Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
c
clean-controller-92732
10/11/2022, 11:27 PMIs there a way to tell pulumi to update aws tags? It appears that it has identified that there’s a difference in tags, but doesn’t actually do anything about it.
updating stack...
Updating (test22):
pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22 running
aws:iam:User test22 [diff: ~tags]
~ aws:iam:UserPolicy useast-partner-datafeed updating [diff: ~policy]
~ aws:iam:UserPolicy useast-partner-datafeed updated [diff: ~policy]
pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22
Resources:
~ 1 updated
2 unchangedb
billowy-army-68599
10/11/2022, 11:32 PMcan you show me the expanded diff?
c
clean-controller-92732
10/11/2022, 11:33 PMof the tags? or is that a pulumi option to display an expanded diff?
basically i’m just adding an additional tag to the dictionary and updating the stack
oh i think i found what you’re referring to. we’re using an s3 backend, so i don’t have the expanded diff from the webui
l
little-cartoon-10569
10/11/2022, 11:53 PMYou can select "Details" when running from the CLI, or run
pulumi diffc
clever-sunset-76585
10/12/2022, 12:12 AMor runIt'swith the detailed optionpulumi diff
--diffpulumi up --diffpulumi preview --diffc
clean-controller-92732
10/12/2022, 12:43 AMsorry to make it even more complicated, but i’m using the automation api
let me see if there’s an equivalent command to get the diff
l
little-cartoon-10569
10/12/2022, 12:46 AMThe automation-api shouldn't affect things so long as the stack exists in state. You can still run
pulumi preview --diff --stack <stackname>c
clean-controller-92732
10/12/2022, 12:53 AMi think i was able to achieve the same thing using
await stack.PreviewAsync(new PreviewOptions() {Diff = true});Previewing update (test22):
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:test22::AUTOIAM-TAMTOOL::pulumi:pulumi:Stack::AUTOIAM-TAMTOOL-test22]
~ aws:iam/userPolicy:UserPolicy: (update)
[id=test22:thetradedesk-useast-partner-datafeed]
[urn=urn:pulumi:test22::AUTOIAM-TAMTOOL::aws:iam/userPolicy:UserPolicy::thetradedesk-useast-partner-datafeed]
[provider=urn:pulumi:test22::AUTOIAM-TAMTOOL::pulumi:providers:aws::default_5_13_0::288879a8-1da1-4fcb-ac19-7f4d43bc7d7c]
~ policy: (json) {
Id : "AutoIAM"
~ Statement: [
~ [0]: {
Action : "s3:ListBucket"
~ Condition: {
~ StringLike: {
~ s3:prefix: [
[0]: "test22/*"
[1]: "test222/*"
[2]: "test2222/*"
+ [3]: "test22222/*"
]
}
}
Effect : "Allow"
Resource : "arn:aws:s3:::thetradedesk-useast-partner-datafeed"
Sid : "thetradedeskuseastpartnerdatafeed1"
}
~ [1]: {
Action : [
[0]: "s3:GetObject"
[1]: "s3:GetObjectAcl"
]
Effect : "Allow"
~ Resource: [
[0]: "arn:aws:s3:::thetradedesk-useast-partner-datafeed/test22/*"
[1]: "arn:aws:s3:::thetradedesk-useast-partner-datafeed/test222/*"
[2]: "arn:aws:s3:::thetradedesk-useast-partner-datafeed/test2222/*"
+ [3]: "arn:aws:s3:::thetradedesk-useast-partner-datafeed/test22222/*"
]
Sid : "thetradedeskuseastpartnerdatafeed2"
}
[2]: {
Action : [
[0]: "s3:GetBucketLocation"
[1]: "s3:GetBucketACL"
]
Effect : "Allow"
Resource: "arn:aws:s3:::thetradedesk-useast-partner-datafeed"
Sid : "thetradedeskuseastpartnerdatafeed3"
}
]
Version : "2012-10-17"
}
Resources:
~ 1 to update
2 unchangedl
little-cartoon-10569
10/12/2022, 1:47 AMHmm. Odd. How have you updated the tags? Is it by changing defaultTags? Afaik, those updates only happen when resources are also changed for other reasons. But if you've changed tags, then it should work...
c
clean-controller-92732
10/12/2022, 3:17 PMNo. I’m passing a dictionary that has 1 new tag in addition to the old tag.
Ok I think I figured it out. The tag can’t have an empty string as a value or pulumi seems to ignore it. I was adding a tag with POO-111 as the key and “” as the value.
when I put value = “1” it shows up in the diff
Previewing update (test22):
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:test22::AUTOIAM-TAMTOOL::pulumi:pulumi:Stack::AUTOIAM-TAMTOOL-test22]
~ aws:iam/user:User: (update)
[id=test22]
[urn=urn:pulumi:test22::AUTOIAM-TAMTOOL::aws:iam/user:User::test22]
[provider=urn:pulumi:test22::AUTOIAM-TAMTOOL::pulumi:providers:aws::default_5_13_0::288879a8-1da1-4fcb-ac19-7f4d43bc7d7c]
~ tags: {
+ POO-1111: "1"
}pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22 running
~ aws:iam:User test22 updating [diff: ~tags]
~ aws:iam:User test22 updated [diff: ~tags]is this intentional? seems like a bug. aws allows empty values.
The tag key must be a minimum of 1 and a maximum of 128 Unicode characters in UTF-8.
The tag value must be a minimum of 0 and a maximum of 256 Unicode characters in UTF-8.l
little-cartoon-10569
10/12/2022, 7:12 PMDon't know. It may be a map implementation issue, and JS' idea of falsy including the empty string.
When you say you're adding it to a dictionary, do you mean you're using the Map class? Or are you using Record / object (
{[key: string]: string}tags: { 'POO-111': "" }c
clean-controller-92732
10/12/2022, 7:38 PMyes basically map class. I’m using C# dotnet, so it’s the Dictionary class. so basically it went from
{{"SomeOriginalTag", "SomeValue"}}{{"SomeOriginalTag","SomeValue"}, {"POO-111", ""}}I’m able to work around this by assigning a non-empty value, but I feel that pulumi’s behavior should match what AWS says is a valid tag.
Any idea if this is an issue in pulumi? or the pulumi aws provider? I can open an issue on github, but not sure which repo.
l
little-cartoon-10569
10/12/2022, 7:47 PMYes it should. There is a bug: that should work. I don't know how it works under the hood, but if the problem is with falsy values and empty strings (seems unlikely, I don't think "" is falsy in C#?), then you might try using the C# equivalent of
pulumi.output("")I can't find the C# version. This is the TS/JS function I'm referring to: https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/#output
Maybe in C# you can just call
new Output("")c
clean-controller-92732
10/12/2022, 8:30 PMit doesn’t look like I can do that since UserArgs accepts tags as a Dictionary<string,string> as referenced here if you click on C#
https://www.pulumi.com/registry/packages/aws/api-docs/iam/user/#inputs
not sure if there’s any point in doing
Pulumi.Output.Create("").ToString()l
little-cartoon-10569
10/12/2022, 8:42 PMI'm pretty confident that the docs mean Input<string> when they say string. Look in the real API. The docs are simplified for readability.
I'm also pretty confident that Output.ToString() is never the answer.
c
clean-controller-92732
10/12/2022, 9:26 PMit appears that Tags takes an InputMap<string>. A dictionary<string,string> seems to be automatically converted.
I created an InputMap<string> object and passed that instead, but results are the same maybe because it’s still using string. I’m not really seeing a way to pass in Input<string> or Output<string>.
l
little-cartoon-10569
10/12/2022, 9:59 PMHave you tried
Pulumi.Output.Create("")c
clean-controller-92732
10/12/2022, 11:22 PMI did but inputmap<string> won’t take an output object
l
little-cartoon-10569
10/12/2022, 11:23 PMI don't know about the C# implementation. In Typescript, Outputs are Inputs; is that the same in C#? Or do you have to wrap an output to make it into an input?
c
clean-controller-92732
10/12/2022, 11:26 PMI think the string is the input. The InputMap<string> takes strings, not Inputs. I could be misunderstanding how this works though.
l
little-cartoon-10569
10/12/2022, 11:27 PMIt should take Input<string>, which (in Typescript) is a union of string and Output<string>. Everything in Pulumi that takes a string can also take an Output<string>.
c
clean-controller-92732
10/12/2022, 11:41 PMOk, so I created an InputMap<string> object and saw that .Add() takes a string and an Input<string>. I was able to do an Output.Create(“”) and pass that in for an Input<string> like you said. I then passed this object instead of the dictionary. The end result is the same. Tag difference identified and no action.
var inputmap = new InputMap<string>();
inputmap.Add("AutoIAMCreated", "true");
inputmap.Add("test",Output.Create(""));updating stack...
Updating (test22):
pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22 running
aws:iam:User test22 [diff: ~tags]
aws:iam:UserPolicy thetradedesk-useast-partner-datafeed
pulumi:pulumi:Stack AUTOIAM-TAMTOOL-test22
Resources:
3 unchangedl
little-cartoon-10569
10/12/2022, 11:57 PM😞
Could it be related to this? https://github.com/pulumi/pulumi/issues/10469
Comment in that issue says:
IN general I have a suspicion that Pulumi data model that's communicated between the user program and Pulumi Engine, providers, etc, does not support map entries with null values (considers them to be equivalent to omitting the key from the map)
c
clean-controller-92732
10/13/2022, 12:06 AMyeah that looks pretty similar. their dictionary is <string,object> but mine was <string,string>. InputMap is a Pulumi class.
l
little-cartoon-10569
10/13/2022, 12:07 AMVote for the issue then, add some notes / MCVE, and watch it 🙂
c
clean-controller-92732
10/13/2022, 12:08 AMset a slack reminder for tomorrow morning. heading home. glad it wasn’t just me.