Closed anitalySuper closed 6 days ago
Hey @anitalySuper, thanks for reporting the issue here and sorry you had trouble with this.
We'll have a look as soon as possible.
As a workaround, is the issue fixed by refresh / running pulumi up again?
Hi @VenelinMartinov running with refresh produces the same issue. I haven't attempted to run pulumi up given that pulumi preview is suggesting it is going to revoke a privilege I need to retain.
Confirmed this reproes with the following program:
This does not repro in TF, so it seems like a bridge bug related to sets
~I just went to apply the change and it seems the bug only affects preview:~
~preview:~
~ privileges: [
- [0]: "CREATE EXTERNAL TABLE"
- [1]: "CREATE TABLE"
- [2]: "CREATE VIEW"
- [3]: "CREATE TEMPORARY TABLE"
- [4]: "USAGE"
]
~but running pulumi up produces:~
~ privileges: [
~ [0]: "CREATE EXTERNAL TABLE" => "USAGE"
- [1]: "CREATE TABLE"
- [2]: "CREATE VIEW"
- [3]: "CREATE TEMPORARY TABLE"
- [4]: "USAGE"
]
I can no longer repro the correct diff above but I certainly got that once.
Ok, this seems to be an issue with the way we present diffs in the CLI.
For any user experiencing this, it should be safe to ignore the diff here while we get it fixed. I've verified that the state after running pulumi up
is correct and the privilege is retained as expected.
For maintainers, here is the GRPC call:
@iwahbe noticed the repeated entry in diffs
and it does indeed seem to be the culprit here - I've manually hacked the code to verify that having a single entry there yields the correct result.
This seems to both be an issue in the bridge (we return multiple entries there) and in the engine, which seems to misinterpret the repeated entries in some way.
Raised https://github.com/pulumi/pulumi-terraform-bridge/issues/2103 for the bridge bug
Raised https://github.com/pulumi/pulumi/issues/16466 for the pu/pu bug
Describe what happened
Revoking privileges on a schema, while keeping 1 privilege that is currently granted. When running pulumi preview after the code change, output states all privileges will be revoked.
Sample program
I have a pulumi.yaml file with the following resource:
I then remove 5 of the privileges (CREATE EXTERNAL TABLE, CREATE TABLE, CREATE VIEW, CREATE TEMPORARY TABLE, CREATE MATERIALIZED VIEW)
Then I run
pulumi preview --stack prod --diff --refresh=false
.Preview says all privileges will be revoked.
Log output
Affected Resource(s)
snowflake:GrantPrivilegesToAccountRole
Output of
pulumi about
CLI
Version 3.119.0 Go Version go1.22.3 Go Compiler gc
Plugins KIND NAME VERSION resource snowflake unknown language yaml unknown
Host
OS ubuntu Version 22.04 Arch x86_64
This project is written in yaml
Backend
Name coder-anitaly-coder-dev URL file:///workspace/snowflake-infra/infrastructure User coder Organizations
Token type personal
No dependencies found
Pulumi locates its logs in /tmp by default warning: Failed to get information about the current stack: No current stack
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).