SES Template not deleted after delete

[Jimmy89]

What happened?

Found when debugging https://github.com/pulumi/pulumi-aws-native/issues/834

If you replace an aws.ses.Template, the 'old' template will be listed by pulumi as deleted. However, it is not!

Expected Behavior

The template to have been deleted after being replaced.

Steps to reproduce

Create a template with:

const reminderEveryWeekTemplate = new aws.ses.Template("weekly-reminder-template", {template: {
  templateName: "SomeName",
  subjectPart: "SUBJECT",
  textPart: "Hello",
  htmlPart: "<b>Hello</b>",
}}, { replaceOnChanges: ["template.templateName"] }); // <-- replaceOnChanges added to trigger replacement as workaround on https://github.com/pulumi/pulumi-aws-native/issues/834

Then change the templateName value SomeName into SomeOtherName, re-run pulumi, check the output (should state "replaced"). Go to AWS SES service in the region it was created, click on "Email templates" and see that "SomeName" co-exists next to "SomeOtherName".

Output of pulumi about

Dependencies:
NAME                VERSION
@pulumi/aws-native  0.52.0
@pulumi/pulumi      3.57.1
@pulumi/random      4.11.2

Additional context

Part of output, stating it is replaced:

     Type                        Name                                   Status                  Info
 +-  ├─ aws-native:ses:Template  weekly-reminder-template               replaced (2s)           [diff: ~template]

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[danielrbradley]

I've just reproduced this locally with debugger attached and see the following:

1. DeleteResource is called with:
   1. TypeName: AWS::SES::Template
   2. Identifier: SomeName
   3. ClientToken set to relevant value
   4. RoleArn: nil
2. Delete result is OK
3. waitForResourceOpCompletion returns progress event with:
   1. ErrorCode: "NotFound"
   2. Identifier: *"SomeName"
   3. Operation: "DELETE"
   4. OperationStatus: "FAILED"
   5. ResourceModel: *string nil
   6. RetryAfter: *time.Time nil
   7. StatusMessage: *"Resource of type 'AWS::SES::Template' with identifier 'null' was not found."
   8. TypeName: *"AWS::SES::Template"
4. We treat a "NotFound" during a delete operation as successful as it's already been deleted so we continue.

This appears it could be a service-side issue as I can confirm the resource is there in the console. Specifically, the response that comes back has the identifier set, but the error messge indicates they interpreted the identifier as null.

[danielrbradley]

This issue is not limited to replacements - all delete operations fail with NotFound.

Interestingly, in the console there is also no way to delete an SES template, so this might just be how SES templates work - they are not deletable. Awaiting confirmation from AWS as to root cause.

[Jimmy89]

@danielrbradley thank you for your analysis. SES templates are deletable, but only through the cli (and the aws-classic pulumi package). Through the console SES template cannot be viewed, changed, created or delete.

Example code with aws-classic that does replace (delete) the template:

new awsClassic.ses.Template("weekly-reminder-template", {
  name: "SomeName",
  subject: "SUBJECT",
  text: "Hello",
  html: "<b>Hello</b>",
});

For the cli you have to use delete-template link

[danielrbradley]

Interesting, ok this just looks like an issue in CloudControl then

[Jimmy89]

@danielrbradley has there been any feedback from your AWS ticket on the matter? I have no clue what the usual response times are from AWS with their Cloud Control service.

[danielrbradley]

Unfortunately there's been no response yet.

[Jimmy89]

@danielrbradley Has there been any feedback from AWS about this issue?

[corymhall]

Still an issue. Created an issue upstream to track https://github.com/aws-cloudformation/cloudformation-coverage-roadmap/issues/2133