search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
459 stars 155 forks source link

aws.wafv2.RuleGroup & aws.wafv2.WebAcl stack not saved, stilled update after last updated #3454

Closed tangr closed 4 months ago

tangr commented 7 months ago

What happened?

After pulumi updated with below pulumi code, and it was update successfully. But it stilled update differ again in re-run time, seems the stack info update saved.

screenshot-20240221-195232

Example

import * as aws from "@pulumi/aws";

const exampleRuleGroup = new aws.wafv2.RuleGroup("exampleRuleGroup", {
  name: "exampleRuleGroup",
  capacity: 50,
  scope: "REGIONAL",
  rules: [
    {
      name: "exampleRuleGroup",
      action: {
        block: {},
      },
      priority: 1,
      statement: {
        geoMatchStatement: {
          countryCodes: ["US"],
        },
      },
      visibilityConfig: {
        cloudwatchMetricsEnabled: false,
        metricName: "example",
        sampledRequestsEnabled: false,
      },
    },
  ],
  visibilityConfig: {
    cloudwatchMetricsEnabled: false,
    metricName: "example",
    sampledRequestsEnabled: false,
  },
});
      ~ rules: [
          ~ [0]: {
                  + name            : "exampleRuleGroup"
                  + priority        : 1
                  ~ statement       : {
                      ~ geoMatchStatement: {
                          ~ countryCodes: [
                              + [0]: "US"
                            ]
                        }
                    }
                  ~ visibilityConfig: {
                      + cloudwatchMetricsEnabled: false
                      + metricName              : "example"
                      + sampledRequestsEnabled  : false
                    }
                }
        ]

Output of pulumi about

CLI
Version      3.106.0
Go Version   go1.22.0
Go Compiler  gc

Plugins
NAME    VERSION
nodejs  unknown

Host
OS       darwin
Version  14.1.1
Arch     x86_64

This project is written in nodejs: executable='/usr/local/bin/node' version='v18.16.0'

Backend
Name           *****
URL            s3://*****
User           test
Organizations
Token type     personal

Pulumi locates its logs in /var/folders/r8/4zqfwbvd1fg2h86sj1rslhkc0000gn/T/ by default
warning: Failed to get information about the Pulumi program's dependencies: could not find either /
warning: Failed to get information about the current stack: No current stack

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

iwahbe commented 7 months ago

Hey @tangr. Thanks for letting us know. I am able to reproduce the perpetual diff.

iwahbe commented 7 months ago

This doesn't seem to be fixed by shimv2.WithPlanResourceChange:

 provider/resources.go | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/provider/resources.go b/provider/resources.go
index 45c8e33607..6b43ba153a 100644
--- a/provider/resources.go
+++ b/provider/resources.go
@@ -794,7 +794,8 @@ func ProviderFromMeta(metaInfo *tfbridge.MetadataInfo) *tfbridge.ProviderInfo {
        shimv2.WithDiffStrategy(shimv2.PlanState),
        shimv2.WithPlanResourceChange(func(s string) bool {
            switch s {
-           case "aws_ssm_document", "aws_wafv2_web_acl":
+           case "aws_ssm_document", "aws_wafv2_web_acl",
+               "aws_wafv2_rule_group":
                return true
            default:
                return false

CC @t0yv0

marns93 commented 7 months ago

@iwahbe Any updates? We encountered the same problem and it is annoying to see a diff every time we run pulumi up.

tangr commented 7 months ago

@iwahbe @t0yv0 Hi there, any update on this?

markrin commented 7 months ago

The same issue for rule override

image

python-aws code part

aws.wafv2.WebAclRuleArgs(
            name="AWS-AWSManagedRulesCommonRuleSet",
            priority=3,
            statement=aws.wafv2.WebAclRuleStatementArgs(
                managed_rule_group_statement=aws.wafv2.WebAclRuleStatementManagedRuleGroupStatementArgs(
                    name="AWSManagedRulesCommonRuleSet",
                    vendor_name="AWS",
                    rule_action_overrides=[
                        {
                            "actionToUse": { "allow": {} },
                            "name": "SizeRestrictions_BODY"
                        }
                    ]
                ),
            ),
            visibility_config=aws.wafv2.WebAclRuleVisibilityConfigArgs(
                cloudwatch_metrics_enabled=True,
                metric_name="AWS-AWSManagedRulesCommonRuleSet",
                sampled_requests_enabled=True,
            ),
            override_action=aws.wafv2.WebAclRuleOverrideActionArgs(none=aws.wafv2.WebAclRuleOverrideActionNoneArgs())
        ),
flostadler commented 4 months ago

This was fixed in https://github.com/pulumi/pulumi-aws/pull/3948. It'll be released in release 6.36.0