search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
445 stars 154 forks source link

Warnings emitted when importing aws:lb:TargetGroup, One or more imported inputs failed to validate #4361

Open Zaid-Ajaj opened 1 month ago

Zaid-Ajaj commented 1 month ago

When importing resources of type aws:lb:TargetGroup with pulumi import, the resource is imported, however it emits warnings:

  aws:lb:TargetGroup (targetGroup):
    warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: aws:lb/targetGroup:TargetGroup resource 'targetGroup' has a problem: "health_check.0.port" must be a valid port number (1-65536) or "traffic-port". Examine values at 'targetGroup.healthCheck.port'.
    warning: aws:lb/targetGroup:TargetGroup resource 'targetGroup' has a problem: "health_check.0.port" must be a valid port number (1-65536) or "traffic-port". Examine values at 'targetGroup.healthCheck.port'.
    warning: aws:lb/targetGroup:TargetGroup resource 'targetGroup' has a problem: expected health_check.0.protocol to be one of ["HTTP" "HTTPS" "TCP"], got . Examine values at 'targetGroup.healthCheck.protocol'.

This has surfaced when using the Pulumi Importer, issue https://github.com/Zaid-Ajaj/pulumi-tool-importer/issues/2#issuecomment-2284794698

flostadler commented 1 month ago

Similarly to #4362, the elbv2 target_group resource isn't handling optional values in read properly. Here pointers are just converted to their primitives, which yields "" for port and protocol: https://github.com/hashicorp/terraform-provider-aws/blob/3724def77810f619392ecb79fd3e40915c0b0214/internal/service/elbv2/target_group.go#L1170-L1176

flostadler commented 1 month ago

This seems to only replicate if the targetType is set to lambda, otherwise healthcheck port and protocol are set even if healthchecks are disabled.

To repro, run the following program and then import the TG using the targetGroupArn output like so: pulumi import aws:lb/targetGroup:TargetGroup importTest "REPLACE_ME_WITH_TG_ARN"

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("lb-vpc", {
    cidrBlock: "10.0.0.0/16",
    subnetStrategy: "Auto",
    subnetSpecs: [
      {
        type: "Public",
        name: "public-subnet",
      },
    ],
    numberOfAvailabilityZones: 3,
    natGateways: {
      strategy: "None"
    }
  });

const secGroup = new aws.ec2.SecurityGroup("allowTls", {
    description: "Allow TLS inbound traffic and all outbound traffic",
    vpcId: vpc.vpcId,
    tags: {
        Name: "allow_tls",
    },
});

const loadbalancer = new aws.lb.LoadBalancer("my-lb", {
    loadBalancerType: "application",
    securityGroups: [secGroup.id],
    subnets: vpc.publicSubnetIds,
    internal: true,
});

const targetGroup = new aws.lb.TargetGroup("my-tg", {
    port: 80,
    protocol: "HTTP",
    targetType: "lambda",
    vpcId: vpc.vpcId,
    healthCheck: {
        enabled: false,
        timeout: 20,
    }
});

export const targetGroupArn = targetGroup.arn;

const listener = new aws.lb.Listener("my-listener", {
    loadBalancerArn: loadbalancer.arn,
    port: 80,
    defaultActions: [{
        type: "forward",
        targetGroupArn: targetGroup.arn,
    }],
});

The import will generate a resource like this which has an invalid value for port. As as workaround just remove that value:

const importTest = new aws.lb.TargetGroup("importTest", {
    healthCheck: {
        enabled: false,
        matcher: "200",
        path: "/",
        port: "", // <-- here the wrong port value got inserted
        timeout: 20,
    },
    ipAddressType: "ipv4",
    name: "my-tg-bd8a19b",
    targetType: "lambda",
});

Running pulumi up with the wrongly inserted port/protocol removed does not yield a diff because those attributes are ignored when computing the diff and when applying it .

flostadler commented 1 month ago

Upstream issue: https://github.com/hashicorp/terraform-provider-aws/issues/38861

t0yv0 commented 1 month ago

Adding this to https://github.com/pulumi/pulumi-terraform-bridge/issues/2028 that has some useful context - @flostadler in particular I think this could be mitigated by https://github.com/pulumi/pulumi-terraform-bridge/issues/2314 which we were attempting recently.