https://pulumi.com logo
Title
b

boundless-angle-56560

05/03/2021, 3:05 PM
hmmm, is the following (in screenshot) a pulumi bug?
I've updated some input data of my EC2 instance and pulumi needs to replace it, but it fails with this error
I mean, Pulumi should have some "intelligence" to know that it has to detach instance from the interface before deleting and provisioning the repalcement, right ?
and this is how I do it:
c

cool-egg-852

05/03/2021, 3:17 PM
I don’t work for pulumi, but I would agree, this should be part of the pulumi provider. I would open an issue for this on GitHub. There are a lot of these types of issues that I think pulumi should solve on the behalf of the user.
b

boundless-angle-56560

05/03/2021, 3:24 PM
hmm this must be the most basic operation with the most basic resource (aws ec2), hard to believe that it is some kind of a new bug
b

bored-oyster-3147

05/03/2021, 3:31 PM
you might want the
deleteBeforeReplace
option?
pulumi defaults to "replace before delete" to be safe and you have to tell it otherwise
c

cool-egg-852

05/03/2021, 3:32 PM
The point is this shouldn’t be necessary to specify.
b

bored-oyster-3147

05/03/2021, 3:36 PM
I think that's arguable - pulumi knows how to create a resource. And it knows how to delete a resource. And if a specific update requires a recreate - it defaults to creating the new resource before deleting the old resource in order to protect your infrastructure in the event that the new resource creation fails. This only becomes an issue in scenarios where only 1 instance of the resource may exist - such as here, or an SSL cert, or a DNS record, etc.. Now pulumi could make the provider aware of those kinds of resources, and I think there is a valid argument for that, but would that make pulumi less explicit and add risk of accidental deletion? There is cost to be weighed there
1
c

cool-egg-852

05/03/2021, 3:37 PM
It’s not that pulumi should act upon everything without verification, but that code should not need to be changed temporarily in order to work with these types of scenarios.
Instead, pulumi should add interactivity to handle it.
b

bored-oyster-3147

05/03/2021, 3:38 PM
ah -
deleteBeforeReplace
would not be a temporary change. You would always leave it
true
on those resources
c

cool-egg-852

05/03/2021, 3:38 PM
For example:
Pulumi has detected that the interface $x is currently attached to an instance $y that is scheduled for replacement. Do you wish to detach the interface in order to replace the instance?
And I don’t like leaving
deleteBeforeReplace
there as it can cause other problems.
b

billowy-army-68599

05/03/2021, 3:39 PM
this is an artefact of the upstream EC2 API, it's expected behaviour. it's called out in the upstream provider but we don't parse that into our docs https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#network-interfaces you have to use this resource to attach the interface instead: https://www.pulumi.com/docs/reference/pkg/aws/ec2/instance/#instancenetworkinterface We are limited in what we can do with upstream providers, which is why we're building native providers. The AWS provider is in the works right now
🍺 1
👀 1
🙌 1
c

cool-egg-852

05/03/2021, 3:39 PM
Maybe in this particular case it makes sense (or doesn’t), but there are other scenarios where this is been an issue (requiring
deleteBeforeReplace
)
@billowy-army-68599 So with all the new native providers, these types of issues will be fixed? Both in GCP, AWS, etc.?
b

billowy-army-68599

05/03/2021, 3:42 PM
not all of them will be fixed from the get go, but they will be fixable. Again, many of these issues are because the upstream API is immutable in some way. there's such a large surface area, but we'll be able to work around the corner cases like this and provide better error messages
c

cool-egg-852

05/03/2021, 3:42 PM
Of course, nothing will be perfect from the get go. That’s good to hear.
b

billowy-army-68599

05/03/2021, 3:43 PM
@boundless-angle-56560 let me know if my explanation makes sense, if you need some code I can provide an example
b

boundless-angle-56560

05/03/2021, 4:19 PM
@billowy-army-68599 understood, I will use that parameter. If that's of any value, my opinion is that creating a second resource before deleting old one sounds pretty tricky when it comes to semantics. I think it cannot work as expected in many scenarios as resource often holds something that is exclusive (whether it is a static IP or a network interface like in my case) and one would need an advanced logic to resolve whole situation.
does anybody know how terraform would act in my situation ? Perhaps it would be a worth try
b

bored-oyster-3147

05/03/2021, 4:43 PM
@boundless-angle-56560 disregard what I said about deleteBeforeReplace in this specific EC2 scenario and checkout the links @billowy-army-68599 provided, one of which was a terraform link
b

boundless-angle-56560

05/03/2021, 4:46 PM
aha, sorry I didn't scan through all responses 😳
I'll try that interface thanks
@billowy-army-68599 if you mean the InstanceNetworkInterface, I am using it in my code (InstanceNetworkInterfaceArgs in Python) see my screenshot at the begining of this thread
ah, I guess I should use aws.ec2.NetworkInterfaceAttachmentArgs
@billowy-army-68599 chmm it seems that this interface can only be used to attach secondary interfaces, not the primary one