https://pulumi.com logo
Title
r

rhythmic-fireman-45324

02/01/2021, 5:10 AM
I noticed that the passwordPolicy of cognito is recognized as changed everytime I update the stack, while actually it is not. Is this a design on purpose? or bug?
l

little-cartoon-10569

02/01/2021, 8:19 AM
Are you setting the policy inside an
apply
?
apply
isn't deterministic so pulumi preview can't tell what the value will be; it may be reporting a potential change to be on the safe side.
You could either change the code to allow Pulumi to figure out the value during preview, or you could add an ignoreChanges opt.
r

rhythmic-fireman-45324

02/01/2021, 9:21 AM
Thanks but I think no? I am simply use
new aws.cognito.UserPool()
to declare the resource.
l

little-cartoon-10569

02/01/2021, 8:06 PM
And that's not inside a call to
apply()
? In that case I don't know. You could set the actual value in the args so that it's not relying on the default.
const userPool = new aws.cognito.UserPool("guests", {
  passwordPolicy: {
    minimumLength: 20,
    requireLowercase: false,
    requireNumbers: false,
    requireSymbols: false,
    requireUppsercase: false,
    temporaryPasswordValidity: -1
  }
});
r

rhythmic-fireman-45324

02/02/2021, 4:02 PM
No it’s not. And yeah it’s all explicit declared…that’s odd.
export const userPool = new aws.cognito.UserPool(
  resourceName(stack, "user-pool", "cognito"),
  {
    ...
    passwordPolicy: {
      minimumLength: 8,
      requireLowercase: true,
      requireNumbers: true,
      requireSymbols: true,
      requireUppercase: true,
    },
    ...
  }
);
I can see this line in every updates…
l

little-cartoon-10569

02/02/2021, 8:14 PM
Have a look at the detailed difference, maybe there's more info there.