search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
430 stars 151 forks source link

Cognito Fails To Redeploy (`UpdateUserPoolInput.AccountRecoverySetting.RecoveryMechanisms`) #2412

Closed adrians5j closed 3 weeks ago

adrians5j commented 1 year ago

What happened?

Today I tried to redeploy my existing Cognito user pool via the new Pulumi version, and got:

aws:cognito:UserPool (wby-user-pool):
    error: 1 error occurred:
        * updating urn:pulumi:dev::core::aws:cognito/userPool:UserPool::wby-user-pool: 1 error occurred:
        * updating Cognito User pool (eu-central-1_D2LPIrH2L): InvalidParameter: 1 validation error(s) found.
    - minimum field size of 1, UpdateUserPoolInput.AccountRecoverySetting.RecoveryMechanisms.

Screenshot: image

Before that I also tried doing the preview:

image

What's funny is that if I just try again, the redeployment will pass. But then, if I try to redeploy for the 3rd time, then it again fails with the same errors.

And also, the deployment of a new Cognito user pool works correctly actually. It's just the following redeploy that's showing the above error.

Expected Behavior

Redeploy should successfully happen, without errors.

Steps to reproduce

Deploy a new Cognito user pool, and then try to redeploy it.

Output of pulumi about

Version      3.57.1
Go Version   go1.20.1
Go Compiler  gc

Plugins
NAME    VERSION
nodejs  unknown

Host
OS       darwin
Version  12.3
Arch     arm64

This project is written in nodejs: executable='/private/var/folders/j3/33xmnlyn6db75qqn6n06j6nh0000gn/T/xfs-2db235a1/node' version='v16.19.0'

Current Stack: dev

TYPE                                                    URN
pulumi:pulumi:Stack                                     urn:pulumi:dev::core::pulumi:pulumi:Stack::core-dev
pulumi:providers:aws                                    urn:pulumi:dev::core::pulumi:providers:aws::default_5_31_0
aws:s3/bucket:Bucket                                    urn:pulumi:dev::core::aws:s3/bucket:Bucket::wby-fm-bucket
aws:cloudwatch/eventBus:EventBus                        urn:pulumi:dev::core::aws:cloudwatch/eventBus:EventBus::wby-event-bus
aws:dynamodb/table:Table                                urn:pulumi:dev::core::aws:dynamodb/table:Table::wby-webiny
aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock  urn:pulumi:dev::core::aws:s3/bucketPublicAccessBlock:BucketPublicAccessBlock::wby-fm-bucket-block-public-access
aws:cognito/userPool:UserPool                           urn:pulumi:dev::core::aws:cognito/userPool:UserPool::wby-user-pool
aws:cognito/userPoolClient:UserPoolClient               urn:pulumi:dev::core::aws:cognito/userPoolClient:UserPoolClient::wby-user-pool-client

Found no pending operations associated with dev

Backend
Name           Adrians-MacBook-Pro-2.local
URL            file:///Users/adrian/dev/pre-beta5346-2/.pulumi/apps/core
User           adrian
Organizations

Pulumi locates its logs in /var/folders/j3/33xmnlyn6db75qqn6n06j6nh0000gn/T/ by default
warning: Failed to get information about the Pulumi program's dependencies: could not find either /Users/adrian/dev/pre-beta5346-2/.webiny/workspaces/apps/core/pulumi/yarn.lock or /Users/adrian/dev/pre-beta5346-2/.webiny/workspaces/apps/core/pulumi/package-lock.json

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

adrians5j commented 1 year ago

Tried this trick, seems like it's working. Gonna do some more testing.

danielrbradley commented 1 year ago

Thanks for the details @adrians5j

Here's what I've understood from your issue:

  1. Created Cognito User Pool using previous version of provider (which version?)
  2. Upgraded provider to a new version (which version?)
  3. Preview shows account recovery settings being removed.
  4. Deploy fails intermitantly with validation error for account recovery settings.
  5. Adding the missing account recovery settings fixes the intermittant failures.

Have I understood correctly? Please could you provide the versions you were moving from and to?

zackbrown-producepay commented 1 year ago

I would like to +1 this bug as I have also encountered this intermittently. I did not change Pulumi versions, I have a User Pool with the recovery options set already (for verified email), so the listed "trick" above does not work in my case and the UpdateUserPoolInput.AccountRecoverySetting.RecoveryMechanisms field size is 1 so it shouldn't be failing. I did not remove or add any additional recovery options, so it is odd to receive this error intermittently. I attempted to deploy again and, to my surprise, it deployed successfully, even though no changes to the Pulumi code was made, on the third deployment attempt. I did see a similar issue with Terraform which was later resolved after a subsequent Terraform version, so it may be resolved with Pulumi upon updating versions

danielrbradley commented 1 year ago

@zackbrown-producepay could you provide a complete example program which reproduces this issue reliably? Thanks!

adrians5j commented 1 year ago

Not sure, but this might not even have to do anything with Pulumi.

I opened an older project that was using 5.10, and this change started popping up. Once I've applied the above-mentioned fix, all good.

corymhall commented 1 month ago

I've only been able to reproduce this issue when providing something like the below example. I will note though that when using the below app, the error message is correct! I've tried with a bunch of other combinations and I cannot reproduce this error with any other configuration.

new aws.cognito.UserPool('chall-pool', {
  accountRecoverySetting: {},
});

My hunch is that this has been fixed sometime since this was reported. If anyone is still experiencing this issue please let us know!