Closed danielrbradley closed 3 months ago
Looking good! No breaking changes found. No new resources/functions.
Attention: Patch coverage is 81.81818%
with 2 lines
in your changes missing coverage. Please review.
Project coverage is 56.88%. Comparing base (
9366e2d
) to head (674dc7c
).
Files | Patch % | Lines |
---|---|---|
provider/pkg/resources/parseResourceId.go | 81.81% | 1 Missing and 1 partial :warning: |
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
@danielrbradley I am currently trying to import some access policies in a c# stack programmatically, but it seems to think the import will fail due to policy.objectId
being missing, despite being specified. I'm assuming a bug from this change.
pulumi import
on the cli has the following output for the preview, note the duplicated objectId on both the root and nested under policy.
policy : {
objectId : "xxx"
permissions: {
certificates: [
[0]: "All"
]
keys : [
[0]: "All"
]
secrets : [
[0]: "All"
]
}
tenantId : "xxx"
}
policy.objectId : "xxx"
resourceGroupName: "xxx"
vaultName : "xxx"
Attempting to import via code, with Policy.ObjectId
set correctly via AccessPolicyEntryArgs
:
warning: inputs to import do not match the existing resource; importing this resource will fail
= azure-native:keyvault:AccessPolicy: (import)
[id=/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.KeyVault/vaults/xxx/accessPolicy/xxx]
[urn=urn:pulumi:dev::Api::azure-native:keyvault:AccessPolicy::xxx]
[provider=urn:pulumi:dev::Api::pulumi:providers:azure-native::default_2_59_0::04da6b54-80e4-46f7-96ec-b56ff0331ba9]
- policy.objectId: "xxx"
Fixes https://github.com/pulumi/pulumi-azure-native/issues/3368
This will currently result in an additional input being generated during the import. This then appears during the next up as a property deletion, though it actually has no effect.
Demonstration
Using the
examples/keyvault-accesspolicies/
example:up
gives the state (inputs and outputs):pulumi state delete urn:pulumi:dev::scratch::azure-native:keyvault:AccessPolicy::ap1
pulumi import resource ap1 "/subscriptions/xxxx/resourceGroups/rgxxxx/providers/Microsoft.KeyVault/vaults/vaultxxxx/accessPolicy/xxxx"
pulumi stack export
, the inputs now includeobject.Id
:pulumi up
). Preview shows removal of policy => ObjectId:State inputs revert to remove
policy.objectId
:Tracing usage of ParseResourceID
The result from this function is used here:
https://github.com/pulumi/pulumi-azure-native/blob/e8feca2c41d0e5d904eee9cc13eeea774d51ec1d/provider/pkg/provider/provider.go#L1080-L1087
The
pathItems
are passed intoResponseToSdkInputs
where they are used if they match one of the parameters in the metadata:https://github.com/pulumi/pulumi-azure-native/blob/e8feca2c41d0e5d904eee9cc13eeea774d51ec1d/provider/pkg/convert/responseToSdkInputs.go#L18-L24
This will match: https://github.com/pulumi/pulumi-azure-native/blob/e8feca2c41d0e5d904eee9cc13eeea774d51ec1d/provider/pkg/resources/customresources/custom_keyvault_accesspolicy.go#L67