-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wafv2 rules are modified on every up. #3880
Labels
bug/diff
kind/bug related to Pulumi generating wrong diffs on preview or up.
kind/bug
Some behavior is incorrect or out of spec
resolution/fixed
This issue was fixed
service/wafv2
Issues with aws.wafv2 resources
Comments
gmarkowski
added
kind/bug
Some behavior is incorrect or out of spec
needs-triage
Needs attention from the triage team
labels
Apr 30, 2024
t0yv0
added
service/wafv2
Issues with aws.wafv2 resources
bug/diff
kind/bug related to Pulumi generating wrong diffs on preview or up.
and removed
needs-triage
Needs attention from the triage team
labels
Apr 30, 2024
Complete repro: import * as aws from "@pulumi/aws";
const allowedIpSet = new aws.wafv2.IpSet("example", {
name: "example",
description: "Example IP set",
scope: "REGIONAL",
ipAddressVersion: "IPV4",
addresses: [
"1.2.3.4/32",
"5.6.7.8/32",
],
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
});
const mainAcl = new aws.wafv2.WebAcl("main-acl", {
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "myWebAclMetrics",
sampledRequestsEnabled: false,
},
captchaConfig: {
immunityTimeProperty: {
immunityTime: 1800
}
},
tokenDomains: [],
rules: [
{
action: {
block: {},
},
name: "IPAllowRule",
priority: 0,
statement: {
ipSetReferenceStatement: {
arn: allowedIpSet.arn,
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "IPAllowRule",
sampledRequestsEnabled: true,
},
},
]
}); |
This was referenced Apr 30, 2024
t0yv0
added a commit
to pulumi/pulumi-terraform-bridge
that referenced
this issue
May 6, 2024
With AWS 3880 there is some evidence (derivation in #1917) that sometimes TF has entries in the InstanceDiff.Attributes while still planning to take the resource to the end-state that is identical to the original state. IN these cases, TF does not display a diff but Pulumi does. The root cause here remains unfixed (#1895) - Pulumi bridge is editing terraform-pulgin-sdk to expose the InstanceDiff structure to connect it to the makeDetailedDiff machinery. Pulumi should, like TF, stick to the gRPC protocol and rely only on the PlannedState value. We can incrementally approach the desired behavior with this change though which detects PlannedState=PriorState case and suppresses any diffs in this case. Fixes: - pulumi/pulumi-aws#3880 - pulumi/pulumi-aws#3306 - pulumi/pulumi-aws#3190 - pulumi/pulumi-aws#3454 --------- Co-authored-by: Venelin <venelin@pulumi.com>
We are also running into this issue so we are looking forward to a fix for this 😃 |
This was fixed in #3948. It'll be released in release 6.36.0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
bug/diff
kind/bug related to Pulumi generating wrong diffs on preview or up.
kind/bug
Some behavior is incorrect or out of spec
resolution/fixed
This issue was fixed
service/wafv2
Issues with aws.wafv2 resources
What happened?
I created a new wafv2.WebAcl. Everything gets built properly but subsequent
pulumi up
commands output differences in that are unexpected. I also see some changes doubled. SeecloudwatchMetricsEnabled
andmetricName
in the output below.Example
Output of
pulumi about
Additional context
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: