search

pulumi / pulumi-digitalocean

A DigitalOcean Pulumi resource package, providing multi-language access to DigitalOcean
Apache License 2.0
83 stars 13 forks source link

Permanent diff on digitalocean.App envs #624

Open t0yv0 opened 7 months ago

t0yv0 commented 7 months ago

What happened?

User reports unexpected cycling and permanent diffs around the digitalocean.App envs fields.

Example

import * as digitalocean from "@pulumi/digitalocean";
import * as pulumi from "@pulumi/pulumi";

const config = new pulumi.Config();
const imageTag = process.env.IMAGE_TAG;
if (imageTag === undefined) {
  throw new Error("Environement variable IMAGE_TAG is missing!");
}

new digitalocean.Vpc("slack-entry-vpc", {
  name: "default-ams3",
  region: "ams3",
  ipRange: "10.110.0.0/20",
});

const databaseCluster = new digitalocean.DatabaseCluster(
  "slack-entry-db-cluster",
  {
    name: "slack-entry",
    engine: "pg",
    nodeCount: 1,
    region: "ams3",
    size: "db-s-1vcpu-1gb",
    version: "16",
    storageSizeMib: "10240",
  },
);

const database = new digitalocean.DatabaseDb("slack-entry-db", {
  name: "slack-entry",
  clusterId: databaseCluster.id,
});

const databaseUser = new digitalocean.DatabaseUser("slack-entry-db-user", {
  name: "app",
  clusterId: databaseCluster.id,
});

const databaseUrl = pulumi
  .all([
    databaseCluster.host,
    databaseCluster.port,
    databaseUser.name,
    databaseUser.password,
    database.name,
  ])
  .apply(([host, port, user, password, name]) => {
    const url = new URL(`postgresql://${host}`);
    url.port = port.toString();
    url.username = user;
    url.password = password;
    url.pathname = name;
    url.searchParams.append("sslmode", "require");
    return url.toString();
  });

new digitalocean.ContainerRegistry("slack-entry-registry", {
  name: "slack-entry",
  region: "ams3",
  subscriptionTierSlug: "basic",
});

const app = new digitalocean.App("slack-entry-app", {
  spec: {
    name: "slack-entry",
    alerts: [
      { disabled: false, rule: "DEPLOYMENT_FAILED" },
      { disabled: false, rule: "DOMAIN_FAILED" },
    ],
    databases: [
      {
        engine: "PG",
        name: database.name,
        production: true,
        clusterName: databaseCluster.name,
      },
    ],
    ingress: {
      rules: [
        {
          component: { name: "app", preservePathPrefix: false, rewrite: "" },
          match: { path: { prefix: "/" } },
        },
      ],
    },
    region: "ams",
    services: [
      {
        name: "app",
        alerts: [],
        image: {
          registryType: "DOCR",
          repository: "app",
          tag: imageTag,
        },
        instanceSizeSlug: "basic-xxs",
        instanceCount: 1,
        envs: [
          {
            key: "SLACKENTRY_DATABASE_URL",
            value: databaseUrl,
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_BASE_URL",
            value: "${APP_URL}", // eslint-disable-line no-template-curly-in-string
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_AUTH_BASE_URL",
            value: "${APP_URL}", // eslint-disable-line no-template-curly-in-string
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "PRISMA_FIELD_ENCRYPTION_KEY",
            value: config.requireSecret("prismaEncryptionKey"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_APP_ID",
            value: config.require("hubspotAppId"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_CLIENT_ID",
            value: config.require("hubspotClientId"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_CLIENT_SECRET",
            value: config.requireSecret("hubspotClientSecret"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_DEVELOPER_API_KEY",
            value: config.requireSecret("hubspotDeveloperApiKey"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_CLIENT_ID",
            value: config.require("slackClientId"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_CLIENT_SECRET",
            value: config.requireSecret("slackClientSecret"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_SIGNING_SECRET",
            value: config.requireSecret("slackSigningSecret"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_BOT_NAME",
            value: config.require("slackBotName"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_COOKIE_SECRETS",
            value: config.requireSecret("cookieSecrets"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
        ],
      },
    ],
  },
});

new digitalocean.DatabaseFirewall("slack-entry-db-firewall", {
  clusterId: databaseCluster.id,
  rules: [
    {
      type: "app",
      value: app.id,
    },
  ],
});

Output of pulumi about

N/A

Additional context

N/A

Contributing

Vote on this issue by adding a đź‘Ť reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

t0yv0 commented 7 months ago

https://github.com/pulumi/pulumi-terraform-bridge/issues/1417 possibly has other issues in this same category