[CFX-4857][CFX-4611] Added support for pulumi login during start and dotenv setup#344
[CFX-4857][CFX-4611] Added support for pulumi login during start and dotenv setup#344carsongee wants to merge 4 commits intodatarobot-oss:mainfrom
Conversation
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
d397bec to
1667771
Compare
carsongee
changed the title
carsongee
force-pushed
the
carsongee/CFX-4857
branch
2 times, most recently
from
dd1fb86 to
cd8718d
Compare
|
🔐 Smoke tests approved by maintainer ⏳ Running security scans before executing smoke tests with secrets... A maintainer has approved this fork PR to run smoke tests. Security scans will run first. |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
cd8718d to
0422da9
Compare
|
❌ Some smoke tests failed. (Fork PR) ✅ Security Scan: success |
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
0422da9 to
b9eae1b
Compare
| } | ||
|
|
||
| return nil | ||
| } |
There was a problem hiding this comment.
Hardcoded config path ignores XDG_CONFIG_HOME
Medium Severity
savePassphraseToConfig hardcodes the config directory as filepath.Join(homeDir, ".config", "datarobot"), but the project's config.GetConfigDir() respects XDG_CONFIG_HOME. When XDG_CONFIG_HOME is set to a non-default path, the os.MkdirAll creates the wrong directory, and viper.WriteConfig() may fail because the actual config directory (at the XDG path) might not exist.
| // If Pulumi login sub-model is active, delegate to it | ||
| if m.pulumiModel != nil { | ||
| return m.handlePulumiUpdate(msg) | ||
| } |
There was a problem hiding this comment.
WindowSizeMsg lost during Pulumi login flow
Low Severity
When pulumiModel is active, all messages including tea.WindowSizeMsg are delegated to handlePulumiUpdate, which doesn't update the parent Model's width and height. If the terminal is resized during the Pulumi login flow, the parent model retains stale dimensions, causing potential layout issues when the wizard screen renders afterward.
shreyaag-dr
left a comment
shreyaag-dr
left a comment
There was a problem hiding this comment.
LGTM, thanks for adding this.
|
@carsongee Is this one in need of review, or stale? |
It is in need of review. I just moved it from Draft to Ready for Review last week, and I got Product sign off on Tuesday @ajalon1 |
|
🔐 Smoke tests approved by maintainer ⏳ Running security scans before executing smoke tests with secrets... A maintainer has approved this fork PR to run smoke tests. Security scans will run first. |
|
❌ Some smoke tests failed. (Fork PR) ✅ Security Scan: success |
carsongee
force-pushed
the
carsongee/CFX-4857
branch
from
b9eae1b to
1b6ae7e
Compare
| m.err = fmt.Errorf("failed to generate passphrase: %w", err) | ||
|
|
||
| return m, nil | ||
| } |
There was a problem hiding this comment.
Passphrase generation error mishandles program flow
Medium Severity
When generateRandomPassphrase fails, handlePassphraseAccepted sets m.err and returns nil cmd, but the savePassphraseToConfig error path properly sends a pulumiLoginErrorMsg which triggers tea.Quit. This inconsistency leaves the user on a screen displaying "Pulumi Login Failed" (misleading for a passphrase error) while the key handler still silently responds to passphrase-prompt keys (y/n/esc) that aren't shown in the error view. Pressing n silently discards the error and proceeds to the wizard as if nothing happened.
Additional Locations (1)
| } | ||
|
|
||
| if len(yamlFiles) == 0 { | ||
| return nil, nil |
There was a problem hiding this comment.
Removing early return changes behavior for repos without YAML
Medium Severity
Removing the len(yamlFiles) == 0 early return means GatherUserPrompts now always returns core prompts (DATAROBOT_ENDPOINT, DATAROBOT_API_TOKEN) even for repos with no yaml files. This causes checkPromptsAvailable to always return true (showing the "w" wizard option), and the promptsLoadedMsg handler to skip the len(prompts) == 0 branch. The wizard then silently runs through hidden core prompts and writes the .env file without any user interaction.
|
🔐 Smoke tests approved by maintainer ⏳ Running security scans before executing smoke tests with secrets... A maintainer has approved this fork PR to run smoke tests. Security scans will run first. |
|
❌ Some smoke tests failed. (Fork PR) ✅ Security Scan: success |
|
❌ Some smoke tests failed. (Fork PR) ✅ Security Scan: success |
|
❌ Some smoke tests failed. (Fork PR) ✅ Security Scan: success |
|
Tests are failing because of the key rotation |
4 participants
RATIONALE
Pulumi onboarding is still a challenge for our users. This bakes that into the configuration and allows the user to set a universal securely generated passphrase for all DataRobot templates they might explore without prompting for this configuration.
CHANGES
Note
Medium Risk
Adds a new interactive Pulumi login + passphrase generation flow that runs external
pulumicommands and writes a shared passphrase into the user config, which can affect onboarding behavior and error paths. Changes are localized to setup TUIs and prompt/value resolution, with added tests to reduce regression risk.Overview
Adds Pulumi onboarding to template configuration flows.
dr dotenv setupand template setup now detect when Pulumi is required (viaPULUMI_CONFIG_PASSPHRASEprompts) and, if needed, run a new pre-wizard TUI screen that guides backend selection (pulumi loginlocal/cloud/DIY) and can auto-generate and persist a default passphrase in~/.config/datarobot/drconfig.yaml.Improves prompt/value resolution and error handling.
envbuildernow sourcesPULUMI_CONFIG_PASSPHRASEfrom viper config (with env var and.envtaking precedence),dotenvprompt loading falls back to reading.envwhen variables aren’t preloaded, anddotenv setupnow unwraps the final TUI model to surface Pulumi/login errors. Tests were added/updated to isolate host env/viper leakage and validate the Pulumi flow and precedence rules.Written by Cursor Bugbot for commit b271cc8. This will update automatically on new commits. Configure here.