https://pulumi.com logo
Join Slack
Powered by
Hi, has anyone of you ever used Pulumi with the Ha...
# typescript
i
Hi, has anyone of you ever used Pulumi with the HashiCorp Vault provider to create a AuthBackend? It works just fine, but for some reason it needs to be updated on every 
pulumi up
Copy code
...
    const authBackend = new vault.AuthBackend(
      "authBackend",
      {
        type: "approle",
        path: `pulumi-${args.platformName}-cluster-external-secrets-approle-backend`,
      },
      {
        provider: vaultProvider,
        parent: this,
        dependsOn: [vaultProvider],
      },
    );
...
i have been tinkering around with ignoreChanges already (basically ingoring everything but type and path, but there is no change pending anyway:
Copy code
pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::olsicloud4-hetzner::pulumi:pulumi:Stack::olsicloud4-hetzner-dev]
        ~ vault:index/authBackend:AuthBackend: (update)
            [id=pulumi-olsicloud4-cluster-external-secrets-approle-backend]
            [urn=urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$vault:index/authBackend:AuthBackend::authBackend]
            [provider=urn:pulumi:dev::olsicloud4-hetzner::pulumi:providers:vault::vault-external-secrets-cluster-approle::888f39d6-5bd2-414b-93dd-d71a4e684bba]
            disableRemount: true
            path          : "pulumi-olsicloud4-cluster-external-secrets-approle-backend"
            type          : "approle"
And also the vault API shows nothing that peeked my interest:
Copy code
"pulumi-olsicloud4-cluster-external-secrets-approle-backend/": {
        "accessor": "auth_approle_e02de25f",
        "config": {
            "default_lease_ttl": 0,
            "force_no_cache": false,
            "max_lease_ttl": 0,
            "token_type": "default-service"
        },
        "description": "",
        "external_entropy_access": false,
        "local": false,
        "options": null,
        "seal_wrap": false,
        "type": "approle",
        "uuid": "0f14cca4-1a08-97a2-d2bf-ef8f314ed556"
    },
Its a bit annoying as this is the final thing remaining to finish my migration from terraform. (Which also sometimes arbitrarily triggered this update, now that I think about it. But not on EVERY run)
s
just a shot in the dark, but you shouldn't need 
dependsOn: vaultProvider
it doesn't technically depend on that for a value; the fact that it's passed as a provider is enough for the engine to know to wait for it. maybe there's something going on that's triggering "a dependent changed, so you should too". for instance, each time you run the provider would have some sort of different session token or whatever
l
What property is triggering the update? It'll have a tilde beside it in the preview.
i
Thats just it, no propery seems to trigger it. There is no delta
I did not omit any lines in my copy/paste there
l
So no properties need an update, just the entire resource? I've never seen anything like that before.
i
I am always THAT lucky 😉
i just dropped the dependsOn, lets see, i dont think thats it
yeah, nah, that wasnt it
l
I would try a 
pulumi refresh
after 
up
. See if any properties are updated with default values. If they are, set those default values in your code.
i
Copy code
Do you want to perform this refresh?
No resources will be modified as part of this refresh; just your stack's state will be.
 details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::olsicloud4-hetzner::pulumi:pulumi:Stack::olsicloud4-hetzner-dev]
        ~ vault:index/authBackend:AuthBackend: (update)
            [id=pulumi-olsicloud4-cluster-external-secrets-approle-backend]
            [urn=urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$vault:index/authBackend:AuthBackend::authBackend]
            [provider=urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$pulumi:providers:vault::vault-external-secrets-cluster-approle::242a149e-b5cd-455f-af2e-05f2d0a69c9c]
            disableRemount: false
            path          : "pulumi-olsicloud4-cluster-external-secrets-approle-backend"
            type          : "approle"
nah, nothing
l
Well, it's updating the entire resource. Maybe export the stack, do the refresh, export again, and compare the JSON? This looks like a bug, you want evidence to put in an issue.
i
And again from the subsequent up
Copy code
Type                                                   Name                                Plan       Info
     pulumi:pulumi:Stack                                    olsicloud4-hetzner-dev                         3 messages
     └─ custom:resource:VaultExternalSecretsClusterAppRole  vaultExternalSecretsClusterAppRole
 ~      └─ vault:index:AuthBackend                          authBackend                         update

...
Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::olsicloud4-hetzner::pulumi:pulumi:Stack::olsicloud4-hetzner-dev]
        ~ vault:index/authBackend:AuthBackend: (update)
            [id=pulumi-olsicloud4-cluster-external-secrets-approle-backend]
            [urn=urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$vault:index/authBackend:AuthBackend::authBackend]
            [provider=urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$pulumi:providers:vault::vault-external-secrets-cluster-approle::242a149e-b5cd-455f-af2e-05f2d0a69c9c]
            disableRemount: false
            path          : "pulumi-olsicloud4-cluster-external-secrets-approle-backend"
            type          : "approle"
yeah, thats an idea
its json after all
pre
Copy code
{
                "urn": "urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$vault:index/authBackend:AuthBackend::authBackend",
                "custom": true,
                "id": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                "type": "vault:index/authBackend:AuthBackend",
                "inputs": {
                    "__defaults": [
                        "disableRemount"
                    ],
                    "disableRemount": false,
                    "path": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                    "type": "approle"
                },
                "outputs": {
                    "__meta": "{\"schema_version\":\"1\"}",
                    "accessor": "auth_approle_8d5d7494",
                    "description": "",
                    "disableRemount": false,
                    "id": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                    "identityTokenKey": null,
                    "local": false,
                    "namespace": null,
                    "path": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                    "tune": null,
                    "type": "approle"
                },
                "parent": "urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole::vaultExternalSecretsClusterAppRole",
                "provider": "urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$pulumi:providers:vault::vault-external-secrets-cluster-approle::242a149e-b5cd-455f-af2e-05f2d0a69c9c",
                "propertyDependencies": {
                    "path": [],
                    "type": []
                },
                "created": "2024-11-14T17:48:09.65671Z",
                "modified": "2024-11-14T18:59:17.266531Z",
                "sourcePosition": "project:///vault/index.ts#100,29"
            },
post
Copy code
{
                "urn": "urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$vault:index/authBackend:AuthBackend::authBackend",
                "custom": true,
                "id": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                "type": "vault:index/authBackend:AuthBackend",
                "inputs": {
                    "__defaults": [
                        "disableRemount"
                    ],
                    "disableRemount": false,
                    "path": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                    "type": "approle"
                },
                "outputs": {
                    "__meta": "{\"schema_version\":\"1\"}",
                    "accessor": "auth_approle_8d5d7494",
                    "description": "",
                    "disableRemount": false,
                    "id": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                    "identityTokenKey": null,
                    "local": false,
                    "namespace": null,
                    "path": "pulumi-olsicloud4-cluster-external-secrets-approle-backend",
                    "tune": null,
                    "type": "approle"
                },
                "parent": "urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole::vaultExternalSecretsClusterAppRole",
                "provider": "urn:pulumi:dev::olsicloud4-hetzner::custom:resource:VaultExternalSecretsClusterAppRole$pulumi:providers:vault::vault-external-secrets-cluster-approle::242a149e-b5cd-455f-af2e-05f2d0a69c9c",
                "created": "2024-11-14T17:48:09.65671Z",
                "modified": "2024-11-14T18:59:17.266531Z",
                "sourcePosition": "project:///vault/index.ts#100,29"
            },
its missing “propertyDependencies” … weird
ah, wait, wrong part of the stack. its identical grmbl, a lot of json 😉
post up those propertyDependencies match
I think the root cause is somewhere in the provider itself. That would explain my past terraform experiences, if i am to understand it correctly its semi-literally the same provider
10 Views
Open in Slack
PreviousNext
Powered by