Comments (8)
danielrbradley
commented on August 27, 2024
Hi @rdanno thanks for writing this up.
If I've understood you correctly ... you're using both inline routes (within the RouteTable resource) and standalone route resources. Then when you do a refresh you see discrepencies because the standalone routes are shown as being removed on the RouteTable. Is that correct.
I believe this is a similar issue to #1790
I think the initial resolution here to to avoid creating routes via the RouteTable property and only use the standalone Route resources. The root cause is likely a limitation of the underlying upstream implementation of this provider.
from pulumi-aws.
danielrbradley
commented on August 27, 2024
As noted on the terraform resource, this is a known issue in the upstream provider:
Terraform currently provides both a standalone Route resource and a Route Table resource with routes defined in-line. At this time you cannot use a Route Table with in-line routes in conjunction with any Route resources. Doing so will cause a conflict of rule settings and will overwrite rules.
from pulumi-aws.
rdanno
commented on August 27, 2024
Creating the RouteTable with no routes. Adding routes with Route later.
from pulumi-aws.
danielrbradley
commented on August 27, 2024
Ok, that sounds like it's a different issue to the one noted then. We'll need to investigate the upstream implementation to identify if we can address this there.
from pulumi-aws.
t0yv0
commented on August 27, 2024
I have a repro here that I hope demonstrates the issue, unfortunately it is still present in recent Pulumi.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const exampleAwsVpc = new aws.ec2.Vpc("test", {cidrBlock: "10.1.0.0/16"});
const exampleRouteTable = new aws.ec2.RouteTable("example", {
vpcId: exampleAwsVpc.id,
// routes: [],
tags: {
Name: "example",
},
});
const egress = new aws.ec2.EgressOnlyInternetGateway("egress", {vpcId: exampleAwsVpc.id});
const exampleRoute = new aws.ec2.Route("route1", {
routeTableId: exampleRouteTable.id,
destinationIpv6CidrBlock: "::/0",
egressOnlyGatewayId: egress.id,
});
export const exampleRouteId = exampleRoute.id;After the first pulumi up, RouteTable receives inputs nil but outputs as routes: [].
However refreshing this stack shows a warning that RouteTable wants to register the route:
Refresh shows:
Previewing refresh (dev)
View in Browser (Ctrl+O): https://app.pulumi.com/anton-pulumi-corp/aws-2561/dev/previews/d1c94b52-d216-412f-84c4-774e5f61bc72
Type Name Plan Info
pulumi:pulumi:Stack aws-2561-dev
├─ aws:ec2:EgressOnlyInternetGateway egress
├─ aws:ec2:Vpc test
~ ├─ aws:ec2:RouteTable example update [diff: ~routes]
└─ aws:ec2:Route route1
Resources:
~ 1 to update
4 unchanged
Do you want to perform this refresh?
No resources will be modified as part of this refresh; just your stack's state will be.
details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:dev::aws-2561::pulumi:pulumi:Stack::aws-2561-dev]
~ aws:ec2/routeTable:RouteTable: (update)
[id=rtb-01ff6ea4cd740d0c1]
[urn=urn:pulumi:dev::aws-2561::aws:ec2/routeTable:RouteTable::example]
[provider=urn:pulumi:dev::aws-2561::pulumi:providers:aws::default_6_32_0::c96d3f21-e412-40ac-bfd8-c9677165d4fd]
--outputs:--
~ routes : [
+ [0]: {
+ carrierGatewayId : ""
+ cidrBlock : ""
+ coreNetworkArn : ""
+ destinationPrefixListId: ""
+ egressOnlyGatewayId : "eigw-063e404ff733110ab"
+ gatewayId : ""
+ ipv6CidrBlock : "::/0"
+ localGatewayId : ""
+ natGatewayId : ""
+ networkInterfaceId : ""
+ transitGatewayId : ""
+ vpcEndpointId : ""
+ vpcPeeringConnectionId : ""
}
]
Do you want to perform this refresh?
No resources will be modified as part of this refresh; just your stack's state will be.
[Use arrows to move, type to filter]
yes
> no
details
If the refresh is accepted (our pulumi up --refresh is run), then the system gets into a steady state with clean pulumi preview and refresh, because now the route is duplicated into the outputs of RouteTable as well as into its own resource.
CLI
Version 3.111.1
Go Version go1.22.1
Go Compiler gc
Plugins
NAME VERSION
aws 6.32.0
awsx 2.9.0
docker 4.5.3
docker 3.6.1
nodejs unknown
Host
OS darwin
Version 14.4.1
Arch x86_64
This project is written in nodejs: executable='/Users/t0yv0/bin/node' version='v18.18.2'
Current Stack: anton-pulumi-corp/aws-2561/dev
TYPE URN
pulumi:pulumi:Stack urn:pulumi:dev::aws-2561::pulumi:pulumi:Stack::aws-2561-dev
pulumi:providers:aws urn:pulumi:dev::aws-2561::pulumi:providers:aws::default_6_32_0
aws:ec2/vpc:Vpc urn:pulumi:dev::aws-2561::aws:ec2/vpc:Vpc::test
aws:ec2/egressOnlyInternetGateway:EgressOnlyInternetGateway urn:pulumi:dev::aws-2561::aws:ec2/egressOnlyInternetGateway:EgressOnlyInternetGateway::egress
aws:ec2/routeTable:RouteTable urn:pulumi:dev::aws-2561::aws:ec2/routeTable:RouteTable::example
aws:ec2/route:Route urn:pulumi:dev::aws-2561::aws:ec2/route:Route::route1
Found no pending operations associated with dev
Backend
Name pulumi.com
URL https://app.pulumi.com/anton-pulumi-corp
User anton-pulumi-corp
Organizations anton-pulumi-corp, moolumi, pulumi
Token type personal
Dependencies:
NAME VERSION
@pulumi/awsx 2.9.0
@pulumi/pulumi 3.113.3
@types/node 18.19.31
typescript 5.4.5
@pulumi/aws 6.32.0
Pulumi locates its logs in /var/folders/gk/cchgxh512m72f_dmkcc3d09h0000gp/T/com.apple.shortcuts.mac-helper// by default
from pulumi-aws.
t0yv0
commented on August 27, 2024
This seems to be very similar to #2246 just for a different pair of coupled resources that are not recommended to be used together, there seems to be a pattern going on here. The issue likely reproduces in TF but is less of a problem there because TF does not warn on refresh of this sort and it refreshes by default when apply is called, so after two terraform apply calls the system gets into a steady state.
from pulumi-aws.
t0yv0
commented on August 27, 2024
Similarly to #2246 ignoreChanges is not able to affect refresh, but there is a new feature being developed for an ignoreRefreshChanges flag that is the recommended workaround for 2246 that should work here as well: pulumi/pulumi#16015
from pulumi-aws.
t0yv0
commented on August 27, 2024
Adding pulumi/pulumi-policy-aws#110 to make the NOTE a visible warning for users of AWSGuard.
from pulumi-aws.
Related Issues (20)
- PATCH 0061-Create-Logging-Middleware-for-Lambda-service-that-do.patch
- PATCH 0060-Parallelize-Lambda-Function-resource-operations.patch
- Workflow failure: release HOT 2
- As of 6.37.0 `invocation of aws:rds/getEngineVersion:getEngineVersion returned an error`. HOT 1
- Upgrade terraform-provider-aws to v5.53.0
- Import self-managed certificate to ACM then importing into Pulumi fails HOT 14
- Simplify management of inline policies for IAM roles HOT 3
- Workflow failure: master HOT 1
- FLAKE: TestIMDSAuth/IDMSv2
- When importing self-managed certificate to ACM, remove the `validationMethod` from the code and don't show warning HOT 1
- Workflow failure: release HOT 3
- [Docs] Add note that using `name` property for CloudFront/PublicKey resource may cause dependency issues HOT 2
- [Docs] Add note that when using `triggers` property for ECS/Service resource that the `forceNewDeployment` property has to be set to true as well and there's a missing example.. HOT 3
- Unable to add AWS Managed RuleSets to WAFV2 HOT 2
- Missing credentials error message mentions TF under skipCredentialsValidation
- ALB listener refresh issue HOT 10
- Refresh shows permanent diff for tagsAll in [email protected]
- Upgrade terraform-provider-aws to v5.54.1 HOT 1
- AWS Resource Connectors
- Medialive getInput function HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pulumi-aws.