Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
n
narrow-ghost-95764
03/27/2023, 8:21 PMQuick clarification question regarding IgnoreChanges:
https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/#:~:text=Pulumi%20ignores%20a%20property%20by%20using%20the%20old,the%20state%2C%20most%20importantly%20when%20creating%20the%20resource.
I have a situation where I created the Azure testing env via console and I tried importing/copy paste the response into index and running into a bunch of diffs and re-create resources. I know that what was imported is correct (such as the sql db) and I don't want pulumi to try and recreate the database, firewall rules etc. Is there a way with IgnoreChanges to ignore all resources under a resource group or something like that? If not, what would that look like if I were to do this for an existing sql db off the example from the link below?
I was going off of:
let res = new MyResource("res",
{ prop: "new-value" }, { ignoreChanges: ["prop"] });b
billowy-army-68599
03/27/2023, 8:24 PMif you’re doing an import and it’s showing a diff that’s on an immutable property (ie, it’d force a replacement) that’s almost certainly a bug and we should fix it.
To answer your question though, I don’t recall
ignoreChangesdo you have a diff you can share that’s showing you property differences?
n
narrow-ghost-95764
03/27/2023, 8:25 PMyeah I can get that one sec
I'll have to edit out a few things but will add here shortly
b
billowy-army-68599
03/27/2023, 8:32 PMno problem, thanks!
n
narrow-ghost-95764
03/27/2023, 8:39 PMcmorrow@CMorrow-LT:~/meerkat-infra$ pulumi preview --diffpulumi:pulumi:Stack: (same)[urn=urn:XXXXXXXXXXX']+-azure-native:sql:Server: (replace)[id=/subscriptions/XXXXXXXXXXXX/resourceGroups/XXXXXXXXXXxx/providers/Microsoft.Sql/servers/XXXXXXXXXXXXX][urn=urn:XXXXXXXXXXXXX::azure-native:sql:Server::sqlserver][provider=urn:pulumi:testing_centralus::meerkat-infra::pulumi:providers:azure-native::default_1_83_0::XXXXXXXXXXXXXXXXXXXXXXx]~ administratorLogin: (yaml) [- [0]: "secret"]=> [secret]+-azure-native:web:AppServicePlan: (replace)[id=/subscriptions/XXXXXXXXXXXXXXXXX/resourceGroups/lineagebasstescus/providers/Microsoft.Web/serverfarms/lineageasp][urn=urn:pulumi:testing_centralus::meerkat-infra::azure-native:web:AppServicePlan::appServicePlan][provider=urn:pulumiXXXXXXXXXXXXXX::pulumi:providers:azure-native::default_1_83_0::XXXXXXXXXXX]~ kind : "app" => "Linux"~ name : "lineageasp" => "lineagebasstescus"~ reserved: false => true~ sku : {~ name: "P1" => "P1v2"~ size: "P1" => "P1v2"~ tier: "Premium" => "Premium V2"}+-azure-native:keyvault:Vault: (replace)[id=/subscriptions/XXXXXXXXXXXXXXXxx/resourceGroups/XXXXXXXXX/providers/Microsoft.KeyVault/vaults/XXXXXXXXXXXX][urn=urn:XXXXXXXXXXXXXXXxxx][provider=urn:XXXXXXXXXXXXXXXXXXXX]~ properties : {~ accessPolicies : [~ [0]: {~ permissions: {~ certificates: [~ [0]: "Get" => "get"~ [1]: "List" => "list"~ [2]: "Delete" => "delete"~ [3]: "Create" => "create"~ [4]: "Import" => "import"~ [5]: "Update" => "update"~ [6]: "ManageContacts" => "managecontacts"~ [7]: "GetIssuers" => "getissuers"~ [8]: "ListIssuers" => "listissuers"~ [9]: "SetIssuers" => "setissuers"~ [10]: "DeleteIssuers" => "deleteissuers"~ [11]: "ManageIssuers" => "manageissuers"~ [12]: "Recover" => "recover"~ [13]: "Purge" => "purge"]~ keys : [~ [0]: "Encrypt" => "encrypt"~ [1]: "Decrypt" => "decrypt"~ [2]: "WrapKey" => "wrapKey"~ [3]: "UnwrapKey" => "unwrapKey"~ [4]: "Sign" => "sign"~ [5]: "Verify" => "verify"~ [6]: "Get" => "get"~ [7]: "List" => "list"~ [8]: "Create" => "create"~ [9]: "Update" => "update"~ [10]: "Import" => "import"~ [11]: "Delete" => "delete"~ [12]: "Backup" => "backup"~ [13]: "Restore" => "restore"~ [14]: "Recover" => "recover"~ [15]: "Purge" => "purge"]~ secrets : [~ [0]: "Get" => "get"~ [1]: "List" => "list"~ [2]: "Set" => "set"~ [3]: "Delete" => "delete"~ [4]: "Backup" => "backup"~ [5]: "Restore" => "restore"~ [6]: "Recover" => "recover"~ [7]: "Purge" => "purge"]}}- [1]: {- objectId : "XXXXXXXXXXXXXXXXx"- permissions: {- certificates: [- [0]: "Get"- [1]: "List"- [2]: "Update"- [3]: "Create"- [4]: "Import"- [5]: "Delete"- [6]: "Recover"- [7]: "Backup"- [8]: "Restore"- [9]: "ManageContacts"- [10]: "ManageIssuers"- [11]: "GetIssuers"- [12]: "ListIssuers"- [13]: "SetIssuers"- [14]: "DeleteIssuers"]- keys : [- [0]: "Get"- [1]: "List"- [2]: "Update"- [3]: "Create"- [4]: "Import"- [5]: "Delete"- [6]: "Recover"- [7]: "Backup"- [8]: "Restore"- [9]: "GetRotationPolicy"- [10]: "SetRotationPolicy"- [11]: "Rotate"- [12]: "Encrypt"- [13]: "Decrypt"- [14]: "UnwrapKey"- [15]: "WrapKey"- [16]: "Verify"- [17]: "Sign"- [18]: "Purge"- [19]: "Release"]- secrets : [- [0]: "Get"- [1]: "List"- [2]: "Set"- [3]: "Delete"- [4]: "Recover"- [5]: "Backup"- [6]: "Restore"- [7]: "Purge"]}- tenantId : (yaml) [- [0]: "secret"]}]- provisioningState: "Succeeded"- vaultUri : "XXXXXXXXXXXX/"}~ resourceGroupName: "lineagebasstestingcus" => "lineagebasstescus"+ azure-native:sql:FirewallRule: (create)[urn=urn:pulumi:XXXXXXXXXXXXXXXXXXX][provider=urn:pulumi:XXXXXXXXXXXXXXXXXXX]endIpAddress : "XXXXXXXXX"firewallRuleName : (yaml) [[0]: "secret"]resourceGroupName: "lineagebasstescus"serverName : output<string>startIpAddress : "XXXXXX"+ azure-native:sql:FirewallRule: (create)[urn=urn:XXXXXXXXXXXX[provider=urn:XXXXXXXXXXXXxf]endIpAddress : "XXXXXX"firewallRuleName : "XXXXXXXXXXX"resourceGroupName: "lineagebasstescus"serverName : output<string>startIpAddress : "XXXXXXXXXXX"+ azure-native:sql:FirewallRule: (create)[urn=urn:XXXXXXXXXXXXXXXX][provider=urn:XXXXXXXXXXXX]endIpAddress : "XXXXXXXXX"firewallRuleName : "XXXXXXXXXXX"resourceGroupName: "lineagebasstescus"serverName : output<string>startIpAddress : "XXXXXXXXXXXXX"+-azure-native:sql:FirewallRule: (replace)[id=/subscriptions/XXXXXXXXXXXXXXXXXXXXX][urn=urn:XXXXXXXXXXXXXXXX][provider=urn:XXXXXXXXXXXXXXXxx]~ serverName: "sqlserverXXXXX" => output<string>startIpAddress : "XXXXXXXXXXx"Resources:+ 9 to create+-9 to replace18 changes. 4 unchangedit's a lot of stuff so let me summarize what's it trying to change/replace so you aren't having to sift too much through this
It's trying to:
1. replace sql server with new administrator login secret
2. replace app service plan
3. replace key vault with upper case to lower case in certs
4. replace resource group name (I think that's something I have set in index but it's not picking up)
5. create a new sql db with servername as "output<string>"
6. all servernames going from set sqlserver name to "output<string>"
b
billowy-army-68599
03/27/2023, 8:44 PMokay yes that’s 100% a bug, would you mind opening an issue if you feel comfortable with the redacted info?
you can fix it manually by getting all the properties matching (instead of using
ignoreChangesn
narrow-ghost-95764
03/27/2023, 8:48 PMok thanks I will review and open up a ticket. So just for my knowledge, in a non-bug scenario the copy/paste of the import would give the accurate info of what I would need for index file but the bug is continuing to show diffs and force a replacement when it shouldn't be?
b
billowy-army-68599
03/27/2023, 8:50 PMyep that’s exactly it, if you’ve done an
importn
narrow-ghost-95764
03/27/2023, 8:50 PMgotcha ok thank you I'll make sure to add that to the bug ticket. appreciate the insight!
@billowy-army-68599 I put in a ticket however I'm wondering with the ignoreChanges how it would look if I wanted to use that for a sql database and it's firewall rules? I've looked at examples with "prop" but not sure what the values should look like to ignore certain pieces without having to do any state surgery
b
billowy-army-68599
03/28/2023, 6:05 PMyou should be able to just specify the property name, so for example
serverNamen
narrow-ghost-95764
03/28/2023, 6:09 PMso lets say my database is named "sqldatabase" ...would it look like such? and where in the index is it supposed to live? (or does it not matter?)
let res = new sqlDatabase("sqldatabase",
{ prop: "sqldatabase" }, { ignoreChanges: ["sqldatabase"] });I did an import on the DB and hoping to see if this will work to ignore it and the firewall rules during the diff check. I could technically do a state delete so it's not holding onto it or state surgery but this might be less dangerous?
b
billowy-army-68599
03/28/2023, 6:13 PMdo you have actual code rather than pseudo code? finding it hard to follow, sorry 😞
n
narrow-ghost-95764
03/28/2023, 6:13 PMall good let me paste that here
I took out all the repetitive firewall rule updates and left one but this is what the preview --diff is trying to do:
pulumi😛ulumi:Stack: (same)
+-azure-native:web:AppServicePlan: (replace)
~ name : "XXXXasp" => "XXXXtesc"
~ reserved: false => true
+-azure-native😒ql:Server: (replace)
~ administratorLogin: "[secret]" => [secret]
+-azure-native😒ql:FirewallRule: (replace)
~ serverName: "sqlserverXXXXXXX" => output<string>
^^ the app service I get because the naming variable changed in index file. but the concerning part is it's trying to replace the sql server and therefore replace all firewall rules with a new server name
I'm not sure if that's because of the admin login being a different secret but in general trying to figure out while I work through this bug diff if I can get the diff preview to ignore some of these or what the best/safest way is to clean up the diffs without having to do a state rm (unless that's the best option and just manually manage until the bug gets fixed). or remove and try reimporting
b
billowy-army-68599
03/28/2023, 6:23 PMokay so for example
azure-native:sql:ServerignoreChanges: [ "administratorLogin" ]n
narrow-ghost-95764
03/28/2023, 6:24 PMAH ok that makes sense. so in theory if I add this in the index, save and re-run the diff it should ignore the db in preview--diffs?
b
billowy-army-68599
03/28/2023, 6:25 PMyep!
the generated code for
appServicePlann
narrow-ghost-95764
03/28/2023, 6:28 PMwe have that variablized with an env prefix but I guess I could set that in the config?
b
billowy-army-68599
03/28/2023, 6:30 PMyes that’ll stop the replace happening
n
narrow-ghost-95764
03/28/2023, 6:30 PMNICE thank you. trying the diff again...if I put it here in this block it complains of not being assignable to server args.
const sqlServer = new sql.Server('sqlserver', {
if I put it outside the block it says it's not a unique name.
trying it again...might have missed a necessary semi colon lol
sorry throwing a lot at you but very much appreciate the help
Ok so this is what I'm getting:
index.ts(72,3): error TS1117: An object literal cannot have multiple properties with the same name.
this is what it looks like:
const sqlServer = new sql.Server('sqlserver', {
resourceGroupName: resourceGroup.name,
administratorLogin: username,
administratorLoginPassword: pwd,
version: '12.0',
});
ignoreChanges: [ "administratorLogin" ];
b
billowy-army-68599
03/28/2023, 6:34 PMI think that should be:
const sqlServer = new sql.Server('sqlserver', {
resourceGroupName: resourceGroup.name,
administratorLogin: username,
administratorLoginPassword: pwd,
version: '12.0',
}, ignoreChanges: [ "administratorLogin" ]);n
narrow-ghost-95764
03/28/2023, 6:36 PMindex.ts(92,4): error TS2304: Cannot find name 'ignoreChanges'.
index.ts(92,19): error TS2554: Expected 2-3 arguments, but got 4.
b
billowy-army-68599
03/28/2023, 6:39 PMone sec, let me get this into my IDE
n
narrow-ghost-95764
03/28/2023, 6:39 PMthanks I'm trying it like this simliar to example on doc and see if it needs curly:
{ ignoreChanges: ["prop"] });b
billowy-army-68599
03/28/2023, 6:40 PMoh I think it might
n
narrow-ghost-95764
03/28/2023, 6:43 PMindex.ts(72,3): error TS1117: An object literal cannot have multiple properties with the same name.
it was a nice idea. probably something super simple and I'm missing it.
b
billowy-army-68599
03/28/2023, 6:50 PMthis works great for me?
const database = new sql.Server("example", {
administratorLogin: "admin",
administratorLoginPassword: "correct-horse-battery-stable",
resourceGroupName: resourceGroup.name,
version: '12.0',
}, { ignoreChanges: ["administratorLoginPassword"] });n
narrow-ghost-95764
03/28/2023, 6:56 PMgiving it a go now and will let you know 🙂
somethings still off but I can almost bet it's a small something so I'll copy/paste what you have and tweak it until I get it to work on my end and I'll post here so others can see what the fix was. GREATLY appreciate your help as always!
Just in case someone else runs into this issue.... this did work:
const sqlServer = new sql.Server("sqlserver", {
administratorLogin: username,
administratorLoginPassword: pwd,
resourceGroupName: resourceGroup.name,
version: '12.0',
},{ ignoreChanges: ["administratorLogin"] });when running a preview --diff it does ignore it and stops trying to recreate it. thank you jaxxstorm!
@billowy-army-68599 one more thing...going back to adding config to force the diffs to be ignored without doing ignoreChanges, I ran a pulumi config set for the variables the app service is unhappy with in diffs. anything you think I'm doing wrong there to get the diff to ignore it post adding those to config or should I just do an ignore on those as well? and if so do you know how to do multiple ignore variables? so far what I've tried and looked for it isn't happy with and I can post what I've tried
const appServicePlan = new azure_native.web.AppServicePlan('appServicePlan', {
kind: 'Linux',
reserved: true,
location: 'centralus',
name: resourceGroup.name,
resourceGroupName: resourceGroup.name,
sku: {
capacity: 1,
family: 'P',
name: 'P1 V2',
size: 'P1 V2',
tier: 'Premium V2',
},
},{ ignoreChanges: ["reserved"] }, { ignoreChanges: ["kind"] });it's unhappy with kind, reserved, name and sku. I've set all those with pulumi config set but still trying to change in diff and the example at bottom is me trying to get multiple ignores
b
billowy-army-68599
03/29/2023, 3:59 PMthik it needs to be:
{ ignoreChanges: ["reserved, "kind"] }n
narrow-ghost-95764
03/29/2023, 4:00 PMah ok I'll give that a go. I was trying with separate brackets.
perfection. thank you again! hopefully this helps others as well