sparse-intern-71089
06/30/2021, 1:44 PMgorgeous-country-43026
06/30/2021, 1:45 PMgorgeous-country-43026
06/30/2021, 1:45 PMpulumi refresh
doesn't seem to helpbillowy-army-68599
gorgeous-country-43026
06/30/2021, 1:49 PMgorgeous-country-43026
06/30/2021, 1:49 PMbillowy-army-68599
billowy-army-68599
gorgeous-country-43026
06/30/2021, 1:50 PMrandom.RandomUuid
in a typescript namespace where it is being referred in one of the namespaces relatedgorgeous-country-43026
06/30/2021, 1:51 PMgorgeous-country-43026
06/30/2021, 1:51 PMgorgeous-country-43026
06/30/2021, 1:52 PMgorgeous-country-43026
06/30/2021, 1:53 PMgorgeous-country-43026
06/30/2021, 1:53 PMk8s-provider
to default_3_1_2
whatever that isbillowy-army-68599
gorgeous-country-43026
06/30/2021, 1:54 PM{ providers: myK8sProvider }
somewheregorgeous-country-43026
06/30/2021, 1:54 PMgorgeous-country-43026
06/30/2021, 1:55 PMk8sProvider
which would match, although in kebab-casegorgeous-country-43026
06/30/2021, 1:55 PMgorgeous-country-43026
06/30/2021, 1:57 PMgorgeous-country-43026
06/30/2021, 1:59 PMgorgeous-country-43026
06/30/2021, 1:59 PMgorgeous-country-43026
06/30/2021, 1:59 PMbillowy-army-68599
billowy-army-68599
gorgeous-country-43026
06/30/2021, 2:01 PMgorgeous-country-43026
06/30/2021, 2:01 PMgorgeous-country-43026
06/30/2021, 2:01 PMgorgeous-country-43026
06/30/2021, 2:02 PMgorgeous-country-43026
06/30/2021, 2:02 PMgorgeous-country-43026
06/30/2021, 2:02 PMgorgeous-country-43026
06/30/2021, 2:03 PMbillowy-army-68599
gorgeous-country-43026
06/30/2021, 2:05 PMgorgeous-country-43026
06/30/2021, 2:05 PMgorgeous-country-43026
06/30/2021, 2:05 PMgorgeous-country-43026
06/30/2021, 2:06 PMgorgeous-country-43026
06/30/2021, 2:10 PMgorgeous-country-43026
06/30/2021, 2:10 PMgorgeous-country-43026
06/30/2021, 2:11 PMgorgeous-country-43026
06/30/2021, 2:34 PMgorgeous-country-43026
06/30/2021, 2:47 PMgorgeous-country-43026
06/30/2021, 2:47 PMconst grafanaIni = oauth.grafanaClientSecret.result.apply(secret => {
return `
[azure]
managed_identity_enabled = true
[security]
disable_gravatar = true
[auth]
oauth_auto_login = true
disable_login_form = true
signout_redirect_url = https://${GRAFANA_DOMAIN}
[auth.generic_oauth]
name = Keycloak
enabled = true
allow_sign_up = false
client_id = grafana
client_secret = ${secret}
scopes = user:email
empty_scopes = false
email_attribute_name = email:primary
`
});
gorgeous-country-43026
06/30/2021, 2:47 PMconst grafanaIni = "";
all the provider changes go awaygorgeous-country-43026
06/30/2021, 2:48 PMoauth.grafanaClientSecret
is new random.RandomUuid("grafana-client-secret");
billowy-army-68599
gorgeous-country-43026
06/30/2021, 2:49 PMgorgeous-country-43026
06/30/2021, 2:49 PMgorgeous-country-43026
06/30/2021, 2:51 PMgorgeous-country-43026
06/30/2021, 2:51 PMgorgeous-country-43026
06/30/2021, 2:51 PMgorgeous-country-43026
07/01/2021, 7:16 AMk8s.Provider
that the code was referring to was still null
. This lead the opts object to be effectively { provider: null }
which Pulumi considers to be "you have not set this, I'll just use the ~/.kube/config
value". Which in this case pointed to that exact same Kubernetes cluster since I was actively operating with it. This caused Pulumi to create the default Provider which had a different name, thus the default_3_2_1
we saw in the state.
The one thing that I can think of that would save from this issue would be a configuration parameter somewhere which would enforce the user to always to set the provider and if he fails to do this then it would be an error. The more I think of this then the less it makes sense that it is even legal to not provide the provider since that makes the code non-idempotent. End result can be very different based on external configurations not controlled by Pulumi in any way. To me it would make sense Pulumi would always require an explicit provider and one would have to set that up first.
I know this change would be backwards incompatible but it just might be worth it via deprecation warning. You may disagree and that's fine, but I think this kind of situation where one can corrupt the remote state just by placing one innocent import into wrong place is not exactly great.billowy-army-68599
gorgeous-country-43026
07/01/2021, 9:25 AMgorgeous-country-43026
07/01/2021, 9:26 AMgorgeous-country-43026
07/01/2021, 9:26 AMgorgeous-country-43026
07/01/2021, 9:27 AMgorgeous-country-43026
07/01/2021, 9:28 AMgorgeous-country-43026
07/01/2021, 9:28 AMgorgeous-country-43026
07/01/2021, 9:28 AMbillowy-army-68599
gorgeous-country-43026
07/01/2021, 9:34 AMgorgeous-country-43026
07/01/2021, 10:01 AM