search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
445 stars 154 forks source link

Received diff update for created waf resources #3306

Closed omidraha closed 3 months ago

omidraha commented 7 months ago

What happened?

I tried to create a waf with rate limit rule, The waf and waf group resources created but when I run pulumi up I always get diff update for it.

Example

Here is the source code to reproduce it:

Info:

import pulumi
import pulumi_aws

def create_rate_limit_rule(
        deploy_name_prefix,
):
    """
    :param deploy_name_prefix:
    :return:
    """

    rate_based_rule = pulumi_aws.wafv2.RuleGroup(
        f'waf-rule-group{deploy_name_prefix}',
        capacity=100,
        scope="REGIONAL",
        rules=[
            pulumi_aws.wafv2.RuleGroupRuleArgs(
                name=f'waf-rule-group-arg{deploy_name_prefix}',
                priority=1,
                action=pulumi_aws.wafv2.RuleGroupRuleActionArgs(
                    count=pulumi_aws.wafv2.RuleGroupRuleActionCountArgs()
                ),
                statement=pulumi_aws.wafv2.RuleGroupRuleStatementArgs(
                    rate_based_statement=pulumi_aws.wafv2.RuleGroupRuleStatementRateBasedStatementArgs(
                        aggregate_key_type="IP",
                        limit=100,
                    ),
                ),
                visibility_config=pulumi_aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
                    cloudwatch_metrics_enabled=True,
                    metric_name=f'WafRbr{deploy_name_prefix.title()}Metric'.replace('-', ''),
                    sampled_requests_enabled=True,
                ),
            )
        ],
        visibility_config=pulumi_aws.wafv2.RuleGroupVisibilityConfigArgs(
            cloudwatch_metrics_enabled=True,
            metric_name=f'WafRbr{deploy_name_prefix.title()}GroupMetric'.replace('-', ''),
            sampled_requests_enabled=True,
        )
    )
    return rate_based_rule

def create_waf(
        deploy_name_prefix,
):
    """
    :param deploy_name_prefix:
    :return:
    """
    rate_based_rule = create_rate_limit_rule(
        deploy_name_prefix=deploy_name_prefix
                           )

    rules = [
        pulumi_aws.wafv2.WebAclRuleArgs(
            name=f'WebAclRuleArg{deploy_name_prefix}',
            priority=1,
            statement=pulumi_aws.wafv2.WebAclRuleStatementArgs(
                rule_group_reference_statement=pulumi_aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(
                    arn=rate_based_rule.arn,
                ),
            ),

            visibility_config=pulumi_aws.wafv2.WebAclRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=True,
                metric_name=f'WebAclRuleArgMetric{deploy_name_prefix.title()}'.replace('-', ''),
                sampled_requests_enabled=True,
            ),
            override_action=pulumi_aws.wafv2.WebAclRuleOverrideActionArgs(
                count=pulumi_aws.wafv2.WebAclRuleOverrideActionCountArgs(),
            ),
        ),
    ]

    name = f'waf{deploy_name_prefix}'
    web_acl = pulumi_aws.wafv2.WebAcl(
        name,
        description=name,
        scope="REGIONAL",
        default_action=pulumi_aws.wafv2.WebAclDefaultActionArgs(
            allow=pulumi_aws.wafv2.WebAclDefaultActionAllowArgs()
        ),
        visibility_config=pulumi_aws.wafv2.WebAclVisibilityConfigArgs(
            cloudwatch_metrics_enabled=True,
            metric_name=f'WebAclVisibilityArgMetric{deploy_name_prefix.title()}'.replace('-', ''),
            sampled_requests_enabled=True,
        ),
        rules=rules,
        tags={
            "Name": name,
        },
    )
    pulumi.export("web_acl_arn", web_acl.arn)
    return web_acl

Info

$ pulumi up

Previewing update (pr):
     Type                    Name               Plan       Info
     pulumi:pulumi:Stack     devops-pr                     2 warnings; 217 messages
 ~   ├─ aws:wafv2:RuleGroup  waf-rule-group-pr  update     [diff: ~rules]
 ~   └─ aws:wafv2:WebAcl     waf-pr             update     [diff: ~rules]

Output of pulumi about

pulumi about
CLI          
Version      3.101.1
Go Version   go1.21.5
Go Compiler  gc

Plugins
NAME        VERSION
aws         5.43.0
aws-native  0.73.0
awsx        1.0.2
cloudflare  5.5.0
docker      3.6.1
eks         1.0.4
kubernetes  3.30.2
python      unknown

Host     
OS       ubuntu
Version  22.04
Arch     x86_64

This project is written in python: executable='/usr/bin/python3' version='3.10.12'

Current Stack: organization/devops/pr

TYPE                                                        URN
pulumi:providers:aws                                        urn:pulumi:pr::devops::pulumi:providers:aws::default
pulumi:pulumi:Stack                                         urn:pulumi:pr::devops::pulumi:pulumi:Stack::devops-pr
pulumi:providers:aws                                        urn:pulumi:pr::devops::pulumi:providers:aws::default_5_43_0
aws:ec2/eip:Eip                                             urn:pulumi:pr::devops::aws:ec2/eip:Eip::eip-1-pr
aws:ec2/eip:Eip                                             urn:pulumi:pr::devops::aws:ec2/eip:Eip::eip-0-pr
aws:ec2/eip:Eip                                             urn:pulumi:pr::devops::aws:ec2/eip:Eip::eip-2-pr
aws:acm/certificate:Certificate                             urn:pulumi:pr::devops::aws:acm/certificate:Certificate::cert
pulumi:providers:cloudflare                                 urn:pulumi:pr::devops::pulumi:providers:cloudflare::default_5_5_0
pulumi:providers:awsx                                       urn:pulumi:pr::devops::pulumi:providers:awsx::default_1_0_2
cloudflare:index/record:Record                              urn:pulumi:pr::devops::cloudflare:index/record:Record::rec-_604c4d1f97f17eac56f81160301f7401.idmelon.com.
aws:wafv2/ruleGroup:RuleGroup                               urn:pulumi:pr::devops::aws:wafv2/ruleGroup:RuleGroup::waf-rule-group-pr
awsx:ec2:Vpc                                                urn:pulumi:pr::devops::awsx:ec2:Vpc::vpc-pr
pulumi:providers:aws                                        urn:pulumi:pr::devops::pulumi:providers:aws::default_5_16_2
aws:ec2/vpc:Vpc                                             urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::vpc-pr
aws:ec2/subnet:Subnet                                       urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-public-3
aws:ec2/subnet:Subnet                                       urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-private-1
aws:ec2/subnet:Subnet                                       urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-public-2
aws:ec2/internetGateway:InternetGateway                     urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::vpc-pr
aws:ec2/subnet:Subnet                                       urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-private-3
aws:ec2/subnet:Subnet                                       urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-public-1
aws:ec2/subnet:Subnet                                       urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-private-2
aws:ec2/natGateway:NatGateway                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::vpc-pr-3
aws:ec2/routeTable:RouteTable                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-public-3
aws:ec2/routeTable:RouteTable                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-private-1
aws:ec2/natGateway:NatGateway                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::vpc-pr-2
aws:ec2/routeTable:RouteTable                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-public-2
aws:ec2/routeTable:RouteTable                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-private-3
aws:ec2/natGateway:NatGateway                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::vpc-pr-1
aws:ec2/routeTable:RouteTable                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-public-1
aws:ec2/routeTable:RouteTable                               urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-private-2
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-public-3
aws:ec2/route:Route                                         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-public-3
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-private-1
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-public-2
aws:ec2/route:Route                                         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-public-2
aws:ec2/route:Route                                         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-private-3
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-private-3
aws:ec2/route:Route                                         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-private-1
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-public-1
aws:ec2/route:Route                                         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-public-1
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-private-2
aws:ec2/route:Route                                         urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-private-2
pulumi:providers:pulumi                                     urn:pulumi:pr::devops::pulumi:providers:pulumi::default
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:pr::devops::aws:ec2/securityGroup:SecurityGroup::security-group-elastic_cache-pr
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:pr::devops::aws:ec2/securityGroup:SecurityGroup::security-group-rds-pr
aws:wafv2/webAcl:WebAcl                                     urn:pulumi:pr::devops::aws:wafv2/webAcl:WebAcl::waf-pr
pulumi:providers:eks                                        urn:pulumi:pr::devops::pulumi:providers:eks::default_1_0_4
aws:elasticache/subnetGroup:SubnetGroup                     urn:pulumi:pr::devops::aws:elasticache/subnetGroup:SubnetGroup::subnet-group-elastic-cache-pr
aws:rds/subnetGroup:SubnetGroup                             urn:pulumi:pr::devops::aws:rds/subnetGroup:SubnetGroup::subnet-group-rds-pr
aws:elasticache/cluster:Cluster                             urn:pulumi:pr::devops::aws:elasticache/cluster:Cluster::redis-pr
aws:rds/instance:Instance                                   urn:pulumi:pr::devops::aws:rds/instance:Instance::db-pr
pulumi:providers:kubernetes                                 urn:pulumi:pr::devops::pulumi:providers:kubernetes::default_3_30_2
kubernetes:core/v1:Namespace                                urn:pulumi:pr::devops::kubernetes:core/v1:Namespace::amazon-cloudwatch-pr
kubernetes:core/v1:ConfigMap                                urn:pulumi:pr::devops::kubernetes:core/v1:ConfigMap::fluent-bit-cluster-info-pr
kubernetes:core/v1:ServiceAccount                           urn:pulumi:pr::devops::kubernetes:core/v1:ServiceAccount::fluent-bit-pr
kubernetes:core/v1:ConfigMap                                urn:pulumi:pr::devops::kubernetes:core/v1:ConfigMap::fluent-bit-config-pr
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole         urn:pulumi:pr::devops::kubernetes:rbac.authorization.k8s.io/v1:ClusterRole::fluent-bit-role-pr
kubernetes:apps/v1:DaemonSet                                urn:pulumi:pr::devops::kubernetes:apps/v1:DaemonSet::fluent-bit-pr
pulumi:providers:aws                                        urn:pulumi:pr::devops::pulumi:providers:aws::default_5_31_0
eks:index:Cluster                                           urn:pulumi:pr::devops::eks:index:Cluster::cluster-pr
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding  urn:pulumi:pr::devops::kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding::fluent-bit-role-binding-pr
eks:index:ServiceRole                                       urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole::cluster-pr-instanceRole
eks:index:ServiceRole                                       urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole::cluster-pr-eksRole
pulumi:providers:eks                                        urn:pulumi:pr::devops::pulumi:providers:eks::default
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-pr-eksClusterSecurityGroup
aws:iam/role:Role                                           urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::cluster-pr-instanceRole-role
eks:index:RandomSuffix                                      urn:pulumi:pr::devops::eks:index:Cluster$eks:index:RandomSuffix::cluster-pr-cfnStackName
aws:iam/role:Role                                           urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::cluster-pr-eksRole-role
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksClusterInternetEgressRule
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-instanceRole-3eb088f2
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-instanceRole-03516f97
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-instanceRole-e1b295bd
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-eksRole-4b490823
aws:iam/instanceProfile:InstanceProfile                     urn:pulumi:pr::devops::eks:index:Cluster$aws:iam/instanceProfile:InstanceProfile::cluster-pr-instanceProfile
aws:eks/cluster:Cluster                                     urn:pulumi:pr::devops::eks:index:Cluster$aws:eks/cluster:Cluster::cluster-pr-eksCluster
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-pr-nodeSecurityGroup
aws:iam/openIdConnectProvider:OpenIdConnectProvider         urn:pulumi:pr::devops::eks:index:Cluster$aws:iam/openIdConnectProvider:OpenIdConnectProvider::cluster-pr-oidcProvider
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksNodeInternetEgressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksNodeIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksExtApiServerClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksNodeClusterIngressRule
eks:index:VpcCni                                            urn:pulumi:pr::devops::eks:index:Cluster$eks:index:VpcCni::cluster-pr-vpc-cni
pulumi:providers:kubernetes                                 urn:pulumi:pr::devops::eks:index:Cluster$pulumi:providers:kubernetes::cluster-pr-eks-k8s
aws:ec2/launchConfiguration:LaunchConfiguration             urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::cluster-pr-nodeLaunchConfiguration
kubernetes:core/v1:ConfigMap                                urn:pulumi:pr::devops::eks:index:Cluster$kubernetes:core/v1:ConfigMap::cluster-pr-nodeAccess
aws:cloudformation/stack:Stack                              urn:pulumi:pr::devops::eks:index:Cluster$aws:cloudformation/stack:Stack::cluster-pr-nodes
pulumi:providers:kubernetes                                 urn:pulumi:pr::devops::eks:index:Cluster$pulumi:providers:kubernetes::cluster-pr-provider
pulumi:providers:kubernetes                                 urn:pulumi:pr::devops::pulumi:providers:kubernetes::eks-provider-pr
aws:iam/role:Role                                           urn:pulumi:pr::devops::aws:iam/role:Role::fluent-bit-cloud-watch-role-pr
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::payment
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::billing
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::skm
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::panel
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::login
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::idmp
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::domain-ownership-verify
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::notify
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::passkey
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::utility
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::hybrid-transport-passkey
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::sso
kubernetes:core/v1:Namespace                                urn:pulumi:pr::devops::pulumi:providers:kubernetes$kubernetes:core/v1:Namespace::apps-pr
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:pr::devops::aws:iam/rolePolicyAttachment:RolePolicyAttachment::fluent-bit-cloud-watch-role-policy-attachment-pr
kubernetes:core/v1:Service                                  urn:pulumi:pr::devops::kubernetes:core/v1:Service::auto-obr
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::payment-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::payment-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::billing-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::panel-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::passkey-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::idmp-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::skm-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::notify-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::notify-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::domain-ownership-verify-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::skm-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::billing-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::hybrid-transport-passkey-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::login-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::utility-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::auto-obr-web
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::utility-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::sso-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::auto-obr-task
kubernetes:apps/v1:Deployment                               urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::sso-web
kubernetes:helm.sh/v3:Release                               urn:pulumi:pr::devops::pulumi:providers:kubernetes$kubernetes:core/v1:Namespace$kubernetes:helm.sh/v3:Release::external-dns-pr
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-login-web
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-idmp-web
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-hybrid-transport-passkey-web
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-skm-web
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-panel-web
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-notify-web
aws:iam/role:Role                                           urn:pulumi:pr::devops::aws:iam/role:Role::aws-loadbalancer-controller-role-pr
kubernetes:networking.k8s.io/v1:Ingress                     urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-sso-web
aws:iam/policy:Policy                                       urn:pulumi:pr::devops::aws:iam/role:Role$aws:iam/policy:Policy::aws-loadbalancer-controller-policy-pr
kubernetes:core/v1:ServiceAccount                           urn:pulumi:pr::devops::kubernetes:core/v1:ServiceAccount::aws-lb-controller-sa-pr
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:pr::devops::aws:iam/role:Role$aws:iam/rolePolicyAttachment:RolePolicyAttachment::aws-loadbalancer-controller-attachment-pr
kubernetes:helm.sh/v3:Release                               urn:pulumi:pr::devops::pulumi:providers:kubernetes$kubernetes:core/v1:Namespace$kubernetes:helm.sh/v3:Release::lb-pr

Found no pending operations associated with pr

Backend        
Name           or
URL            file://~
User           or
Organizations  
Token type     personal

Dependencies:
NAME               VERSION
cryptography       41.0.1
pip                23.3.2
pulumi-aws-native  0.73.0
pulumi-awsx        1.0.2
pulumi-cloudflare  5.5.0
pulumi-eks         1.0.4
setuptools         69.0.3
wheel              0.42.0

Pulumi locates its logs in /tmp by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

iwahbe commented 7 months ago

Hi @omidraha. Thanks for opening an issue. We're sorry to hear about this. To help us diagnose the problem, can you please post the output of pulumi about in the issue. In this case, we want to know the version of pulumi and the version of pulumi-aws that you are using so we can reproduce the bug on our machines.

omidraha commented 7 months ago

@iwahbe , I just have updated for pulumi about.

iwahbe commented 7 months ago

This is a superset of https://github.com/pulumi/pulumi-aws/issues/3190.

t0yv0 commented 4 months ago

Apologies, this is still a problem. Adding some technical notes here

Still reproduces after all the fixes:

      ~ rules: [
          ~ [0]: {
                  ~ action          : {
                      + __defaults: []
                      ~ count     : {
                          + __defaults: []
                        }
                    }
                  ~ name            : "waf-rule-group-argfoo" => "waf-rule-group-argfoo"
                  ~ priority        : 1 => 1
                  ~ statement       : {
                      + __defaults        : []
                      ~ rateBasedStatement: {
                          + __defaults         : [
                          +     [0]: "evaluationWindowSec"
                            ]
                            aggregateKeyType   : "IP"
                          - customKeys         : []
                            evaluationWindowSec: 300
                            limit              : 100
                        }
                    }
                  ~ visibilityConfig: {
                      + __defaults              : []
                        cloudwatchMetricsEnabled: true
                        metricName              : "WafRbrFooMetric"
                        sampledRequestsEnabled  : true
                    }
                }
        ]

The problem is that - customKeys : [] is cycling between empty list and nil/missing. This is compounded by getting confused about the set element identity and improper set diff display.

Superficially looks very similar to https://github.com/pulumi/pulumi-terraform-bridge/pull/1917 so possibly the same root cause and same work-around apply.