Allow dynamic configuration as a default for input variables

[mitchellh]

This allows the default value for a variable stanza to use the configdynamic() function to source default values from any supported config source. You can now, for example, source data from Vault to use within your waypoint.hcl file. Previously, configdynamic could only be used to set application configuration (env vars and files that appear only to your app).

One limitation (by design): This only works with remote runners. This is the only way we can guarantee consistency in plugin versions and protects against some secrets spilling onto local machines. However, you may use a local runner if you manually override the default value with something like -var or a wpvars file. You only cannot use local mode if the dynamic value must be fetched.

null Config Source

This PR also introduces a new plugin null with a single component for now: a config sourcer. This is used for testing but will be generally available for people to use. I think this is useful for experimentation and learning how config sourcing works without having to deal with the complexities of a remote system.

I mixed it with this PR because I used this to manually test (in addition to the unit tests) that this works.

Known Issues or Improvements

It's becoming harder and harder to know what variable values are used for a job. This exacerbates that but doesn't introduce this problem. In the future, we want to send back information about where variable values are coming from (and perhaps what they are).

[izaaklauer]

Looks great! The null config sourcer makes testing this way easier. Looking forward to running a test from the stories pulling an arn in from TFC too.

[izaaklauer]

I was wondering how you'd handle types - requiring an hcl conversion is a good idea for now I think, and we can do fancier typing in the future if we want to. I was kind of dreading handling the object type.

[mitchellh]

I think strings are the way to go.

For numerics, HCL is arbitrary precision numbers too so any floats will work fine and easy to convert.
For boolean, easy to use tobool (uses strconv.parseBool)
For objects, easy to use yamldecode jsondecode jsonnetdecode etc. depending on format, and easy to add new format support if they have it.

[izaaklauer]

Puritanical point: Now that the configsourcers are called in the variable system, it feels a little weird for their core logic to still live inside the appconfig package. It feels better for me for that logic to live somewhere else, and be invoked both inside variables and appconfig. Not a big deal though.

[mitchellh]

Is this just a package naming thing? I think the role of appconfig package is still totally right, we can maybe just rename the package to something like externalconfig or something.

[izaaklauer]

Maybe a better example of the weirdness is that the variable system has to pretend that it's receiving config files (here and here), when really it's just getting string values back from the configsourcer plugins.

I think we might eventually want a new externalconfig or dynamicvalues package that invokes the plugins, and both the variables and appconfig could use it.

[mitchellh]

I agree the files thing is weird, @evanphx noted that too. I think if we just change it to have a way to accept strings directly I still think this package is the right structure. It is requesting a "config var" in my mind.

[izaaklauer]

For posterity: If we wind up having to do this again down the road, it might make sense to make a "one-shot" configsourcer invoke mode, so you don't need to spool up a whole watcher and associated channels to get one value from the plugins. The watcher might even be able to call that one-shot logic internally.

[mitchellh]

Yeah, on my mind too.

[izaaklauer]

I think this ok for now. I'd be surprised if there are many users sophisticated enough to be using these dynamic variables, but haven't set up the remote server/runner infra yet.

[mitchellh]

Exactly, so I think this is good forever. This just gives people a nice error message.

[izaaklauer]

A little spooky that this security check depends on the runner not lying to us about what type it is. I think we'll address this in the future with a more formal runner registration/approval process though?

[mitchellh]

Yep!

[izaaklauer]

Good catch

[mitchellh]

Yeah not a big deal, just makes UX nicer. Since the dynamic type is an encapsulated value it can't be used for anything so its basically a poison pill. If anyone tried to use it for any values it'd just give an obscure HCL type error message. This just helps prevent that.

[denysvitali]

I seem to understand that this is a fix for #1553, is that correct?

[evanphx]

Nice and tidy! One request to inform the user if the appconfig watcher takes more than a second or two when trying to resolve the dynamic values.

[evanphx]

At some point, we should make that flatten logic that NameIsPath implies selectable more obviously.

[mitchellh]

Yes, agreed, a bit of a hack.