pulumi-aws
pulumi-aws copied to clipboard
Published
20 hours ago •
pulumi
pulumi
aws.cloudwatch.onSchedule does not refresh cleanly
What happened?
There are a few self-correcting (through accepting refresh) dirty refresh issues affecting the underpinnings of the aws.cloudwatch.onSchedule backing component resource manifesting in this dirty refresh warning:
// pulumi:pulumi:Stack: (same)
// [urn=urn:pulumi:repro::CloudWatchOidcManual::pulumi:pulumi:Stack::CloudWatchOidcManual-repro]
// ~ aws:cloudwatch/eventTarget:EventTarget: (update)
// [id=everyMinute-9e9e214-everyMinute]
// [urn=urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:cloudwatch/eventTarget:EventTarget::everyMinute]
// [provider=urn:pulumi:repro::CloudWatchOidcManual::pulumi:providers:aws::default_6_32_0::5a064f26-8475-4a99-b06d-8c9afcab0e1c]
// --outputs:--
// + runCommandTargets: []
// ~ aws:lambda/function:Function: (update)
// [id=everyMinute-abf24f8]
// [urn=urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:lambda/function:Function::everyMinute]
// [provider=urn:pulumi:repro::CloudWatchOidcManual::pulumi:providers:aws::default_6_32_0::5a064f26-8475-4a99-b06d-8c9afcab0e1c]
// --outputs:--
// ~ lastModified : "2024-04-25T20:32:46.914+0000" => "2024-04-25T20:32:53.260+0000"
// + replacementSecurityGroupIds : []
// ~ aws:iam/role:Role: (update)
// [id=everyMinute-c9b4761]
// [urn=urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/role:Role::everyMinute]
// [provider=urn:pulumi:repro::CloudWatchOidcManual::pulumi:providers:aws::default_6_32_0::5a064f26-8475-4a99-b06d-8c9afcab0e1c]
// --outputs:--
// ~ managedPolicyArns : [
// + [0]: "arn:aws:iam::aws:policy/AWSLambda_FullAccess"
// + [1]: "arn:aws:iam::aws:policy/AmazonS3FullAccess"
// + [2]: "arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess"
// + [3]: "arn:aws:iam::aws:policy/AmazonKinesisFullAccess"
// + [4]: "arn:aws:iam::aws:policy/AmazonCognitoPowerUser"
// + [5]: "arn:aws:iam::aws:policy/AWSXrayWriteOnlyAccess"
// + [6]: "arn:aws:iam::aws:policy/AmazonSQSFullAccess"
// + [7]: "arn:aws:iam::aws:policy/CloudWatchEventsFullAccess"
// + [8]: "arn:aws:iam::aws:policy/CloudWatchFullAccessV2"
// ]
Example
import * as aws from "@pulumi/aws";
const event = aws.cloudwatch.onSchedule("everyMinute", "rate(1 minute)", async (event) => {
console.log("Received event: " + JSON.stringify(event, null, 2));
}, {});
pulumi up pulumi refresh
Output of pulumi about
CLI
Version 3.111.1
Go Version go1.22.1
Go Compiler gc
Plugins
NAME VERSION
aws 6.32.0
nodejs unknown
Host
OS darwin
Version 14.4.1
Arch x86_64
This project is written in nodejs: executable='/Users/t0yv0/bin/node' version='v18.18.2'
Current Stack: anton-pulumi-corp/CloudWatchOidcManual/repro
TYPE URN
pulumi:pulumi:Stack urn:pulumi:repro::CloudWatchOidcManual::pulumi:pulumi:Stack::CloudWatchOidcManual-repro
aws:cloudwatch:EventRuleEventSubscription urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription::everyMinute
pulumi:providers:aws urn:pulumi:repro::CloudWatchOidcManual::pulumi:providers:aws::default_6_32_0
aws:cloudwatch/eventRule:EventRule urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:cloudwatch/eventRule:EventRule::everyMinute
aws:iam/role:Role urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/role:Role::everyMinute
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-d32a66fa
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-019020e7
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-e1a3786d
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-4aaabb8e
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-b5aeb6b6
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-74d12784
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-a1de8170
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-7cd09230
aws:iam/rolePolicyAttachment:RolePolicyAttachment urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:iam/rolePolicyAttachment:RolePolicyAttachment::everyMinute-1b4caae3
aws:lambda/function:Function urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:lambda/function:Function::everyMinute
aws:cloudwatch/eventTarget:EventTarget urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:cloudwatch/eventTarget:EventTarget::everyMinute
aws:lambda/permission:Permission urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:lambda/permission:Permission::everyMinute
Found no pending operations associated with repro
Backend
Name pulumi.com
URL https://app.pulumi.com/anton-pulumi-corp
User anton-pulumi-corp
Organizations anton-pulumi-corp, moolumi, pulumi
Token type personal
Dependencies:
NAME VERSION
@types/node 18.19.31
@actions/core 1.10.1
@pulumi/aws 6.32.0
@pulumi/pulumi 3.113.3
Pulumi locates its logs in /var/folders/gk/cchgxh512m72f_dmkcc3d09h0000gp/T/com.apple.shortcuts.mac-helper// by default
Additional context
N/A
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Breaking this down, EventTarget does not refresh cleanly likely following TF where undefined runCommandTargets end up being replaced by an empty list. This is a very common self-correcting form of refresh also present in TF.
~ aws:cloudwatch/eventTarget:EventTarget: (update)
[id=everyMinute-9e9e214-everyMinute]
[urn=urn:pulumi:repro::CloudWatchOidcManual::aws:cloudwatch:EventRuleEventSubscription$aws:cloudwatch/eventTarget:EventTarget::everyMinute]
[provider=urn:pulumi:repro::CloudWatchOidcManual::pulumi:providers:aws::default_6_32_0::5a064f26-8475-4a99-b06d-8c9afcab0e1c]
--outputs:--
+ runCommandTargets: []
Lambda replacementSecurityGroupIds is in the similar category, but is also marked deprecated, while still affecting refresh. This is unfortunate.
Lambda lastModified shows as a diff even though it not an output property and reasonably is expected to change in the cloud.
managedPolicyArns is exactly as in https://github.com/pulumi/pulumi-aws/issues/2246