search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
459 stars 155 forks source link

Buckets that use versioning can't be deleted #1132

Closed squarebracket closed 1 year ago

squarebracket commented 4 years ago

It seems that pulumi cannot automatically delete buckets that have versioned contents. When attempting to pulumi destroy stacks with such buckets, pulumi stays in the deleting... phase forever. If I open up the S3 console and manually delete all content -- including all versions -- then pulumi destroy completes successfully.

Note that this is NOT an issue with forceDestroy -- it is set to true in my stack.

Someone on slack pointed me to this page, which says that buckets cannot be deleted if they have > 100,000 objects or have versioning enabled. It sounds as if the API should return a failure code, though that's not stated declaratively and I haven't tried the manual operation through e.g. the aws cli.

I realize it would likely be tricky to have pulumi delete all the bucket content for you, but perhaps an error could be thrown (if indeed the operation does result in a failure code) or a warning that the program may hang could be printed (if the actual API call itself hangs).

lukehoban commented 1 year ago

I expect this was fixed with https://github.com/hashicorp/terraform-provider-aws/pull/24020.

nebbles commented 1 year ago

@lukehoban thanks for linking through to the hashicorp provider. What does this mean for the Pulumi SDK? Is there a particular version where this change would be adopted?

lukehoban commented 1 year ago

Yes - that fix would have been available as of https://github.com/pulumi/pulumi-aws/releases/tag/v5.2.0.

nebbles commented 1 year ago

Forgive me as I'm still wrapping my head around the difference between the Pulumi AWS V1 and V2...

I'm running @pulumi/aws version 5.14.0 (not the latest, but should have this change). I'm using the V2 approach to buckets and object lifecycle configuration. Should the change by the terraform provider fix the behaviour of the V2 buckets?

I have observed in August/September that I was having the issue the OP described - since Pulumi could not destroy the bucket for me I first tried to go in manually to delete the objects and versions, but in the end had to use a particular AWS CLI command to delete them all for me, before the Pulumi command to destroy the bucket actually worked. My preference of course would be that Pulumi is able to control this for me.

psirenny commented 1 year ago

I can confirm what @nebbles is saying. Pulumi still encounters the error:

Diagnostics:
  pulumi:pulumi:Stack (galapago-site-commercial-development):
    error: update failed

  aws:s3:BucketV2 (bucket):
    error: deleting urn:pulumi:commercial-development::galapago-site::aws:s3/bucketV2:BucketV2::bucket: 1 error occurred:
        * deleting S3 Bucket (bucket-ee9cdd3): BucketNotEmpty: The bucket you tried to delete is not empty. You must delete all versions in the bucket.
        status code: 409, request id: 0SW1NH1KZN5FAKP4, host id: TUcRZSiVGzGqdt3Azou3qb6k5ZdC6QVR3MkQOP7wZSIgSNgQ2SieX6Y9bXbQa+QgKOGjY85lnTM=
blampe commented 1 year ago

@psirenny @nebbles can you confirm your bucket has forceDestroy: true set? 

pulumi stack export | grep forceDestroy

It's possible to still run into this if you created the bucket with forceDestroy: false and haven't updated the resource to use forceDestroy: true before doing the destroy.

nebbles commented 1 year ago

I think that forceDestroy was enabled when I was trying this, but it was quite a couple of months ago, so can't remember for sure. Hopefully @psirenny has some insight on this.