pulumi-awsx
pulumi-awsx copied to clipboard
pulumi
Not possible to deny default providers in 1.0.0-beta11
What happened?
Denying all default providers via the following stack configuration does not allow me to instantiate e.g. a VPC (I also tried it with a cloudtrail, presumably others also don't work).
config:
pulumi:disable-default-providers:
- "*"
Steps to reproduce
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
const awsxProvider = new awsx.Provider('awsxprovider');
const awsProvider = new aws.Provider('awsprovider');
const vpc = new awsx.ec2.Vpc(
'test-vpc', {}, {
providers: [ awsxProvider, awsProvider ],
});
{
"name": "awsx-default-provider",
"main": "index.ts",
"devDependencies": {
"@types/node": "^14"
},
"dependencies": {
"@pulumi/pulumi": "^3.0.0",
"@pulumi/aws": "^5.0.0",
"@pulumi/awsx": "^1.0.0-beta"
}
}
config:
pulumi:disable-default-providers:
- "*"
Expected Behavior
Pulumi should create the vpc with the supplied provider config. NB: With awsx 0.40 using the aws provider with the following works:
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
const awsProvider = new aws.Provider('awsprovider');
const vpc = new awsx.ec2.Vpc(
'test-vpc', {}, {
provider: awsProvider,
});
{
"name": "awsx-default-provider",
"main": "index.ts",
"devDependencies": {
"@types/node": "^14"
},
"dependencies": {
"@pulumi/pulumi": "^3.0.0",
"@pulumi/aws": "^5.0.0",
"@pulumi/awsx": "^0.40"
}
}
$ pulumi preview
Previewing update (bug):
Type Name Plan
+ pulumi:pulumi:Stack awsx-default-provider-bug create
+ ├─ awsx:x:ec2:Vpc test-vpc create
+ │ ├─ awsx:x:ec2:NatGateway test-vpc-0 create
+ │ │ ├─ aws:ec2:Eip test-vpc-0 create
+ │ │ └─ aws:ec2:NatGateway test-vpc-0 create
+ │ ├─ awsx:x:ec2:Subnet test-vpc-private-1 create
+ │ │ ├─ aws:ec2:Subnet test-vpc-private-1 create
+ │ │ ├─ aws:ec2:RouteTable test-vpc-private-1 create
+ │ │ ├─ aws:ec2:RouteTableAssociation test-vpc-private-1 create
+ │ │ └─ aws:ec2:Route test-vpc-private-1-nat-1 create
+ │ ├─ awsx:x:ec2:NatGateway test-vpc-1 create
+ │ │ ├─ aws:ec2:Eip test-vpc-1 create
+ │ │ └─ aws:ec2:NatGateway test-vpc-1 create
+ │ ├─ awsx:x:ec2:Subnet test-vpc-public-0 create
+ │ │ ├─ aws:ec2:RouteTable test-vpc-public-0 create
+ │ │ ├─ aws:ec2:Subnet test-vpc-public-0 create
+ │ │ ├─ aws:ec2:RouteTableAssociation test-vpc-public-0 create
+ │ │ └─ aws:ec2:Route test-vpc-public-0-ig create
+ │ ├─ awsx:x:ec2:InternetGateway test-vpc create
+ │ │ └─ aws:ec2:InternetGateway test-vpc create
+ │ ├─ awsx:x:ec2:Subnet test-vpc-private-0 create
+ │ │ ├─ aws:ec2:Subnet test-vpc-private-0 create
+ │ │ ├─ aws:ec2:RouteTable test-vpc-private-0 create
+ │ │ ├─ aws:ec2:RouteTableAssociation test-vpc-private-0 create
+ │ │ └─ aws:ec2:Route test-vpc-private-0-nat-0 create
+ │ ├─ awsx:x:ec2:Subnet test-vpc-public-1 create
+ │ │ ├─ aws:ec2:RouteTable test-vpc-public-1 create
+ │ │ ├─ aws:ec2:Subnet test-vpc-public-1 create
+ │ │ ├─ aws:ec2:Route test-vpc-public-1-ig create
+ │ │ └─ aws:ec2:RouteTableAssociation test-vpc-public-1 create
+ │ └─ aws:ec2:Vpc test-vpc create
+ └─ pulumi:providers:aws awsprovider create
Resources:
+ 32 to create
Actual Behavior
$ pulumi preview
Previewing update (bug):
Type Name Plan Info
+ pulumi:pulumi:Stack awsx-default-provider-bug create 1 error
+ ├─ pulumi:providers:awsx awsxprovider create
+ └─ pulumi:providers:aws awsprovider create
Diagnostics:
pulumi:pulumi:Stack (awsx-default-provider-bug):
error: Error: failed to register new resource test-vpc [awsx:ec2:Vpc]: 2 UNKNOWN: unknown provider 'urn:pulumi:denied::denied::denied$pulumi:providers:denied::awsx::denydefaultprovider'
at Object.registerResource (/home/oro/bug/awsx-default-provider/node_modules/@pulumi/runtime/resource.ts:292:27)
at new Resource (/home/oro/bug/awsx-default-provider/node_modules/@pulumi/resource.ts:402:13)
at new ComponentResource (/home/oro/bug/awsx-default-provider/node_modules/@pulumi/resource.ts:890:9)
at new Vpc (/home/oro/bug/awsx-default-provider/node_modules/@pulumi/ec2/vpc.ts:124:9)
at Object.<anonymous> (/home/oro/bug/awsx-default-provider/index.ts:6:13)
at Module._compile (node:internal/modules/cjs/loader:1119:14)
at Module.m._compile (/home/oro/bug/awsx-default-provider/node_modules/ts-node/src/index.ts:439:23)
at Module._extensions..js (node:internal/modules/cjs/loader:1173:10)
at Object.require.extensions.<computed> [as .ts] (/home/oro/bug/awsx-default-provider/node_modules/ts-node/src/index.ts:442:12)
at Module.load (node:internal/modules/cjs/loader:997:32)
Output of pulumi about
$ pulumi about
CLI
Version 3.40.1
Go Version go1.19
Go Compiler gc
Plugins
NAME VERSION
aws 5.17.0
awsx 1.0.0-beta.11
docker 3.4.1
nodejs unknown
Host
OS nixos
Version 22.11 (Raccoon)
Arch x86_64
This project is written in nodejs: executable='/nix/store/zarkkci85li75a3rk1ssalcr3zvpn2j1-nodejs-18.9.1/bin/node' version='v18.9.1'
Backend
Name OroFramework
URL file://./
User oro
Organizations
Dependencies:
NAME VERSION
@pulumi/aws 5.17.0
@pulumi/awsx 1.0.0-beta.11
@pulumi/pulumi 3.43.1
@types/node 14.18.32
Pulumi locates its logs in /run/user/1000 by default
warning: Failed to get information about the current stack: No current snapshot
warning: A new version of Pulumi is available. To upgrade from version '3.40.1' to '3.43.1', visit https://pulumi.com/docs/reference/install/ for manual instructions and release notes.
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Hi @Oro - thank you for opening this issue. We'll look into it as soon as we can.
I think this might be another instance of the issue where explicit providers are not inherited correct - in the component framework - https://github.com/pulumi/pulumi/issues/10640
This will be able to be resolved once that issue is fixed and we can make a new release.
Upstream issue seems resolved. Will this be in the next beta release?
Yes, this should be fixed in the next release once we're upgraded dependencies. This should be happening quite soon.
After upgrading to 1.0.0 I am still running into that issue. Can someone confirm?
Are you testing this on a new or existing stack? An existing stacks may contain references to the old version of the awsx plugin from existing resources and might required a re-deploy to pull in the new provider version. If this is still persisting, we can raise this again in https://github.com/pulumi/pulumi
The dependency versions are:
pulumi==3.47.2
pulumi-aws==5.17.0
pulumi-aws-native==0.40.2
pulumi-awsx==1.0.0
pulumi-docker==3.6.1
pulumi-random==4.8.2
I have set pulumi:disable-default-providers: ["*"] and deploy the following new stack to LocalStack:
import pulumi_awsx as awsx
import pulumi
import pulumi_aws as aws
provider = aws.Provider("provider")
awsx.ec2.Vpc("vpc", opts=pulumi.ResourceOptions(provider=provider))
Still results in Exception: Default provider for 'awsx' disabled. 'awsx:ec2:Vpc' must use an explicit provider.
Here's a quick status update and workaround:
As of the 1.0.0 beta and later, AWSx is implemented as a component package so it can be used by all Pulumi languages, which means it has an associated awsx provider plugin.
As such, when using the feature to disable all default providers, you'll get an error when not specifying an explicit awsx provider for any AWSx components created in a stack: Default provider for 'awsx' disabled. 'awsx:ec2:Vpc' must use an explicit provider.
To address this, you'd have to specify an explicit awsx provider for the AWSx component, as well as an explicit aws provider for the component's children, something like:
import pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
awsxProvider = awsx.Provider("awsxProvider")
awsProvider = aws.Provider("awsProvider")
awsx.ec2.Vpc("vpc", opts=pulumi.ResourceOptions(provider=awsxProvider, providers=[awsProvider]))
Unfortunately, this doesn't currently work due to a limitation that prevents specifying an explicit provider for packaged components: https://github.com/pulumi/pulumi/issues/11520.
Workaround
In the meantime, the best workaround when using pulumi:disable-default-providers is to specify the list of providers rather than using the catch-all "*", e.g.:
config:
pulumi:disable-default-providers:
- aws
- kubernetes
Since - awsx isn't listed, it won't error with Default provider for 'awsx' disabled..
And then specify the explicit provider to use for the component's children:
import pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
awsProvider = aws.Provider("awsProvider")
awsx.ec2.Vpc("vpc", opts=pulumi.ResourceOptions(provider=awsProvider)) # or: opts=pulumi.ResourceOptions(providers=[awsProvider])
Will this be solved with https://github.com/pulumi/pulumi/pull/13282?
Checking up on this issue, I understand that https://github.com/pulumi/pulumi/issues/11520 solves it for Python, TypeScript and Go, and Justin's example above should now be working. Leaving the issue in the backlog until all the languages are supported. Please let us know if this is not working for you as expected in the meanwhile.
Repeating Justin's snippet:
import pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx
awsxProvider = awsx.Provider("awsxProvider")
awsProvider = aws.Provider("awsProvider")
awsx.ec2.Vpc("vpc", opts=pulumi.ResourceOptions(provider=awsxProvider, providers=[awsProvider]))
