Refactor detailed diff v2 to short circuit on nulls and unknowns #2496
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #2496 +/- ##
==========================================
+ Coverage 62.71% 62.73% +0.02%
==========================================
Files 381 382 +1
Lines 51515 51545 +30
==========================================
+ Hits 32307 32338 +31
+ Misses 17395 17394 -1
Partials 1813 1813 ☔ View full report in Codecov by Sentry. |
|
Reviewing the tests added in #2405, they look sufficient for nested forcenew in top level and singly nested cases. Can you point me to where multiple nesting levels are tested? I want to see a test that validates our behavior on a schema like this: I couldn't find tests for more then one level of nesting. |
…refactor_make_detailed_diff_to_short_circuit
VenelinMartinov
changed the base branch from
master
to
vvm/collection_force_new_detailed_diff_tests
…ctor_make_detailed_diff_to_short_circuit
VenelinMartinov
changed the base branch from
vvm/collection_force_new_detailed_diff_tests
to
vvm/detailed_diff_v2_unknown_collections
Here's the tests for ForceNew: I believe I've covered all shapes and nestings of TF schemas there. I've also added additional tests which focus on how forceNew interacts with Unknowns in #2515 |
This adds tests to record the existing behaviour around ForceNew interacting with collection and collection element changes with unknowns. Addresses #2496 (comment)
…ed diff v2 (#2516) This re-records the tests in #2515 under detailed diff v2 to show the changes. The new behaviour is more correct: When the parent of a known property with ForceNew is changed to unknown we now mark the resource for replacement. Both are guesses to the actual effect of the changes but this one seems more likely. stacked on https://github.com/pulumi/pulumi-terraform-bridge/pull/2515\ related to #2496 (comment)
|
Here's a case where it just returns an empty set of diffs (no changes) because "the shape mismatched". Why? func TestAddingSecretArray(t *testing.T) {
old := resource.PropertyMap{"x": resource.NewNullProperty()}
new := resource.PropertyMap{"x": resource.MakeSecret(resource.NewArrayProperty([]resource.PropertyValue{
resource.NewStringProperty("SECRET"),
}))}
tfs := shimv2.NewSchemaMap(map[string]*schema.Schema{
"x": &schema.Schema{
Type: schema.TypeList,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Optional: true,
},
})
runDetailedDiffTest(t, old, new, tfs, nil, map[string]*pulumirpc.PropertyDiff{
"x": &pulumirpc.PropertyDiff{Kind: pulumirpc.PropertyDiff_ADD},
})
} |
|
@t0yv0 the test you posted seems to work fine. It returns an {x: ADD} which is the expected value. I guess we might get it off in cases like these: func TestMistypedArray(t *testing.T) {
old := resource.PropertyMap{"x": resource.NewStringProperty("a")}
new := resource.PropertyMap{"x": resource.NewArrayProperty([]resource.PropertyValue{
resource.NewStringProperty("VAL"),
})}
tfs := shimv2.NewSchemaMap(map[string]*schema.Schema{
"x": &schema.Schema{
Type: schema.TypeList,
Elem: &schema.Schema{
Type: schema.TypeString,
},
Optional: true,
},
})
runDetailedDiffTest(t, old, new, tfs, nil, map[string]*pulumirpc.PropertyDiff{
"x[0]": &pulumirpc.PropertyDiff{Kind: pulumirpc.PropertyDiff_ADD},
})
}Here we present an ADD diff when it is really an UPDATE. I think this is enough of a corner case and the diff is still comprehensible that it's probably fine. Additionally the behaviour was there before, I am fairly sure this PR does not change that. |
|
Hmm, interesting, do I have a problem with local setup? The test fails for me. |
So we have a bug, yes? If I replace code with this: All the tests still pass. |
|
I'll add some tests to make the behaviour clearer |
|
I've pulled your latest changes, and now TestAddingSecretArray panics. |
|
AFAIK the bridge doesn't accept secrets and the engine shouldn't send secrets, is that correct? |
|
Yes, but, we will need to change that to support secrets properly, and at a minimum we need the work backlogged so we know there are additional bugs in diff code. I think I'd like to see the code factored out and made a little simpler until we have confidence that we're not adding panics into the product or replacing diffs with nil diffs. Your TestMistypedArray is another bug example. To reduce confidence further, I get a different result on my machine than claimed. IT produces an What are the next steps here, are we fixing the code or logging known bugs? |
|
Handling secrets is out of scope for the epic - what panics is an assert saying we don't support secrets in detailed diff. I'll add an item to add additional tests for mistyped state so that we can decide if this is worth including in the epic. This is out of scope for this PR. EDIT: I've changed the logic for typeMismatch to trigger an update instead of assume the property is Null and also added tests for this. |
|
I've added #2525 that'd give some basic confidence that these asserts do not result in panics. |
t0yv0
left a comment
t0yv0
left a comment
There was a problem hiding this comment.
This is better. LGTM now, but don't try to handle Outputs incorrectly, rather panic, I think we've looked and they do not show up in the bridge protocol I think.
If there's any know remaining bugs in this code, please file, otherwise lgtm.
This reverts commit 8ea0660.
|
Discussed offline, will add Output handling in a separate PR - Outputs are not currently used and we can afford to completely strip them for the detailed diff algorithm as it doesn't need the dependency information or secrets. EDIT: Opened #2526 |
VenelinMartinov
deleted the
vvm/refactor_make_detailed_diff_to_short_circuit
branch
This change adds improved TF set handling to the detailed diff v2. The main challenge here is that pulumi does not have native sets, so set types are represented as lists. ### Diffing sets using the hash ### To correctly find the diff of two sets we calculate the hash of each element ourselves and do the diffs based on that. What makes this somewhat non-trivial is that due to MaxItemsOne flattening we can't just hash the pulumi `PropertyValue`s given to us by the engine. Instead we use `makeSingleTerraformInput` to transform the values using the schema. We then use the hashes of the elements in the set to calculate the diffs. This allows us to correctly account for shuffling and duplicates, matching the terraform behaviour of sets. When returning the element indices back to the engine, we need to return them in terms of oldState and newInputs because the engine does not have access to the plannedState (see #2281). To do that we keep the newInputs and match plannedState elements to their newInputs index by the set hash. Note that this is not possible if the set element contains any computed properties - these can change during the planning process, so we do not attempt to match and print a warning about possibly inaccurate diff results instead. ### Unknowns in sets ### Note that the terraform planning process does not allow a set to contain any unknowns, because that breaks the hashing. Because of that plan should always return an unknown for a set which contains any unknowns. This accounts for cases where resolving the unknown can result in duplicate elements. Unknown elements in sets - the whole set becomes unknown in the plan, so the algorithm no longer works. Currently we return an update for the whole set to the engine and it does the diff on its side. ### Testing ### This PR also includes tests for the set behaviour, both unit tests for the detailed diff algorithm and integration tests using pulumi programs for: - Single element additions, updates and removals - Shuffling, also with additions, updates and removals - Multi-element additions, updates and removals - Unknowns ### Issues ### Builds on #2405 Stacked on #2515, #2516, #2496 and #2497 fixes #2200 fixes #2300 fixes #1904 fixes #186
|
This PR has been shipped in release v3.94.0. |
5 participants
This PR changes the logic in the detailed diff v2 calculation to short-circuit on encountering nils and unknowns.
Previously, when we encountered a null or unknown in either news or olds we would still recurse down and compare the non-nil values versus a nil value in order to get any replacements which might be happening. We would then simplify the diff later to trim these extra diffs but would propagate the replacement to the right level.
We would now instead short-circuit on encountering a null or unknown and walk the non-null value to find any properties which can trigger a replacement. This makes it much easier to handle sets in #2451 as recursing into sets is not necessary, as they are only compared by hashes.
This change is not meant to change any behaviour and is tested in #2405
Stacked on #2515 and #2516