Fix parsing nested path ids

[danielrbradley]

Fixes #3368

• Sanitise regex group name to only allow alpha-numeric characters.
• Map back to original name.
• Tidy test cases with nesting.

This will currently result in an additional input being generated during the import. This then appears during the next up as a property deletion, though it actually has no effect.

Demonstration

Using the examples/keyvault-accesspolicies/ example:

1. Perform up gives the state (inputs and outputs):

                     "policy": {
                        "objectId": "xxxx",
                        "permissions": {
                            "keys": [
                                "get",
                                "create",
                                "delete",
                                "list"
                            ],
                            "secrets": [
                                "get",
                                "list",
                                "set",
                                "delete"
                            ]
                        },
                        "tenantId": "xxxx"
                    },
                    "resourceGroupName": "rgxxxx",
                    "vaultName": "vaultxxxx"
   

2. Delete the resource from the state: pulumi state delete urn:pulumi:dev::scratch::azure-native:keyvault:AccessPolicy::ap1
3. Import the resource: pulumi import resource ap1 "/subscriptions/xxxx/resourceGroups/rgxxxx/providers/Microsoft.KeyVault/vaults/vaultxxxx/accessPolicy/xxxx"
4. Check the state with pulumi stack export, the inputs now include object.Id:

                    "policy": { ... },
                    "policy.objectId": "xxxx",
                    "resourceGroupName": "rgxxxx",
                    "vaultName": "vaultxxxx"
   

5. Perform another up (pulumi up).
   Preview shows removal of policy => ObjectId:
   
   State inputs revert to remove policy.objectId:

                    "policy": { ... },
                    "resourceGroupName": "rgxxxx",
                    "vaultName": "vaultxxxx"
   

Tracing usage of ParseResourceID

The result from this function is used here:

pulumi-azure-native/provider/pkg/provider/provider.go

Lines 1080 to 1087 in e8feca2

	// There may be no old state (i.e., importing a new resource).
	// Extract inputs from resource's ID and response body.
	pathItems, err := resources.ParseResourceID(id, res.Path)
	if err != nil {
	return nil, err
	}
	inputMap := k.converter.ResponseToSdkInputs(res.PutParameters, pathItems, response)
	inputs = resource.NewPropertyMapFromMap(inputMap)

The pathItems are passed into ResponseToSdkInputs where they are used if they match one of the parameters in the metadata:

pulumi-azure-native/provider/pkg/convert/responseToSdkInputs.go

Lines 18 to 24 in e8feca2

	case param.Location == "path":
	name := param.Name
	sdkName := name
	if param.Value != nil && param.Value.SdkName != "" {
	sdkName = param.Value.SdkName
	}
	result[sdkName] = pathValues[name]

This will match:

pulumi-azure-native/provider/pkg/resources/customresources/custom_keyvault_accesspolicy.go

Line 67 in e8feca2

{Name: "policy.objectId", Location: "path", Value: &AzureAPIProperty{Type: "string"}},

[github-actions]

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

[codecov]

Codecov Report

Attention: Patch coverage is 81.81818% with 2 lines in your changes missing coverage. Please review.

Project coverage is 56.88%. Comparing base (9366e2d) to head (674dc7c).

Files	Patch %	Lines
provider/pkg/resources/parseResourceId.go	81.81%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #3375      +/-   ##
==========================================
+ Coverage   56.87%   56.88%   +0.01%     
==========================================
  Files          66       66              
  Lines        8092     8099       +7     
==========================================
+ Hits         4602     4607       +5     
- Misses       3055     3056       +1     
- Partials      435      436       +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[scp-mb]

@danielrbradley I am currently trying to import some access policies in a c# stack programmatically, but it seems to think the import will fail due to policy.objectId being missing, despite being specified. I'm assuming a bug from this change.

pulumi import on the cli has the following output for the preview, note the duplicated objectId on both the root and nested under policy.

policy           : {
            objectId   : "xxx"
            permissions: {
                certificates: [
                    [0]: "All"
                ]
                keys        : [
                    [0]: "All"
                ]
                secrets     : [
                    [0]: "All"
                ]
            }
            tenantId   : "xxx"
        }
        policy.objectId  : "xxx"
        resourceGroupName: "xxx"
        vaultName        : "xxx"

Attempting to import via code, with Policy.ObjectId set correctly via AccessPolicyEntryArgs:

warning: inputs to import do not match the existing resource; importing this resource will fail
    = azure-native:keyvault:AccessPolicy: (import)
        [id=/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx/accessPolicy/xxx]
        [urn=urn:pulumi:dev::Api::azure-native:keyvault:AccessPolicy::xxx]
        [provider=urn:pulumi:dev::Api::pulumi:providers:azure-native::default_2_59_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
      - policy.objectId: "xxx"