diff --git a/scripts/minify-css.js b/scripts/minify-css.js index 7985b5a165..167c41f1aa 100644 --- a/scripts/minify-css.js +++ b/scripts/minify-css.js @@ -28,7 +28,7 @@ function minifyCSS(filePath) { // should not affect the minified bundle, since there isn't any new css being // used for this package that wouldn't already be in the bundle. skippedContentGlobs: [ - "public/registry/packages/azure-native-v1/**/*", + "public/registry/packages/azure-native-v2/**/*", ], css: [ bundlePath, diff --git a/scripts/run-browser-tests.js b/scripts/run-browser-tests.js index 90a0209bd8..81e4936e7c 100644 --- a/scripts/run-browser-tests.js +++ b/scripts/run-browser-tests.js @@ -16,7 +16,7 @@ const singles = [ "aws-native", "azure", "azure-native", - "azure-native-v1", + "azure-native-v2", "gcp", "google-native", "kubernetes", diff --git a/scripts/search/main.js b/scripts/search/main.js index b0f983fbea..1dd2da8ab9 100644 --- a/scripts/search/main.js +++ b/scripts/search/main.js @@ -35,10 +35,11 @@ let allObjects = [ ...registryObjects, ]; -// Temporary hack: Remove any references to `azure-native-v1`. This line can be -// removed once the azure-native-v1 package is removed from the Registry. +// Temporary hack: Remove any references to `azure-native-v2`. This line can be +// removed once the azure-native-v2 package is removed from the Registry. // https://github.com/pulumi/registry/issues/2879 -allObjects = allObjects.filter(o => !o.href.includes("azure-native-v1")); +// https://github.com/pulumi/pulumi-azure-native/issues/3420 +allObjects = allObjects.filter(o => !o.href.includes("azure-native-v2")); // Write the results, just so we have them. console.log(" ↳ Writing results..."); diff --git a/themes/default/content/registry/packages/azure-native-v1/from-v1-to-v2/_index.md b/themes/default/content/registry/packages/azure-native-v1/from-v1-to-v2/_index.md deleted file mode 100644 index 09c464c25c..0000000000 --- a/themes/default/content/registry/packages/azure-native-v1/from-v1-to-v2/_index.md +++ /dev/null @@ -1,274 +0,0 @@ ---- -title: Upgrade Guide for Azure Native v1 to v2 -meta_desc: How to upgrade from v1 to v2 of the Pulumi Azure Native Provider. -layout: package ---- - -## About - -The Pulumi Azure Native Provider v2 is now available. You can start taking advantages of the smaller, streamlined SDKs right away while also incorporating other enhancements including simplified user assigned identity handling, refreshed default versions, and consistent title casing. To upgrade to v2, there are a few changes you may need to make depending on your Pulumi programs. - -## Upgrade Steps - -### Prerequisites - -We recommend upgrading to the [latest version](https://github.com/pulumi/pulumi-azure-native/releases/tag/v1.104.0) of the v1 provider as a prerequisite to the v2 upgrade. This will enable you to resolve any pre-existing deprecated versions or resource structure changes. - -Review your program for warnings on missing imports or deprecated resources. If your program contains any deprecated explicit versions, you will need to update these to a newer version. The suggested version is shown in the deprecation message. - -![azure-deprecation-cli](./azure-deprecation-cli.png) - -![azure-deprecation-ide](./azure-deprecation-ide.png) - -### Upgrade Dependencies - -In your Pulumi program, upgrade the package to point to the latest v2.x version. - -* JavaScript/TypeScript: [`@pulumi/azure-native`](https://www.npmjs.com/package/@pulumi/azure-native/v/2.0.0) -* Python: [`pulumi-azure-native`](https://pypi.org/project/pulumi-azure-native/2.0.0/) -* Go: [`github.com/pulumi/pulumi-azure-native/sdk/go/azure`](https://github.com/pulumi/pulumi-azure-native/releases/tag/v2.0.0) -* .NET: [`Pulumi.AzureNative`](https://www.nuget.org/packages/Pulumi.AzureNative/2.0.0) -* Java: [`com.pulumi.azurenative`](https://central.sonatype.com/artifact/com.pulumi/azure-native/2.0.0) - -{{< chooser language "typescript,python,csharp,go" >}} - -{{% choosable language typescript %}} - -``` --"@pulumi/azure-native": "^1.0.0", -- "resolved": "https://registry.npmjs.org/@pulumi/azure-native/-/azure-native-1.104.0.tgz", -- "resolved": "https://registry.npmjs.org/@pulumi/azure-native/-/azure-native-1.104.0.tgz", -+ @pulumi/azure-native": "v2.0.0", -+ "resolved": "https://registry.npmjs.org/@pulumi/azure-native/-/azure-native-2.0.0.tgz", -+ "resolved": "https://registry.npmjs.org/@pulumi/azure-native/-/azure-native-2.0.0.tgz", -``` - -{{% /choosable %}} -{{% choosable language python %}} - -```python -- pulumi_azure_native==v1.104.0 -+ pulumi_azure_native==v2.0.0 -``` - -{{% /choosable %}} -{{% choosable language csharp %}} - -```csharp -- ' failed with an unhandled exception: -Error: Cannot find module '@pulumi/azure-native/resources/v20210501' -``` - -### Review Pulumi Diff - -After updating all imports to reflect v2 included Azure API versions, run `pulumi preview` and review the output. - -#### Pending Changes on Default Versions - -You may see pending changes when using the default version as the shape of the resource may have changed. You can choose to accept the changes, update your program to modify the resource properties to mitigate changes, or continue using the previous default version from v1. - -A full list of default version changes can be found in the [top-level resource versions](./top-level-resource-versions). - -To continue using the previous Azure API version of a resource: - -1. Check the documentation in your IDE or our [registry API docs](https://www.pulumi.com/registry/packages/azure-native-v2/) which identifies the previous version for each resource. For example: `Azure REST API Version: 2022-06-15. Prior API version in Azure Native 1.x: 2020-06-01` -2. Import the previous version of the resource. These are available in the version-specific sub-folders of the SDK. - -Below are examples of changing an import to use an explicit version in each language. - -{{< chooser language "typescript,python,csharp,go,yaml" >}} - -{{% choosable language typescript %}} - -```typescript -- import { EventSubscription } from "@pulumi/azure-native/eventgrid"; -+ import { EventSubscription } from "@pulumi/azure-native/eventgrid/v20200601"; -``` - -{{% /choosable %}} -{{% choosable language python %}} - -```python -- from pulumi_azure_native import eventgrid -+ from pulumi_azure_native.eventgrid import v20200601 as eventgrid -``` - -{{% /choosable %}} -{{% choosable language csharp %}} - -```csharp -- using EventGrid = Pulumi.AzureNative.EventGrid; -+ using EventGrid = Pulumi.AzureNative.EventGrid.V20200601; -``` - -{{% /choosable %}} -{{% choosable language go %}} - -```go -- import eventgrid "github.com/pulumi/pulumi-azure-native-sdk/eventgrid/v2" -+ import eventgrid "github.com/pulumi/pulumi-azure-native-sdk/eventgrid/v2/v20200601” -``` - -{{% /choosable %}} -{{% choosable language yaml %}} - -```yaml -- type: azure-native:eventgrid:Topic -+ type: azure-native:eventgrid/v20200601:Topic -``` - -{{% /choosable %}} -{{< /chooser >}} - -#### User Assigned Identity Inputs - -`User assigned identity` inputs are now represented as a simple string array in each language instead of a map type. Where you are referencing user assigned identity inputs, you will need to update the syntax to resolve the error. - -```typescript -import * as resources from "@pulumi/azure-native/resources"; -import * as managedidentity from "@pulumi/azure-native/managedidentity"; -import * as storage from "@pulumi/azure-native/storage"; - -// Create a resource group -const resourceGroup = new resources.ResourceGroup("my-resource-group"); - -// Create a user-assigned managed identity -const userAssignedIdentity = new managedidentity.UserAssignedIdentity("my-user-assigned-identity", { - resourceGroupName: resourceGroup.name, -}); - -// Create a storage account that references the user-assigned managed identity -const storageAccount = new storage.StorageAccount("mystorageaccount", { - resourceGroupName: resourceGroup.name, - kind: "StorageV2", - location: resourceGroup.location, - identity: { - type: "UserAssigned", - userAssignedIdentities: [userAssignedIdentity.id], - }, - sku: { - name: "Standard_LRS", - }, -}); -``` - -Before this change, the identity block would need to use an apply as follows: - -```typescript -user_assigned_identity.id.apply(lambda id: {id: {}}) -``` - -#### Title Case Changes - -All resource names are now consistently in title case, starting with an uppercase letter. The previous lowercase resource names are aliased so all Pulumi state is backwards-compatible. While functions are not aliased, resolving the name discrepancy is as simple as updating the function names. For instance, in the TypeScript SDK, `azure-native.aadiam.getazureADMetric` changed to `azure-native.aadiam.getAzureADMetric`. - -The complete list of affected resources and functions is [in this PR](https://github.com/pulumi/pulumi-azure-native/pull/2366). - -#### MySQL and PostgreSQL Server and Flexible Server - -Both [Azure Database for MySQL](https://azure.microsoft.com/en-us/products/mysql) and [Azure Database for PostgreSQL](https://azure.microsoft.com/en-us/products/postgresql) are available in a `Single Server` and a `Flexible Server` variant. The `Single Server` variants are on the retirement path ([MySQL](https://learn.microsoft.com/en-us/azure/mysql/single-server/whats-happening-to-mysql-single-server), [PostgreSQL](https://learn.microsoft.com/en-us/azure/postgresql/single-server/whats-happening-to-postgresql-single-server)). Azure recommends that all new servers are created as a `Flexible Server` variant. - -In v2, the following resources are now associated with a `Flexible Server` variant instead of `Single Server` as they were in v1: - -* `Configuration` -* `Database` -* `FirewallRule` -* `Server` -* `PrivateEndpointConnection` - -Existing v1 programs upgrading to v2 using the default version will result in a change of resource type. For instance, `azure-native.dbformysql.Server` would previously have referred to a `Single Server` but will now refer to a `Flexible Server` and will result in a replacement of the resource during the next `pulumi up`. However, the properties of flexible servers are sufficiently different that, in a typed language, the program will not compile. If you would like to continue using the previous Azure API version, you may do so by using the previous explicit version `2017-12-01`. - -{{< chooser language "typescript,python,csharp,go,yaml" >}} - -{{% choosable language typescript %}} - -```typescript -- import * as mysqldb from "@pulumi/azure-native/dbformysql" -+ import * as mysqldb from "@pulumi/azure-native/dbformysql/v20171201" - -- import * as postgresqldb from "@pulumi/azure-native/dbforpostgresql" -+ import * as postgresqldb from "@pulumi/azure-native/dbforpostgresql/v20171201" -``` - -{{% /choosable %}} -{{% choosable language python %}} - -```python -- from pulumi_azure_native import dbformysql -+ from pulumi_azure_native.dbformysql import v20171201 as dbformysql - -- from pulumi_azure_native import dbforpostgresql -+ from pulumi_azure_native.dbforpostgresql import v20171201 as dbforpostgresql -``` - -{{% /choosable %}} -{{% choosable language csharp %}} - -```csharp -- using MySQLDB = Pulumi.AzureNative.DBforMySQL; -+ using MySQLDB = Pulumi.AzureNative.DBforMySQL.V20171201; - -- using PostgreSQLDB = Pulumi.AzureNative.DBforPostgreSQL; -+ using PostgreSQLDB = Pulumi.AzureNative.DBforPostgreSQL.V20171201; -``` - -{{% /choosable %}} -{{% choosable language go %}} - -```go -- import mysqldb "github.com/pulumi/pulumi-azure-native-sdk/dbformysql" -+ import mysqldb "github.com/pulumi/pulumi-azure-native-sdk/dbformysql/v2/v20200601" - -- import postgresqldb "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql" -+ import postgresqldb "github.com/pulumi/pulumi-azure-native-sdk/dbforpostgresql/v2/20171201" -``` - -{{% /choosable %}} -{{% choosable language yaml %}} - -```yaml -- type: azure-native:dbformysql:Server -+ type: azure-native:dbformysql/v20171201:Server - -- type: azure-native:dbforpostgresql:Server -+ type: azure-native:dbforpostgresql/v20171201:Server -``` - -{{% /choosable %}} -{{< /chooser >}} - -### Contributing - -If you experience any unexpected issues during your migration or would like to contribute to our codebase, please visit our [respository](https://github.com/pulumi/pulumi-azure-native) to open an [issue](https://github.com/pulumi/pulumi-azure-native/issues) or submit a pull request. diff --git a/themes/default/content/registry/packages/azure-native-v1/installation-configuration.md b/themes/default/content/registry/packages/azure-native-v1/installation-configuration.md deleted file mode 100644 index b6e5092b4e..0000000000 --- a/themes/default/content/registry/packages/azure-native-v1/installation-configuration.md +++ /dev/null @@ -1,237 +0,0 @@ ---- -title: Azure Native Installation & Configuration -meta_desc: How to set up credentials to use the Pulumi Azure Native Provider and choose configuration options to tailor the provider to suit your use case. -layout: package ---- - -To provision resources with the Pulumi Azure Native provider, you need to have Azure credentials. -Your Azure credentials are never sent to Pulumi.com. -Pulumi uses the Azure SDK and the credentials in your environment to authenticate requests from your computer to Azure. - -## Installation - -The Azure Native provider is available as a package in all Pulumi languages: - -* JavaScript/TypeScript: [`@pulumi/azure-native`](https://www.npmjs.com/package/@pulumi/azure-native) -* Python: [`pulumi-azure-native`](https://pypi.org/project/pulumi-azure-native/) -* Go: [`github.com/pulumi/pulumi-azure-native/sdk/go/azure`](https://github.com/pulumi/pulumi-azure-native) -* .NET: [`Pulumi.AzureNative`](https://www.nuget.org/packages/Pulumi.AzureNative) -* Java: [`com.pulumi.azurenative`](https://search.maven.org/search?q=com.pulumi.azure-native) - -## Authentication Methods - -Pulumi can authenticate to Azure via several methods: -- Azure CLI -- Service Principal with a client secret or certificate -- OpenID Connect (OIDC) -- Managed Service Identity (MSI) - -If you're running the Pulumi CLI locally, in a developer scenario, we recommend using the Azure CLI. For team -environments, particularly in CI, one of the other options is strongly recommended. - -{{% notes type="info" %}} -Authenticating using the CLI will not work for Service Principal logins (e.g., -`az login --service-principal`). For such cases, authenticate using the Service Principal method instead. -{{% /notes %}} - -### Authenticate using the CLI - -The CLI instructions assume you're using the [Azure CLI](https://github.com/Azure/azure-cli) (`az`). - -Log in to the Azure CLI and Pulumi will automatically use your credentials: - -```bash -$ az login -A web browser has been opened at https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize. Please continue the login in the web browser. If no web browser is available or if the web browser fails to open, use device code flow with `az login --use-device-code`. -``` - -Do as instructed to log in. After completed, `az login` will return and you are ready to go. - -{{% notes type="info" %}} -If you're using Government or China Clouds, you'll need to configure the Azure CLI to work with that cloud. Do so by running `az cloud set --name `, where `` is one of `AzureUSGovernment` or `AzureChinaCloud`. -{{% /notes %}} - -The Azure CLI, and thus Pulumi, will use the Default Subscription by default. You can override the subscription by setting your subscription ID to the `id` output from `az account list`'s output: - -```bash -$ az account list -``` - -Pick out the `` from the list and run: - -```bash -$ az account set --subscription= -``` - -### Authenticate with OpenID Connect (OIDC) - -OIDC allows you to establish a trust relationship between Azure and another identity provider such as GitHub. Once -established, your program can exchange a token issued by the identity provider (in this case, GitHub) for an Azure -token. Your Pulumi program running in, for instance, GitHub Actions CI, can then access Azure, without storing any -secrets in GitHub. - -#### OIDC Azure Configuration - -To configure the trust relationship in Azure, please refer to -[this guide](https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp#github-actions). -This needs to be set up only once. - -Additionally, you may find the -[GitHub OIDC documentation](https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect) -helpful. - -#### OIDC Pulumi Provider Configuration - -To use OIDC, either set the Pulumi configuration `useOidc` via `pulumi config set azure-native:useOidc true` or set the -environment variable `ARM_USE_OIDC` to "true". - -Next, supply the provider with an ID token and a URL to use for exchange. In GitHub, we don't need to configure -this since GitHub sets the relevant environment variables `ACTIONS_ID_TOKEN_REQUEST_TOKEN` and -`ACTIONS_ID_TOKEN_REQUEST_URL` by default and the provider reads them. In other scenarios, set the Pulumi configuration -`azure-native:oidcRequestToken` or environment variable `ARM_OIDC_REQUEST_TOKEN` for the token, and configuration -`azure-native:oidcRequestUrl` or environment variable `ARM_OIDC_REQUEST_URL` for the URL. - -Finally, configure the client and tenant IDs of your Azure Active Directory application. Refer to the -[above Azure documentation](https://learn.microsoft.com/en-us/azure/active-directory/workload-identities/workload-identity-federation-create-trust?pivots=identity-wif-apps-methods-azp) -on how to retrieve the IDs, and set them via Pulumi config as `azure-native:clientId` and `azure-native:tenantId` or -via environment variables as `ARM_CLIENT_ID` and `ARM_TENANT_ID`. - -{{% notes type="info" %}} -If you get the error "_AADSTS70021: No matching federated identity record found for presented assertion_", this points -to a configuration issue with the _entity type_ and _environment name_ described in the Azure documentation. Make sure -they match your setup, e.g., the type "branch" and the correct branch name if CI runs against a fixed branch. -{{% /notes %}} - -### Authenticate using a Service Principal - -A Service Principal is an application in Azure Active Directory with a client ID and a tenant ID, exactly like the one -used in the OIDC scenario. In this scenario, instead of a pre-configured trust relationship, a client secret is used to -authenticate with Azure. - -#### Create your Service Principal and get your tokens - -To use a Service Principal, you must first create one. If you already have one, skip this section. - -You can create a Service Principal [using the Azure CLI](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest), [using the Azure Cloud Shell](https://shell.azure.com/), or [using the Azure Portal](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal?view=azure-cli-latest). - -After creating a Service Principal, you will obtain three important tokens: - -* `appId` is the client ID -* `tenant` is the tenant ID -* `password` is the client secret - -For example, a common Service Principal as displayed by the Azure CLI looks something like this: - -```json -{ - "appId": "WWWWWWWW-WWWW-WWWW-WWWW-WWWWWWWWWWWW", - "displayName": "ServicePrincipalName", - "name": "http://ServicePrincipalName", - "password": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", - "tenant": "YYYYYYYY-YYYY-YYYY-YYYY-YYYYYYYYYYYY" -} -``` - -You also need to obtain a Subscription ID. To retrieve your current Subscription ID, you can use: - -```bash -$ az account show --query id -o tsv -``` - -To list all available subscriptions, you can use: - -```bash -$ az account list --query '[].{subscriptionName:name,subscriptionId:id}' -o tsv -``` - -#### Make tokens available to Pulumi - -Once you have the Service Principal's authorization tokens, choose one of the ways below to make them available to Pulumi: - -##### Set configuration using `pulumi config` - -Remember to pass `--secret` when setting `clientSecret` so that it is properly encrypted: - - ```bash - $ pulumi config set azure-native:clientId - $ pulumi config set azure-native:clientSecret --secret - $ pulumi config set azure-native:tenantId - $ pulumi config set azure-native:subscriptionId - # optional default location, otherwise set in code - $ pulumi config set azure-native:location - ``` - -##### Set configuration using environment variables - -{{< chooser os "linux,macos,windows" >}} -{{% choosable os linux %}} - -```bash -$ export ARM_CLIENT_ID= -$ export ARM_CLIENT_SECRET= -$ export ARM_TENANT_ID= -$ export ARM_SUBSCRIPTION_ID= -$ export ARM_LOCATION_NAME= -``` - -{{% /choosable %}} - -{{% choosable os macos %}} - -```bash -$ export ARM_CLIENT_ID= -$ export ARM_CLIENT_SECRET= -$ export ARM_TENANT_ID= -$ export ARM_SUBSCRIPTION_ID= -$ export ARM_LOCATION_NAME= -``` - -{{% /choosable %}} - -{{% choosable os windows %}} - -```powershell -> $env:ARM_CLIENT_ID = "" -> $env:ARM_CLIENT_SECRET = "" -> $env:ARM_TENANT_ID = "" -> $env:ARM_SUBSCRIPTION_ID = "" -> $env:ARM_LOCATION_NAME = "" -``` - -{{% /choosable %}} -{{< /chooser >}} - -Alternatively, you can use a certificate instead of a password as client secret. In this case, configure the provider -as shown above except use `clientCertPath`/`ARM_CLIENT_CERTIFICATE_PATH` instead of `clientSecret`/`ARM_CLIENT_SECRET`. - - -### Authenticate using Managed Service Identity (MSI) - -When MSI is used for authentication, all -[configuration is done in Azure](https://learn.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview) -and we only need to tell the provider to use MSI. You can set the Pulumi configuration `useMsi` or the environment -variable `ARM_USE_MSI` to "true". - -You can also configure a custom MSI endpoint, although this is not generally required. Do so via the `msiEndpoint` -configuration or the `ARM_MSI_ENDPOINT` environment variable. - -## Configuration options - -Use `pulumi config set azure-native: