pulumi-aws icon indicating copy to clipboard operation
pulumi-aws copied to clipboard

Published 20 hours ago verified publisher icon pulumi

BucketReplicationConfig perpetual differences on refresh

Open joffreychambrin opened this issue 3 years ago • 2 comments

What happened?

Using BucketReplicationConfig leads to perpetual changes after refreshes

Steps to reproduce

Create the following pulumi program :

import pulumi
import pulumi_aws as aws

bucket = aws.s3.Bucket("jcn-test", versioning=aws.s3.BucketVersioningArgs(enabled=True))
destination_bucket = aws.s3.Bucket("jcn-test-destination", versioning=aws.s3.BucketVersioningArgs(enabled=True))
replication_role = aws.iam.Role(
    "replicationRole",
    assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "s3.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
""",
)

replication_bucket_replication_config = aws.s3.BucketReplicationConfig(
    "replicationBucketReplicationConfig",
    role=replication_role.arn,
    bucket=bucket.id,
    rules=[
        aws.s3.BucketReplicationConfigRuleArgs(
            id="foobar",
            filter=aws.s3.BucketReplicationConfigRuleFilterArgs(
                prefix="foo",
            ),
            delete_marker_replication=aws.s3.BucketReplicationConfigRuleDeleteMarkerReplicationArgs(
                    status="Enabled"
                ),
            status="Enabled",
            destination=aws.s3.BucketReplicationConfigRuleDestinationArgs(
                bucket=destination_bucket.arn,
                storage_class="STANDARD",
            ),
        )
    ],
    opts=pulumi.ResourceOptions(depends_on=[bucket]),
)

# Export the name of the bucket
pulumi.export("bucket_name", bucket.id)

Then, launch pulumi up -r multiple times

Expected Behavior

Launching pulumi up -r should have no effect

Actual Behavior

Instead, we have perpetual changes. For example, if I run twice the command

First run :

pulumi up -r --diff
Previewing update (dev)

View Live: https://app.pulumi.com/joffreychambrin/s3test/dev/previews/a7c88cc8-676c-4334-8070-138ec8a05281

~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
    ~ aws:s3/bucket:Bucket: (update)
        [id=jcn-test-9147098]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucket:Bucket::jcn-test]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
      - replicationConfiguration: {
          - role : "arn:aws:iam::994346257716:role/replicationRole-c1dd12b"
          - rules: [
          -     [0]: {
                  - deleteMarkerReplicationStatus: "Enabled"
                  - destination                  : {
                      - bucket                  : "arn:aws:s3:::jcn-test-destination-88749ec"
                      - storageClass            : "STANDARD"
                    }
                  - filter                       : {
                      - prefix: "foo"
                    }
                  - id                           : "foobar"
                  - priority                     : 0
                  - status                       : "Enabled"
                }
            ]
        }
Resources:              
    ~ 1 to update
    4 unchanged

Second run :

~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
    ~ aws:s3/bucketReplicationConfig:BucketReplicationConfig: (refresh)
        [id=jcn-test-9147098]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucketReplicationConfig:BucketReplicationConfig::replicationBucketReplicationConfig]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
        --outputs:--
      - bucket: "jcn-test-9147098"
      - id    : "jcn-test-9147098"
      - role  : "arn:aws:iam::994346257716:role/replicationRole-c1dd12b"
      - rules : [
      -     [0]: {
              - deleteMarkerReplication  : {
                  - status: "Enabled"
                }
              - destination              : {
                  - bucket                  : "arn:aws:s3:::jcn-test-destination-88749ec"
                  - storageClass            : "STANDARD"
                }
              - filter                   : {
                  - prefix: "foo"
                }
              - id                       : "foobar"
              - priority                 : 0
              - status                   : "Enabled"
            }
        ]
    ~ aws:s3/bucket:Bucket: (refresh)
        [id=jcn-test-destination-88749ec]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucket:Bucket::jcn-test-destination]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
    ~ aws:iam/role:Role: (refresh)
        [id=replicationRole-c1dd12b]
        [urn=urn:pulumi:dev::s3test::aws:iam/role:Role::replicationRole]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
    ~ aws:s3/bucket:Bucket: (refresh)
        [id=jcn-test-9147098]
        [urn=urn:pulumi:dev::s3test::aws:s3/bucket:Bucket::jcn-test]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::s3test::pulumi:pulumi:Stack::s3test-dev]
    + aws:s3/bucketReplicationConfig:BucketReplicationConfig: (create)
        [urn=urn:pulumi:dev::s3test::aws:s3/bucketReplicationConfig:BucketReplicationConfig::replicationBucketReplicationConfig]
        [provider=urn:pulumi:dev::s3test::pulumi:providers:aws::default_5_10_0::93ed7970-47b6-4659-9bf7-09bd38ed9a4e]
        bucket    : "jcn-test-9147098"
        role      : "arn:aws:iam::994346257716:role/replicationRole-c1dd12b"
        rules     : [
            [0]: {
                deleteMarkerReplication: {
                    status    : "Enabled"
                }
                destination            : {
                    bucket      : "arn:aws:s3:::jcn-test-destination-88749ec"
                    storageClass: "STANDARD"
                }
                filter                 : {
                    prefix    : "foo"
                }
                id                     : "foobar"
                status                 : "Enabled"
            }
        ]

Versions used

CLI Version 3.36.0 Go Version go1.18.4 Go Compiler gc

Host OS darwin Version 12.4 Arch arm64

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

joffreychambrin avatar Jul 25 '22 10:07 joffreychambrin

@joffreychambrin Thanks for opening the issue. This is interesting. I am not entirely sure how the replication config is being recorded in the state for a bucket when it is a separate resource while a read on the resource doesn't return the replication config. We will investigate but for the timebeing, could you add an ignoreChanges clause for replicationConfiguration for the bucket resource? That should avoid the spurious diff.

viveklak avatar Jul 27 '22 19:07 viveklak

Thanks @viveklak ! Indeed, adding the ignoreChanges fixed my problem

joffreychambrin avatar Jul 29 '22 12:07 joffreychambrin