I tried using dynamic provider as a workaround for my use case on cloudflare API which is not officially supported yet: 1. create allow rule and block rule using teamsrule resource from the official cloudflare Pulumi provider 2. POST request to /access/apps to create a "private_dns" type application 3. PUT request to /access/app_gateway_rules to bind allow rule and block rule created in 1 to the application created in 2 The create method works as fine because the application was created and the rules were bind successfully. However the plan always show there's a change in this dynamic resource. How can I find out what "makes" Pulumi thinks that there's a change?

Hey 👋 What does your

Diff

implementation look like?

async diff(id: string, olds: any, news?: any) {
        const changes = Object.keys(news).some(key => {
            // Skip the comparison for the 'updated_at' property
            if (key === "updated_at") {
                return false;
            }
            return JSON.stringify(olds[key]) !== JSON.stringify(news[key]);
        });
        return {
            changes
        }
    }

the output shows "updated_at" was updated each time after the apply, so I tried to skip it

Did that work? There is potentially the fact that

stringify

will not be stable if key orders in the nested JSON are not stable (for instance)

uh...what do you mean by work? disclaimer: I don't have a read method yet

I meant if removing

updated_at

from the equation helped.

no, it wasn't there previously, and it doesn't work even after adding it

OK then I would be minded to investigate your stringification -- perhaps logging out

JSON.stringify(olds[key])

and

JSON.stringify(news[key])

will shed some light.

~ pulumi-nodejs:dynamic:Resource: (update)
            [id=string]
            [urn=string]
            allowRuleId       : "string"
            app               : "string"
            appLauncherVisible: false
            blockRuleId       : "string"
            private_address   : "domain"
            tenantId          : "string"
            --outputs:--
          - allowRuleId         : "string"
          - app                 : "string"
          - appLauncherVisible  : false
          + app_launcher_visible: false
          + aud                 : "string"
          - blockRuleId         : "string"
          + created_at          : "0001-01-01T00:00:00Z"
          + gateway_rules       : [
          +     [0]: {
                  + id: "string"
                }
          +     [1]: {
                  + id: "string"
                }
            ]
          + id                  : "string"
          + name                : "string"
          + uid                 : "string"
          + updated_at          : "2024-06-05T10:39:16Z"

I've added a read method and this is the new log, is it due to a change in the output that forces an update? Is this something that I need to change in the return or outs in the create/ update method?

If you do

console.log

and pass

--logflow --logtostderr

to the

pulumi

commands, do you see the logs?

I run Pulumi on Spacelift, is there a way that I can inject these as environment variable or the Pulumi.yaml file?

I'm not familiar with Spacelift but reading their docs it doesn't appear so. Does Spacelift prevent you from running Pulumi locally?

there's a task which I can run the preview manually, let me check further, thanks for your help!

All good 🙂

~ pulumi-nodejs:dynamic:Resource: (refresh)
            [id=string]
            [urn=urn:pulumi:string]
            --outputs:--
          + app               : "string"
          - appId             : "string"
          + appLauncherVisible: true
          + private_address   : "string"
          + tags              : [
          +     [0]: "string"
          +     [1]: "string"
            ]
          + type              : "private_dns"

The logs above is shown in the plan, I suppose I need to add these attributes in the outputs of create or update?

Outputs shouldn't matter for

Diff

. When Pulumi calls

Diff

, it passes two things: • "Old" -- this is the inputs Pulumi has in its state file (so in essence, the last time it ran the program, what the inputs were) • "New" -- this is the inputs that are now specified in the program (so in essence, what the "code says now") So: • If some of your inputs are outputs of other resources, those resources may change and trigger your diff, but your outputs are not going to be involved, if that makes sense. • Your diff will be comparing those two sets of inputs and working out if there is a change

eventSink::Info(<{%reset%}>Key: allowRuleId, Old Value: undefined, New Value: "string"
eventSink::Info(<{%reset%}>Key: app, Old Value: undefined, New Value: "string"
eventSink::Info(<{%reset%}>Key: appLauncherVisible, Old Value: undefined, New Value: true
eventSink::Info(<{%reset%}>Key: blockRuleId, Old Value: undefined, New Value: "string"
eventSink::Info(<{%reset%}>Key: tenantId, Old Value: undefined, New Value: "string"

finally managed to print out the keys and I think this is the root cause, I suppose I need to add those keys as part of the output in my create method?

So the return value of your

create

will end up in state, yes (as will

update

), and those are the values that will come in as

old

each time

diff

is called (with

new

being those in the current version of the program)

finally no more changes shown 🙏 @lively-crayon-44649

Great!