[CFX-4857][CFX-4611] Added support for pulumi login during start and dotenv setup#344
[CFX-4857][CFX-4611] Added support for pulumi login during start and dotenv setup#344carsongee wants to merge 1 commit intodatarobot-oss:mainfrom
Conversation
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
d397bec to
1667771
Compare
carsongee
changed the title
carsongee
force-pushed
the
carsongee/CFX-4857
branch
2 times, most recently
from
dd1fb86 to
cd8718d
Compare
|
🔐 Smoke tests approved by maintainer ⏳ Running security scans before executing smoke tests with secrets... A maintainer has approved this fork PR to run smoke tests. Security scans will run first. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
cd8718d to
0422da9
Compare
| func TestNeedsPulumiSetup_NotLoggedIn_NoPassphrase(t *testing.T) { | ||
| prompts := []envbuilder.UserPrompt{{Env: "PULUMI_CONFIG_PASSPHRASE", Active: true}} | ||
|
|
||
| assert.True(t, needsPulumiSetup(prompts, false, false), "not logged in + no passphrase → needs setup") |
There was a problem hiding this comment.
Tests fail when Pulumi CLI not installed
Medium Severity
Several TestNeedsPulumiSetup_* tests assert true but needsPulumiSetup calls exec.LookPath("pulumi") as its first check, returning false when Pulumi isn't installed. Tests like NotLoggedIn_NoPassphrase, NotLoggedIn_PassphraseSet, and LoggedIn_NoPassphrase will all fail in any CI or dev environment without the pulumi binary on PATH, making them environment-dependent and flaky.
Additional Locations (2)
| // Skip if already processed (like PULUMI_CONFIG_PASSPHRASE above) | ||
| if prompt.Value != "" { | ||
| continue | ||
| } |
There was a problem hiding this comment.
Skip logic silently ignores .env file values for matched prompts
Low Severity
The new if prompt.Value != "" { continue } guard in the second loop of promptsWithValues skips the .env file (variables) lookup for any prompt whose Value was already set — currently PULUMI_CONFIG_PASSPHRASE via viper. This means a user-provided value in .env is silently ignored in favor of the viper config value, breaking the expected precedence of env var > .env file > config > default. The skip condition doesn't check the prompt's Env field, so it also affects any future prompt that arrives with a pre-populated Value.
|
❌ Some smoke tests failed. (Fork PR) ✅ Security Scan: success |
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
0422da9 to
b9eae1b
Compare
| } | ||
|
|
||
| return nil | ||
| } |
There was a problem hiding this comment.
Hardcoded config path ignores XDG_CONFIG_HOME
Medium Severity
savePassphraseToConfig hardcodes the config directory as filepath.Join(homeDir, ".config", "datarobot"), but the project's config.GetConfigDir() respects XDG_CONFIG_HOME. When XDG_CONFIG_HOME is set to a non-default path, the os.MkdirAll creates the wrong directory, and viper.WriteConfig() may fail because the actual config directory (at the XDG path) might not exist.
| // If Pulumi login sub-model is active, delegate to it | ||
| if m.pulumiModel != nil { | ||
| return m.handlePulumiUpdate(msg) | ||
| } |
There was a problem hiding this comment.
WindowSizeMsg lost during Pulumi login flow
Low Severity
When pulumiModel is active, all messages including tea.WindowSizeMsg are delegated to handlePulumiUpdate, which doesn't update the parent Model's width and height. If the terminal is resized during the Pulumi login flow, the parent model retains stale dimensions, causing potential layout issues when the wizard screen renders afterward.
shreyaag-dr
left a comment
shreyaag-dr
left a comment
There was a problem hiding this comment.
LGTM, thanks for adding this.
|
@carsongee Is this one in need of review, or stale? |
It is in need of review. I just moved it from Draft to Ready for Review last week, and I got Product sign off on Tuesday @ajalon1 |
4 participants
RATIONALE
Pulumi onboarding is still a challenge for our users. This bakes that into the configuration and allows the user to set a universal securely generated passphrase for all DataRobot templates they might explore without prompting for this configuration.
CHANGES
Note
Medium Risk
Introduces new interactive flow that shells out to
pulumiand writes a generated passphrase into the user config viaviper, so failures or misconfiguration could block setup or persist unintended secrets.Overview
Pulumi onboarding is now integrated into environment setup.
dr dotenv setup(and template setup’s embedded dotenv step) can detect when a template needsPULUMI_CONFIG_PASSPHRASE, then run a new TUI screen to select a Pulumi backend, executepulumi login, and optionally generate/store a default passphrase in~/.config/datarobot/drconfig.yamlbefore continuing the normal wizard.Validation/prompt loading now consider CLI config for Pulumi passphrase.
envbuilder.promptsWithValuescan sourcePULUMI_CONFIG_PASSPHRASEfromviperwhen not present in the environment or.env, and tests were hardened (resettingviper, clearing env leakage) plus new unit tests cover the Pulumi flow and command-path assertions.Written by Cursor Bugbot for commit b9eae1b. This will update automatically on new commits. Configure here.