pulumi-aws
pulumi-aws copied to clipboard
`s3.BucketObjectArgs.sourceHash` doesn't work as expected
Hello!
- Vote on this issue by adding a 👍 reaction
- To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)
Issue details
As I can't provide entirely deterministic zip files I want to control the hash and in turn control when objects get updated. In the documentation there is etag
and sourceHash
(I opted for the latter due to encryption requirements elsewhere and wanting consistency).
This does not seem to work.
Steps to reproduce
- Create an object with
sourceHash: 'a'
, reference a newly created.zip
usingFileArchive
. -
pulumi up
- Delete and re-create a
.zip
with different contents (simulating the non-determinism im working around) -
pulumi up
- Notice how, even though controlling with documented
sourceHash
, it shows a modification forsource
and uploads the new zip.
Even more weirdly, when I add source
to the ignoreChanges
option, the diff shows the result I would expect (no change on source
but a change to sourceHash
. However when this executes it does not seem to upload the new .zip
.
const artifactsBucket = new aws.s3.Bucket(
resourceName('artifacts', service),
{
acl: 'private',
versioning: { enabled: true },
loggings: [
{
targetBucket: stack.logBucket.id,
targetPrefix: 'log/' + service.name + '/artifacts/',
},
],
forceDestroy: config.safe,
},
{ parent: this }
)
const projectArchive = new pulumi.asset.FileArchive(
getProjectPath(service.ctx, 'dist/pkg/project.zip')
)
const projectArtifact = new aws.s3.BucketObject(
resourceName('artifact', service),
{
bucket: artifactsBucket.id,
key: 'artifacts/latest/project.zip',
sourceHash: projectMeta.hash,
source: projectArchive,
acl: 'private',
storageClass: 'ONEZONE_IA',
},
{ parent: this, ignoreChanges: ['etag', 'source'] }
)
Expected: I can control when objects are updated using a deterministic sourceHash
Actual: sourceHash
is ignored
Ah.
Looking at the source code of TranslateAsset
there's a suspicious TODO
which also links back to a 4/5 year old change 🙃
// TODO[pulumi/pulumi#153]: support HashField.
https://github.com/pulumi/pulumi-terraform-bridge/blob/30ae8ae5cc2d2f5987854984243c74ace4ccc952/pkg/tfbridge/assets.go#L130
The referenced issue is now closed so this might just be a left-over comment. To clarify your use-case; are you wanting to ignore the hash from the FileArchive and provide your own instead?
That is indeed the use case. Exactly the same behaviour as in terraform and as is pulled through to the pulumi docs.
Any chance of an update on support for this documented feature?