pulumi-aws
pulumi-aws copied to clipboard
pulumi
wafv2 rules are modified on every up.
What happened?
I created a new wafv2.WebAcl. Everything gets built properly but subsequent pulumi up commands output differences in that are unexpected. I also see some changes doubled. See cloudwatchMetricsEnabled and metricName in the output below.
Example
const mainAcl = new aws.wafv2.WebAcl("main-acl", {
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "myWebAclMetrics",
sampledRequestsEnabled: false,
},
captchaConfig: {
immunityTimeProperty: {
immunityTime: 1800
}
},
tokenDomains: [],
rules: [
{
action: {
block: {},
},
name: "IPAllowRule",
priority: 0,
statement: {
ipSetReferenceStatement: {
arn: allowedIpSet.arn,
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "IPAllowRule",
sampledRequestsEnabled: true,
},
},
Output of pulumi about
Do you want to perform this update? details
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:poc::MY-COMPANY::pulumi:pulumi:Stack::MY-COMPANY-poc]
~ aws:wafv2/webAcl:WebAcl: (update)
[id=ded6d29d-5318-4e98-aa14-740f31dbc4f4]
[urn=urn:pulumi:poc::MY-COMPANY::aws:wafv2/webAcl:WebAcl::main-acl]
[provider=urn:pulumi:poc::MY-COMPANY::pulumi:providers:aws::default_6_31_0::911e0d16-9224-481c-8e0c-62b88c6aa82b]
~ rules: [
~ [0]: {
~ action : {
+ __defaults: []
~ allow : {
+ __defaults: []
}
}
~ name : "IPAllowRule" => "IPAllowRule"
~ priority : 0 => 0
~ statement : {
+ __defaults : []
~ ipSetReferenceStatement: {
+ __defaults: []
}
}
~ visibilityConfig: {
+ __defaults : []
~ cloudwatchMetricsEnabled: true => true
~ cloudwatchMetricsEnabled: true => true
~ metricName : "IPAllowRule" => "IPAllowRule"
~ metricName : "IPAllowRule" => "IPAllowRule"
}
}
]
Additional context
CLI
Version 3.114.0
Go Version go1.22.2
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 6.31.0
resource aws-native 0.62.0
language nodejs unknown
Host
OS ubuntu
Version 22.04
Arch x86_64
This project is written in nodejs: executable='/home/greg_ev/.nvm/versions/node/v20.2.0/bin/node' version='v20.2.0'
Dependencies:
NAME VERSION
@pulumi/aws-native 0.62.0
@pulumi/aws 6.31.0
@pulumi/pulumi 3.103.1
@types/node 16.18.75
versions 12.0.1
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Complete repro:
import * as aws from "@pulumi/aws";
const allowedIpSet = new aws.wafv2.IpSet("example", {
name: "example",
description: "Example IP set",
scope: "REGIONAL",
ipAddressVersion: "IPV4",
addresses: [
"1.2.3.4/32",
"5.6.7.8/32",
],
tags: {
Tag1: "Value1",
Tag2: "Value2",
},
});
const mainAcl = new aws.wafv2.WebAcl("main-acl", {
scope: "REGIONAL",
defaultAction: {
allow: {},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "myWebAclMetrics",
sampledRequestsEnabled: false,
},
captchaConfig: {
immunityTimeProperty: {
immunityTime: 1800
}
},
tokenDomains: [],
rules: [
{
action: {
block: {},
},
name: "IPAllowRule",
priority: 0,
statement: {
ipSetReferenceStatement: {
arn: allowedIpSet.arn,
},
},
visibilityConfig: {
cloudwatchMetricsEnabled: true,
metricName: "IPAllowRule",
sampledRequestsEnabled: true,
},
},
]
});
We are also running into this issue so we are looking forward to a fix for this 😃
This was fixed in https://github.com/pulumi/pulumi-aws/pull/3948. It'll be released in release 6.36.0
