https://pulumi.com logo
Join Slack
Powered by
hrm somehow i got to a state where an aws policy w...
# general
i
hrm somehow i got to a state where an aws policy was created, attempted to update/rename it via the Name property and it was deleted (presumably has be delete-then-create).. and now i have no policy (lab account so nothing else in this account at the current time) however pulumi still thinks it should exist
g
Can you elaborate on this? What were the specific steps you did and what error or output you're getting?
i
I had a 
iam.NewPolicy(name…
defined; it logged as successfully created, etc - i later had an update to change the 
Name
property of it, but the update failed..
Copy code
aws:iam:Policy (cyberdyneDataWriter):
    error: deleting urn:pulumi:dev::data-archive::aws:iam/policy:Policy::cyberdyneDataWriter: Error listing versions for IAM policy arn:aws:iam::123404803574:policy/cyberdyneDataWriter: NoSuchEntity: Policy arn:aws:iam::123404803574:policy/cyberdyneDataWriter does not exist or is not attachable
i’ll see if I can reproduce it
Ok i reproduced it .. consider this:
Copy code
package main

import (
        "log"

        "<http://github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam|github.com/pulumi/pulumi-aws/sdk/v2/go/aws/iam>"
        "<http://github.com/pulumi/pulumi/sdk/v2/go/pulumi|github.com/pulumi/pulumi/sdk/v2/go/pulumi>"
)

func main() {
        pulumi.Run(func(ctx *pulumi.Context) error {
                policy, err := iam.NewPolicy(ctx, "pulumiTestPolicy", &iam.PolicyArgs{
                        Name: pulumi.String("pulumiTestPolicy"),
                        Policy: pulumi.String(`{
                                "Version": "2012-10-17",
                                "Statement": [
                                        {
                                                "Sid": "ListAll",
                                                "Effect": "Allow",
                                                 "Action": [
                                                        "s3:ListAllMyBuckets"
                                                ],
                                                "Resource": "*"
                                        }
                                ]
                        }`),
                })
                if err != nil {
                        log.Fatal(err)
                }

                // Export the name of the bucket
                ctx.Export("policyARN", policy.Arn)
                return nil
        })
}
if i just change the 
Name
and run 
pulumi up
, all is good and the old policy is deleted and a new one with the new name is created as expected
If i change the 
Name
and introduce an error at the same time such as a typo in the policy itself, it will delete the old policy and fail to create the new one - but Pulumi still tracks that the old policy exists and so even fixing the policy JSON fails as it can no-longer delete the policy it believes still exists
@gentle-diamond-70147 does this seem like a bug? was surprised to find myself in a state where the resource disappeared altogether without warning (especially as the Pulumi state machine is unaware of it)
g
Yes, if Pulumi is losing track of the resource's status, that sounds like a bug. Can you open an issue with your code and steps to reproduce at https://github.com/pulumi/pulumi ?
i
Open in Slack
PreviousNext
Powered by