pulumi-aws
pulumi-aws copied to clipboard
Published
20 hours ago •
pulumi
pulumi
Received diff update for created waf resources
What happened?
I tried to create a waf with rate limit rule,
The waf and waf group resources created but when I run pulumi up I always get diff update for it.
Example
Here is the source code to reproduce it:
Info:
import pulumi
import pulumi_aws
def create_rate_limit_rule(
deploy_name_prefix,
):
"""
:param deploy_name_prefix:
:return:
"""
rate_based_rule = pulumi_aws.wafv2.RuleGroup(
f'waf-rule-group{deploy_name_prefix}',
capacity=100,
scope="REGIONAL",
rules=[
pulumi_aws.wafv2.RuleGroupRuleArgs(
name=f'waf-rule-group-arg{deploy_name_prefix}',
priority=1,
action=pulumi_aws.wafv2.RuleGroupRuleActionArgs(
count=pulumi_aws.wafv2.RuleGroupRuleActionCountArgs()
),
statement=pulumi_aws.wafv2.RuleGroupRuleStatementArgs(
rate_based_statement=pulumi_aws.wafv2.RuleGroupRuleStatementRateBasedStatementArgs(
aggregate_key_type="IP",
limit=100,
),
),
visibility_config=pulumi_aws.wafv2.RuleGroupRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=True,
metric_name=f'WafRbr{deploy_name_prefix.title()}Metric'.replace('-', ''),
sampled_requests_enabled=True,
),
)
],
visibility_config=pulumi_aws.wafv2.RuleGroupVisibilityConfigArgs(
cloudwatch_metrics_enabled=True,
metric_name=f'WafRbr{deploy_name_prefix.title()}GroupMetric'.replace('-', ''),
sampled_requests_enabled=True,
)
)
return rate_based_rule
def create_waf(
deploy_name_prefix,
):
"""
:param deploy_name_prefix:
:return:
"""
rate_based_rule = create_rate_limit_rule(
deploy_name_prefix=deploy_name_prefix
)
rules = [
pulumi_aws.wafv2.WebAclRuleArgs(
name=f'WebAclRuleArg{deploy_name_prefix}',
priority=1,
statement=pulumi_aws.wafv2.WebAclRuleStatementArgs(
rule_group_reference_statement=pulumi_aws.wafv2.WebAclRuleStatementRuleGroupReferenceStatementArgs(
arn=rate_based_rule.arn,
),
),
visibility_config=pulumi_aws.wafv2.WebAclRuleVisibilityConfigArgs(
cloudwatch_metrics_enabled=True,
metric_name=f'WebAclRuleArgMetric{deploy_name_prefix.title()}'.replace('-', ''),
sampled_requests_enabled=True,
),
override_action=pulumi_aws.wafv2.WebAclRuleOverrideActionArgs(
count=pulumi_aws.wafv2.WebAclRuleOverrideActionCountArgs(),
),
),
]
name = f'waf{deploy_name_prefix}'
web_acl = pulumi_aws.wafv2.WebAcl(
name,
description=name,
scope="REGIONAL",
default_action=pulumi_aws.wafv2.WebAclDefaultActionArgs(
allow=pulumi_aws.wafv2.WebAclDefaultActionAllowArgs()
),
visibility_config=pulumi_aws.wafv2.WebAclVisibilityConfigArgs(
cloudwatch_metrics_enabled=True,
metric_name=f'WebAclVisibilityArgMetric{deploy_name_prefix.title()}'.replace('-', ''),
sampled_requests_enabled=True,
),
rules=rules,
tags={
"Name": name,
},
)
pulumi.export("web_acl_arn", web_acl.arn)
return web_acl
Info
$ pulumi up
Previewing update (pr):
Type Name Plan Info
pulumi:pulumi:Stack devops-pr 2 warnings; 217 messages
~ ├─ aws:wafv2:RuleGroup waf-rule-group-pr update [diff: ~rules]
~ └─ aws:wafv2:WebAcl waf-pr update [diff: ~rules]
Output of pulumi about
pulumi about
CLI
Version 3.101.1
Go Version go1.21.5
Go Compiler gc
Plugins
NAME VERSION
aws 5.43.0
aws-native 0.73.0
awsx 1.0.2
cloudflare 5.5.0
docker 3.6.1
eks 1.0.4
kubernetes 3.30.2
python unknown
Host
OS ubuntu
Version 22.04
Arch x86_64
This project is written in python: executable='/usr/bin/python3' version='3.10.12'
Current Stack: organization/devops/pr
TYPE URN
pulumi:providers:aws urn:pulumi:pr::devops::pulumi:providers:aws::default
pulumi:pulumi:Stack urn:pulumi:pr::devops::pulumi:pulumi:Stack::devops-pr
pulumi:providers:aws urn:pulumi:pr::devops::pulumi:providers:aws::default_5_43_0
aws:ec2/eip:Eip urn:pulumi:pr::devops::aws:ec2/eip:Eip::eip-1-pr
aws:ec2/eip:Eip urn:pulumi:pr::devops::aws:ec2/eip:Eip::eip-0-pr
aws:ec2/eip:Eip urn:pulumi:pr::devops::aws:ec2/eip:Eip::eip-2-pr
aws:acm/certificate:Certificate urn:pulumi:pr::devops::aws:acm/certificate:Certificate::cert
pulumi:providers:cloudflare urn:pulumi:pr::devops::pulumi:providers:cloudflare::default_5_5_0
pulumi:providers:awsx urn:pulumi:pr::devops::pulumi:providers:awsx::default_1_0_2
cloudflare:index/record:Record urn:pulumi:pr::devops::cloudflare:index/record:Record::rec-_604c4d1f97f17eac56f81160301f7401.idmelon.com.
aws:wafv2/ruleGroup:RuleGroup urn:pulumi:pr::devops::aws:wafv2/ruleGroup:RuleGroup::waf-rule-group-pr
awsx:ec2:Vpc urn:pulumi:pr::devops::awsx:ec2:Vpc::vpc-pr
pulumi:providers:aws urn:pulumi:pr::devops::pulumi:providers:aws::default_5_16_2
aws:ec2/vpc:Vpc urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::vpc-pr
aws:ec2/subnet:Subnet urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-public-3
aws:ec2/subnet:Subnet urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-private-1
aws:ec2/subnet:Subnet urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-public-2
aws:ec2/internetGateway:InternetGateway urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::vpc-pr
aws:ec2/subnet:Subnet urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-private-3
aws:ec2/subnet:Subnet urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-public-1
aws:ec2/subnet:Subnet urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::vpc-pr-private-2
aws:ec2/natGateway:NatGateway urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::vpc-pr-3
aws:ec2/routeTable:RouteTable urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-public-3
aws:ec2/routeTable:RouteTable urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-private-1
aws:ec2/natGateway:NatGateway urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::vpc-pr-2
aws:ec2/routeTable:RouteTable urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-public-2
aws:ec2/routeTable:RouteTable urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-private-3
aws:ec2/natGateway:NatGateway urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::vpc-pr-1
aws:ec2/routeTable:RouteTable urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-public-1
aws:ec2/routeTable:RouteTable urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::vpc-pr-private-2
aws:ec2/routeTableAssociation:RouteTableAssociation urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-public-3
aws:ec2/route:Route urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-public-3
aws:ec2/routeTableAssociation:RouteTableAssociation urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-private-1
aws:ec2/routeTableAssociation:RouteTableAssociation urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-public-2
aws:ec2/route:Route urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-public-2
aws:ec2/route:Route urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-private-3
aws:ec2/routeTableAssociation:RouteTableAssociation urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-private-3
aws:ec2/route:Route urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-private-1
aws:ec2/routeTableAssociation:RouteTableAssociation urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-public-1
aws:ec2/route:Route urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-public-1
aws:ec2/routeTableAssociation:RouteTableAssociation urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::vpc-pr-private-2
aws:ec2/route:Route urn:pulumi:pr::devops::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::vpc-pr-private-2
pulumi:providers:pulumi urn:pulumi:pr::devops::pulumi:providers:pulumi::default
aws:ec2/securityGroup:SecurityGroup urn:pulumi:pr::devops::aws:ec2/securityGroup:SecurityGroup::security-group-elastic_cache-pr
aws:ec2/securityGroup:SecurityGroup urn:pulumi:pr::devops::aws:ec2/securityGroup:SecurityGroup::security-group-rds-pr
aws:wafv2/webAcl:WebAcl urn:pulumi:pr::devops::aws:wafv2/webAcl:WebAcl::waf-pr
pulumi:providers:eks urn:pulumi:pr::devops::pulumi:providers:eks::default_1_0_4
aws:elasticache/subnetGroup:SubnetGroup urn:pulumi:pr::devops::aws:elasticache/subnetGroup:SubnetGroup::subnet-group-elastic-cache-pr
aws:rds/subnetGroup:SubnetGroup urn:pulumi:pr::devops::aws:rds/subnetGroup:SubnetGroup::subnet-group-rds-pr
aws:elasticache/cluster:Cluster urn:pulumi:pr::devops::aws:elasticache/cluster:Cluster::redis-pr
aws:rds/instance:Instance urn:pulumi:pr::devops::aws:rds/instance:Instance::db-pr
pulumi:providers:kubernetes urn:pulumi:pr::devops::pulumi:providers:kubernetes::default_3_30_2
kubernetes:core/v1:Namespace urn:pulumi:pr::devops::kubernetes:core/v1:Namespace::amazon-cloudwatch-pr
kubernetes:core/v1:ConfigMap urn:pulumi:pr::devops::kubernetes:core/v1:ConfigMap::fluent-bit-cluster-info-pr
kubernetes:core/v1:ServiceAccount urn:pulumi:pr::devops::kubernetes:core/v1:ServiceAccount::fluent-bit-pr
kubernetes:core/v1:ConfigMap urn:pulumi:pr::devops::kubernetes:core/v1:ConfigMap::fluent-bit-config-pr
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole urn:pulumi:pr::devops::kubernetes:rbac.authorization.k8s.io/v1:ClusterRole::fluent-bit-role-pr
kubernetes:apps/v1:DaemonSet urn:pulumi:pr::devops::kubernetes:apps/v1:DaemonSet::fluent-bit-pr
pulumi:providers:aws urn:pulumi:pr::devops::pulumi:providers:aws::default_5_31_0
eks:index:Cluster urn:pulumi:pr::devops::eks:index:Cluster::cluster-pr
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding urn:pulumi:pr::devops::kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding::fluent-bit-role-binding-pr
eks:index:ServiceRole urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole::cluster-pr-instanceRole
eks:index:ServiceRole urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole::cluster-pr-eksRole
pulumi:providers:eks urn:pulumi:pr::devops::pulumi:providers:eks::default
aws:ec2/securityGroup:SecurityGroup urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-pr-eksClusterSecurityGroup
aws:iam/role:Role urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::cluster-pr-instanceRole-role
eks:index:RandomSuffix urn:pulumi:pr::devops::eks:index:Cluster$eks:index:RandomSuffix::cluster-pr-cfnStackName
aws:iam/role:Role urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::cluster-pr-eksRole-role
aws:ec2/securityGroupRule:SecurityGroupRule urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksClusterInternetEgressRule
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-instanceRole-3eb088f2
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-instanceRole-03516f97
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-instanceRole-e1b295bd
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:pr::devops::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::cluster-pr-eksRole-4b490823
aws:iam/instanceProfile:InstanceProfile urn:pulumi:pr::devops::eks:index:Cluster$aws:iam/instanceProfile:InstanceProfile::cluster-pr-instanceProfile
aws:eks/cluster:Cluster urn:pulumi:pr::devops::eks:index:Cluster$aws:eks/cluster:Cluster::cluster-pr-eksCluster
aws:ec2/securityGroup:SecurityGroup urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::cluster-pr-nodeSecurityGroup
aws:iam/openIdConnectProvider:OpenIdConnectProvider urn:pulumi:pr::devops::eks:index:Cluster$aws:iam/openIdConnectProvider:OpenIdConnectProvider::cluster-pr-oidcProvider
aws:ec2/securityGroupRule:SecurityGroupRule urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksNodeInternetEgressRule
aws:ec2/securityGroupRule:SecurityGroupRule urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksNodeIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksExtApiServerClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::cluster-pr-eksNodeClusterIngressRule
eks:index:VpcCni urn:pulumi:pr::devops::eks:index:Cluster$eks:index:VpcCni::cluster-pr-vpc-cni
pulumi:providers:kubernetes urn:pulumi:pr::devops::eks:index:Cluster$pulumi:providers:kubernetes::cluster-pr-eks-k8s
aws:ec2/launchConfiguration:LaunchConfiguration urn:pulumi:pr::devops::eks:index:Cluster$aws:ec2/launchConfiguration:LaunchConfiguration::cluster-pr-nodeLaunchConfiguration
kubernetes:core/v1:ConfigMap urn:pulumi:pr::devops::eks:index:Cluster$kubernetes:core/v1:ConfigMap::cluster-pr-nodeAccess
aws:cloudformation/stack:Stack urn:pulumi:pr::devops::eks:index:Cluster$aws:cloudformation/stack:Stack::cluster-pr-nodes
pulumi:providers:kubernetes urn:pulumi:pr::devops::eks:index:Cluster$pulumi:providers:kubernetes::cluster-pr-provider
pulumi:providers:kubernetes urn:pulumi:pr::devops::pulumi:providers:kubernetes::eks-provider-pr
aws:iam/role:Role urn:pulumi:pr::devops::aws:iam/role:Role::fluent-bit-cloud-watch-role-pr
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::payment
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::billing
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::skm
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::panel
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::login
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::idmp
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::domain-ownership-verify
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::notify
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::passkey
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::utility
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::hybrid-transport-passkey
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::sso
kubernetes:core/v1:Namespace urn:pulumi:pr::devops::pulumi:providers:kubernetes$kubernetes:core/v1:Namespace::apps-pr
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:pr::devops::aws:iam/rolePolicyAttachment:RolePolicyAttachment::fluent-bit-cloud-watch-role-policy-attachment-pr
kubernetes:core/v1:Service urn:pulumi:pr::devops::kubernetes:core/v1:Service::auto-obr
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::payment-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::payment-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::billing-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::panel-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::passkey-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::idmp-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::skm-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::notify-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::notify-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::domain-ownership-verify-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::skm-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::billing-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::hybrid-transport-passkey-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::login-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::utility-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::auto-obr-web
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::utility-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::sso-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::auto-obr-task
kubernetes:apps/v1:Deployment urn:pulumi:pr::devops::kubernetes:apps/v1:Deployment::sso-web
kubernetes:helm.sh/v3:Release urn:pulumi:pr::devops::pulumi:providers:kubernetes$kubernetes:core/v1:Namespace$kubernetes:helm.sh/v3:Release::external-dns-pr
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-login-web
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-idmp-web
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-hybrid-transport-passkey-web
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-skm-web
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-panel-web
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-notify-web
aws:iam/role:Role urn:pulumi:pr::devops::aws:iam/role:Role::aws-loadbalancer-controller-role-pr
kubernetes:networking.k8s.io/v1:Ingress urn:pulumi:pr::devops::kubernetes:networking.k8s.io/v1:Ingress::ingress-sso-web
aws:iam/policy:Policy urn:pulumi:pr::devops::aws:iam/role:Role$aws:iam/policy:Policy::aws-loadbalancer-controller-policy-pr
kubernetes:core/v1:ServiceAccount urn:pulumi:pr::devops::kubernetes:core/v1:ServiceAccount::aws-lb-controller-sa-pr
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:pr::devops::aws:iam/role:Role$aws:iam/rolePolicyAttachment:RolePolicyAttachment::aws-loadbalancer-controller-attachment-pr
kubernetes:helm.sh/v3:Release urn:pulumi:pr::devops::pulumi:providers:kubernetes$kubernetes:core/v1:Namespace$kubernetes:helm.sh/v3:Release::lb-pr
Found no pending operations associated with pr
Backend
Name or
URL file://~
User or
Organizations
Token type personal
Dependencies:
NAME VERSION
cryptography 41.0.1
pip 23.3.2
pulumi-aws-native 0.73.0
pulumi-awsx 1.0.2
pulumi-cloudflare 5.5.0
pulumi-eks 1.0.4
setuptools 69.0.3
wheel 0.42.0
Pulumi locates its logs in /tmp by default
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Hi @omidraha. Thanks for opening an issue. We're sorry to hear about this. To help us diagnose the problem, can you please post the output of pulumi about in the issue. In this case, we want to know the version of pulumi and the version of pulumi-aws that you are using so we can reproduce the bug on our machines.
Apologies, this is still a problem. Adding some technical notes here
Still reproduces after all the fixes:
~ rules: [
~ [0]: {
~ action : {
+ __defaults: []
~ count : {
+ __defaults: []
}
}
~ name : "waf-rule-group-argfoo" => "waf-rule-group-argfoo"
~ priority : 1 => 1
~ statement : {
+ __defaults : []
~ rateBasedStatement: {
+ __defaults : [
+ [0]: "evaluationWindowSec"
]
aggregateKeyType : "IP"
- customKeys : []
evaluationWindowSec: 300
limit : 100
}
}
~ visibilityConfig: {
+ __defaults : []
cloudwatchMetricsEnabled: true
metricName : "WafRbrFooMetric"
sampledRequestsEnabled : true
}
}
]
The problem is that - customKeys : [] is cycling between empty list and nil/missing. This is compounded by getting confused about the set element identity and improper set diff display.
Superficially looks very similar to https://github.com/pulumi/pulumi-terraform-bridge/pull/1917 so possibly the same root cause and same work-around apply.
