Upgrade terraform provider google beta to v6.0.1 major

[guineveresaenger]

Upgrades upstream provider to v6.0.1.

Resolves #2348.
Resolves #2357
- Adds a patch for renaming new default label to goog-pului-provisioned
- Renames config field to addPulumiAttributionLabel
- Adjusts labels tests to expect new label
- Adjusts bucket label patch to avoid writing this label to the Bucket resource itself.

Introduces additional breaking change via cloudrunv2.Service ports field, which is now a MaxItemsOne upstream, which turns it into an object on our end, rather than an array entry. Look for a state transformer on the resource for upgrades.

Removes patches:

• Remove 0002-Add-nil-checks-for-sql-database-instance-flattening.patch
• Remove 0010-Remove-pattern-string-from-compute-forwarding-rules.patch
• Remove Add-flattening-of-self-managed-certificates.patch

[github-actions]

Does the PR have any schema changes?

Found 52 breaking changes:

Resources

• "gcp:alloydb/cluster:Cluster":
  • 🟡 inputs: "network" missing
  • 🟡 properties: "network" missing output "network"
• "gcp:applicationintegration/client:Client":
  • inputs:
    • 🟡 "createSampleWorkflows" missing
    • 🟡 "provisionGmek" missing
  • properties:
    • 🟡 "createSampleWorkflows" missing output "createSampleWorkflows"
    • 🟡 "provisionGmek" missing output "provisionGmek"
• "gcp:bigquery/reservation:Reservation":
  • 🟡 inputs: "multiRegionAuxiliary" missing
  • 🟡 properties: "multiRegionAuxiliary" missing output "multiRegionAuxiliary"
• "gcp:bigquery/table:Table":
  • 🟡 inputs: "allowResourceTagsOnDeletion" missing
  • 🟡 properties: "allowResourceTagsOnDeletion" missing output "allowResourceTagsOnDeletion"
• 🟡 "gcp:compute/managedSslCertificate:ManagedSslCertificate": inputs: "certificateId" missing
• 🟡 "gcp:compute/mangedSslCertificate:MangedSslCertificate": inputs: "certificateId" missing
• 🔴 "gcp:datastore/dataStoreIndex:DataStoreIndex" missing
• "gcp:gkeonprem/vMwareCluster:VMwareCluster":
  • 🟡 inputs: "vcenters" missing
  • 🟡 properties: "vcenters" missing output "vcenters"
• 🔴 "gcp:identityplatform/projectDefaultConfig:ProjectDefaultConfig" missing
• "gcp:organizations/project:Project":
  • 🟡 inputs: "skipDelete" missing
  • 🟡 properties: "skipDelete" missing output "skipDelete"
• 🟢 "gcp:pubsub/topic:Topic": required: "schemaSettings" property is no longer Required

Types

• 🟡 "gcp:cloudrunv2/ServiceTemplateContainer:ServiceTemplateContainer": properties: "ports" type changed from "array" to "#/types/gcp:cloudrunv2/ServiceTemplateContainerPorts:ServiceTemplateContainerPorts":
  • 🟡 items had &{Type: Ref:#/types/gcp:cloudrunv2/ServiceTemplateContainerPort:ServiceTemplateContainerPort AdditionalProperties: Items: OneOf:[] Discriminator: Plain:false} but now has no type
• 🔴 "gcp:cloudrunv2/ServiceTemplateContainerPort:ServiceTemplateContainerPort" missing
• "gcp:compute/BackendServiceIap:BackendServiceIap": required:
  • 🟢 "enabled" property has changed to Required
  • 🟢 "oauth2ClientId" property is no longer Required
  • 🟢 "oauth2ClientSecret" property is no longer Required
• "gcp:compute/RegionBackendServiceIap:RegionBackendServiceIap": required:
  • 🟢 "enabled" property has changed to Required
  • 🟢 "oauth2ClientId" property is no longer Required
  • 🟢 "oauth2ClientSecret" property is no longer Required
• 🟢 "gcp:compute/SubnetworkSecondaryIpRange:SubnetworkSecondaryIpRange": required: "ipCidrRange" property is no longer Required
• 🟢 "gcp:compute/getBackendServiceIap:getBackendServiceIap": required: "enabled" property has changed to Required
• 🟢 "gcp:compute/getForwardingRulesRule:getForwardingRulesRule": required: "forwardingRuleId" property has changed to Required
• 🟡 "gcp:container/ClusterMonitoringConfig:ClusterMonitoringConfig": properties: "advancedDatapathObservabilityConfigs" missing
• "gcp:container/ClusterMonitoringConfigAdvancedDatapathObservabilityConfig:ClusterMonitoringConfigAdvancedDatapathObservabilityConfig":
  • 🟡 properties: "relayMode" missing
  • 🟢 required: "enableRelay" property has changed to Required
• "gcp:container/getClusterMonitoringConfigAdvancedDatapathObservabilityConfig:getClusterMonitoringConfigAdvancedDatapathObservabilityConfig":
  • 🟡 properties: "relayMode" missing
  • 🟢 required: "relayMode" property is no longer Required
• 🔴 "gcp:datastore/DataStoreIndexProperty:DataStoreIndexProperty" missing
• 🟡 "gcp:gkeonprem/VMwareNodePoolConfig:VMwareNodePoolConfig": properties: "vsphereConfigs" missing
• 🔴 "gcp:identityplatform/ProjectDefaultConfigSignIn:ProjectDefaultConfigSignIn" missing
• 🔴 "gcp:identityplatform/ProjectDefaultConfigSignInAnonymous:ProjectDefaultConfigSignInAnonymous" missing
• 🔴 "gcp:identityplatform/ProjectDefaultConfigSignInEmail:ProjectDefaultConfigSignInEmail" missing
• 🔴 "gcp:identityplatform/ProjectDefaultConfigSignInHashConfig:ProjectDefaultConfigSignInHashConfig" missing
• 🔴 "gcp:identityplatform/ProjectDefaultConfigSignInPhoneNumber:ProjectDefaultConfigSignInPhoneNumber" missing
• 🟡 "gcp:sql/DatabaseInstanceSettingsIpConfiguration:DatabaseInstanceSettingsIpConfiguration": properties: "requireSsl" missing
• "gcp:sql/getDatabaseInstanceSettingIpConfiguration:getDatabaseInstanceSettingIpConfiguration":
  • 🟡 properties: "requireSsl" missing
  • 🟢 required: "requireSsl" property is no longer Required
• "gcp:sql/getDatabaseInstancesInstanceSettingIpConfiguration:getDatabaseInstancesInstanceSettingIpConfiguration":
  • 🟡 properties: "requireSsl" missing
  • 🟢 required: "requireSsl" property is no longer Required
• 🟡 "gcp:storage/BucketLifecycleRuleCondition:BucketLifecycleRuleCondition": properties: "noAge" missing
• "gcp:storage/getBucketLifecycleRuleCondition:getBucketLifecycleRuleCondition":
  • 🟡 properties: "noAge" missing
  • required:
    • 🟢 "noAge" property is no longer Required
    • 🟢 "sendAgeIfZero" property has changed to Required

New resources:

• kms/ekmConnectionIamBinding.EkmConnectionIamBinding
• kms/ekmConnectionIamMember.EkmConnectionIamMember
• kms/ekmConnectionIamPolicy.EkmConnectionIamPolicy
• securitycenter/v2OrganizationSccBigQueryExports.V2OrganizationSccBigQueryExports

New functions:

• kms/getEkmConnectionIamPolicy.getEkmConnectionIamPolicy

Maintainer note: consult the runbook for dealing with any breaking changes.

[VenelinMartinov]

For the 0002 patch: #2319 (comment)

I'm concerned that it's still an issue since the underlying bridge problem is not fixed - could we add a regression test with a partial state .get?

[iwahbe]

Looks good to me. Only 2 nits:

• The comment about TransormFromState.
• The TODO still remaining.

Otherwise I think this is good to merge.

[VenelinMartinov]

Great! Can we add an upgrade test for the new state migration?

Also the change in TestOrganizationsProjectAutoNaming looks like it will leak resources.

Can we also separate the patch removals in a new PR? They don't look like they interact with the major version upgrade.

[VenelinMartinov]

Are we re-recording it?

[guineveresaenger]

I'll file a follow-up issue and link it here. 👍

[VenelinMartinov]

This is the only test which has a non-null value for the migrated parameter, we should fix it or write a new one to make sure that the migration works for users.

[guineveresaenger]

@VenelinMartinov - I believe the state transformation is already covered by the cloudrunv2-service-4 and cloudrunv2-service-5 upgrade tests - their failure is what made us aware of this breaking change. Their passing is proof the state migration works.

[VenelinMartinov]

Hm, neither cloudrunv2-service-4 or cloudrunv2-service-5 actually use the parameter - we should either fix service-7 which uses the ports parameter or write a new test which shows that the migration works for users.

[guineveresaenger]

@VenelinMartinov - the state migration is specifically for a default port parameter, which is not visible in the code.

We cannot "fix" service-7, because this is a breaking change due to MaxItemsOne. When ports is explicitly specified in pulumi code, users must re-write the field to be an Object, not an Array item. This is noted here.

[VenelinMartinov]

Discussed offline and found @corymhall's code which tests exactly the case we need here: https://github.com/pulumi/pulumi-aws/blob/de5418dbd55dcc23ccc45e756b258bf4e12165da/provider/provider_yaml_test.go#L322

Upgrade test where the new program needs to change compared to the old one.

[iwahbe]

LGTM

Have we verified that the pulumi/examples repo passes with the new provider?

[pulumi-bot]

This PR has been shipped in release v8.0.0.