Open Zaid-Ajaj opened 1 month ago
Similarly to #4362, the elbv2 target_group resource isn't handling optional values in read properly.
Here pointers are just converted to their primitives, which yields ""
for port and protocol:
https://github.com/hashicorp/terraform-provider-aws/blob/3724def77810f619392ecb79fd3e40915c0b0214/internal/service/elbv2/target_group.go#L1170-L1176
This seems to only replicate if the targetType
is set to lambda
, otherwise healthcheck port and protocol are set even if healthchecks are disabled.
To repro, run the following program and then import the TG using the targetGroupArn
output like so:
pulumi import aws:lb/targetGroup:TargetGroup importTest "REPLACE_ME_WITH_TG_ARN"
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
const vpc = new awsx.ec2.Vpc("lb-vpc", {
cidrBlock: "10.0.0.0/16",
subnetStrategy: "Auto",
subnetSpecs: [
{
type: "Public",
name: "public-subnet",
},
],
numberOfAvailabilityZones: 3,
natGateways: {
strategy: "None"
}
});
const secGroup = new aws.ec2.SecurityGroup("allowTls", {
description: "Allow TLS inbound traffic and all outbound traffic",
vpcId: vpc.vpcId,
tags: {
Name: "allow_tls",
},
});
const loadbalancer = new aws.lb.LoadBalancer("my-lb", {
loadBalancerType: "application",
securityGroups: [secGroup.id],
subnets: vpc.publicSubnetIds,
internal: true,
});
const targetGroup = new aws.lb.TargetGroup("my-tg", {
port: 80,
protocol: "HTTP",
targetType: "lambda",
vpcId: vpc.vpcId,
healthCheck: {
enabled: false,
timeout: 20,
}
});
export const targetGroupArn = targetGroup.arn;
const listener = new aws.lb.Listener("my-listener", {
loadBalancerArn: loadbalancer.arn,
port: 80,
defaultActions: [{
type: "forward",
targetGroupArn: targetGroup.arn,
}],
});
The import will generate a resource like this which has an invalid value for port. As as workaround just remove that value:
const importTest = new aws.lb.TargetGroup("importTest", {
healthCheck: {
enabled: false,
matcher: "200",
path: "/",
port: "", // <-- here the wrong port value got inserted
timeout: 20,
},
ipAddressType: "ipv4",
name: "my-tg-bd8a19b",
targetType: "lambda",
});
Running pulumi up
with the wrongly inserted port/protocol removed does not yield a diff because those attributes are ignored when computing the diff and when applying it .
Upstream issue: https://github.com/hashicorp/terraform-provider-aws/issues/38861
Adding this to https://github.com/pulumi/pulumi-terraform-bridge/issues/2028 that has some useful context - @flostadler in particular I think this could be mitigated by https://github.com/pulumi/pulumi-terraform-bridge/issues/2314 which we were attempting recently.
When importing resources of type
aws:lb:TargetGroup
withpulumi import
, the resource is imported, however it emits warnings:This has surfaced when using the Pulumi Importer, issue https://github.com/Zaid-Ajaj/pulumi-tool-importer/issues/2#issuecomment-2284794698