search

pulumi / pulumi-azure-native

Azure Native Provider
Apache License 2.0
125 stars 33 forks source link

Updating `web.AppServicePlan` causes changes in `web.WebApp().outboundIpAddresses` but the change isn't captured #3521

Closed aureq closed 1 month ago

aureq commented 1 month ago

What happened?

When I deploy the Pulumi app below, everything works as expected during the 1st deployment and the stack output outboundIpAddresses shows the same value as the Azure portal ✔.

However, if I update the web.AppServicePlan and I set a new sku (as commented), this causes the WebApp outbound IP Addresses to change on the Azure portal ⁉ but Pulumi doesn't notice any changes ⁉.

While I understand there's no changes made to the WebApp so that could explain why the new Outbound IP addresses aren't captured, I'm wondering if:

  1. This is the expected behavior
  2. If Pulumi should implement a workaround/fix for this

Example

Steps to reproduce:

  1. Deploy the app below
  2. Go to the Azure portal and take note of the Outbound IP addresses
  3. Comment/Uncomment the sku in the AppServicePlan resource
  4. Deploy the updated app
  5. Go to the Azure Portal and compare the new Outbound IP addresses with the ones noted before
  6. The stack output hasn't change despite new IP addresses shown in the portal
import * as pulumi from "@pulumi/pulumi";
import * as resources from "@pulumi/azure-native/resources";
import * as web from "@pulumi/azure-native/web/v20231201";

export = async () => {
    const resourceGroup = new resources.ResourceGroup("resourceGroup");

    const plan = new web.AppServicePlan("appServicePlan", {
        resourceGroupName: resourceGroup.name,
        kind: "app,linux", // https://github.com/Azure/app-service-linux-docs/blob/master/Things_You_Should_Know/kind_property.md
        // sku: {
        //     tier: "Basic",
        //     name: "B1",
        //     capacity: 1,
        // },
        sku: {
            tier: "Premium",
            name: "P2V3",
            capacity: 1,
        }
    }, {
        parent: resourceGroup,
    });

    const app = new web.WebApp("webApp", {
        resourceGroupName: resourceGroup.name,
        serverFarmId: plan.id,
        siteConfig: {
            use32BitWorkerProcess: false,
            netFrameworkVersion: "v8.0",
            appSettings: [
                { name: "FUNCTIONS_WORKER_RUNTIME", value: "dotnet" },
                { name: "WEBSITE_RUN_FROM_PACKAGE", value: "0" }

            ]
        },
        // httpsOnly: false,
    }, {
        parent: resourceGroup
    });

    return {
        "outboundIpAddresses": app.outboundIpAddresses,
        "possibleOutboundIpAddresses": app.possibleOutboundIpAddresses,
    }
}

Output of pulumi about

CLI          
Version      3.129.0
Go Version   go1.22.6
Go Compiler  gc

Plugins
KIND      NAME          VERSION
resource  azure-native  2.56.0
language  nodejs        unknown

Host     
OS       debian
Version  12.6
Arch     x86_64

This project is written in nodejs: executable='/usr/local/bin/node' version='v20.16.0'

Current Stack: menfin/zendesk/5534

TYPE                                       URN
pulumi:pulumi:Stack                        urn:pulumi:5534::zendesk::pulumi:pulumi:Stack::zendesk-5534
pulumi:providers:azure-native              urn:pulumi:5534::zendesk::pulumi:providers:azure-native::default_2_56_0
azure-native:resources:ResourceGroup       urn:pulumi:5534::zendesk::azure-native:resources:ResourceGroup::resourceGroup
azure-native:web/v20231201:AppServicePlan  urn:pulumi:5534::zendesk::azure-native:resources:ResourceGroup$azure-native:web/v20231201:AppServicePlan::appServicePlan
azure-native:web/v20231201:WebApp          urn:pulumi:5534::zendesk::azure-native:resources:ResourceGroup$azure-native:web/v20231201:WebApp::webApp

Found no pending operations associated with 5534

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/aureq
User           aureq
Organizations  aureq, team-ce, menfin, menfin-team, demo
Token type     personal

Dependencies:
NAME                  VERSION
@pulumi/pulumi        3.129.0
@types/node           18.19.44
typescript            5.5.4
@pulumi/azure-native  2.56.0

Pulumi locates its logs in /tmp by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

aureq commented 1 month ago

As a workaround for the example above, it's possible to add replaceOnChanges: ["*"] as a resource option for the AppServicePlan resource. The plan ID will change causing an update on the WebApp resource and the stack output will be updated accordingly.

danielrbradley commented 1 month ago

While I understand there's no changes made to the WebApp so that could explain why the new Outbound IP addresses aren't captured, I'm wondering if:

  1. This is the expected behavior
  2. If Pulumi should implement a workaround/fix for this

Yes this is expected behaviour as Pulumi doesn't have any knowledge of how updating one resource will trigger a change in the other resource.

If you perform a refresh after the deployment, it will show no change in the console output (because no inputs are changing), but the resource outputs do have the the updated outboundIpAddresses. In order to show the update in the stack outputs, a deployment must run. The stack outputs won't be shown on the preview, but they will on the proper run:

pulumi up

Previewing update (daniel-pulumi-corp/dev)

     Type                 Name         Plan     
     pulumi:pulumi:Stack  scratch-dev           

Resources:
    4 unchanged

Do you want to perform this update? yes
Updating (daniel-pulumi-corp/dev)

     Type                 Name         Status     
     pulumi:pulumi:Stack  scratch-dev             

Outputs:
  ~ outboundIpAddresses        : "4.158.72.153,4.158.74.126,4.158.74.144,4.158.74.160,4.158.74.191,4.158.74.205,20.90.134.38" => "4.158.72.45,4.158.73.198,4.158.73.246,4.158.74.35,4.158.74.43,4.158.74.52,4.158.75.19,4.158.73.118,4.158.74.23,4.158.75.20,4.158.75.45,4.158.75.49,4.158.75.57,4.158.75.75,4.158.75.81,4.158.75.88,4.158.75.95,4.158.75.102,20.90.134.38"
    possibleOutboundIpAddresses: "4.158.72.45,4.158.73.198,4.158.73.246,4.158.74.35,4.158.74.43,4.158.74.52,4.158.75.19,4.158.73.118,4.158.74.23,4.158.75.20,4.158.75.45,4.158.75.49,4.158.75.57,4.158.75.75,4.158.75.81,4.158.75.88,4.158.75.95,4.158.75.102,4.158.74.79,4.158.74.89,4.158.74.91,4.158.73.236,4.158.74.122,4.158.74.124,4.158.72.153,4.158.74.126,4.158.74.144,4.158.74.160,4.158.74.191,4.158.74.205,4.158.74.217,4.158.74.228,4.158.74.239,4.158.74.253,4.158.74.254,4.158.75.17,4.158.75.19,4.158.73.118,4.158.74.23,4.158.75.20,4.158.75.45,4.158.75.49,4.158.75.57,4.158.75.75,4.158.75.81,4.158.75.88,4.158.75.95,4.158.75.102,4.158.75.116,4.158.75.121,4.158.75.122,4.158.75.125,4.158.75.126,4.158.75.155,20.90.134.38"

Resources:
    4 unchanged

Duration: 3s