https://pulumi.com logo
Join Slack
Powered by
`pulumi preview` keeps showing changes to the stac...
# aws
b
pulumi preview
keeps showing changes to the stack, when none are made: Looks like the container definition / task definitions are showing changes due to ouputs being mapped to the environments: [] array, or secrets: [] array. Any ideas on how to solve this?
Copy code
+-aws:ecs/taskDefinition:TaskDefinition: (replace)
            [id=use1-dev-registrar-api]
            [urn=urn:pulumi:dev::aws::awsx:x:ecs:EC2TaskDefinition$aws:ecs/taskDefinition:TaskDefinition::use1-dev-registrar-api]
            [provider=urn:pulumi:dev::aws::pulumi:providers:aws::default_3_21_0::10e8b33b-1a70-4ffc-bb0e-8c586673f58f]
          ~ containerDefinitions: "[secret]" => "[secret]"
            > aws:autoscaling/group:Group: (read)
                [id=ecs-use1-dev-edge-services-df916d8-Instances-OEURTU97PJME]
                [urn=urn:pulumi:dev::aws::awsx:x:ecs:Cluster$awsx:x:autoscaling:AutoScalingGroup$aws:autoscaling/group:Group::ecs-use1-dev-edge-services]
                [provider=urn:pulumi:dev::aws::pulumi:providers:aws::default_3_21_0::10e8b33b-1a70-4ffc-bb0e-8c586673f58f]
        ~ aws:ecs/service:Service: (update)
            [id=arn:aws:ecs:us-east-1:REDACTED:service/ecs-use1-dev-edge-services-cluster-7f77f63/use1-dev-registrar-api-ff48eab]
            [urn=urn:pulumi:dev::aws::awsx:x:ecs:EC2Service$aws:ecs/service:Service::use1-dev-registrar-api]
            [provider=urn:pulumi:dev::aws::pulumi:providers:aws::default_3_21_0::10e8b33b-1a70-4ffc-bb0e-8c586673f58f]
          ~ taskDefinition: "arn:aws:ecs:us-east-1:REDACTED:task-definition/use1-dev-registrar-api:569" => output<string>
a
i think pulumi is using the terraform aws provider underneath
what i've seen with terraform/aws is that with specific resources it can change the representation when it gets saved
in my case it was with ipv6 addresses
in my script it was 
2400:cb00::/32
which got converted to 
2400:cb00:0000:0000:0000:0000:0000:0000/32
so when it compared the addresses, it saw it as different and an update would always run
solution was to take the format as it appeared in aws and update my script to be the same
b
hm. thank you for the insight. However, I'm not sure what is expected, because it's converting from [secret] => [secret]
l
Try 
pulumi stack export --file mine.json ; pulumi refresh ; pulumi stack export --file theirs.json
and compare.
b
k, will do, give me 2 mins
@little-cartoon-10569 - sorry for the delayed response. There are thousands of differences. The outputs.secretBinary.cipherText and outputs.secretString.cipherText for 
aws:ecs/taskDefinition:TaskDefinition
are showing differences. and assumeRolePolicy for 
aws:iam/role:Role
l
Some of those might have to be copied as per @acceptable-jackal-53536’s suggestion.. hard to tell which ones..
b
Theirs
Copy code
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"<http://sqs.amazonaws.com|sqs.amazonaws.com>\",\"<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>\",\"<http://ec2.amazonaws.com|ec2.amazonaws.com>\",\"<http://sns.amazonaws.com|sns.amazonaws.com>\"]},\"Action\":\"sts:AssumeRole\"}]}",
Mine:
Copy code
"assumeRolePolicy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"Service\":[\"<http://sns.amazonaws.com|sns.amazonaws.com>\",\"<http://ec2.amazonaws.com|ec2.amazonaws.com>\",\"<http://sqs.amazonaws.com|sqs.amazonaws.com>\",\"<http://ecs-tasks.amazonaws.com|ecs-tasks.amazonaws.com>\"]},\"Action\":\"sts:AssumeRole\"}]}",
l
Yep, I want through that exercise in a few policies. Took a few hours, but it's been solid ever since.
b
okay cool. what about the secrets tho? it's encoded. I have no idea what it should be
l
Generally you can ignore those, they won't be the problem. It'll be list-like things (orders change) or encoded JSON docs.
b
okay cool
l
Pulumi does quite well at detecting non-identical similarities. Just needs occasional help.
b
Thank you very much
👍 1
2 Views
Open in Slack
PreviousNext
Powered by