search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
445 stars 154 forks source link

[import] AWS autoscaling group import and subsequent `up` tries to fix defaults to actual default values #4457

Open rulatir opened 5 days ago

rulatir commented 5 days ago

What happened?

I imported an autoscaling group with pulumi import, added the generated code to the pulumi program, and issued pulumi preview.

Expected: no changes.

Actual: pulumi insists on fixing some properties that are set to "Default" in the cloud reality to their respective actual default values. This is undesirable.

      + forceDelete                  : false
      + forceDeleteWarmPool          : false
      + ignoreFailedScalingActivities: false
      + waitForCapacityTimeout       : "10m"

I inspected the state using pulumi stack export, and all these properties are null in the state after import, and they are not specified in code either. If the state says null and the cloud reality says "Default" (as an option selected in a select widget in the AWS Console), and the program says nothing, then where does false or "10m" even come from?

Example

Import command:

pulumi import --generate-code 'aws:autoscaling/group:Group' platform Infra-ECS-Cluster-zaffre-37cd4e5b-ECSAutoScalingGroup-982zexeihkOe

Generated code:

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const platform = new aws.autoscaling.Group("platform", {
    availabilityZones: ["eu-central-1a"],
    defaultCooldown: 300,
    healthCheckGracePeriod: 0,
    healthCheckType: "EC2",
    launchTemplate: {
        id: "lt-0789d9b35b0a9d959",
        version: "$Latest",
    },
    maxSize: 2,
    minSize: 0,
    name: "Infra-ECS-Cluster-zaffre-37cd4e5b-ECSAutoScalingGroup-982zexeihkOe",
    serviceLinkedRoleArn: "arn:aws:iam::164629628951:role/aws-service-role/autoscaling.amazonaws.com/AWSServiceRoleForAutoScaling",
    tags: [
        {
            key: "AmazonECSManaged",
            propagateAtLaunch: true,
            value: "",
        },
        {
            key: "Name",
            propagateAtLaunch: true,
            value: "ECS Instance - zaffre",
        },
    ],
}, {
    protect: true,
});

Output of pulumi about

CLI          
Version      3.131.0
Go Version   go1.23.0
Go Compiler  gc

Plugins
KIND      NAME    VERSION
resource  aws     6.51.0
resource  aws     6.51.0
resource  awsx    2.14.0
resource  awsx    2.14.0
resource  docker  4.5.5
resource  docker  4.5.5
resource  docker  3.6.1
resource  docker  3.6.1
language  nodejs  unknown

Host     
OS       arch
Version  "rolling"
Arch     x86_64

This project is written in nodejs: executable='/home/rulatir/projects/zaffre/internment/nave/store/installed/node-modern/bin/node' version='v22.2.0'

Current Stack: organization/zuu-iac/permanent

TYPE                                   URN
[REDACTED]

Found no pending operations associated with permanent

Backend        
Name           berbelek
URL            s3://zuu-iac/attempts/PPM
User           rulatir
Organizations  
Token type     personal

Pulumi locates its logs in /tmp by default
warning: Failed to get information about the Pulumi program's dependencies: could not find either /home/rulatir/projects/zaffre/cloud/attempts/PPM/yarn.lock or /home/rulatir/projects/zaffre/cloud/attempts/PPM/package-lock.json

Note about the last warning: I chose pnpm during pulumi new; it seems pulumi about can't handle that yet.

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

Frassle commented 4 days ago

I'm going to move this to the AWS repo as it's the provider that determines what the input values after import looks like. The engine currently has no real concept of defaults.

Having said that, there's a few issues of this shape and providers may need to sync up with core to work out how to actually support defaults like this in a consistent way that works.

rulatir commented 4 days ago

Can this be worked around somehow? I must emphasize that by "work around" I don't mean "give up", i.e. "just let pulumi fix those defaults".

(Ceterum censeo, "real concept of defaults" is a fundamental domain concept for software like pulumi, i.e. software that manages configurations).

flostadler commented 4 days ago

Hey @rulatir sorry you're running into this! This is caused by a recent change that was rolled out in v6.51.0. It is tracked here: https://github.com/pulumi/pulumi-terraform-bridge/issues/2372. What's notable is that this aligns Pulumi with the upstream terraform provider. Importing the ASG also yields this diff in defaults there. We should try fixing up the resource there. I opened this upstream issue for it: https://github.com/hashicorp/terraform-provider-aws/issues/39308.

As a workaround you could roll back to v6.50.1 of the provider.

Alternatively, running pulumi up should align the state without modifying the cloud resource. None of those parameters are part of the cloud state of that resource: