Trying to make an SNS Topic, and encountering an e...
# awsg
gorgeous-minister-41131
05/10/2024, 8:32 PMTrying to make an SNS Topic, and encountering an error on a pretty basic innstance, in US Gov. Interesting the same code in Terraform works. Same region, us-gov-west-1, aws-us-gov partition.
Copy code
test_topic = aws.sns.Topic("test_tjf_1") Copy code
resource "aws_sns_topic" "tjf_test_1" {
name = "tjf-test-1"
} Copy code
Updating (prd):
Type Name Status Info
pulumi:pulumi:Stack aws-cloudwatch-prd **failed** 1 error
+ └─ aws:sns:Topic test_tjf_1 **creating failed** 1 error
Diagnostics:
pulumi:pulumi:Stack (aws-cloudwatch-prd):
error: update failed
aws:sns:Topic (test_tjf_1):
error: 1 error occurred:
* operation error SNS: GetTopicAttributes, https response error StatusCode: 400, RequestID: <REDACTED>, InvalidParameter: Invalid parameter: TopicArn Reason: A us-gov-west-1 ARN must begin with arn:aws-us-gov, not arn:aws:sns:us-gov-west-1:<REDACTED>:test_tjf_1-0c5bb96gorgeous-minister-41131
05/10/2024, 8:33 PMThis feels like a conversion error from the tf bridge when trying to locate the AttrARN and making an assumption with the arn construction but I can't seem to locate where it builds this...
gorgeous-minister-41131
05/10/2024, 8:37 PMgorgeous-minister-41131
05/10/2024, 8:38 PMsomething tells me this is the offender...I don't know what these patches do, but they affect the tf bridge generator I'm sure
gorgeous-minister-41131
05/10/2024, 8:38 PM@enough-garden-22763 looks like you're a committer here (not sure if you know how this file works)
gorgeous-minister-41131
05/10/2024, 8:39 PMIt's unsafe to assume that policy ARNS can ever be generated without that being a passed in option... other partitions (like China, or US Gov) .. this breaks.
e
enough-garden-22763
05/10/2024, 8:40 PMFile an issue please? The team will have a look.
g
gorgeous-minister-41131
05/10/2024, 8:40 PMThanks
e
enough-garden-22763
05/10/2024, 8:42 PMQuite possibly you're correct, this might be hitting this branch where it shouldn't
Copy code
+ if !tfresource.NotFound(err) {
+ return diag.FromErr(err)
+ }
+enough-garden-22763
05/10/2024, 8:42 PMSince constructTopicArn is malformed.
g
gorgeous-minister-41131
05/10/2024, 8:43 PMe
enough-garden-22763
05/10/2024, 8:44 PMThank you!
g
gorgeous-minister-41131
05/10/2024, 8:45 PMYeah so this is one of those weird edge cases in the upstream provider where the arn field gets set so it can subsequently create an implicit policy for the topic (I think?) and in Terraform it works, but if the conversion requires change here, that hard-coded ARN template breaks in the non commercial partition.. I don't know how TF got this info dynamically, but it does work on those providers..
gorgeous-minister-41131
05/10/2024, 8:46 PMThis is sort of a blocker, for us anyway, to being able to utilize this feature of Pulumi. I'm sure this is affecting any customers who use China cloud too
e
enough-garden-22763
05/10/2024, 8:46 PMIt's going to get looked quickly, marked as P1.
enough-garden-22763
05/10/2024, 8:46 PMApologize for the disruption.
g
gorgeous-minister-41131
05/10/2024, 8:47 PMNo worries! much appreciate the discuss here. 🙏
gorgeous-minister-41131
05/10/2024, 8:57 PMRandom thought I am not familiar with Golang's AWS SDK, but I would think that the partition is available via the SNSClient/AWSClient resource so might not even need new param on this method.
e
enough-garden-22763
05/15/2024, 9:36 PM@gorgeous-minister-41131 can you try https://github.com/pulumi/pulumi-aws/releases/tag/v6.36.0 and see if this is resolved, much appreciated!
g
gorgeous-minister-41131
05/15/2024, 10:04 PMYup one of our team mates is going to be giving it a try in a bit.