pulumi-azure icon indicating copy to clipboard operation
pulumi-azure copied to clipboard

Published 20 hours ago verified publisher icon pulumi

Azure Cognitive Account ALWAYS recreated, even if one exists already.

Open drmanhatin opened this issue 3 years ago • 3 comments

I create an Azure Cognitive account here:

const computerVisionAccount = new azure.cognitive.Account("cvAccount", { location: resourceGroup.location, resourceGroupName: resourceGroup.name, customSubdomainName: "productScan", kind: "ComputerVision", skuName: "S1", name: "cvAccount" });

Then every time I run pulumi up, a new cognitive services account is created. Am I doing something wrong?

Expected behavior

If it already exists, dont recreate it.

Current behavior

It recreates it no matter if it already exists or not

Steps to reproduce

  1. Copy code from above
  2. Run pulumi up twice
  3. Note that it recreates the cognitive service again

Context (Environment)

I need to store the secret output from creating the account, in Azure keyvault. However, the secret changes constantly, so I run into a race condition where I will end up using an (soon to be expired) secret to run a nodejs app.

Affected feature

drmanhatin avatar Apr 09 '21 11:04 drmanhatin

I can reproduce the issue.

The workaround is to use all lowercase customSubdomainName "productscan".

The issue arises with Pulumi detecting a diff on customSubdomainName:

 +- azure:cognitive:Account cvAccount replacing [diff: ~customSubdomainName]
 +- azure:cognitive:Account cvAccount replaced [diff: ~customSubdomainName]

We can add it to exports to see what it ends up with:

export const customSDN = computerVisionAccount.customSubdomainName;

And find out that it ends up "productscan" lowercase from the original. The diff engine then incorrectly thinks there's a difference between desired state "productScan" and actual state "productscan".

I could attempt to dive a bit deeper and fix, but would appreciate pointers where a fix would belong. I would guess we could either infer the fact that a property must be lowercase from TF provider or else add that information ourselves. IF that info was available to SDK codegen we could validate user inputs to be lowercase before passing to TF. In pulumi-azure we have schema.json but there doesn't seem to be an existing validation or lowercasing mechanism in place, so there might be a bit of work here if we go down this path.

@leezen @mikhailshilkov your input is appreciated here.

t0yv0 avatar Apr 14 '21 14:04 t0yv0

@t0yv0 I think this is largely an upstream bug. Ideally, there should be an issue open upstream and we'd inherit a potential fix.

Also, I expect this issue doesn't happen with the native Azure provider, so I recommend @drmanhatin giving it a try: https://www.pulumi.com/docs/reference/pkg/azure-native/cognitiveservices/account/

mikhailshilkov avatar Apr 15 '21 09:04 mikhailshilkov

Confirmed that this is still in issue in pulumi-azure 5.46.0. I'm not seeing an open issue related to this upstream. We should verify that this is still true upstream and open an issue.

mnlumi avatar Jul 28 '23 19:07 mnlumi