hi does anybody know why when I do a `pulumi up r` I keep se Pulumi Community #general

hi does anybody know why when I do a `pulumi up -r...

rhythmic-branch-12845

09/27/2022, 9:55 AM

hi does anybody know why when I do a

pulumi up -r

, I keep seeing “diffs”, even if nothing has changed in the underlying infrastructure?

Copy code

Previewing update (dev)

View Live: <https://app.pulumi.com/><redacted>/<proj>/dev/previews/<id>

     Type                       Name        Plan     Info
     pulumi:pulumi:Stack        proj-dev
     ├─ aws:ec2:LaunchTemplate  aaaaa                [diff: ~vpcSecurityGroupIds]
     ├─ aws:lb:TargetGroup      api
     ├─ aws:autoscaling:Group   aaaaa                [diff: ~launchTemplate,vpcZoneIdentifiers]
     ├─ aws:ec2:LaunchTemplate  api                  [diff: ~vpcSecurityGroupIds]
     ├─ aws:lb:TargetGroup      aaaaa
     └─ aws:autoscaling:Group   api                  [diff: ~launchTemplate,vpcZoneIdentifiers]

Resources:
    7 unchanged

When I select

details

, I get this:

Copy code

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
    ~ aws:autoscaling/group:Group: (refresh)
        [id=api]
        [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:autoscaling/group:Group: (refresh)
        [id=aaaaa]
        [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:lb/targetGroup:TargetGroup: (refresh)
        [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/aaaaa/8e2bbbab0efedbad]
        [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:lb/targetGroup:TargetGroup: (refresh)
        [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/api/df555747b8eaeb92]
        [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
        [id=lt-09afb8d3b2f6ae9ac]
        [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
        [id=lt-0b38e76b0e7b3a1e9]
        [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]

little-cartoon-10569

09/27/2022, 7:58 PM

There's a few reasons for these sorts of things.

little-cartoon-10569

09/27/2022, 7:59 PM

You might be creating some resources / properties inside an

apply()

, which preview and refresh can't unroll. So they report differences, to be safe. When you request the final refresh / up, those differences might not manifest.

little-cartoon-10569

09/27/2022, 8:00 PM

Or those properties might be known to Pulumi to be particularly transient, and Pulumi can't guarantee that at refresh / up time, the in-cloud situation will be the same as it was during the preview. ASGs are likely to be in this category. I don't know how this works, and this is just a guess based on my own experience.

little-cartoon-10569

09/27/2022, 8:02 PM

There may be default values that you're not setting in code, but the cloud provider has set up. A refresh will put those values into state, This situation is inconvenient, because your next up will remove them from state (because they're not in code), and the next refresh will put them back in. If this is the case, I recommend updating your code to explicitly set those values to whatever the provider is setting them to, so that the cloud state, code and Pulumi state all match up.

little-cartoon-10569

09/27/2022, 8:03 PM

And the final case (that I can think of) is that the cloud provider has genuinely changed the value, and the code has not been changed. This is a minor various of the previous case, and the same solution applies.

rhythmic-branch-12845

09/28/2022, 4:22 AM

thank you @little-cartoon-10569 for the details! re `apply()`: not too sure what you’re referring to here, but I’ve got no

apply

function call in my code.. and as for invoking pulumi, I am only doing

pulumi up -r

re transient properties (and also “default values that you’re not setting in code”): to take the example of the launch templates, I am setting specific values for the vpc security ids (and they do not change)… so I’m not sure what’s going on here. These values should not be changed arbitrarily by the cloud provider as well.

little-cartoon-10569

09/28/2022, 10:19 AM

It looks like you're deploying proj-dev, and seeing changes that have happened in proj-aaaaa. That is, your current stack is being updated with changes that you've made via a different stack. Would that explain it?

rhythmic-branch-12845

09/28/2022, 1:55 PM

oh, no.

proj

is just my redacted name for the actual project name. Sorry if that confused you. It’s all in one stack. I have no other stacks besides

dev

rhythmic-branch-12845

09/28/2022, 1:56 PM

let me edit the output to be clearer

little-cartoon-10569

09/28/2022, 7:55 PM

Are you building the resources in a loop? If you are, is it possible that you're re-ordering some input values relative to others? If you're iterating over parallel arrays, and those arrays might be re-ordering on different runs of Pulumi, then you would be changing the resources just like the preview suggests.

little-cartoon-10569

09/28/2022, 7:56 PM

If this is the case, maybe try removing the loop and building the resources with fixed values, to test that every works. Then work back to building the resources using the correct variables / arrays, until you find what value is changing each run.

rhythmic-branch-12845

10/06/2022, 3:35 PM

no loops here, but good idea. My

vpc_security_group_ids

and

vpc_zone_identifiers

are defined using variables (more on that later), BUT I have tried hard-coding them as well, and I still get diffs when doing

pulumi up -r

To illustrate, my

vpc_security_group_ids

are defined like this:

Copy code

vpc_security_group_ids = [
	vars.security_group_ids[f'sg_{ SERVICE_NAME }'],
	vars.security_group_ids['sg_common'],
]

(I define the actual security group values in a separate file,

vars.py

that gets imported, because these are common values). As mentioned, I have tried defining them directly and not using variables to get the values, but even when I do that,

pulumi up -r

still claims that there are diffs. I’ve tried upgrading through new versions of pulumi as they are released… Same thing

rhythmic-branch-12845

10/18/2022, 5:34 AM

bumping this again. Anybody from Pulumi want to take a look at this? I can provide sample source and info

echoing-dinner-19531

10/18/2022, 8:54 AM

https://github.com/pulumi/pulumi-aws/issues/ if you've got a program that repros this raise an issue there with details.

157 Views

Open in Slack

Previous Next