pulumi-aws
pulumi-aws copied to clipboard
pulumi
Importing a subnet gives a warning
What happened?
When importing an aws.ec2.Subnet, I get the following warning:
aws:ec2:Subnet (import-subnet-edfe0bb0):
warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
warning: aws:ec2/subnet:Subnet resource 'import-subnet-edfe0bb0' has a problem: Conflicting configuration arguments: "availability_zone": conflicts with availability_zone_id. Examine values at 'Subnet.AvailabilityZone'.
warning: aws:ec2/subnet:Subnet resource 'import-subnet-edfe0bb0' has a problem: Conflicting configuration arguments: "availability_zone_id": conflicts with availability_zone. Examine values at 'Subnet.AvailabilityZoneId'.
Steps to reproduce
Run pulumi import on a subnet. Any subnet.
Expected Behavior
No warning. I would suggest we favor the AZ over the AZID since the former is more frequently specified as an input.
Actual Behavior
Warning.
Output of pulumi about
No response
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
import * as aws from "@pulumi/aws";
const mainVpc = new aws.ec2.Vpc("main", {cidrBlock: "10.0.0.0/16"});
const example = new aws.ec2.Subnet("in_secondary_cidr", {
vpcId: mainVpc.id,
cidrBlock: "10.0.0.0/24",
});
export const exampleId = example.id;
Now:
PULUMI_DEBUG_GRPC=/Users/t0yv0/bugs/aws-2318/here.json pulumi import aws:ec2/subnet:Subnet mynewsubnet subnet-07d413fe9a1b88d98
warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
warning: aws:ec2/subnet:Subnet resource 'mynewsubnet' has a problem: Conflicting configuration arguments: "availability_zone": conflicts with availability_zone_id. Examine values at 'mynewsubnet.availabilityZone'.
warning: aws:ec2/subnet:Subnet resource 'mynewsubnet' has a problem: Conflicting configuration arguments: "availability_zone_id": conflicts with availability_zone. Examine values at 'mynewsubnet.availabilityZoneId'.
From the log:
{
"method": "/pulumirpc.ResourceProvider/Read",
"request": {
"id": "subnet-07d413fe9a1b88d98",
"urn": "urn:pulumi:dev::aws-2318::aws:ec2/subnet:Subnet::mynewsubnet",
"properties": {}
},
"response": {
"id": "subnet-07d413fe9a1b88d98",
"properties": {
"__meta": "{\"e2bfb730-ecaa-11e6-8f88-34363bc7c4c0\":{\"create\":600000000000,\"delete\":1200000000000},\"schema_version\":\"1\"}",
"arn": "arn:aws:ec2:us-east-1:616138583583:subnet/subnet-07d413fe9a1b88d98",
"assignIpv6AddressOnCreation": false,
"availabilityZone": "us-east-1a",
"availabilityZoneId": "use1-az4",
"cidrBlock": "10.0.0.0/24",
"customerOwnedIpv4Pool": "",
"enableDns64": false,
"enableLniAtDeviceIndex": 0,
"enableResourceNameDnsARecordOnLaunch": false,
"enableResourceNameDnsAaaaRecordOnLaunch": false,
"id": "subnet-07d413fe9a1b88d98",
"ipv6CidrBlock": "",
"ipv6CidrBlockAssociationId": "",
"ipv6Native": false,
"mapCustomerOwnedIpOnLaunch": false,
"mapPublicIpOnLaunch": false,
"outpostArn": "",
"ownerId": "616138583583",
"privateDnsHostnameTypeOnLaunch": "ip-name",
"tags": {},
"tagsAll": {},
"vpcId": "vpc-07975d3c7b3adfd06"
},
"inputs": {
"__defaults": [],
"availabilityZone": "us-east-1a",
"availabilityZoneId": "use1-az4",
"cidrBlock": "10.0.0.0/24",
"privateDnsHostnameTypeOnLaunch": "ip-name",
"vpcId": "vpc-07975d3c7b3adfd06"
}
},
"metadata": {
"kind": "resource",
"mode": "client",
"name": "aws"
}
}
{
"method": "/pulumirpc.ResourceProvider/Check",
"request": {
"urn": "urn:pulumi:dev::aws-2318::aws:ec2/subnet:Subnet::mynewsubnet",
"olds": {
"__defaults": [],
"availabilityZone": "us-east-1a",
"availabilityZoneId": "use1-az4",
"cidrBlock": "10.0.0.0/24",
"privateDnsHostnameTypeOnLaunch": "ip-name",
"vpcId": "vpc-07975d3c7b3adfd06"
},
"news": {
"__defaults": [],
"availabilityZone": "us-east-1a",
"availabilityZoneId": "use1-az4",
"cidrBlock": "10.0.0.0/24",
"privateDnsHostnameTypeOnLaunch": "ip-name",
"vpcId": "vpc-07975d3c7b3adfd06"
},
"randomSeed": "0U7ad3kEB4Ww2Qo4Fta15D0zwhCDnViQarQ9c1RfnTc="
},
"response": {
"inputs": {
"__defaults": [
"assignIpv6AddressOnCreation",
"enableDns64",
"enableResourceNameDnsARecordOnLaunch",
"enableResourceNameDnsAaaaRecordOnLaunch",
"ipv6Native",
"mapPublicIpOnLaunch"
],
"assignIpv6AddressOnCreation": false,
"availabilityZone": "us-east-1a",
"availabilityZoneId": "use1-az4",
"cidrBlock": "10.0.0.0/24",
"enableDns64": false,
"enableResourceNameDnsARecordOnLaunch": false,
"enableResourceNameDnsAaaaRecordOnLaunch": false,
"ipv6Native": false,
"mapPublicIpOnLaunch": false,
"privateDnsHostnameTypeOnLaunch": "ip-name",
"vpcId": "vpc-07975d3c7b3adfd06"
},
"failures": [
{
"reason": "Conflicting configuration arguments: \"availability_zone\": conflicts with availability_zone_id. Examine values at 'mynewsubnet.availabilityZone'."
},
{
"reason": "Conflicting configuration arguments: \"availability_zone_id\": conflicts with availability_zone. Examine values at 'mynewsubnet.availabilityZoneId'."
}
]
},
"metadata": {
"kind": "resource",
"mode": "client",
"name": "aws"
}
}
This sets availability_zone and availability_zone_in Read: https://github.com/hashicorp/terraform-provider-aws/blob/master/internal/service/ec2/vpc_subnet.go#L250
This specifies the conflict: https://github.com/hashicorp/terraform-provider-aws/blob/master/internal/service/ec2/vpc_subnet.go#L68
Both attributes seem to be Optional+Computed meaning that they can be set by either the provider or the user, and Pulumi maps them to inputs and outputs.
Looks like in TF there are no warnings on import but https://spacelift.io/blog/importing-exisiting-infrastructure-into-terraform is suggesting to manually edit the program at which point this issue can be manually resolved .
@t0yv0 I checked whether this was fixed by the bridge upgrade https://github.com/pulumi/pulumi-aws/pull/3929 to 3.82.0, but it's still occurring on pulumi-aws version 6.36.0:
pulumi import aws:ec2/subnet:Subnet mynewsubnet subnet-0ce78cf155fa924d6
...
aws:ec2:Subnet (mynewsubnet):
warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
warning: aws:ec2/subnet:Subnet resource 'mynewsubnet' has a problem: Conflicting configuration arguments: "availability_zone_id": conflicts with availability_zone. Examine values at 'mynewsubnet.availabilityZoneId'.
warning: aws:ec2/subnet:Subnet resource 'mynewsubnet' has a problem: Conflicting configuration arguments: "availability_zone": conflicts with availability_zone_id. Examine values at 'mynewsubnet.availabilityZone'.
Thanks so much for checking @flostadler
Unfortunately it appears there was a slight versioning error so that the bridge fix is not made available yet for AWS. This issue should resolve itself on the next bridge release and automated round of upgrades.
There is still a bug on this version:
@pulumi/aws 6.36.0
This version uses:
github.com/pulumi/pulumi-terraform-bridge/pf v0.35.0
github.com/pulumi/pulumi-terraform-bridge/v3 v3.82.0
Unfortunately the fix did not make it to the said bridge version:
#+begin_src shell :results output verbatim
cd ~/code/pulumi-terraform-bridge
git log v3.82.0..6814027a7241fbd765b510ca4d386f9679f7cb9c
#+end_src
#+RESULTS:
#+begin_example
commit 6814027a7241fbd765b510ca4d386f9679f7cb9c
Author: Anton Tayanovskyy <[email protected]>
Date: Thu May 9 17:39:13 2024 -0400
Remove spurious ConflictsWith warnings on import (#1948)
Toward https://github.com/pulumi/pulumi-terraform-bridge/issues/1225 -
this fixes the special case of ConflictsWith warnings. This fixes
spurious warnings on `pulumi import`, popular bugs such as:
- https://github.com/pulumi/pulumi-aws/issues/2318
- https://github.com/pulumi/pulumi-aws/issues/3670
- https://github.com/pulumi/pulumi-gitlab/issues/293
- https://github.com/pulumi/pulumi-gcp/issues/844
- https://github.com/pulumi/pulumi-linode/issues/373
TF does not guarantee Read results to be compatible with calling Check
on, in particular Read can return results that run afoul of
ConflictsWith constraint. This change compensates by arbitrarily
dropping data from the Read result until it passes ConflictsWith checks.
This affects `pulumi refresh` as well as I think it should although I
have not seen "in the wild" cases where refresh is affected, since it
typically will not copy these properties to the input bag unless they're
present in old inputs, which are usually correct wrt to ConflictsWith.
#+end_example
This should be fixed by https://github.com/pulumi/pulumi-aws/pull/3984 pulling in https://github.com/pulumi/pulumi-terraform-bridge/releases/tag/v3.83.0
I will cut a new release.
This issue is fixed in v6.37.1. Example:
Importing (dev)
View in Browser (Ctrl+O): https://app.pulumi.com/anton-pulumi-corp/aws-2318/dev/updates/36
Type Name Status
+ pulumi:pulumi:Stack aws-2318-dev created (2s)
= └─ aws:ec2:Subnet mynewsubnet imported (0.42s)
Resources:
+ 1 created
= 1 imported
2 changes
Duration: 3s
Please copy the following code into your Pulumi application. Not doing so
will cause Pulumi to report that an update will happen on the next update command.
Please note that the imported resources are marked as protected. To destroy them
you will need to remove the `protect` option and run `pulumi update` *before*
the destroy will take effect.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mynewsubnet = new aws.ec2.Subnet("mynewsubnet", {
availabilityZone: "us-east-1d",
cidrBlock: "10.0.0.0/24",
privateDnsHostnameTypeOnLaunch: "ip-name",
vpcId: "vpc-088588305ca732419",
}, {
protect: true,
});
The provider is picking availabilityZone and dropping availabilityZoneId from the read result to avoid the warning.