PRC failures in AWS #4410
Comments
VenelinMartinov
added
the
kind/engineering
|
Tags might need normTags from https://github.com/pulumi/pulumi-aws/pull/4013/files#diff-2e4fffe32720b3d310b4336cfdde6519ab1bf6d9e0d82b418299817fdf42a29fR205 RDSInstance was I recall a problem with moot test setup, might need workaround from 4013 as well. |
|
The rest look new to me. |
|
{
"method": "/pulumirpc.ResourceProvider/Diff",
"request": {
"id": "res-771212f",
"urn": "urn:pulumi:test::test-aws-legacy::aws:s3/bucket:Bucket::res",
"olds": {
"__meta": "{\"schema_version\":\"0\"}",
"accelerationStatus": "",
"acl": null,
"arn": "arn:aws:s3:::res-771212f",
"bucket": "res-771212f",
"bucketDomainName": "res-771212f.s3.amazonaws.com",
"bucketPrefix": null,
"bucketRegionalDomainName": "res-771212f.s3.us-west-2.amazonaws.com",
"corsRules": [],
"forceDestroy": null,
"grants": [],
"hostedZoneId": "Z3BJ6K6RIION7M",
"id": "res-771212f",
"lifecycleRules": [],
"loggings": [],
"objectLockConfiguration": null,
"policy": null,
"region": "us-west-2",
"replicationConfiguration": null,
"requestPayer": "BucketOwner",
"serverSideEncryptionConfiguration": {
"rule": {
"applyServerSideEncryptionByDefault": {
"kmsMasterKeyId": "",
"sseAlgorithm": "AES256"
},
"bucketKeyEnabled": false
}
},
"tags": {
"GlobalTag": "bar",
"LocalTag": "foo"
},
"tagsAll": {
"GlobalTag": "bar",
"LocalTag": "foo"
},
"versioning": {
"enabled": false,
"mfaDelete": false
},
"website": null,
"websiteDomain": null,
"websiteEndpoint": null
},
"news": {
"__defaults": [
"acl",
"bucket",
"forceDestroy"
],
"acl": "private",
"bucket": "res-771212f",
"forceDestroy": false,
"tags": {
"GlobalTag": "bar",
"LocalTag": "foo"
},
"tagsAll": {
"GlobalTag": "bar",
"LocalTag": "foo"
}
},
"oldInputs": {
"__defaults": [],
"acl": null,
"arn": "arn:aws:s3:::res-771212f",
"bucket": "res-771212f",
"forceDestroy": null,
"hostedZoneId": "Z3BJ6K6RIION7M",
"requestPayer": "BucketOwner",
"serverSideEncryptionConfiguration": {
"__defaults": [],
"rule": {
"__defaults": [],
"applyServerSideEncryptionByDefault": {
"__defaults": [],
"sseAlgorithm": "AES256"
}
}
},
"tags": {
"GlobalTag": "bar",
"LocalTag": "foo",
"__defaults": []
},
"tagsAll": {
"GlobalTag": "bar",
"LocalTag": "foo",
"__defaults": []
}
}
},
"response": {
"stables": [
"bucket",
"bucketPrefix"
],
"changes": "DIFF_SOME",
"diffs": [
"acl",
"forceDestroy"
],
"detailedDiff": {
"acl": {},
"forceDestroy": {}
},
"hasDetailedDiff": true
},
"metadata": {
"kind": "resource",
"mode": "client",
"name": "aws"
}
}The diff seems legitimate - the properties are non-computed and not set in the initial |
|
{
"method": "/pulumirpc.ResourceProvider/Diff",
"request": {
"id": "tested-resource-0268e11",
"urn": "urn:pulumi:test::test::aws:eks/cluster:Cluster::tested-resource",
"olds": {
"__meta": "{\"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0\":{\"create\":1800000000000,\"delete\":900000000000,\"update\":3600000000000}}",
"arn": "arn:aws:eks:us-west-2:616138583583:cluster/tested-resource-0268e11",
"certificateAuthorities": [
{
"data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJSUovTzc1dkYzSEl3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpFd01EVXlNVFE0TlRkYUZ3MHpNekV3TURJeU1UUTROVGRhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURQT0ZiVGFnbUY2d2Y5SWs3L0d0VEdmU09VaVIwQUo1aDZUUktEcXk1NE9xWFJVQVpCNEwxTDZvYnkKVHdHLzFaNGJlM3U1bm9GdUVZdUEyTEltRlhKTVZ1eHI0OXV6U1BsWkk2eXZuZTVaWkVkZG5aclVWTjl4U00rdQpjakxrZEYwRXh6SnIrU1BZaXphQVQweG44YUtRRXlROHZvZm1zcml4YWJpY0ZwSW1TdmF3OWdMZnBpMXZwYXRwClJraW1NK202a1lWeGFZS1dUUUJBbnRVTzk3MXlWbVJvR1ZkOVZscU0rQ2NPS0svQml4NG5qYzNXNFZjWnZDZEcKMjVmei9hR2trdFA2SkxONnJ0TUlUN3ZWNkhXWklhMU1Sak85cmR4OXFqVVJMT3Z3akhnLytyZkhTQTR1ZDlxYQpOUjZxZUhSMUlTN1RJdmZzRlF3Z3p1WDFrRlh4QWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTYno4SjRVck9Fam8xcHl0OFZPenVKakVIbGdUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkRJT0ZlWGRIVApUZmhUQlAyYlFpSkVDa24xenk5NTBpQTZUM3RsajBPOW9tTDVRUHB5dTVXWHkxRUlkbkNIdkl6QVl1RkhxZ0swClVLUFgxdURmOG02QWJPdUxteFJBNFFpc2NrNWJBQmN6Q1lienhJM3NGRkUzQ2hONHBpblB5QVhoUUFJd1FFUXkKVzNSUGQ0Mlh5WXVKTTRITTBJS0RDZ2dCNGhEWEtQRFlPWHQ3a0Zab1I4MmNCaVpVa3BqUUpSUG9Yd0ZCcElYcQoxczN3U1JHZTRRSW5OWHdMQlpCMTVaM01lYkpkU01MQWloRUpTY3J5MWRhZXhrQ1dTMUMrY1kxN2FWaEhld0pGCmx2am1NSzJxRTl4Rm85RmgzV2xTbEVnc3FZU0dNUXFxc2RlNmtYNDVlYzBRM1dab0pEZGtnZ3BwckJ2eGV2aGsKVnV0MFJ3QmJTS2pyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
}
],
"certificateAuthority": {
"data": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCVENDQWUyZ0F3SUJBZ0lJSUovTzc1dkYzSEl3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TXpFd01EVXlNVFE0TlRkYUZ3MHpNekV3TURJeU1UUTROVGRhTUJVeApFekFSQmdOVkJBTVRDbXQxWW1WeWJtVjBaWE13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLCkFvSUJBUURQT0ZiVGFnbUY2d2Y5SWs3L0d0VEdmU09VaVIwQUo1aDZUUktEcXk1NE9xWFJVQVpCNEwxTDZvYnkKVHdHLzFaNGJlM3U1bm9GdUVZdUEyTEltRlhKTVZ1eHI0OXV6U1BsWkk2eXZuZTVaWkVkZG5aclVWTjl4U00rdQpjakxrZEYwRXh6SnIrU1BZaXphQVQweG44YUtRRXlROHZvZm1zcml4YWJpY0ZwSW1TdmF3OWdMZnBpMXZwYXRwClJraW1NK202a1lWeGFZS1dUUUJBbnRVTzk3MXlWbVJvR1ZkOVZscU0rQ2NPS0svQml4NG5qYzNXNFZjWnZDZEcKMjVmei9hR2trdFA2SkxONnJ0TUlUN3ZWNkhXWklhMU1Sak85cmR4OXFqVVJMT3Z3akhnLytyZkhTQTR1ZDlxYQpOUjZxZUhSMUlTN1RJdmZzRlF3Z3p1WDFrRlh4QWdNQkFBR2pXVEJYTUE0R0ExVWREd0VCL3dRRUF3SUNwREFQCkJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTYno4SjRVck9Fam8xcHl0OFZPenVKakVIbGdUQVYKQmdOVkhSRUVEakFNZ2dwcmRXSmxjbTVsZEdWek1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQkRJT0ZlWGRIVApUZmhUQlAyYlFpSkVDa24xenk5NTBpQTZUM3RsajBPOW9tTDVRUHB5dTVXWHkxRUlkbkNIdkl6QVl1RkhxZ0swClVLUFgxdURmOG02QWJPdUxteFJBNFFpc2NrNWJBQmN6Q1lienhJM3NGRkUzQ2hONHBpblB5QVhoUUFJd1FFUXkKVzNSUGQ0Mlh5WXVKTTRITTBJS0RDZ2dCNGhEWEtQRFlPWHQ3a0Zab1I4MmNCaVpVa3BqUUpSUG9Yd0ZCcElYcQoxczN3U1JHZTRRSW5OWHdMQlpCMTVaM01lYkpkU01MQWloRUpTY3J5MWRhZXhrQ1dTMUMrY1kxN2FWaEhld0pGCmx2am1NSzJxRTl4Rm85RmgzV2xTbEVnc3FZU0dNUXFxc2RlNmtYNDVlYzBRM1dab0pEZGtnZ3BwckJ2eGV2aGsKVnV0MFJ3QmJTS2pyCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
"createdAt": "2023-10-05 21:44:26.403 +0000 UTC",
"enabledClusterLogTypes": [],
"encryptionConfig": null,
"endpoint": "https://89180AEA318B417FC070BC1183C35AB4.gr7.us-west-2.eks.amazonaws.com",
"id": "tested-resource-0268e11",
"identities": [
{
"oidcs": [
{
"issuer": "https://oidc.eks.us-west-2.amazonaws.com/id/89180AEA318B417FC070BC1183C35AB4"
}
]
}
],
"kubernetesNetworkConfig": {
"ipFamily": "ipv4",
"serviceIpv4Cidr": "172.20.0.0/16",
"serviceIpv6Cidr": ""
},
"name": "tested-resource-0268e11",
"outpostConfig": null,
"platformVersion": "eks.5",
"roleArn": "arn:aws:iam::616138583583:role/ekscluster1role-6da3f8e",
"status": "ACTIVE",
"tags": {},
"tagsAll": {},
"version": "1.27",
"vpcConfig": {
"clusterSecurityGroupId": "sg-0845b6841e1f4157c",
"endpointPrivateAccess": false,
"endpointPublicAccess": true,
"publicAccessCidrs": [
"0.0.0.0/0"
],
"securityGroupIds": [],
"subnetIds": [
"subnet-0569afbec481e91ea",
"subnet-01397ef1aa6010338"
],
"vpcId": "vpc-08e15731978bce209"
}
},
"news": {
"__defaults": [
"bootstrapSelfManagedAddons",
"name"
],
"bootstrapSelfManagedAddons": true,
"name": "tested-resource-0268e11",
"roleArn": "arn:aws:iam::616138583583:role/ekscluster1role-6da3f8e",
"vpcConfig": {
"__defaults": [
"endpointPrivateAccess",
"endpointPublicAccess"
],
"endpointPrivateAccess": false,
"endpointPublicAccess": true,
"subnetIds": [
"subnet-01397ef1aa6010338",
"subnet-0569afbec481e91ea"
]
}
},
"oldInputs": {
"__defaults": [
"name"
],
"name": "tested-resource-0268e11",
"roleArn": "arn:aws:iam::616138583583:role/ekscluster1role-6da3f8e",
"vpcConfig": {
"__defaults": [
"endpointPrivateAccess",
"endpointPublicAccess"
],
"endpointPrivateAccess": false,
"endpointPublicAccess": true,
"subnetIds": [
"subnet-01397ef1aa6010338",
"subnet-0569afbec481e91ea"
]
}
}
},
"response": {
"replaces": [
"bootstrapSelfManagedAddons"
],
"stables": [
"name",
"roleArn"
],
"changes": "DIFF_SOME",
"diffs": [
"bootstrapSelfManagedAddons"
],
"detailedDiff": {
"bootstrapSelfManagedAddons": {
"kind": "ADD_REPLACE"
}
},
"hasDetailedDiff": true
},
"metadata": {
"kind": "resource",
"mode": "client",
"name": "aws"
}
}We had similar issues with pulumi-azure - this likely repores in TF under -refrash=false but not under -refresh=true. The workaround there was to add a Raised #4415 EDIT: As @flostadler correctly pointed out, the TF provider actually handles this one with a migration. Unfortunately we do not run it due to pulumi/pulumi-terraform-bridge#2039. Fixed with #4416 |
|
|
|
The EKS Cluster issue is not fixed by re-enabling migrations pulumi/pulumi-terraform-bridge#2039 We still hit pulumi/pulumi-terraform-bridge#1667 - the bridge recovers the state using the new schema and puts an explicit nil value for the new property |
The eks:Cluster resource has received a new parameter with ForceNew and a default. When upgrading from an old version before the parameter was added this triggers a replace. This PR adds a workaround for that - when the state is read the `bootstrapSelfManagedAddons` parameter is added with its default value if not present. covered by `TestEKSClusterUpgrade` partially fixes #4410 stacked on #4403
|
EKS Cluster replacement is fixed but it looks like there's ~10 resources in AWS which might have similar state upgrades: https://github.com/search?q=repo%3Ahashicorp%2Fterraform-provider-aws%20StateUpgraders&type=code Some of the more notable ones are However most of them are not ForceNew (incl the rds resources) - this meansa diff should be triggered but not a replace. I did find two with ForceNew: |
Describe what happened
Multiple test failures when enabling PRC in AWS:
fixed in Fix eks cluster PRC replace #4415Issue with migrations not being run, fixed in Enable zero default schema version in AWS #4416)related to pulumi/pulumi-terraform-bridge#1785
Sample program
#4403
Log output
No response
Affected Resource(s)
No response
Output of
pulumi about.
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: