Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SecretManger Secret has a persistent diff, when replicas is set! #2270

Open
dirien opened this issue Dec 15, 2022 · 3 comments
Open

SecretManger Secret has a persistent diff, when replicas is set! #2270

dirien opened this issue Dec 15, 2022 · 3 comments
Labels
awaiting/bridge The issue cannot be resolved without action in pulumi-terraform-bridge. impact/reliability Something that feels unreliable or flaky kind/bug Some behavior is incorrect or out of spec service/secretsmanager

Comments

@dirien
Copy link

dirien commented Dec 15, 2022

Hello!

Issue details

When adding a replica to a SecretManger.Secert in golang:

_, err := secretsmanager.NewSecret(ctx, "my-secret", &secretsmanager.SecretArgs{
	Name:                        pulumi.String("my-secret"),
	Description:                 pulumi.String("My secret"),
	ForceOverwriteReplicaSecret: pulumi.Bool(false),
	Replicas: secretsmanager.SecretReplicaArray{
		&secretsmanager.SecretReplicaArgs{
			Region: pulumi.String("us-east-1"),
		},
	},
})
if err != nil {
	return err
}

I get on all pulumi up call a difference displayed:

Resources:
    ~ 1 to update
    1 unchanged

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::aws-classic-test::pulumi:pulumi:Stack::aws-classic-test-dev]
    ~ aws:secretsmanager/secret:Secret: (update)
        [id=arn:aws:secretsmanager:eu-central-1:052848974346:secret:my-secret-css8X3]
        [urn=urn:pulumi:dev::aws-classic-test::aws:secretsmanager/secret:Secret::my-secret]
      ~ replicas: [
          ~ [0]: {
                  ~ region: "us-east-1" => "us-east-1"
                }
        ]

But actually, I can't see any difference in the region field.

Affected area/feature

SecretManger.Secret
@dirien dirien added kind/enhancement Improvements or new features needs-triage Needs attention from the triage team labels Dec 15, 2022
@danielrbradley
Copy link
Member

Successfully reproduced this issue in TypeScript too:

new aws.secretsmanager.Secret(
  "my-secret",
  {
    name: "my-secret",
    description: "my-secret",
    replicas: [{ region: "us-east-1" }],
  });

Workaround

Applying an ignore to the region of the specific replica will hide this issue:

new aws.secretsmanager.Secret(
  "my-secret",
  {
    name: "my-secret",
    description: "my-secret",
    replicas: [{ region: "us-east-1" }],
  },
  {
    ignoreChanges: ["replicas[0].region"],
  }
);

Investigation Notes

There are additional fields (status, kmsKeyId and lastAccessedDate) which are automatically populated, but these don't appear to be causing the diff. It seems isolated to region field. Tested this by ignoring all fields except region and it still reported the diff.

This could likely be a bug within in the bridge on either the InstanceDiff result that comes back from tf.Diff(), or possibly something which should then get ignored by doIgnoreChanges but perhaps has something missing in the schema to trigger this correctly.

@danielrbradley danielrbradley added kind/bug Some behavior is incorrect or out of spec impact/reliability Something that feels unreliable or flaky and removed needs-triage Needs attention from the triage team kind/enhancement Improvements or new features labels Dec 19, 2022
@thomas11 thomas11 added the bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. label Apr 26, 2023
@t0yv0 t0yv0 mentioned this issue Jul 7, 2023
Closed
8 tasks
@t0yv0 t0yv0 removed the bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. label May 6, 2024
@t0yv0
Copy link
Member

t0yv0 commented May 6, 2024

Unfortunately this reproduces still. The root cause here is pulumi/pulumi-terraform-bridge#186

@t0yv0 t0yv0 mentioned this issue May 7, 2024
Closed
5 tasks
@t0yv0 t0yv0 added the awaiting/bridge The issue cannot be resolved without action in pulumi-terraform-bridge. label Sep 24, 2024
@cleverguy25
Copy link

Added to epic https://github.com/pulumi/home/issues/3558

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting/bridge The issue cannot be resolved without action in pulumi-terraform-bridge. impact/reliability Something that feels unreliable or flaky kind/bug Some behavior is incorrect or out of spec service/secretsmanager
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@thomas11 @t0yv0 @danielrbradley @cleverguy25 @dirien