pulumi-aws
pulumi-aws copied to clipboard
Published
20 hours ago •
pulumi
pulumi
Cognito UserPool + UserPoolClient does not refresh cleanly
What happened?
Follow up from the fix to #2868 it appears that the test case examples/regress-2868 cannot pass the ProgramTest refresh checks cleanly, that is refreshing the resources creates a non-empty diff, possibly indicating further issues in the bridge.
Example
See examples/regress-2868, remove SkipRefresh.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
export const AppUsersPool = new aws.cognito.UserPool("test-user-pool", {
accountRecoverySetting: {
recoveryMechanisms: [{
name: "verified_email",
priority: 1,
}],
},
autoVerifiedAttributes: ["email"],
mfaConfiguration: "OPTIONAL",
name: "test-user-pool",
passwordPolicy: {
minimumLength: 8,
requireLowercase: true,
requireNumbers: true,
requireSymbols: true,
requireUppercase: true,
temporaryPasswordValidityDays: 300,
},
schemas: [{
attributeDataType: "String",
mutable: true,
name: "name",
required: true,
stringAttributeConstraints: {
maxLength: "2048",
minLength: "0",
},
}],
softwareTokenMfaConfiguration: {
enabled: true,
},
usernameAttributes: ["email"],
usernameConfiguration: {
caseSensitive: false,
},
});
export const testuserpoolclient = new aws.cognito.UserPoolClient("test-userpool-client", {
analyticsConfiguration: undefined,
accessTokenValidity: 60,
enableTokenRevocation: true,
explicitAuthFlows: [
"ALLOW_USER_SRP_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
],
idTokenValidity: 60,
name: "test-userpool-client",
preventUserExistenceErrors: "ENABLED",
readAttributes: [
"given_name",
"email_verified",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"phone_number_verified",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email",
],
tokenValidityUnits: {
accessToken: "minutes",
idToken: "minutes",
},
userPoolId: AppUsersPool.id,
writeAttributes: [
"given_name",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email",
],
});
pulumi up
pulumi refresh
Now:
No resources will be modified as part of this refresh; just your stack's state will be.
details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:repro-this::regress-2868::pulumi:pulumi:Stack::regress-2868-repro-this]
~ aws:cognito/userPoolClient:UserPoolClient: (update)
[id=2100qvra00ocv2rcvpdap4fq4m]
[urn=urn:pulumi:repro-this::regress-2868::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client]
[provider=urn:pulumi:repro-this::regress-2868::pulumi:providers:aws::default_6_32_0::40ca8a13-b7d3-4cef-839d-1eb3e47bc114]
--outputs:--
~ explicitAuthFlows : [
~ [0]: "ALLOW_USER_PASSWORD_AUTH" => "ALLOW_REFRESH_TOKEN_AUTH"
~ [1]: "ALLOW_USER_SRP_AUTH" => "ALLOW_USER_PASSWORD_AUTH"
~ [2]: "ALLOW_REFRESH_TOKEN_AUTH" => "ALLOW_USER_SRP_AUTH"
]
~ readAttributes : [
~ [0]: "zoneinfo" => "address"
~ [1]: "website" => "birthdate"
~ [2]: "email_verified" => "email"
~ [3]: "birthdate" => "email_verified"
~ [4]: "address" => "family_name"
[5]: "gender"
~ [6]: "profile" => "given_name"
~ [7]: "phone_number_verified" => "locale"
~ [8]: "preferred_username" => "middle_name"
~ [9]: "given_name" => "name"
~ [10]: "locale" => "nickname"
~ [11]: "middle_name" => "phone_number"
~ [12]: "picture" => "phone_number_verified"
~ [13]: "updated_at" => "picture"
~ [14]: "name" => "preferred_username"
~ [15]: "nickname" => "profile"
~ [16]: "phone_number" => "updated_at"
~ [17]: "family_name" => "website"
~ [18]: "email" => "zoneinfo"
]
~ writeAttributes : [
~ [0]: "zoneinfo" => "address"
~ [1]: "website" => "birthdate"
~ [2]: "birthdate" => "email"
~ [3]: "address" => "family_name"
[4]: "gender"
~ [5]: "profile" => "given_name"
~ [6]: "preferred_username" => "locale"
~ [7]: "given_name" => "middle_name"
~ [8]: "locale" => "name"
~ [9]: "middle_name" => "nickname"
~ [10]: "picture" => "phone_number"
~ [11]: "updated_at" => "picture"
~ [12]: "name" => "preferred_username"
~ [13]: "nickname" => "profile"
~ [14]: "phone_number" => "updated_at"
~ [15]: "family_name" => "website"
~ [16]: "email" => "zoneinfo"
]
~ aws:cognito/userPool:UserPool: (update)
[id=us-east-1_h9JQKdiu1]
[urn=urn:pulumi:repro-this::regress-2868::aws:cognito/userPool:UserPool::test-user-pool]
[provider=urn:pulumi:repro-this::regress-2868::pulumi:providers:aws::default_6_32_0::40ca8a13-b7d3-4cef-839d-1eb3e47bc114]
--outputs:--
+ aliasAttributes : []
Output of pulumi about
N/A
Additional context
N/A
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
CLI
Version 3.111.1
Go Version go1.22.1
Go Compiler gc
Plugins
NAME VERSION
aws 6.32.0
nodejs unknown
Host
OS darwin
Version 14.4.1
Arch x86_64
This project is written in nodejs: executable='/Users/t0yv0/bin/node' version='v18.18.2'
Current Stack: anton-pulumi-corp/regress-2868/repro-this
TYPE URN
pulumi:pulumi:Stack urn:pulumi:repro-this::regress-2868::pulumi:pulumi:Stack::regress-2868-repro-this
pulumi:providers:aws urn:pulumi:repro-this::regress-2868::pulumi:providers:aws::default_6_32_0
aws:cognito/userPool:UserPool urn:pulumi:repro-this::regress-2868::aws:cognito/userPool:UserPool::test-user-pool
aws:cognito/userPoolClient:UserPoolClient urn:pulumi:repro-this::regress-2868::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client
Found no pending operations associated with repro-this
Backend
Name pulumi.com
URL https://app.pulumi.com/anton-pulumi-corp
User anton-pulumi-corp
Organizations anton-pulumi-corp, moolumi, pulumi
Token type personal
Dependencies:
NAME VERSION
@types/aws-sdk 2.7.0
@types/node 8.10.66
@pulumi/aws 6.32.0
@pulumi/pulumi 3.113.3
Pulumi locates its logs in /var/folders/gk/cchgxh512m72f_dmkcc3d09h0000gp/T/com.apple.shortcuts.mac-helper// by default