This message was deleted.
# awss
sparse-intern-71089
01/13/2021, 2:38 PMThis message was deleted.
a
acceptable-jackal-53536
01/13/2021, 3:46 PMi think pulumi is using the terraform aws provider underneath
acceptable-jackal-53536
01/13/2021, 3:46 PMwhat i've seen with terraform/aws is that with specific resources it can change the representation when it gets saved
acceptable-jackal-53536
01/13/2021, 3:47 PMin my case it was with ipv6 addresses
acceptable-jackal-53536
01/13/2021, 3:47 PMin my script it was
2400:cb00::/322400:cb00:0000:0000:0000:0000:0000:0000/32acceptable-jackal-53536
01/13/2021, 3:48 PMso when it compared the addresses, it saw it as different and an update would always run
acceptable-jackal-53536
01/13/2021, 3:48 PMsolution was to take the format as it appeared in aws and update my script to be the same
b
best-lifeguard-91445
01/13/2021, 6:35 PMhm. thank you for the insight. However, I'm not sure what is expected, because it's converting from [secret] => [secret]
l
little-cartoon-10569
01/13/2021, 7:01 PMTry
pulumi stack export --file mine.json ; pulumi refresh ; pulumi stack export --file theirs.jsonb
best-lifeguard-91445
01/13/2021, 8:08 PMk, will do, give me 2 mins
best-lifeguard-91445
01/14/2021, 3:57 AM@little-cartoon-10569 - sorry for the delayed response. There are thousands of differences.
The outputs.secretBinary.cipherText and outputs.secretString.cipherText for
aws:ecs/taskDefinition:TaskDefinitionaws:iam/role:Rolel
little-cartoon-10569
01/14/2021, 3:57 AMSome of those might have to be copied as per @acceptable-jackal-53536’s suggestion.. hard to tell which ones..
b
best-lifeguard-91445
01/14/2021, 3:58 AMTheirs
Copy code
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"<http://sqs.amazonaws.com|sqs.amazonaws.com>\",\"<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>\",\"<http://ec2.amazonaws.com|ec2.amazonaws.com>\",\"<http://sns.amazonaws.com|sns.amazonaws.com>\"]},\"Action\":\"sts:AssumeRole\"}]}", Copy code
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"<http://sns.amazonaws.com|sns.amazonaws.com>\",\"<http://ec2.amazonaws.com|ec2.amazonaws.com>\",\"<http://sqs.amazonaws.com|sqs.amazonaws.com>\",\"<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>\"]},\"Action\":\"sts:AssumeRole\"}]}",l
little-cartoon-10569
01/14/2021, 3:58 AMYep, I want through that exercise in a few policies. Took a few hours, but it's been solid ever since.
b
best-lifeguard-91445
01/14/2021, 3:59 AMokay cool. what about the secrets tho? it's encoded. I have no idea what it should be
l
little-cartoon-10569
01/14/2021, 4:00 AMGenerally you can ignore those, they won't be the problem. It'll be list-like things (orders change) or encoded JSON docs.
b
best-lifeguard-91445
01/14/2021, 4:00 AMokay cool
best-lifeguard-91445
01/14/2021, 4:01 AMThank you very much
👍 1
l
little-cartoon-10569
01/14/2021, 4:01 AMPulumi does quite well at detecting non-identical similarities. Just needs occasional help.
3 Views