pulumi-aws
pulumi-aws copied to clipboard
pulumi
RestApi won't update properly when using openapi
What happened?
When updating resources using openapi spec on the RestApi resource, the config gets reverted back to the original-deployed config but the state still makes it look like the config was updated.
When digging into the terraform provider it looks like they have logic to try and ensure your RestApi config from resource inputs will overwrite the config from openapi, but I'm wondering if that logic is unintentionally rolling back the openapi config when it changes.
I am unable to figure out if this is a pulumi or terraform provider problem as I have only tried this out with pulumi so far.
Steps to reproduce
Use openapi to create a Rest API with a policy via pulumi.
Update the IP address in the policy of the openapi config and run another pulumi up.
See the policy has not changed.
Here is a sample pulumi code for a RestApi with openapi
const apigatewayBody = pulumi.output({
openapi: '3.0.3',
info: {
title: 'test-api',
version: '0.1.0',
},
paths: {
'/test': {
post: {
responses: {
200: {
description: '200 response',
content: {
'application/json': {
schema: {
$ref: '#/components/schemas/SuccesfulReturn',
},
},
},
},
500: {
description: 'Internal Server Error',
content: {
'application/json': {
schema: {
$ref: '#/components/schemas/ErrorModel',
},
},
},
},
},
'x-amazon-apigateway-integration': {
httpMethod: 'POST',
uri: '{MY LAMBDA ARN}',
responses: {
default: {
statusCode: '200',
},
},
passthroughBehavior: 'when_no_match',
contentHandling: 'CONVERT_TO_TEXT',
type: 'aws_proxy',
},
},
},
},
components: {
schemas: {
SuccesfulReturn: {
type: 'object',
required: [
'message',
'body',
'statusCode',
],
properties: {
message: {
type: 'string',
},
body: {
type: 'string',
},
statusCode: {
type: 'integer',
minimum: 200,
maximum: 300,
default: 200,
},
},
},
ErrorModel: {
type: 'object',
required: [
'message',
'statusCode',
],
properties: {
message: {
type: 'string',
},
statusCode: {
type: 'integer',
minimum: 100,
maximum: 600,
default: 500,
},
},
},
},
},
'x-amazon-apigateway-policy': pulumi.jsonParse(aws.iam.getPolicyDocumentOutput({
statements: [
{
effect: 'Deny',
principals: [{
identifiers: ['*'],
type: 'AWS',
}],
actions: ['execute-api:Invoke'],
resources: ['execute-api:/*/POST/*'],
conditions: [
{
// TODO: Protect against what VPCs can hit this as well
test: 'NotIpAddress',
variable: 'aws:SourceIp',
values: [
'10.0.0.2', // test
],
},
],
},
{
effect: 'Allow',
principals: [{
identifiers: ['*'],
type: 'AWS',
}],
actions: ['execute-api:Invoke'],
resources: ['execute-api:/*/POST/*'],
},
],
}).json),
})
new aws.apigateway.RestApi('test-api', {
body: pulumi.jsonStringify(apigatewayBody),
endpointConfiguration: {
types: 'EDGE',
},
name: apigatewayBody.info.title,
})
Expected Behavior
I expect the openapi config to change parts of the RestApi that are not configured at the resource level.
Actual Behavior
The RestApi config is not updated in AWS.
Output of pulumi about
CLI Version 3.50.0 Go Version go1.19.4 Go Compiler gc
Plugins NAME VERSION aws 5.26.0 aws-apigateway 1.0.1 nodejs unknown
Host OS darwin Version 12.6.1 Arch arm64
This project is written in nodejs: executable='/Users/me/.asdf/shims/node' version='v16.19.0'
Dependencies: NAME VERSION @pulumi/aws 5.26.0 @pulumi/aws-apigateway 1.0.1 @pulumi/pulumi 3.51.0 @types/jest 29.2.5 @types/node 14.18.36 eslint 8.31.0 jest 29.3.1 ts-jest 28.0.8 typescript 4.9.4
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
