Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wafv2.WebAcl: tweak Set identity to suppress resource cycling #3897

Closed
wants to merge 3 commits into from
Closed

wafv2.WebAcl: tweak Set identity to suppress resource cycling #3897

wants to merge 3 commits into from

Conversation

t0yv0
Copy link
Member

@t0yv0 t0yv0 commented May 6, 2024
edited
Loading

Fixes #3880

Deep investigation in pulumi/pulumi-terraform-bridge#1917 - the root cause bottoms out at inconsistent set element identity computed by the bridge as well as Terraform proper; there is some slight discrepancy in how the bridged providers work compared to pure TF that makes the result poor in Pulumi, however even under TF there are two different values computed for what the user perceives as the same data. This is a surgical change to that makes the set identity indifferent to whether block.custom_response is encoded as missing or an empty list, which works around the problem.

@t0yv0 t0yv0 changed the title Diff customizer and test wafv2.WebAcl: tweak Set identity to suppress resource cycling May 6, 2024
@t0yv0
Fix wafv2.WebAcl resource cycling
bc4497d 
Customize set element identity function for WebAcl.Rule to ignore benign differences.
@t0yv0 t0yv0 force-pushed the t0yv0/fix-wafv2-drift branch from 73f5e0b to bc4497d Compare May 6, 2024 14:17
@t0yv0 t0yv0 requested a review from corymhall May 6, 2024 14:17
@github-actions GitHub Actions
Copy link

github-actions bot commented May 6, 2024

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

Maintainer note: consult the runbook for dealing with any breaking changes.

@github-actions GitHub Actions
Copy link

github-actions bot commented May 6, 2024

Is README.md missing any configuration options?

assumeRoleWithWebIdentity not found in Configuration section
customCaBundle not found in Configuration section
defaultTags not found in Configuration section
ec2MetadataServiceEndpoint not found in Configuration section
ec2MetadataServiceEndpointMode not found in Configuration section
httpProxy not found in Configuration section
httpsProxy not found in Configuration section
ignoreTags not found in Configuration section
noProxy not found in Configuration section
retryMode not found in Configuration section
s3UsEast1RegionalEndpoint not found in Configuration section
sharedConfigFiles not found in Configuration section
skipRequestingAccountId not found in Configuration section
stsRegion not found in Configuration section
tokenBucketRateLimiterCapacity not found in Configuration section
useDualstackEndpoint not found in Configuration section

Please add a description for each of these options to README.md. Details about them can be found in either the upstream docs or schema.json.

@t0yv0 t0yv0 marked this pull request as ready for review May 6, 2024 14:48
@t0yv0 t0yv0 mentioned this pull request May 6, 2024
Closed
@t0yv0
Copy link
Member Author

t0yv0 commented May 6, 2024

Closing in favor of pulumi/pulumi-terraform-bridge#1927

@t0yv0 t0yv0 closed this May 6, 2024
@t0yv0
Copy link
Member Author

t0yv0 commented May 10, 2024

This was actually fundamentally incorrect per recent conversation - @corymhall - excluding elements from Set function will make changes to these elements always result in no-diff plans which is ultimately incorrect.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@corymhall corymhall Awaiting requested review from corymhall

Assignees

@t0yv0 t0yv0

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

wafv2 rules are modified on every up.
1 participant
@t0yv0