateIpAddressAllocation
sku.name
sku.tier
probe.protocol
wafConfiguration.firewallMode
network.ExpressRouteCircuit
sku.tier
sku.family
network.NetworkSecurityGroup
securityRule.protocol
securityRule.access
securityRule.direction
network.NetworkSecurityRule
protocol
access
direction
network.PublicIpPrefix
ipVersion
network.PublicIp
ipVersion
sku
network.Route
nextHopType
network.RouteTable
nextHopType
network.VirtualNetworkGatewayConnection
type
ipsecPolicy.dhGroup
ipsecPolicy.ikeEncryption
ipsecPolicy.ikeIntegrity
network.VirtualNetworkGateway
type
vpnType
vpnClientConfiguration.vpnClientProtocols
notificationhub.NotificationHubNamespace
namespaceType
policy.PolicyDefinition
policyType
postgresql.Server
version
recoveryservices.Vault
sku
recoveryservices.ReplicatedVM
targetDiskType
targetReplicaDiskType
redis.Cache
skuName
redis.LinkedServer
serverRole
securitycenter.Automation
action.type
ruleSet.rule.operator
ruleSet.rule.propertyType
servicebus.Namespace
sku
servicebus.SubscriptionRule
filterType
servicebus.Topic
status
sql.Database
createMode
import.storageKeyType
import.authenticationType
import.operationMode
edition
threatDetectionPolicy.disabledAlerts
threatDetectionPolicy.emailAccountAdmins
threatDetectionPolicy.state
sql.ManagedInstance
licenseType
sql.SqlServer
threatDetectionPolicy.disabledAlerts
threatDetectionPolicy.state
storage.Account
accountKind
accountTier
accountReplicationType
accessTier
networkRules.bypass
synapse.SqlPoolSecurityAlertPolicy
policyState
synapse.WorkspaceSecurityAlertPolicy
policyState
trafficmanager.Profile
monitorConfig.protocol
profileStatus
Removed Resources
Resources which were previously deprecated have now been removed. Some removed resources have direct replacements which can be directly migrated to by updating your code. Other services have been retired by Azure and therefore have no direct migration to an alternative.
Replaced Resources
These resources were previously deprecated and have now been removed in favor of a new resource. To migrate to the replacement resource, update your Pulumi program to use the new type, leaving the logical name the same, and fix any properties which don’t align, then your existing resource will automatically be migrated.
core.TemplateDeployment
core.ResourceGroupTemplateDeployment
portal.Dashboard
portal.PortalDashboard
databricks.WorkspaceCustomerManagedKey
databricks.WorkspaceRootDbfsCustomerManagedKey
datafactory.IntegrationRuntimeManaged
datafactory.IntegrationRuntimeSsis
graph.Account
graph.ServicesAccount
monitoring.ActionRuleActionGroup
monitoring.AlertProcessingRuleActionGroup
monitoring.ActionRuleSuppression
monitoring.AlertProcessingRuleSuppression
sql.Database
mssql.Database
sql.ElasticPool
mssql.ElasticPool
sql.FailoverGroup
mssql.FailoverGroup
sql.FirewallRule
mssql.FirewallRule
sql.ManagedDatabase
mssql.ManagedDatabase
sql.ManagedInstanceActiveDirectoryAdministrator
mssql.ManagedInstanceActiveDirectoryAdministrator
sql.ManagedInstanceFailoverGroup
mssql.ManagedInstanceFailoverGroup
sql.ManagedInstance
mssql.ManagedInstance
sql.SqlServer
mssql.Server
sql.VirtualNetworkRule
mssql.VirtualNetworkRule
Replaced Data Sources
hybrid.getComputeMachine
arcmachine.get
Retired Resources
These resource do not have a direct replacement and the old resource will need to be deleted or removed from state then recreated using alternative resources.
appservice.Environment
cdn.FrontdoorRouteDisableLinkToDefaultDomain
cosmosdb.NotebookWorkspace
databoxedge.Order
servicebus.NamespaceNetworkRuleSet
sql.ActiveDirectoryAdministrator
Retired Services
iot
TimeSeriesInsightsAccessPolicy
TimeSeriesInsightsEventSourceEventhub
TimeSeriesInsightsEventSourceIothub
TimeSeriesInsightsGen2Environment
TimeSeriesInsightsReferenceDataSet
TimeSeriesInsightsStandardEnvironment
lab
Lab
Schedule
ServicePlan
User
monitoring
LogzMonitor
LogzSubAccount
LogzSubAccountTagRule
LogzTagRule
mariadb
Configuration
Database
FirewallRule
Server
VirtualNetworkRule
getMariaDbServer
media
AccountFilter
AssetFilter
Asset
ContentKeyPolicy
Job
LiveEvent
LiveEventOutput
ServiceAccount
StreamingEndpoint
StreamingLocator
StreamingPolicy
Transform
mediaservices
Account
mysql
ActiveDirectoryAdministrator
Configuration
Database
FirewallRule
Server
ServerKey
VirtualNetworkRule
getServer
videoanalyzer
Analyzer
EdgeModule
Resource Property Breaking Changes
About 150 resources saw changes to properties that might require a manual update. For the full list please see the upstream upgrade guide.
Other
Instances of the
apimanagement.ApiTag
resource will need to be recreated upon upgrading so that the tag revision can be included in the resource ID.