https://pulumi.com logo
#python
Title
# python
c

chilly-hairdresser-56259

05/13/2020, 8:01 PM
Copy code
Hello, I am building out a/n AWS VPC with Pulumi and am seeing a strange issue with how pulumi "thinks" Network Acl Rules need to be replaced, specifically it states that the change is in the Rule action, however the Rule Actions are statically assigned. An example would be the following. 

acl_rules = [
    {
        "resource_name": "privateInboundDynamic",
        "egress": "True",
        "from_port": "1024",
        "to_port":"65535",
        "protocol": "6",
        "cidr_block": "0.0.0.0/0",
        "rule_number": "10",
        "network_acl_id": privateACL.id,
        "rule_action": "Allow"
    },
    {
        "resource_name": "privateOutboundUdpDns",
        "egress": "True",
        "from_port": "53",
        "to_port":"53",
        "protocol": "17",
        "cidr_block": "0.0.0.0/0",
        "network_acl_id": privateACL.id,
        "rule_number": "20",
        "rule_action": "Allow"
    }
]

for x in range(0, len(acl_rules)):  
    print("[INFO] DEBUG -> %s" % str(acl_rules[x]))
    aws.ec2.NetworkAclRule(
        resource_name=acl_rules[x]['resource_name'], 
        cidr_block=acl_rules[x]['cidr_block'], 
        egress=acl_rules[x]['egress'], 
        from_port=acl_rules[x]['from_port'], 
        network_acl_id=acl_rules[x]['network_acl_id'], 
        protocol=acl_rules[x]['protocol'], 
        rule_action=acl_rules[x]['rule_action'], 
        rule_number=acl_rules[x]['rule_number'], 
        to_port=acl_rules[x]['to_port']
    )

Review Of changes with plum preview:
+-  ├─ aws:ec2:NetworkAclRule  publicOutboundDynamic     replace     [diff: ~ruleAction]
g

gentle-diamond-70147

05/13/2020, 8:03 PM
Can you provide the output of
preview --diff
?
c

chilly-hairdresser-56259

05/13/2020, 8:06 PM
Wonder if its a bug, weird
Copy code
+-aws:ec2/networkAclRule:NetworkAclRule: (replace)
        [id=nacl-2910404550]
        [urn=urn:pulumi:test::vpc::aws:ec2/networkAclRule:NetworkAclRule::publicInboundhynamic]
        [provider=urn:pulumi:test::vpc::pulumi:providers:aws::default_2_4_0::ba753d41-a0a7-4bca-928c-6fb400dd76b7]
      ~ ruleAction: "allow" => "Allow"
    +-aws:ec2/networkAclRule:NetworkAclRule: (replace)
        [id=nacl-2833746520]
        [urn=urn:pulumi:test::vpc::aws:ec2/networkAclRule:NetworkAclRule::public_self_egress0]
        [provider=urn:pulumi:test::vpc::pulumi:providers:aws::default_2_4_0::ba753d41-a0a7-4bca-928c-6fb400dd76b7]
      ~ ruleAction: "allow" => "Allow"
Stating changing lowercase allow to Uppercase Allow
g

gentle-diamond-70147

05/13/2020, 8:13 PM
If you change your code to all lowercase
"allow"
, does the diff go away?
👍 1
c

chilly-hairdresser-56259

05/13/2020, 8:14 PM
@gentle-diamond-70147 that worked.
Ah specifically in the docs it states lowercase "allow", rather than "Allow"
I am trying to think of a clean way to add NetworkAclRules, however really haven't thought of a better solution yet. Currently the solution takes in a variable of List(Dict[]), then calculates the length and iterators over it. Within the List(Dict[]) I have defined all the various parameters required.