Initial Pulumi Support, Closes #187

CONTRIBUTING.md

@@ -37,13 +37,15 @@ This guide assumes you are familiar with Terraform, if not you can take an hour
 ### Install
 
 Assuming you have already [installed go](https://golang.org/doc/install), install the go dependencies
+
 ```sh
 make deps
 ```
 
 ### Run
 
 Run the code:
+
 ```sh
 make run ARGS="breakdown --path examples/terraform --usage-file=examples/terraform/infracost-usage.yml"
 ```
@@ -55,31 +57,37 @@ This will use your existing Infracost API key; register for a [free API key](htt
 #### Unit tests
 
 To run only the unit tests:
+
 ```sh
 make test
 ```
 
 #### Integration tests
+
 You should run tests with the `-v` flag and warn log level so you can see and fix any warnings:
+
 ```sh
 INFRACOST_LOG_LEVEL=warn go test -v -cover ./internal/providers/terraform/aws/ebs_volume_test.go
 
 time="2021-04-05T15:24:16Z" level=warning msg="Multiple prices found for aws_ebs_volume.gp3 Provisioned throughput, using the first price"
 ```
 
 To run all the tests for a specific cloud vendor:
+
 ```sh
 make test_aws
 make test_google
 make test_azure
 ```
 
 To run all the tests, you can use:
+
 ```sh
 make test_all
 ```
 
 Test golden files may be updated for all test or for a specific cloud vendor:
+
 ```sh
 make test_update
 make test_update_aws
@@ -96,13 +104,16 @@ make build
 ## Adding new resources
 
 Checkout **[our dedicated guide](contributing/add_new_resource_guide.md)** to add resources!
+Checkout **[Pulumi Contributing](contributing/pulumi.md)** also to add Pulumi resources!
 
 ### Azure credentials
 
 Working on Azure resources requires Azure creds as the Azure Terraform provider requires real credentials to be able to run `terraform plan`. This means you must have Azure credentials for running the Infracost commands and integration tests for Azure. We recommend creating read-only Azure credentials for this purpose. If you have an Azure subscription, you can do this by running the `az` command line:
+
  ```sh
  az ad sp create-for-rbac --name http://InfracostReadOnly --role Reader --scope=/subscriptions/<SUBSCRIPTION ID> --years=10
  ```
+
  If you do not have an Azure subscription, then please ask on the contributors channel on the Infracost Slack and we can provide you with credentials.
 
  To run the Azure integration tests in the GitHub action in pull requests, these credentials also need to be added to your fork's secrets. To do this:
@@ -113,9 +124,9 @@ Working on Azure resources requires Azure creds as the Azure Terraform provider
 ### Querying the GraphQL API
 
 1. Use a browser extension like [modheader](https://bewisse.com/modheader/help/) to allow you to specify additional headers in your browser.
-2. Go to https://pricing.api.infracost.io/graphql
+2. Go to <https://pricing.api.infracost.io/graphql>
 3. Set your `X-API-Key` using the browser extension
-4. Run GraphQL queries to find the correct products. Examples can be found here: https://github.com/infracost/cloud-pricing-api/tree/master/examples/queries
+4. Run GraphQL queries to find the correct products. Examples can be found here: <https://github.com/infracost/cloud-pricing-api/tree/master/examples/queries>
 
 The GraphQL pricing API limits the number of results returned to 1000, which can limit its usefulness for exploring the data. AWS use many acronyms so be sure to search for those too, e.g. "ES" returns "AmazonES" for ElasticSearch.
 

contributing/pulumi.md

@@ -0,0 +1,14 @@
+# Contributing to the pulumi provider
+
+## notes
+
+1. The current pulumi provider uses the json preview digest, it is generated by `pulumi preview --show-sames -j > preview.json`
+2. `parsePreviewDigest` in parser.go is where all of the parsing code exists.
+3. We currently skip `stacks` and `awsx` components.
+4. The `localInputs` map gets turned into a `gjson.Result` to enable all of the following code to execute `.Get("key")` on it.
+5. `parseRegion` and `parseTags` both have provider based switches that call functions in the provider library 
+6. `Step.Op` determines whether the resource currently exists or not.
+7. To keep the existing names in all of the registryItems we use a function `deriveTfResourceTypes` which derives the library name from the pulumi name.
+8. If it is a free resource do not add it to the function above, just duplicate the name in `(aws|azure|google)/registry.go` in type: `FreeResources`
+9. For an understanding of how references work checkout `// Parsing Block Device References` in `aws/instance.go`
+10. The `urn` is the defaultID for all resources, since its unique.

examples/pulumi/aws-ts-ebs/.gitignore

@@ -0,0 +1,2 @@
+/bin/
+/node_modules/

examples/pulumi/aws-ts-ebs/Pulumi.dev.yaml

@@ -0,0 +1,2 @@
+config:
+ aws:region: us-west-2

examples/pulumi/aws-ts-ebs/Pulumi.yaml

@@ -0,0 +1,3 @@
+name: aws-ts-ebs
+runtime: nodejs
+description: A minimal AWS TypeScript Pulumi program

examples/pulumi/aws-ts-ebs/index.ts

@@ -0,0 +1,196 @@
+import * as pulumi from "@pulumi/pulumi";
+import * as aws from "@pulumi/aws";
+import * as awsx from "@pulumi/awsx";
+
+const bucket = new aws.s3.Bucket("mybucket");
+const namePrefix = 'example'
+
+const vpc = new awsx.ec2.Vpc(`${namePrefix}-vpc`, {
+ cidrBlock: '10.0.0.0/22',
+ numberOfAvailabilityZones: 3,
+ numberOfNatGateways: 2,
+ });
+
+const ebsVolume = new aws.ebs.Volume(`${namePrefix}-ebs-volume`, {
+ availabilityZone: "us-west-2a",
+ size: 40,
+ tags: {
+ Name: "HelloWorld",
+ },
+});
+
+const ebsVolume1 = new aws.ebs.Volume(`${namePrefix}-ebs-volume-1`, {
+ availabilityZone: "us-west-2a",
+ size: 40,
+ tags: {
+ Name: "HelloWorld",
+ },
+});
+
+const ubuntu = aws.ec2.getAmi({
+ mostRecent: true,
+ filters: [
+ {
+ name: "name",
+ values: ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"],
+ },
+ {
+ name: "virtualization-type",
+ values: ["hvm"],
+ },
+ ],
+ owners: ["099720109477"],
+});
+
+const eip = new aws.ec2.Eip(`${namePrefix}-elastic-ip`, {
+ vpc: true,
+});
+
+const web = new aws.ec2.Instance(`${namePrefix}-ec2-instance`, {
+ ami: ubuntu.then(ubuntu => ubuntu.id),
+ instanceType: "t3.micro",
+ tags: {
+ Name: "HelloWorld",
+ },
+ rootBlockDevice: {
+ volumeSize: 40,
+ volumeType: "gp3"
+ },
+ creditSpecification: {
+ cpuCredits: "unlimited",
+ },
+ ebsBlockDevices: [
+ { deviceName: '/dev/xvde', volumeId: ebsVolume.id},
+ { deviceName: '/dev/xvdf', volumeId: ebsVolume1.id}
+ ]
+});
+
+const eipAssoc = new aws.ec2.EipAssociation(`${namePrefix}-eipAssoc`, {
+ instanceId: web.id,
+ allocationId: eip.id,
+});
+
+
+const dbAppSecurityGroup = new aws.ec2.SecurityGroup(`${namePrefix}-dbAppAccessGroup`, {
+ vpcId: vpc.id
+})
+
+const rdsInstance = new aws.rds.Instance(`${namePrefix}-rds`, {
+ allocatedStorage: 40,
+ dbSubnetGroupName: dbAppSecurityGroup.name,
+ engine: "mysql",
+ engineVersion: "8.0.28",
+ instanceClass: "db.t3.small",
+ iops: 0,
+ backupRetentionPeriod: 7,
+ backupWindow: "00:00-01:00",
+ maintenanceWindow: "Mon:02:00-Mon:04:00",
+ monitoringInterval: 0,
+ monitoringRoleArn: "",
+ optionGroupName: "",
+ parameterGroupName:"",
+ password: "example1234!",
+ username: "dbAdmin",
+ dbName: "example",
+ storageType: "gp2",
+ skipFinalSnapshot: true,
+ vpcSecurityGroupIds: [],
+}, );
+
+var azs = pulumi.output(vpc.privateSubnets).apply((subnets) => subnets.map((s) => s.subnet.availabilityZone))
+
+const rdsCluster = new aws.rds.Cluster(`${namePrefix}-rds-cluster`, {
+ availabilityZones: azs,
+ backupRetentionPeriod: 5,
+ clusterIdentifier: "aurora-cluster-demo",
+ databaseName: "mydb",
+ engine: "aurora-mysql",
+ engineVersion: "5.7.mysql_aurora.2.03.2",
+ masterPassword: "example1234!",
+ masterUsername: "foo",
+ preferredBackupWindow: "07:00-09:00",
+ dbClusterInstanceClass: "db.r6gd.xlarge",
+ iops: 1000,
+ allocatedStorage: 1000
+});
+
+const clusterInstances: aws.rds.ClusterInstance[] = [];
+for (const range = {value: 0}; range.value < 2; range.value++) {
+ clusterInstances.push(new aws.rds.ClusterInstance(`${namePrefix}-rds-clusterInstances-${range.value}`, {
+ identifier: `aurora-cluster-demo-${range.value}`,
+ clusterIdentifier: rdsCluster.id,
+ instanceClass: "db.r4.large",
+ engine: "aurora-mysql",
+ engineVersion: rdsCluster.engineVersion,
+ }));
+}
+
+const exampleRole = new aws.iam.Role(`${namePrefix}-iam-role`, {assumeRolePolicy: `{
+ "Version": "2012-10-17",
+ "Statement": [
+ {
+ "Effect": "Allow",
+ "Principal": {
+ "Service": "eks.amazonaws.com"
+ },
+ "Action": "sts:AssumeRole"
+ }
+ ]
+ }
+ `});
+ const example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment(`${namePrefix}-AmazonEKSClusterPolicy`, {
+ policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
+ role: exampleRole.name,
+ });
+ // Optionally, enable Security Groups for Pods
+ // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
+ const example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment(`${namePrefix}AmazonEKSVPCResourceController`, {
+ policyArn: "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
+ role: exampleRole.name,
+ });
+
+const eksCluster = new aws.eks.Cluster(`${namePrefix}-eks-cluster`, {
+ roleArn: exampleRole.arn,
+ vpcConfig: {
+ subnetIds: vpc.privateSubnetIds,
+ },
+}, {
+ dependsOn: [
+ example_AmazonEKSClusterPolicy,
+ example_AmazonEKSVPCResourceController,
+ ],
+});
+
+const example_AmazonEKSWorkerNodePolicy = new aws.iam.RolePolicyAttachment("example-AmazonEKSWorkerNodePolicy", {
+ policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
+ role: exampleRole.name,
+});
+const example_AmazonEKS_CNI_Policy = new aws.iam.RolePolicyAttachment("example-AmazonEKSCNIPolicy", {
+ policyArn: "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
+ role: exampleRole.name,
+});
+const example_AmazonEC2ContainerRegistryReadOnly = new aws.iam.RolePolicyAttachment("example-AmazonEC2ContainerRegistryReadOnly", {
+ policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
+ role: exampleRole.name,
+});
+
+const eksNodeGroup = new aws.eks.NodeGroup("example", {
+ clusterName: eksCluster.name,
+ nodeRoleArn: exampleRole.arn,
+ subnetIds: vpc.privateSubnetIds,
+ scalingConfig: {
+ desiredSize: 1,
+ maxSize: 1,
+ minSize: 1,
+ },
+ updateConfig: {
+ maxUnavailable: 2,
+ },
+ instanceTypes: ["t3.large"]
+}, {
+ dependsOn: [
+ example_AmazonEKSWorkerNodePolicy,
+ example_AmazonEKS_CNI_Policy,
+ example_AmazonEC2ContainerRegistryReadOnly,
+ ],
+});