https://pulumi.com logo
Join Slack
Powered by
Quick clarification question regarding IgnoreChang...
# general
n
Quick clarification question regarding IgnoreChanges: https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/#:~:text=Pulumi%20ignores%20a%20property%20by%20using%20the%20old,the%20state%2C%20most%20importantly%20when%20creating%20the%20resource. I have a situation where I created the Azure testing env via console and I tried importing/copy paste the response into index and running into a bunch of diffs and re-create resources. I know that what was imported is correct (such as the sql db) and I don't want pulumi to try and recreate the database, firewall rules etc. Is there a way with IgnoreChanges to ignore all resources under a resource group or something like that? If not, what would that look like if I were to do this for an existing sql db off the example from the link below?
I was going off of:
Copy code
let res = new MyResource("res",
    { prop: "new-value" }, { ignoreChanges: ["prop"] });
so it didn't like "MyResource" and suggested "resources"
b
if you’re doing an import and it’s showing a diff that’s on an immutable property (ie, it’d force a replacement) that’s almost certainly a bug and we should fix it. To answer your question though, I don’t recall 
ignoreChanges
accepting anything but an explicit value
do you have a diff you can share that’s showing you property differences?
n
yeah I can get that one sec
I'll have to edit out a few things but will add here shortly
b
no problem, thanks!
n
cmorrow@CMorrow-LT:~/meerkat-infra$ pulumi preview --diff
pulumi:pulumi:Stack: (same)
[urn=urn:XXXXXXXXXXX']
+-azure-native:sql:Server: (replace)
[id=/subscriptions/XXXXXXXXXXXX/resourceGroups/XXXXXXXXXXxx/providers/Microsoft.Sql/servers/XXXXXXXXXXXXX]
[urn=urn:XXXXXXXXXXXXX::azure-native:sql:Server::sqlserver]
[provider=urn:pulumi:testing_centralus::meerkat-infra::pulumi:providers:azure-native::default_1_83_0::XXXXXXXXXXXXXXXXXXXXXXx]
~ administratorLogin: (yaml) [
-     [0]: "secret"
]
=> [secret]
+-azure-native:web:AppServicePlan: (replace)
[id=/subscriptions/XXXXXXXXXXXXXXXXX/resourceGroups/lineagebasstescus/providers/Microsoft.Web/serverfarms/lineageasp]
[urn=urn:pulumi:testing_centralus::meerkat-infra::azure-native:web:AppServicePlan::appServicePlan]
[provider=urn:pulumiXXXXXXXXXXXXXX::pulumi:providers:azure-native::default_1_83_0::XXXXXXXXXXX]
~ kind    : "app" => "Linux"
~ name    : "lineageasp" => "lineagebasstescus"
~ reserved: false => true
~ sku     : {
~ name: "P1" => "P1v2"
~ size: "P1" => "P1v2"
~ tier: "Premium" => "Premium V2"
}
+-azure-native:keyvault:Vault: (replace)
[id=/subscriptions/XXXXXXXXXXXXXXXxx/resourceGroups/XXXXXXXXX/providers/Microsoft.KeyVault/vaults/XXXXXXXXXXXX]
[urn=urn:XXXXXXXXXXXXXXXxxx]
[provider=urn:XXXXXXXXXXXXXXXXXXXX]
~ properties       : {
~ accessPolicies   : [
~ [0]: {
~ permissions: {
~ certificates: [
~ [0]: "Get" => "get"
~ [1]: "List" => "list"
~ [2]: "Delete" => "delete"
~ [3]: "Create" => "create"
~ [4]: "Import" => "import"
~ [5]: "Update" => "update"
~ [6]: "ManageContacts" => "managecontacts"
~ [7]: "GetIssuers" => "getissuers"
~ [8]: "ListIssuers" => "listissuers"
~ [9]: "SetIssuers" => "setissuers"
~ [10]: "DeleteIssuers" => "deleteissuers"
~ [11]: "ManageIssuers" => "manageissuers"
~ [12]: "Recover" => "recover"
~ [13]: "Purge" => "purge"
]
~ keys        : [
~ [0]: "Encrypt" => "encrypt"
~ [1]: "Decrypt" => "decrypt"
~ [2]: "WrapKey" => "wrapKey"
~ [3]: "UnwrapKey" => "unwrapKey"
~ [4]: "Sign" => "sign"
~ [5]: "Verify" => "verify"
~ [6]: "Get" => "get"
~ [7]: "List" => "list"
~ [8]: "Create" => "create"
~ [9]: "Update" => "update"
~ [10]: "Import" => "import"
~ [11]: "Delete" => "delete"
~ [12]: "Backup" => "backup"
~ [13]: "Restore" => "restore"
~ [14]: "Recover" => "recover"
~ [15]: "Purge" => "purge"
]
~ secrets     : [
~ [0]: "Get" => "get"
~ [1]: "List" => "list"
~ [2]: "Set" => "set"
~ [3]: "Delete" => "delete"
~ [4]: "Backup" => "backup"
~ [5]: "Restore" => "restore"
~ [6]: "Recover" => "recover"
~ [7]: "Purge" => "purge"
]
}
}
- [1]: {
- objectId   : "XXXXXXXXXXXXXXXXx"
- permissions: {
- certificates: [
-     [0]: "Get"
-     [1]: "List"
-     [2]: "Update"
-     [3]: "Create"
-     [4]: "Import"
-     [5]: "Delete"
-     [6]: "Recover"
-     [7]: "Backup"
-     [8]: "Restore"
-     [9]: "ManageContacts"
-     [10]: "ManageIssuers"
-     [11]: "GetIssuers"
-     [12]: "ListIssuers"
-     [13]: "SetIssuers"
-     [14]: "DeleteIssuers"
]
- keys        : [
-     [0]: "Get"
-     [1]: "List"
-     [2]: "Update"
-     [3]: "Create"
-     [4]: "Import"
-     [5]: "Delete"
-     [6]: "Recover"
-     [7]: "Backup"
-     [8]: "Restore"
-     [9]: "GetRotationPolicy"
-     [10]: "SetRotationPolicy"
-     [11]: "Rotate"
-     [12]: "Encrypt"
-     [13]: "Decrypt"
-     [14]: "UnwrapKey"
-     [15]: "WrapKey"
-     [16]: "Verify"
-     [17]: "Sign"
-     [18]: "Purge"
-     [19]: "Release"
]
- secrets     : [
-     [0]: "Get"
-     [1]: "List"
-     [2]: "Set"
-     [3]: "Delete"
-     [4]: "Recover"
-     [5]: "Backup"
-     [6]: "Restore"
-     [7]: "Purge"
]
}
- tenantId   : (yaml) [
-     [0]: "secret"
]
}
]
- provisioningState: "Succeeded"
- vaultUri         : "XXXXXXXXXXXX/"
}
~ resourceGroupName: "lineagebasstestingcus" => "lineagebasstescus"
+ azure-native:sql:FirewallRule: (create)
[urn=urn:pulumi:XXXXXXXXXXXXXXXXXXX]
[provider=urn:pulumi:XXXXXXXXXXXXXXXXXXX]
endIpAddress     : "XXXXXXXXX"
firewallRuleName : (yaml) [
[0]: "secret"
]
resourceGroupName: "lineagebasstescus"
serverName       : output<string>
startIpAddress   : "XXXXXX"
+ azure-native:sql:FirewallRule: (create)
[urn=urn:XXXXXXXXXXXX
[provider=urn:XXXXXXXXXXXXxf]
endIpAddress     : "XXXXXX"
firewallRuleName : "XXXXXXXXXXX"
resourceGroupName: "lineagebasstescus"
serverName       : output<string>
startIpAddress   : "XXXXXXXXXXX"
+ azure-native:sql:FirewallRule: (create)
[urn=urn:XXXXXXXXXXXXXXXX]
[provider=urn:XXXXXXXXXXXX]
endIpAddress     : "XXXXXXXXX"
firewallRuleName : "XXXXXXXXXXX"
resourceGroupName: "lineagebasstescus"
serverName       : output<string>
startIpAddress   : "XXXXXXXXXXXXX"
+-azure-native:sql:FirewallRule: (replace)
[id=/subscriptions/XXXXXXXXXXXXXXXXXXXXX]
[urn=urn:XXXXXXXXXXXXXXXX]
[provider=urn:XXXXXXXXXXXXXXXxx]
~ serverName: "sqlserverXXXXX" => output<string>
startIpAddress   : "XXXXXXXXXXx"
Resources:
+ 9 to create
+-9 to replace
18 changes. 4 unchanged
it's a lot of stuff so let me summarize what's it trying to change/replace so you aren't having to sift too much through this
It's trying to: 1. replace sql server with new administrator login secret 2. replace app service plan 3. replace key vault with upper case to lower case in certs 4. replace resource group name (I think that's something I have set in index but it's not picking up) 5. create a new sql db with servername as "output<string>" 6. all servernames going from set sqlserver name to "output<string>"
b
okay yes that’s 100% a bug, would you mind opening an issue if you feel comfortable with the redacted info? you can fix it manually by getting all the properties matching (instead of using 
ignoreChanges
) but you shiuldn’t need to
n
ok thanks I will review and open up a ticket. So just for my knowledge, in a non-bug scenario the copy/paste of the import would give the accurate info of what I would need for index file but the bug is continuing to show diffs and force a replacement when it shouldn't be?
b
yep that’s exactly it, if you’ve done an 
import
of a resource, the properties should be the same as the current state of the resource. The issues here with the strings being wrong (like the capitalisation of the methods) shouldn’t be happening
n
gotcha ok thank you I'll make sure to add that to the bug ticket. appreciate the insight!
@billowy-army-68599 I put in a ticket however I'm wondering with the ignoreChanges how it would look if I wanted to use that for a sql database and it's firewall rules? I've looked at examples with "prop" but not sure what the values should look like to ignore certain pieces without having to do any state surgery
b
you should be able to just specify the property name, so for example 
serverName
n
so lets say my database is named "sqldatabase" ...would it look like such? and where in the index is it supposed to live? (or does it not matter?)
Copy code
let res = new sqlDatabase("sqldatabase",
    { prop: "sqldatabase" }, { ignoreChanges: ["sqldatabase"] });
I did an import on the DB and hoping to see if this will work to ignore it and the firewall rules during the diff check. I could technically do a state delete so it's not holding onto it or state surgery but this might be less dangerous?
b
do you have actual code rather than pseudo code? finding it hard to follow, sorry 😞
n
all good let me paste that here
I took out all the repetitive firewall rule updates and left one but this is what the preview --diff is trying to do: pulumipulumiStack: (same) +-azure-nativewebAppServicePlan: (replace) ~ name : "XXXXasp" => "XXXXtesc" ~ reserved: false => true +-azure-nativesqlServer: (replace) ~ administratorLogin: "[secret]" => [secret] +-azure-nativesqlFirewallRule: (replace) ~ serverName: "sqlserverXXXXXXX" => output<string> ^^ the app service I get because the naming variable changed in index file. but the concerning part is it's trying to replace the sql server and therefore replace all firewall rules with a new server name
I'm not sure if that's because of the admin login being a different secret but in general trying to figure out while I work through this bug diff if I can get the diff preview to ignore some of these or what the best/safest way is to clean up the diffs without having to do a state rm (unless that's the best option and just manually manage until the bug gets fixed). or remove and try reimporting
b
okay so for example 
azure-native:sql:Server
it’d be
Copy code
ignoreChanges: [ "administratorLogin" ]
n
AH ok that makes sense. so in theory if I add this in the index, save and re-run the diff it should ignore the db in preview--diffs?
b
yep!
the generated code for 
appServicePlan
- you should be able to just get the name to match
n
we have that variablized with an env prefix but I guess I could set that in the config?
b
yes that’ll stop the replace happening
n
NICE thank you. trying the diff again...if I put it here in this block it complains of not being assignable to server args. const sqlServer = new sql.Server('sqlserver', { if I put it outside the block it says it's not a unique name.
trying it again...might have missed a necessary semi colon lol
sorry throwing a lot at you but very much appreciate the help
Ok so this is what I'm getting:
index.ts(72,3): error TS1117: An object literal cannot have multiple properties with the same name.
this is what it looks like:
const sqlServer = new sql.Server('sqlserver', { resourceGroupName: resourceGroup.name, administratorLogin: username, administratorLoginPassword: pwd, version: '12.0', }); ignoreChanges: [ "administratorLogin" ];
b
I think that should be:
Copy code
const sqlServer = new sql.Server('sqlserver', {
  resourceGroupName: resourceGroup.name,
  administratorLogin: username,
  administratorLoginPassword: pwd,
  version: '12.0',
}, ignoreChanges: [ "administratorLogin" ]);
?
n
index.ts(92,4): error TS2304: Cannot find name 'ignoreChanges'. index.ts(92,19): error TS2554: Expected 2-3 arguments, but got 4.
b
one sec, let me get this into my IDE
n
thanks I'm trying it like this simliar to example on doc and see if it needs curly:
Copy code
{ ignoreChanges: ["prop"] });
b
oh I think it might
n
index.ts(72,3): error TS1117: An object literal cannot have multiple properties with the same name.
it was a nice idea. probably something super simple and I'm missing it.
b
this works great for me?
Copy code
const database = new sql.Server("example", {
    administratorLogin: "admin",
    administratorLoginPassword: "correct-horse-battery-stable",
    resourceGroupName: resourceGroup.name,
    version: '12.0',
}, { ignoreChanges: ["administratorLoginPassword"] });
n
giving it a go now and will let you know 🙂
somethings still off but I can almost bet it's a small something so I'll copy/paste what you have and tweak it until I get it to work on my end and I'll post here so others can see what the fix was. GREATLY appreciate your help as always!
Just in case someone else runs into this issue.... this did work:
Copy code
const sqlServer = new sql.Server("sqlserver", {
  administratorLogin: username,
  administratorLoginPassword: pwd,
  resourceGroupName: resourceGroup.name,
  version: '12.0',
},{ ignoreChanges: ["administratorLogin"] });
when running a preview --diff it does ignore it and stops trying to recreate it. thank you jaxxstorm!
@billowy-army-68599 one more thing...going back to adding config to force the diffs to be ignored without doing ignoreChanges, I ran a pulumi config set for the variables the app service is unhappy with in diffs. anything you think I'm doing wrong there to get the diff to ignore it post adding those to config or should I just do an ignore on those as well? and if so do you know how to do multiple ignore variables? so far what I've tried and looked for it isn't happy with and I can post what I've tried
Copy code
const appServicePlan = new azure_native.web.AppServicePlan('appServicePlan', {
  kind: 'Linux',
  reserved: true,
  location: 'centralus',
  name: resourceGroup.name,
  resourceGroupName: resourceGroup.name,
  sku: {
    capacity: 1,
    family: 'P',
    name: 'P1 V2',
    size: 'P1 V2',
    tier: 'Premium V2',
  },
},{ ignoreChanges: ["reserved"] }, { ignoreChanges: ["kind"] });
it's unhappy with kind, reserved, name and sku. I've set all those with pulumi config set but still trying to change in diff and the example at bottom is me trying to get multiple ignores
b
thik it needs to be:
Copy code
{ ignoreChanges: ["reserved, "kind"] }
n
ah ok I'll give that a go. I was trying with separate brackets.
perfection. thank you again! hopefully this helps others as well
3 Views
Open in Slack
PreviousNext
Powered by