https://pulumi.com logo
#general
Title
# general
s

stocky-helicopter-37995

01/24/2024, 12:32 AM
hi folks! I'm struggling a bit with some aws resources in my Pulumi program. I have some security groups like this:
Copy code
const workersIngressSelf = new aws.ec2.SecurityGroupRule(`${name}-workers-ingress-self`, {
      description: "Allow node to communicate with each other.",
      protocol: "-1",
      securityGroupId: workersGroup.id,
      sourceSecurityGroupId: securityGroup.id,
      fromPort: 0,
      toPort: 65535,
      type: "ingress",
    });
these fail at runtime like this:
Copy code
error: Error: failed to register new resource test-cell-cluster-security-groups-workers-ingress-self [aws:ec2/securityGroupRule:SecurityGroupRule]: 2 UNKNOWN: Failed to parse true: json: cannot unmarshal bool into Go value of type []interface {}
I can also reproduce this with
aws.ec2.Route
and i'm not really sure what the deal is - anyone know how i can debug this?
l

little-cartoon-10569

01/24/2024, 12:42 AM
Have you got a transformation or something that might be setting a value into one of other properties? That code looks ok to me.
s

stocky-helicopter-37995

01/24/2024, 12:44 AM
i don't, no.
Copy code
I0123 16:45:24.972907   88746 schema.go:660] Terraform input security_group_id = "74D93920-ED26-11E3-AC10-0800200C9A66"
    I0123 16:45:24.972913   88746 schema.go:660] Terraform input source_security_group_id = "74D93920-ED26-11E3-AC10-0800200C9A66"
    I0123 16:45:24.972916   88746 schema.go:660] Terraform input to_port = 443
    I0123 16:45:24.972918   88746 schema.go:660] Terraform input type = "ingress"
    I0123 16:45:24.972921   88746 schema.go:660] Terraform input description = "Allow pods to communicate with the EKS cluster API."
    I0123 16:45:24.972924   88746 schema.go:660] Terraform input from_port = 443
    I0123 16:45:24.972926   88746 schema.go:660] Terraform input protocol = "tcp"
    I0123 16:45:24.973168   88746 schema.go:1064] Terraform output description = {Allow pods to communicate with the EKS cluster API.}
    I0123 16:45:24.973175   88746 schema.go:1064] Terraform output fromPort = {443}
    I0123 16:45:24.973179   88746 schema.go:1064] Terraform output protocol = {tcp}
    I0123 16:45:24.973183   88746 schema.go:1064] Terraform output type = {ingress}
    I0123 16:45:24.973186   88746 schema.go:1064] Terraform output id = {}
    I0123 16:45:24.973188   88746 schema.go:1064] Terraform output toPort = {443}
    I0123 16:45:24.973191   88746 schema.go:1064] Terraform output self = {false}
I don't see any magic "true"s appearing
l

little-cartoon-10569

01/24/2024, 12:54 AM
Hmm, must be go-yaml decode, so I guess that's not much help.
Maybe try a different version, replace sourceSecurityGroupId with self: true maybe, and see if different versions of the API call produce the same error,.
s

stocky-helicopter-37995

01/24/2024, 1:08 AM
yeah, kind of unfortunate.
self: true
doesn't help either
l

little-cartoon-10569

01/24/2024, 1:12 AM
What version of the AWS provider are you using? Maybe the API has been changed?
s

stocky-helicopter-37995

01/24/2024, 1:12 AM
Copy code
$ pulumi plugin ls
NAME    KIND      VERSION  SIZE    INSTALLED       LAST USED
aws     resource  6.18.2   598 MB  46 minutes ago  46 minutes ago
awsx    resource  2.4.0    81 MB   46 minutes ago  46 minutes ago
docker  resource  4.5.1    48 MB   46 minutes ago  46 minutes ago
docker  resource  3.6.1    38 MB   46 minutes ago  46 minutes ago

TOTAL plugin cache size: 765 MB
also 6.18.2 in my package.json
i wish i knew which property was failing to parse, that would be a huge hint
l

little-cartoon-10569

01/24/2024, 1:14 AM
I can't even tell if it's a problem building the API request, or parsing the API response...
Or even building the state, it could be there too.
s

stocky-helicopter-37995

01/24/2024, 1:19 AM
oh, I think i might know why this is
Copy code
$ pulumi config 
KEY                               VALUE
pulumi:disable-default-providers  true
and I am not passing a provider to these resources
l

little-cartoon-10569

01/24/2024, 1:28 AM
Ah. The error message was actively misleading!
It was just that it was the first resource that used the default provider.
s

stocky-helicopter-37995

01/24/2024, 1:28 AM
yep! dang.
l

little-cartoon-10569

01/24/2024, 1:29 AM
Well spotted, and it's easy to fix. Maybe it'd be worth adding a policy or a stack transformation that throws an error in that case, since that error is so unhelpful.
Actually, if you're good at writing lint rules, that'd be the best way to go.