big-account-56668
07/28/2022, 3:17 PMechoing-dinner-19531
07/28/2022, 3:25 PMthe hash that it automatically adds to say, a Cloud Run service nameIs this actually the thing changing? That's supposed to look at the current state and use the existing name as is if it's present, so not sure why it would want to change that.
big-account-56668
07/28/2022, 3:31 PM+-gcp:cloudrun/service:Service: (replace)
[id=locations/europe-west1/namespaces/x/services/name-acd63ea]
[urn=urn:pulumi:x::x::gcp:cloudrun/service:Service::name]
~ name: "name-acd63ea" => "name-936a38b"
echoing-dinner-19531
07/28/2022, 3:51 PMpulumi stack export
can you find the details for that resource and check the name is in the "inputs" details?big-account-56668
07/28/2022, 3:55 PMechoing-dinner-19531
07/28/2022, 4:01 PMbig-account-56668
07/28/2022, 4:02 PMechoing-dinner-19531
07/28/2022, 4:03 PMbig-account-56668
07/28/2022, 4:04 PMechoing-dinner-19531
07/28/2022, 4:05 PMbig-account-56668
07/28/2022, 4:08 PM+-gcp:cloudrun/iamMember:IamMember: (replace)
[id=v1/projects/project123/locations/europe-west2/services/service-b6d985b/roles/run.invoker/allUsers]
[urn=urn:pulumi:x::x::gcp:cloudrun/iamMember:IamMember::invoke-permission]
~ service: "v1/projects/project123/locations/europe-west2/services/service-b6d985b" => "service-85343cb"
+-aws:iam/role:Role: (replace)
[id=role-a107c15]
[urn=urn:pulumi:x::x::aws:iam/role:Role::role]
~ name: "role-a107c15" => "role-1baf75a"
+-aws:iam/rolePolicyAttachment:RolePolicyAttachment: (replace)
[id=role-a107c15-20220727175101879400000001]
[urn=urn:pulumi:x::x::aws:iam/rolePolicyAttachment:RolePolicyAttachment::role]
~ role: "role-a107c15" => "role-1baf75a"
+-gcp:compute/targetHttpProxy:TargetHttpProxy: (replace)
[id=projects/project123/global/targetHttpProxies/target-proxy-f1ccc22]
[urn=urn:pulumi:x::x::gcp:compute/targetHttpProxy:TargetHttpProxy::target-proxy]
~ name: "target-proxy-f1ccc22" => "target-proxy-0c5368b"
+-gcp:compute/managedSslCertificate:ManagedSslCertificate: (replace)
[id=projects/project123/global/sslCertificates/managed-cert-02bbda3]
[urn=urn:pulumi:x::x::gcp:compute/managedSslCertificate:ManagedSslCertificate::managed-cert]
~ name: "managed-cert-02bbda3" => "managed-cert-1c52b92"
+-gcp:compute/globalAddress:GlobalAddress: (replace)
[id=projects/project123/global/addresses/ip-86578ac]
[urn=urn:pulumi:x::x::gcp:compute/globalAddress:GlobalAddress::ip]
~ name: "ip-86578ac" => "ip-bd66070"
echoing-dinner-19531
07/28/2022, 4:11 PMbig-account-56668
07/28/2022, 4:16 PMup --refresh
in case there is a difference, and preview
at some point.echoing-dinner-19531
07/28/2022, 4:17 PM~ service: "v1/projects/project123/locations/europe-west2/services/service-b6d985b" => "service-85343cb"
That's the most suspicious change. Do your other resources depend on that IamMember in someway? Might be just that changed and triggered everything else to do a replace.big-account-56668
07/28/2022, 4:21 PMechoing-dinner-19531
07/28/2022, 4:25 PM"v1/projects/project123/locations/europe-west2/services/service-b6d985b" => "service-85343cb"
That's a very different name, and a different hash endingbig-account-56668
07/28/2022, 4:28 PMgcloud
to see what it says for that particular one. In the case of
~ name: "ip-86578ac" => "ip-bd66070"
GCP console currently has it as ip-86578ac
, and a refresh does not show a diff on that name.echoing-dinner-19531
07/28/2022, 4:29 PMbig-account-56668
07/28/2022, 4:30 PMechoing-dinner-19531
07/28/2022, 4:30 PMbig-account-56668
07/28/2022, 4:31 PMechoing-dinner-19531
07/28/2022, 4:31 PMbig-account-56668
07/28/2022, 4:34 PMechoing-dinner-19531
07/28/2022, 4:36 PMpulumi stack import
to import that state.
Can just do this for one resource to start, and then check that refresh
doesn't remove the name.
If that's ok can then fix up the other names and try and do the up.big-account-56668
07/28/2022, 4:38 PMechoing-dinner-19531
07/28/2022, 4:41 PMActually the role diff is caused by the Cloud Run service name diff- the role is linked to the service so when the name diffs it will also diff. While I agree it's a bit suspicious/confusing that the diff does not show the canonical name for both before and after, I'm fairly sure that one is a red herring.It might not be. I've got to go in a sec (end of day here) but I'd suggest raising an issue about that at https://github.com/pulumi/pulumi-gcp
big-account-56668
07/28/2022, 5:26 PMgcp:pubsub/subscription:Subscription
, gcp:cloudrun/service:Service
, aws:iam/role:Role
, aws:iam/rolePolicyAttachment:RolePolicyAttachment
, gcp:compute/globalAddress:GlobalAddress
, gcp:compute/managedSslCertificate:ManagedSslCertificate
gcp:compute/targetHttpProxy:TargetHttpProxy
, gcp:compute/globalForwardingRule:GlobalForwardingRule
I've also added back statementId attribute on aws:lambda/permission:Permission
which similarly was suddenly missing from the input field.
These manual changes has removed all the unexpected diffs.echoing-dinner-19531
07/28/2022, 9:35 PMNote that we've never specified either of these attributes in our code.That's expected. Pulumi will use the logical resource name you assign to resources as the default physical name of the resource. What's odd is that your state file didn't have that recorded. For example if I have some code like
new aws.s3.Bucket("my-bucket");
I get a state file that looks like:
"urn": "urn:pulumi:dev::import_test::aws:s3/bucket:bucket::my-bucket",
"id": "my-bucket-3292aff",
"type": "aws:s3/bucket:Bucket",
"inputs": {
"__defaults": [
"acl",
"bucket",
"forceDestroy"
],
"acl": "private",
"bucket": "my-bucket-3292aff",
"forceDestroy": false
},
"outputs": {
"arn": "arn:aws:s3:::my-bucket-3292aff",
"bucket": "my-bucket-3292aff",
...
},
...
Note that "bucket" (the name property for a bucket object) is saved to my inputs