search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
432 stars 153 forks source link

RDS | EnabledCloudwatchLogsExports Reorder #1065

Open jkrusic19 opened 3 years ago

jkrusic19 commented 3 years ago

Hello,

Summary of issue: When using the AWS Provider for RDS in C# if I specify EnabledCloudwatchLogExports in the List it requires. It creates the resources as expected initially. Any subsequent pulumi up causes an (update) on the resource even with no changes.

Code Sample:

var rdsCluster = new RDS.Cluster(
                $"{rdsargs.environment}-{rdsargs.application}-{rdsargs.service}-rds-cluster", new RDS.ClusterArgs()
            {
                ApplyImmediately = rdsargs.DatabaseChangeApplyImmediate,
                DatabaseName = rdsargs.DatabaseName,
                ClusterIdentifierPrefix = $"{rdsargs.environment}-{rdsargs.application}-{rdsargs.service}",
                DbClusterParameterGroupName = ClusterParameterGroup.Name,
                DbSubnetGroupName = ClusterDBSubnetGroup.Name,
                EnabledCloudwatchLogsExports =
                {
                    "audit",
                    "error",
                    "slowquery",
                    "general"
                },
                MasterUsername = "admin",
                MasterPassword = new Random.RandomPassword($"{rdsargs.environment}-{rdsargs.application}-{rdsargs.service}-rds-passwd", new Random.RandomPasswordArgs()
                {
                    Length = 16,
                    Special = true,
                    OverrideSpecial = "_%@"
                }).Result,
                Engine = dbFamily,
                EngineVersion = dbengine[1],
                IamRoles =
                {
                  rdsargs.DatabaseRoleArn  
                },
                PreferredBackupWindow = "21:00-01:45",
                PreferredMaintenanceWindow = "Mon:02:00-Mon:04:15",
                StorageEncrypted = true,
                VpcSecurityGroupIds =
                {
                    rdsSg.Id
                }
            });

​ Output of Diff after initial deployment of resource, so second pulumi up: ​

~ aws:rds/cluster:Cluster: (update)
        [id=sandbox-eclipse-firm20200807145700776800000001]
        [urn=urn:pulumi:sandbox::test::aws:rds/cluster:Cluster::sandbox-test-me-rds-cluster]
        [provider=urn:pulumi:sandbox::eclipse::pulumi:providers:aws::default_2_11_0::142bd0f8-dac1-4460-9078-cb0b8a5b8ead]
      ~ enabledCloudwatchLogsExports: [
            [0]: <null>
            [1]: <null>
          **_~ [2]: "general" => "slowquery"
          ~ [3]: "slowquery" => "general"**

+-aws:rds/clusterInstance:ClusterInstance: (replace) - **This is actually false, there is no replacement at all it just updates the LogExports.**
        [id=tf-20200807145745967200000003]
        [urn=urn:pulumi:sandbox::test::aws:rds/clusterInstance:ClusterInstance::sandbox-test-me-db-instance-2]
        [provider=urn:pulumi:sandbox::test::pulumi:providers:aws::default_2_11_0::142bd0f8-dac1-4460-9078-cb0b8a5b8ead]
      ~ clusterIdentifier: "sandbox-test-me20200807145700776800000001" => output<string>

Expect: Upon pulumi up I expect zero changes to occur.

lukehoban commented 3 years ago

Out of curiosity, if you change the order in your program, does that prevent the diff from being reported? It appears that the underlying provider is expecting these to be in alphabetical order perhaps? We’ll need to look deeper to understand whether there’s an issue in the cloud provider, in the upstream provider, or in pulumi’s mapping of this.

jkrusic19 commented 3 years ago

@lukehoban looks like you are correct, something is expecting alphabetical order. When place structured as the following, no updates are required.

EnabledCloudwatchLogsExports = { "audit", "error", "general", "slowquery" }

iwahbe commented 1 year ago

EnabledCloudwatchLogsExports is a set in the underlying provider. I expect that is the source of the bug.