Hi All, I have an issue with

wafv2

. Running

pulumi up

does not come up clean even though nothing has changed. Pulumi's out put does some weird things. It wants to "change" the following:

priority        : 0 => 0
                  ~ visibilityConfig: {
                      + __defaults              : []
                      ~ cloudwatchMetricsEnabled: true => true
                      ~ cloudwatchMetricsEnabled: true => true
                      ~ metricName              : "IPAllowRule" => "IPAllowRule"
                      ~ metricName              : "IPAllowRule" => "IPAllowRule"

Note that

IPAllowRule

and

cloudwatchMetricsEnabled

are doubled up for some reason unknown to me. Does anyone know what's causing this? Here are the relevant code snippets. Along with the full pulumi output

const myAcl = new aws.wafv2.WebAcl("MYACL", { 
    ......
    rules: [
        {
            action: {
                allow: {},
            },
            name: "IPRule",
            priority: 7,
            statement: {
                ipSetReferenceStatement: {
                    arn: IpSet.arn,
                },
            },
            visibilityConfig: {
                sampledRequestsEnabled: true,
                cloudwatchMetricsEnabled: true,
                metricName: "IPRule",
            },
        },

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:poc::MYSTACK::pulumi:pulumi:Stack::MYSTACK-poc]
    ~ aws:wafv2/webAcl:WebAcl: (update)
        [id=ded6d29d-5318-4e98-aa14-777777777777]
        [urn=urn:pulumi:poc::MYSTACK::aws:wafv2/webAcl:WebAcl::MYACL]
        [provider=urn:pulumi:poc::MYSTACK::pulumi:providers:aws::default_6_31_0::911e0d16-9224-481c-8e0c-777777777777]
      ~ rules: [
          ~ [0]: {
                  ~ action          : {
                      + __defaults: []
                      ~ allow     : {
                          + __defaults: []
                        }
                    }
                  ~ name            : "IPAllowRule" => "IPAllowRule"
                  ~ priority        : 7 => 7
                  ~ statement       : {
                      + __defaults             : []
                      ~ ipSetReferenceStatement: {
                          + __defaults: []
                          ~ arn       : "arn:aws:wafv2:us-east-1:777777777777:regional/ipset/ip-set-7777777/8330068b-68e3-44e4-84fe-777777777777" => "arn:aws:wafv2:us-east-1:777777777777:regional/ipset/ip-set-7777777/8330068b-68e3-44e4-84fe-777777777777"
                          ~ arn       : "arn:aws:wafv2:us-east-1:777777777777:regional/ipset/ip-set-7777777/8330068b-68e3-44e4-84fe-777777777777" => "arn:aws:wafv2:us-east-1:777777777777:regional/ipset/ip-set-7777777/8330068b-68e3-44e4-84fe-777777777777"
                        }
                    }
                  ~ visibilityConfig: {
                      + __defaults              : []
                    }
                }
        ]

Hi Greg, sorry this is affecting you. We have been working on this class of problems for a while but they're proving to be a little tricky to quickly and safely fix so we're still narrowing down on a good fix. The issue on duplicated entries and confusing diffs here is impedance mismatch between Pulumi list model and TF set model. https://github.com/pulumi/pulumi-terraform-bridge/issues/186 - these are usually semantically benign but they are not at all helpful in understanding the change. Now besides these display issues there is also at least one more problem here that triggers the update in the first place, I'm curious what it is. Could you file a quick issue with a repro in pulumi/pulumi-aws and I'd take a deeper look? Thank you.

Anton, thanks for getting back to me. I submitted an issue here. https://github.com/pulumi/pulumi-aws/issues/3880 I'm a little under the gun to get things going. Should I just switch to the old

waf

so that my code works cleanly and then update to v2 later?

Yes if you have a workaround that'd be great. I'll have a quick look today but my general expectation is that we're a little stuck on quick fixes here and need to land some systemic foundational work first before we truly address.

Thank Anton!