Expose provider config

pkg/modprovider/module_component.go

@@ -64,6 +64,8 @@ func NewModuleComponentResource(
 	moduleInputs resource.PropertyMap,
 	inferredModule *InferredModuleSchema,
 	packageRef string,
+	providerSelfURN pulumi.URN,
+	providersConfig map[string]resource.PropertyMap,
 	opts ...pulumi.ResourceOption,
 ) (componentUrn *urn.URN, outputs pulumi.Input, finalError error) {
 	component := ModuleComponentResource{}
@@ -84,15 +86,28 @@ func NewModuleComponentResource(
 		planStore.Forget(urn)
 	}()
 
+	var providerSelfRef pulumi.ProviderResource
+	if providerSelfURN != "" {
+		providerSelfRef = newProviderSelfReference(ctx, providerSelfURN)
+	}
+
 	go func() {
+		resourceOptions := []pulumi.ResourceOption{
+			pulumi.Parent(&component),
+		}
+
+		if providerSelfRef != nil {
+			resourceOptions = append(resourceOptions, pulumi.Provider(providerSelfRef))
+		}
+
 		_, err := newModuleStateResource(ctx,
 			// Needs to be prefixed by parent to avoid "duplicate URN".
 			fmt.Sprintf("%s-state", name),
 			pkgName,
 			urn,
 			packageRef,
 			moduleInputs,
-			pulumi.Parent(&component),
+			resourceOptions...,
 		)
 
 		contract.AssertNoErrorf(err, "newModuleStateResource failed")
@@ -127,7 +142,10 @@ func NewModuleComponentResource(
 			Name: outputName,
 		})
 	}
-	err = tfsandbox.CreateTFFile(tfName, tfModuleSource, tfModuleVersion, tf.WorkingDir(), moduleInputs, outputSpecs)
+	err = tfsandbox.CreateTFFile(tfName, tfModuleSource,
+		tfModuleVersion, tf.WorkingDir(),
+		moduleInputs, outputSpecs, providersConfig)
+
 	if err != nil {
 		return nil, nil, fmt.Errorf("Seed file generation failed: %w", err)
 	}
@@ -169,10 +187,19 @@ func NewModuleComponentResource(
 				return
 			}
 
+			resourceOptions := []pulumi.ResourceOption{
+				pulumi.Parent(&component),
+			}
+
+			if providerSelfRef != nil {
+				resourceOptions = append(resourceOptions, pulumi.Provider(providerSelfRef))
+			}
+
 			cr, err := newChildResource(ctx, urn, pkgName,
 				rp,
 				packageRef,
-				pulumi.Parent(&component))
+				resourceOptions...,
+			)
 
 			errs = append(errs, err)
 			if err == nil {
@@ -211,10 +238,19 @@ func NewModuleComponentResource(
 				// so that we propagate outputs from module
 				return
 			}
+
+			resourceOptions := []pulumi.ResourceOption{
+				pulumi.Parent(&component),
+			}
+
+			if providerSelfRef != nil {
+				resourceOptions = append(resourceOptions, pulumi.Provider(providerSelfRef))
+			}
+
 			cr, err := newChildResource(ctx, urn, pkgName,
 				rp,
 				packageRef,
-				pulumi.Parent(&component))
+				resourceOptions...)
 
 			errs = append(errs, err)
 			if err == nil {
@@ -242,3 +278,16 @@ func NewModuleComponentResource(
 
 	return &urn, marshalledOutputs, nil
 }
+
+func newProviderSelfReference(ctx *pulumi.Context, urn1 pulumi.URN) pulumi.ProviderResource {
+	var prov pulumi.ProviderResourceState
+	err := ctx.RegisterResource(
+		string(urn.URN(urn1).Type()),
+		urn.URN(urn1).Name(),
+		pulumi.Map{},
+		&prov,
+		pulumi.URN_(string(urn1)),
+	)
+	contract.AssertNoErrorf(err, "RegisterResource failed to hydrate a self-reference")
+	return &prov
+}

pkg/modprovider/schema.go

@@ -41,6 +41,9 @@ func pulumiSchemaForModule(pargs *ParameterizeArgs, inferredModule *InferredModu
 		Name:    string(packageName),
 		Version: string(pkgVer),
 		Types:   inferredModule.SupportingTypes,
+		Provider: schema.ResourceSpec{
+			InputProperties: inferredModule.ProvidersConfig.Variables,
+		},
 		Resources: map[string]schema.ResourceSpec{
 			mainResourceToken: {
 				IsComponent:     true,

pkg/modprovider/server.go

@@ -27,6 +27,7 @@ import (
 	emptypb "google.golang.org/protobuf/types/known/emptypb"
 
 	"github.com/pulumi/pulumi/pkg/v3/resource/provider"
+	"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/resource/plugin"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/util/contract"
@@ -61,6 +62,8 @@ type server struct {
 	packageVersion       packageVersion
 	componentTypeName    componentTypeName
 	inferredModuleSchema *InferredModuleSchema
+	providerConfig       resource.PropertyMap
+	providerSelfURN      pulumi.URN
 }
 
 func (s *server) Parameterize(
@@ -203,10 +206,23 @@ func (*server) GetPluginInfo(
 	}, nil
 }
 
-func (*server) Configure(
+func (s *server) Configure(
 	_ context.Context,
-	_ *pulumirpc.ConfigureRequest,
+	req *pulumirpc.ConfigureRequest,
 ) (*pulumirpc.ConfigureResponse, error) {
+	config, err := plugin.UnmarshalProperties(req.Args, plugin.MarshalOptions{
+		KeepUnknowns:     true,
+		RejectAssets:     true,
+		KeepSecrets:      true,
+		KeepOutputValues: false,
+	})
+
+	if err != nil {
+		return nil, fmt.Errorf("configure failed to parse inputs: %w", err)
+	}
+
+	s.providerConfig = config
+
 	return &pulumirpc.ConfigureResponse{
 		AcceptSecrets:   true,
 		SupportsPreview: true,
@@ -264,6 +280,61 @@ func (s *server) acquirePackageReference(
 	return response.Ref, nil
 }
 
+// cleanProvidersConfig takes config that was produced from provider inputs in the program:
+//
+//	const provider = new vpc.Provider("my-provider", {
+//	  aws: {
+//	      "region": "us-west-2"
+//	   }
+//	})
+//
+// the input config here would look like sometimes where the provider config is a JSON string:
+//
+//		{
+//	       propertyKey("version"): stringProperty("0.1.0"),
+//		   propertyKey("aws"): stringProperty("{\"region\": \"us-west-2\"}")
+//		}
+//
+// notice how the value is a string that is a JSON stringified object due to legacy provider SDK behavior
+// see https://github.com/pulumi/home/issues/3705 for reference
+// we need to convert this to a map[string]resource.PropertyMap so that it can be used
+// in the Terraform JSON file
+func cleanProvidersConfig(config resource.PropertyMap) map[string]resource.PropertyMap {
+	providersConfig := make(map[string]resource.PropertyMap)
+	for propertyKey, serializedConfig := range config {
+		if string(propertyKey) == "version" || string(propertyKey) == "pluginDownloadURL" {
+			// skip the version and pluginDownloadURL properties
+			continue
+		}
+
+		if serializedConfig.IsString() {
+			value := serializedConfig.StringValue()
+			deserialized := map[string]interface{}{}
+			if err := json.Unmarshal([]byte(value), &deserialized); err != nil {
+				contract.Failf("failed to deserialize provider config into a map: %v", err)
+			}
+
+			if len(deserialized) > 0 {
+				providersConfig[string(propertyKey)] = resource.NewPropertyMapFromMap(deserialized)
+			}
+			continue
+		}
+
+		if serializedConfig.IsObject() {
+			// we might later get the behaviour where all programs no longer send serialized JSON
+			// but send the actual object instead
+			// right now only YAML and Go programs send the actual object
+			// see https://github.com/pulumi/home/issues/3705 for reference
+			providersConfig[string(propertyKey)] = serializedConfig.ObjectValue()
+			continue
+		}
+
+		contract.Failf("cleanProvidersConfig failed to parse unsupported type: %v", serializedConfig)
+	}
+
+	return providersConfig
+}
+
 func (s *server) Construct(
 	ctx context.Context,
 	req *pulumirpc.ConstructRequest,
@@ -275,6 +346,8 @@ func (s *server) Construct(
 		// TODO[https://github.com/pulumi/pulumi-terraform-module/issues/151] support Outputs in Unmarshal
 		KeepOutputValues: false,
 	})
+
+	providersConfig := cleanProvidersConfig(s.providerConfig)
 	if err != nil {
 		return nil, fmt.Errorf("Construct failed to parse inputs: %s", err)
 	}
@@ -302,7 +375,9 @@ func (s *server) Construct(
 				name,
 				inputProps,
 				s.inferredModuleSchema,
-				packageRef)
+				packageRef,
+				s.providerSelfURN,
+				providersConfig)
 
 			if err != nil {
 				return nil, fmt.Errorf("NewModuleComponentResource failed: %w", err)
@@ -332,6 +407,33 @@ func (s *server) Check(
 	}
 }
 
+func (s *server) CheckConfig(
+	_ context.Context,
+	req *pulumirpc.CheckRequest,
+) (*pulumirpc.CheckResponse, error) {
+	s.providerSelfURN = pulumi.URN(req.Urn)
+
+	config, err := plugin.UnmarshalProperties(req.GetNews(), plugin.MarshalOptions{
+		KeepUnknowns:     true,
+		RejectAssets:     true,
+		KeepSecrets:      true,
+		KeepOutputValues: false,
+	})
+
+	if err != nil {
+		return nil, fmt.Errorf("CheckConfig failed to parse inputs: %w", err)
+	}
+
+	// keep provider config in memory for use later.
+	// we keep one instance of provider configuration because each configuration is used
+	// once per provider process.
+	s.providerConfig = config
+
+	return &pulumirpc.CheckResponse{
+		Inputs: req.News,
+	}, nil
+}
+
 func (s *server) Diff(
 	ctx context.Context,
 	req *pulumirpc.DiffRequest,
@@ -380,7 +482,8 @@ func (s *server) Delete(
 ) (*emptypb.Empty, error) {
 	switch {
 	case req.GetType() == string(moduleStateTypeToken(s.packageName)):
-		return s.moduleStateHandler.Delete(ctx, req, s.params.TFModuleSource, s.params.TFModuleVersion)
+		providersConfig := cleanProvidersConfig(s.providerConfig)
+		return s.moduleStateHandler.Delete(ctx, req, s.params.TFModuleSource, s.params.TFModuleVersion, providersConfig)
 	case isChildResourceType(req.GetType()):
 		return s.childHandler.Delete(ctx, req)
 	default:

pkg/modprovider/server_test.go

@@ -25,6 +25,7 @@ import (
 	"google.golang.org/protobuf/types/known/emptypb"
 	"google.golang.org/protobuf/types/known/structpb"
 
+	"github.com/pulumi/pulumi/sdk/v3/go/common/resource"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/resource/urn"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/tokens"
 	"github.com/pulumi/pulumi/sdk/v3/go/common/util/rpcutil"
@@ -298,3 +299,23 @@ func (s *testResourceMonitorServer) RegisterResourceOutputs(
 func TestIsChildResourceType(t *testing.T) {
 	require.True(t, isChildResourceType("terraform-aws-modules:tf:aws_s3_bucket"))
 }
+
+func Test_cleanProvidersConfig(t *testing.T) {
+	inputConfig := resource.PropertyMap{
+		resource.PropertyKey("version"): resource.NewStringProperty("0.0.1"),
+		resource.PropertyKey("aws"):     resource.NewStringProperty("{\"region\":\"us-west-2\"}"),
+	}
+
+	// cleaning the provider config in the form above is the what we get from Pulumi programs
+	// we clean it such that:
+	// - the version is removed
+	// - the provider configuration is parsed from the JSON string to a PropertyMap
+	cleaned := cleanProvidersConfig(inputConfig)
+	expected := map[string]resource.PropertyMap{
+		"aws": {
+			resource.PropertyKey("region"): resource.NewStringProperty("us-west-2"),
+		},
+	}
+
+	assert.Equal(t, expected, cleaned)
+}

pkg/modprovider/state.go

@@ -242,6 +242,7 @@ func (h *moduleStateHandler) Delete(
 	req *pulumirpc.DeleteRequest,
 	moduleSource TFModuleSource,
 	moduleVersion TFModuleVersion,
+	providersConfig map[string]resource.PropertyMap,
 ) (*emptypb.Empty, error) {
 	oldState := moduleState{}
 	oldState.Unmarshal(req.GetProperties())
@@ -273,6 +274,7 @@ func (h *moduleStateHandler) Delete(
 		tf.WorkingDir(),
 		olds["moduleInputs"].ObjectValue(), /*inputs*/
 		[]tfsandbox.TFOutputSpec{},         /*outputs*/
+		providersConfig,
 	)
 
 	if err != nil {
@@ -330,8 +332,9 @@ func (h *moduleStateHandler) Read(
 	// when refreshing, we do not require outputs to be exposed
 	err = tfsandbox.CreateTFFile(tfName, moduleSource, moduleVersion,
 		tf.WorkingDir(),
-		inputs,                     /*inputs*/
-		[]tfsandbox.TFOutputSpec{}, /*outputs*/
+		inputs,                            /*inputs*/
+		[]tfsandbox.TFOutputSpec{},        /*outputs*/
+		map[string]resource.PropertyMap{}, /*providersConfig*/
 	)
 	if err != nil {
 		return nil, fmt.Errorf("Seed file generation failed: %w", err)

pkg/modprovider/tfmodules.go

@@ -44,6 +44,7 @@ type InferredModuleSchema struct {
 	Outputs         map[string]schema.PropertySpec
 	SupportingTypes map[string]schema.ComplexTypeSpec
 	RequiredInputs  []string
+	ProvidersConfig schema.ConfigSpec
 }
 
 var stringType = schema.TypeSpec{Type: "string"}
@@ -268,6 +269,18 @@ func InferModuleSchema(
 		Outputs:         make(map[string]schema.PropertySpec),
 		RequiredInputs:  []string{},
 		SupportingTypes: map[string]schema.ComplexTypeSpec{},
+		ProvidersConfig: schema.ConfigSpec{
+			Variables: map[string]schema.PropertySpec{},
+		},
+	}
+
+	if module.ProviderRequirements != nil {
+		for providerName := range module.ProviderRequirements.RequiredProviders {
+			inferredModuleSchema.ProvidersConfig.Variables[providerName] = schema.PropertySpec{
+				Description: "provider configuration for " + providerName,
+				TypeSpec:    mapType(anyType),
+			}
+		}
 	}
 
 	for variableName, variable := range module.Variables {
@@ -388,7 +401,8 @@ func resolveModuleSources(
 
 	inputs := resource.PropertyMap{}
 	outputs := []tfsandbox.TFOutputSpec{}
-	err = tfsandbox.CreateTFFile(key, source, version, tf.WorkingDir(), inputs, outputs)
+	providerConfig := map[string]resource.PropertyMap{}
+	err = tfsandbox.CreateTFFile(key, source, version, tf.WorkingDir(), inputs, outputs, providerConfig)
 	if err != nil {
 		return "", fmt.Errorf("tofu file creation failed: %w", err)
 	}