pulumi-aws icon indicating copy to clipboard operation
pulumi-aws copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Enable zero default schema version in AWS

Open VenelinMartinov opened this issue 1 year ago • 3 comments

Roll out https://github.com/pulumi/pulumi-terraform-bridge/pull/2081 to AWS.

Part of https://github.com/pulumi/pulumi-terraform-bridge/issues/2133

VenelinMartinov avatar Oct 16 '24 15:10 VenelinMartinov

Does the PR have any schema changes?

Looking good! No breaking changes found. No new resources/functions.

Maintainer note: consult the runbook for dealing with any breaking changes.

github-actions[bot] avatar Oct 16 '24 15:10 github-actions[bot]

I know this has been taken through many providers for soaking, but I am still slightly worried that this fix extends the reach of https://github.com/pulumi/pulumi-terraform-bridge/issues/1667 related bugs. Does it fix some known issues in AWS or we just take it on preemptively? I'd be a lot more comfortable fixing 1667 first and then shipping this, but if it fixes known issues that'd be good reason to maybe rush it.

t0yv0 avatar Oct 16 '24 20:10 t0yv0

@flostadler for a second opinion.

t0yv0 avatar Oct 16 '24 21:10 t0yv0

@VenelinMartinov I wonder if we could opt-in specific resources only? That way the blast radius would of possible issues would be very limited.

I initially wondered whether it fixes issues like this: https://github.com/pulumi/pulumi-aws/commit/3ff4fa4ddc54bcef6d043e7c62e0e881c6ecdaa5#diff-34c57e622183cb0d8dd0d3f9eaa0861b3340120e9b2ad811bac7ac7be4cea4b1R2195-R2206 But turns out that one is caused by https://github.com/pulumi/pulumi-terraform-bridge/issues/1667 as well.

I agree with @t0yv0 that this could potentially open up more issues around https://github.com/pulumi/pulumi-terraform-bridge/issues/1667. What I'm not sure about is what's worse, not running the migration or running it with distorted state. Both are wrong, but IMO doing the following has the least potential for disruption:

  • Only opt in specific resources for ZeroDefaultSchemaVersion that need it. If we're not aware of any then we could just leave it disabled.
  • Fix https://github.com/pulumi/pulumi-terraform-bridge/issues/1667
  • Enable ZeroDefaultSchemaVersion for all resources

flostadler avatar Oct 28 '24 14:10 flostadler

What I'm not sure about is what's worse, not running the migration or running it with distorted state

I think you've nailed the question here. Happy to go with either. I am not aware of any resources which needs this but also all other providers have this enabled by default and we have not had any issues with it.

VenelinMartinov avatar Oct 28 '24 14:10 VenelinMartinov

Closing until https://github.com/pulumi/pulumi-terraform-bridge/issues/1667 is fixed to revisit then or else when we have evidence of issues needing this, to roll out on per-resource basis.

t0yv0 avatar Oct 28 '24 15:10 t0yv0