pulumi-aws icon indicating copy to clipboard operation
pulumi-aws copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Bucket(V1): pulumi refresh does not detect tag changes

Open MitchellGerdisch opened this issue 1 year ago • 1 comments

What happened?

Using aws.s3.Bucket() resource and setting a tag, if I change the tag outside of Pulumi and do a pulumi refresh the change is not detected. Similarly, if I remove the tag outside of pulumi, a refresh does not detect the tag is gone.

Example

  1. pulumi new aws-python
  2. Modify code to add a tags={"mytag": "myvalue"} block to the bucket.
  3. pulumi up
  4. Edit or remove the tag in AWS
  5. pulumi refresh and see that no change is detected.

Output of pulumi about

CLI
Version 3.111.0 Go Version go1.22.1 Go Compiler gc

Plugins NAME VERSION aws 6.27.0 python unknown

Host
OS darwin Version 13.6.3 Arch x86_64

This project is written in python: executable='/Users/mitch/Downloads/fxgt-workshop/test-tag-refresh/venv/bin/python3' version='3.10.11'

Current Stack: MitchGerdisch/test-tag-refresh/dev

TYPE URN pulumi:pulumi:Stack urn:pulumi:dev::test-tag-refresh::pulumi:pulumi:Stack::test-tag-refresh-dev pulumi:providers:aws urn:pulumi:dev::test-tag-refresh::pulumi:providers:aws::default_6_27_0 aws:s3/bucketV2:BucketV2 urn:pulumi:dev::test-tag-refresh::aws:s3/bucketV2:BucketV2::my-bucket

Found no pending operations associated with dev

Backend
Name pulumi.com Token type personal

Dependencies: NAME VERSION pip 24.0 pulumi_aws 6.27.0 setuptools 69.2.0 wheel 0.43.0

Additional context

If I use aws.s3.BucketV2 the refresh works as expected.

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

MitchellGerdisch avatar Mar 21 '24 15:03 MitchellGerdisch

I can confirm this is happening.

Using something like this to delete tags in the CLI:

aws s3api delete-bucket-tagging --bucket my-tf-test-bucket-grr

This works fine for BucketV2, confirmed:

const example = new aws.s3.BucketV2("my-bucket-v2", {
    bucket: "my-tf-test-bucket-grr",
    tags: {
        Name: "My bucket",
        Environment: "Dev",
    },
});

Digging in the code:

Bucket read writes to InContext.TagsOut https://github.com/hashicorp/terraform-provider-aws/blob/master/internal/tags/context.go#L19

Processed by tagsResourceInterceptor maybe? https://github.com/hashicorp/terraform-provider-aws/blob/master/internal/provider/intercept.go#L201

Or maybe by tagsReadFunc? https://github.com/hashicorp/terraform-provider-aws/blob/master/internal/provider/tags_interceptor.go#L106

Since we're maintaining the legacy bucket by patches what likely happened here it stopped receiving the same interceptor treatment as the rest of the resources, so we need to find a way to reintroduce the same treatment.

t0yv0 avatar Apr 24 '24 21:04 t0yv0