search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
445 stars 154 forks source link

Tracking: remove tags related patches #4230

Open corymhall opened 1 month ago

corymhall commented 1 month ago

This is a tracking ticket to track what needs to be done in order to remove all of our patches / bridge hooks related to tagging and revert to upstream's tagging behavior.

An initial draft PR was done here https://github.com/pulumi/pulumi-aws/pull/4219.

Background

The original work to fix tagging on the Pulumi side was done in #2655. There was a lot of limitations in using default_tags in Terraform which we decided to circumvent be merging default_tags into the resource's tags via a PreCheckCallback function. Since then most of the upstream issues (https://github.com/hashicorp/terraform-provider-aws/issues/29747, https://github.com/hashicorp/terraform-provider-aws/issues/29842, https://github.com/hashicorp/terraform-provider-aws/issues/24449) have been fixed.

The additional patches / custom code adds to the maintenance burden and makes upgrades much harder due to merge conflicts. Since many of the original upstream issues have been fixed, it may be possible to remove our custom tag handling and revert back to upstream behavior.

Patches to remove

Patches to update (switch tags_all back to Computed)

### Tasks
- [ ] Rollout `PlanResourceChange` for all resources
- [ ] Fix aws_s3_legacy_bucket to work with `PlanResourceChange`
- [ ] [TestTagsCombinationsGo/regress_2](https://github.com/pulumi/pulumi-aws/blob/335cac45a6d895a29b35b0a0c5755736b557d93d/examples/examples_go_test.go#L92-L96) fails. The Tag value is not removed.
- [ ] [TestAccDefaultTags (Don't specify any default tags)](https://github.com/pulumi/pulumi-aws/blob/335cac45a6d895a29b35b0a0c5755736b557d93d/examples/examples_yaml_test.go#L197-L201) fails. The Tag value is not removed.
t0yv0 commented 1 month ago

The was an attempt to consolidate these patches which reduces the burden a bit https://github.com/pulumi/pulumi-aws/pull/4151 but we decided to first ensure upstream tests run on the result of patching.

I think also extending testing to cover refresh and import scenarios as sketched out in https://github.com/pulumi/pulumi-aws/pull/4169 could be highly advantageous here to avoid surprises with that part of the life-cycle.

t0yv0 commented 1 month ago

@iwahbe had a comment that upstream tag behavior relies critically on running refresh as part of apply. Since Pulumi bridged providers target imitating terraform -refresh=false behavior this may imply that removing tagging custom code would regress some functionality. Is it possible to file or reference an example TF program that demonstrates tagging bugs under -refresh=false?

iwahbe commented 1 month ago

I just checked, and it seems like upstream's behavior has improved radically here. Retrying on the latest version of hashicorp/aws, this now works (with terraform apply -refresh=false):

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

# Configure the AWS Provider
provider "aws" {
  region = "us-east-1"
  default_tags {
    tags = {
      Test = "example"
    }
  }
}

resource "aws_s3_bucket" "example" {}

Updating "example" to "example2" now works as expected without refresh. Neither used to work without refresh. Adding another default tag works as expected as well (even without refresh):

 provider "aws" {
   region = "us-east-1"
   default_tags {
     tags = {
       Test = "example"
+      Test2 = "example2"
     }
   }
 }

Removing all default tags does not work at all (it shows no diff) without refresh:

 provider "aws" {
   region = "us-east-1"
   default_tags {
     tags = {
-       Test = "example"
     }
   }
 }

I didn't get to the point where I manually compared how the tags property on resources interacts with the default_tags property on the provider.