Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BucketReplicationConfig perpetual differences on refresh #2063

Closed
joffreychambrin opened this issue Jul 25, 2022 · 3 comments
Closed

BucketReplicationConfig perpetual differences on refresh #2063

joffreychambrin opened this issue Jul 25, 2022 · 3 comments
Assignees
@corymhall
Labels
area/refresh bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. kind/bug Some behavior is incorrect or out of spec resolution/wont-fix This issue won't be fixed service/s3 S3-related things (buckets, objects)

Comments

@joffreychambrin
Copy link

joffreychambrin commented Jul 25, 2022
edited
Loading

What happened?

Using BucketReplicationConfig leads to perpetual changes after refreshes

Steps to reproduce

Create the following pulumi program :

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("jcn-test", versioning=aws.s3.BucketVersioningArgs(enabled=True))
destination_bucket = aws.s3.Bucket("jcn-test-destination", versioning=aws.s3.BucketVersioningArgs(enabled=True))
replication_role = aws.iam.Role(
    "replicationRole",
    assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""",
)

replication_bucket_replication_config = aws.s3.BucketReplicationConfig(
    "replicationBucketReplicationConfig",
    role=replication_role.arn,
    bucket=bucket.id,
    rules=[
        aws.s3.BucketReplicationConfigRuleArgs(
            id="foobar",
            filter=aws.s3.BucketReplicationConfigRuleFilterArgs(
                prefix="foo",
            ),
            delete_marker_replication=aws.s3.BucketReplicationConfigRuleDeleteMarkerReplicationArgs(
                    status="Enabled"
                ),
            status="Enabled",
            destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(
                bucket=destination_bucket.arn,
                storage_class="STANDARD",
            ),
        )
    ],
    opts=pulumi.ResourceOptions(depends_on=[bucket]),
)

# Export the name of the bucket
pulumi.export("bucket_name", bucket.id)

Then, launch pulumi up -r multiple times

Expected Behavior

Launching pulumi up -r should have no effect

Actual Behavior

Instead, we have perpetual changes. For example, if I run twice the command

First run :

pulumi up -r --diff
Previewing update (dev)

View Live: https://app.pulumi.com/joffreychambrin/s3test/dev/previews/a7c88cc8-676c-4334-8070-138ec8a05281

~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
    ~ aws:s3/bucket:Bucket: (update)
        [id=jcn-test-9147098]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucket:Bucket::jcn-test]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
      - replicationConfiguration: {
          - role : "arn:aws:iam::994346257716:role/replicationRole-c1dd12b"
          - rules: [
          -     [0]: {
                  - deleteMarkerReplicationStatus: "Enabled"
                  - destination                  : {
                      - bucket                  : "arn:aws:s3:::jcn-test-destination-88749ec"
                      - storageClass            : "STANDARD"
                    }
                  - filter                       : {
                      - prefix: "foo"
                    }
                  - id                           : "foobar"
                  - priority                     : 0
                  - status                       : "Enabled"
                }
            ]
        }
Resources:              
    ~ 1 to update
    4 unchanged

Second run :

~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
    ~ aws:s3/bucketReplicationConfig:BucketReplicationConfig: (refresh)
        [id=jcn-test-9147098]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucketReplicationConfig:BucketReplicationConfig::replicationBucketReplicationConfig]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
        --outputs:--
      - bucket: "jcn-test-9147098"
      - id    : "jcn-test-9147098"
      - role  : "arn:aws:iam::994346257716:role/replicationRole-c1dd12b"
      - rules : [
      -     [0]: {
              - deleteMarkerReplication  : {
                  - status: "Enabled"
                }
              - destination              : {
                  - bucket                  : "arn:aws:s3:::jcn-test-destination-88749ec"
                  - storageClass            : "STANDARD"
                }
              - filter                   : {
                  - prefix: "foo"
                }
              - id                       : "foobar"
              - priority                 : 0
              - status                   : "Enabled"
            }
        ]
    ~ aws:s3/bucket:Bucket: (refresh)
        [id=jcn-test-destination-88749ec]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucket:Bucket::jcn-test-destination]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
    ~ aws:iam/role:Role: (refresh)
        [id=replicationRole-c1dd12b]
        [urn=urn:pulumi:dev::s3test::aws:iam/role:Role::replicationRole]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
    ~ aws:s3/bucket:Bucket: (refresh)
        [id=jcn-test-9147098]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucket:Bucket::jcn-test]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
    + aws:s3/bucketReplicationConfig:BucketReplicationConfig: (create)
        [urn=urn:pulumi:dev::s3test::aws:s3/bucketReplicationConfig:BucketReplicationConfig::replicationBucketReplicationConfig]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
        bucket    : "jcn-test-9147098"
        role      : "arn:aws:iam::994346257716:role/replicationRole-c1dd12b"
        rules     : [
            [0]: {
                deleteMarkerReplication: {
                    status    : "Enabled"
                }
                destination            : {
                    bucket      : "arn:aws:s3:::jcn-test-destination-88749ec"
                    storageClass: "STANDARD"
                }
                filter                 : {
                    prefix    : "foo"
                }
                id                     : "foobar"
                status                 : "Enabled"
            }
        ]

Versions used

CLI
Version 3.36.0
Go Version go1.18.4
Go Compiler gc

Host
OS darwin
Version 12.4
Arch arm64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@joffreychambrin joffreychambrin added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Jul 25, 2022
@viveklak
Copy link
Contributor

@joffreychambrin Thanks for opening the issue. This is interesting. I am not entirely sure how the replication config is being recorded in the state for a bucket when it is a separate resource while a read on the resource doesn't return the replication config. We will investigate but for the timebeing, could you add an ignoreChanges clause for replicationConfiguration for the bucket resource? That should avoid the spurious diff.

@viveklak viveklak removed the needs-triage Needs attention from the triage team label Jul 27, 2022
@joffreychambrin
Copy link
Author

Thanks @viveklak ! Indeed, adding the ignoreChanges fixed my problem

@mikhailshilkov mikhailshilkov added the bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. label Nov 8, 2023
@t0yv0 t0yv0 added the service/s3 S3-related things (buckets, objects) label May 6, 2024
@corymhall corymhall added the resolution/wont-fix This issue won't be fixed label Jan 16, 2025
@corymhall corymhall self-assigned this Jan 16, 2025
@corymhall
Copy link
Contributor

Checking this now and the issue still occurs on Bucket, but it does not occur on BucketV2. Closing this as won't fix since BucketV2 is what users should be using going forward and Bucket will not be receiving any enhancements.

"""An AWS Python Pulumi program"""

import pulumi
import pulumi_aws as aws

bucket = aws.s3.BucketV2(
    "chall-test",
)

aws.s3.BucketVersioningV2(
    "chall-test-versioning",
    bucket=bucket.id,
    versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(
        status="Enabled"
    ),
)
destination_bucket = aws.s3.BucketV2(
    "chall-test-destination",
)
aws.s3.BucketVersioningV2(
    "chall-test-dest-versioning",
    bucket=destination_bucket.id,
    versioning_configuration=aws.s3.BucketVersioningV2VersioningConfigurationArgs(
        status="Enabled"
    ),
)
replication_role = aws.iam.Role(
    "replicationRole",
    assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""",
)

replication_bucket_replication_config = aws.s3.BucketReplicationConfig(
    "replicationBucketReplicationConfig",
    role=replication_role.arn,
    bucket=bucket.id,
    rules=[
        aws.s3.BucketReplicationConfigRuleArgs(
            id="foobar",
            filter=aws.s3.BucketReplicationConfigRuleFilterArgs(
                prefix="foo",
            ),
            delete_marker_replication=aws.s3.BucketReplicationConfigRuleDeleteMarkerReplicationArgs(
                status="Enabled"
            ),
            status="Enabled",
            destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(
                bucket=destination_bucket.arn,
                storage_class="STANDARD",
            ),
        )
    ],
    opts=pulumi.ResourceOptions(depends_on=[bucket]),
)

# Export the name of the bucket
pulumi.export("bucket_name", bucket.id)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@corymhall corymhall

Labels
area/refresh bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. kind/bug Some behavior is incorrect or out of spec resolution/wont-fix This issue won't be fixed service/s3 S3-related things (buckets, objects)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@t0yv0 @stack72 @viveklak @mikhailshilkov @corymhall @joffreychambrin