search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
459 stars 155 forks source link

The requested aws:msk:ScramSecretAssociation resource doesn’t exist #3057

Open christrt9 opened 11 months ago

christrt9 commented 11 months ago

What happened?

Someone delete from AWS one secret key. I try refresh but still get this error message couldn't find resource

Then i delete it from stack with pulumi state delete --target-dependents

And i run again to Deploy.

The secret exist

But when i run pulumi up sometimes i get this error message The requested resource doesn’t exist. and sometimes is working fine with the same code, nothing change :/

One time is running correct next time is with error and again the same.

I try to run pulumi refresh still the same 

Diagnostics:
  aws:msk:ScramSecretAssociation (Secret_pulumi-xxx):
    error: 1 error occurred:
        * updating urn:pulumi:qa::pulumi-tutorial::aws:msk/scramSecretAssociation:ScramSecretAssociation::Secret_pulumi-xxx: 1 error occurred:
        * associating scram secret(s) to MSK cluster (arn:aws:kafka:eu-west-1:xxx:cluster/xx/xxx): 1 error occurred:
        * scram secret (arn:aws:secretsmanager:eu-west-1:xxxx:secret:xxx/xx/test-db-xxx): The requested resource doesn’t exist.

Example

secret_msk_saml_lambda=secret = aws.secretsmanager.Secret('AmazonMSK_' + stack_name + "/" + secret,
            description="For " + name + " by Pulumi",
            kms_key_id=kms_secret.arn,
            tags={
                "environment": 'qa',
            }
) 

# Associate the secret with the MSK cluster
secret_association = aws.msk.ScramSecretAssociation( "Secret_" + lambda_name,
    cluster_arn = msk_cluster.arn,
    secret_arn_lists = [ secret_msk_saml_lambda.arn ]
)

Output of pulumi about

CLI          
Version      3.89.0
Go Version   go1.21.1
Go Compiler  gc

Plugins
NAME     VERSION
archive  0.0.2
aws      5.42.0
python   unknown

Host     
OS       linuxmint
Version  21
Arch     x86_64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

justinvp commented 10 months ago

I'm going to move this to the aws repo as I suspect this is either an issue with the upstream TF provider (or possibly even AWS API itself).

@r00t9, are you still running into this?

A comment on the PR that added this resource to the upstream TF provider mentions a similar error: https://github.com/hashicorp/terraform-provider-aws/pull/15302#issuecomment-710010937

I created a module inside which there is a aws_msk_sasl_scram_secret that attach a single secret to the cluster passed as parameter (and do other things). When calling this module twice, it fails to some time. Maybe a race condition with AWS API ?

christrt9 commented 10 months ago

@justinvp I deleted this stack and recreated it, but not sure if I can do that in a production environment.

iwahbe commented 10 months ago

Hi @r00t9. It sounds like you are reporting two separate bugs:

Unable to refresh on deleted secret:

To confirm the reproduction steps:

  1. Run the example code to create a msk_cluster (not included), a secret, and associate the secret with the msk_cluster. This works as expected.
  2. Delete the secret from AWS outside of Pulumi.
  3. Run pulumi refresh, which errors with couldn't find resource.

Expected behavior: pulumi refresh detects that the resource was deleted and removes it from your state.

Work-around: Manually delete the resource from state with pulumi state delete and then run pulumi up again.

Unable to create secret association

When a secret association doesn't exist, and you run pulumi up to create the aws.msk.ScramSecretAssociation, pulumi up errors with The requested resource doesn’t exist..

Repro:

  1. Run pulumi up with your example program.
  2. If successful, destroy and recreate until a failure occurs.

Work-around: try again until successful.

Is ☝️ accurate?