search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
452 stars 155 forks source link

Target Pulumi Destroy on Multiple Targets Results in Orphaned Physical Resource #1899

Open phillipedwards opened 2 years ago

phillipedwards commented 2 years ago

Hello!

Issue details

When using a targeted destroy of two related resources, such as listener and a target group, both resources are removed from Pulumi's state but only one resources is physically destroyed resulting in an orphaned resource.

Steps to reproduce

  1. Create a load balancer, listener, and target group
  2. Attach the target group tot he listener and listener to the load balancer
  3. Use a targeted destroy for both listener and target group

Expected: Listener and target group should be physically destroyed and removed from the stack's statefile. Actual: Both are removed from the stack's statefile but only the listener is physically destroyed, resulting in an orphaned target group

Command: pulumi destroy -t {target_group_urn} -t {listener_group_urn}

Code:

import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";

export = async () => {
    const nlb = new aws.lb.LoadBalancer("network-load-balancer", {
        internal: true,
        loadBalancerType: "network",
        subnets: ["subnet-id],
        enableDeletionProtection: false,
        ipAddressType: "ipv4"
    });

    const protocol = "TCP";

    const tg = new aws.lb.TargetGroup("target-group", {
        name: "tg-1",
        port: 80,
        protocol: protocol,
        targetType: "ip",
        vpcId: "vpc-id",
        healthCheck: {
            protocol: protocol,
            port: "80",
            matcher: undefined
        }
    }, {
        deleteBeforeReplace: true
    });

    const listener = new aws.lb.Listener("listener", {
        protocol: protocol,
        port: 80,
        loadBalancerArn: nlb.arn,
        defaultActions: [{
            type: "forward",
            targetGroupArn: tg.arn
        }]
    }, {
        deleteBeforeReplace: true
    });

    return {
        url: alb.dnsName
    }
}
phillipedwards commented 2 years ago

Using a targeted destroy on the listener also removes the target group from the statefile and orphans the target group.

pulumi destroy -t {listener_urn}