search

pulumi / pulumi-cloudflare

Pulumi's Cloudflare package, providing multi-language infrastructure as code for Cloudflare
Apache License 2.0
103 stars 13 forks source link

Ruleset always shows 'updated' even with no changes #939

Open invertedtomato opened 4 hours ago

invertedtomato commented 4 hours ago

Describe what happened

Whenever uping the stack, the ruleset always shows as "update", even when no changes have been made.

Previewing update (stage):
     Type                              Name            Plan       
     pulumi:pulumi:Stack               universe-stage             
 ~   ├─ cloudflare:index:Ruleset       administration  update     <=== Here

When looking at "details" no changes are shown.

    ~ cloudflare:index/ruleset:Ruleset: (update)
        [id=c905279a280d416296faa704bb8eab76]
        [urn=urn:pulumi:stage::universe::cloudflare:index/ruleset:Ruleset::administration]
        [provider=urn:pulumi:stage::universe::pulumi:providers:cloudflare::default_5_40_1::9db241e6-38b9-4db7-af0c-5c66ef8f8b1f]
        kind  : "zone"
        name  : "Administration"
        phase : "http_request_firewall_custom"
        rules : [
            [0]: {
                action          : "skip"
                actionParameters: {
                    phases: [
                        [0]: "http_ratelimit"
                    ]
                }
                description     : "Allow all administration access"
                enabled         : true
                expression      : "ip.src in {**REMOVED**}"
            }
        ]
        zoneId: "578ad30a56eaa290219e099a1aa2a6fb"

This is largely cosmetic but does tax my ups by a few seconds

Sample program

Following is the exact rule I'm creating:

 var adminRuleset = new Cloudflare.Ruleset("administration", new() 
  {
    ZoneId = zoneId,
    Name = "Administration",
    Kind = "zone",
    Phase = "http_request_firewall_custom",
    Rules = new List<Cloudflare.Inputs.RulesetRuleArgs>
    {
      new()
      {
        Description = "Allow all administration access",
        Enabled = true,
        Expression = $"ip.src in {{{string.Join(" ", Configuration.Service.AdministrationIps)}}}",
        Action = "skip",
        ActionParameters = new Cloudflare.Inputs.RulesetRuleActionParametersArgs
        {
          Phases = ["http_ratelimit"],
        }
      }
    }
  });

Log output

No response

Affected Resource(s)

No response

Output of pulumi about

CLI          
Version      3.136.1
Go Version   go1.23.2
Go Compiler  gc

Host     
OS       darwin
Version  14.6.1
Arch     arm64

Pulumi locates its logs in /var/folders/wv/9mvwjbd10lzcj_395n42f53r0000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

invertedtomato commented 4 hours ago

This may be identical to https://github.com/pulumi/pulumi-cloudflare/issues/630