Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
e
enough-garden-22763
02/28/2023, 4:14 PMDoes anyone have a good repro for https://github.com/pulumi/pulumi-terraform-bridge/issues/812 ? I'd love to have that fixed but can't seem to reproduce.
n
narrow-match-14013
03/01/2023, 6:33 PMStrangely enough I was also not able to reproduce it in a separate repo. I'll keep digging and get back to you today.
e
enough-garden-22763
03/01/2023, 6:33 PMAh thanks a ton Rob!
n
narrow-match-14013
03/10/2023, 2:53 PMHey Anton, strangely was not able to isolate this in a minimal repo. It seems to work fine unless I'm trying to use it for real problems haha.
was wondering if you have any hints on how to debug it myself, or just any way i can get you more information about it.
So it must be some environmental/contextual issue and i'm missing some piece of that in my attempts to reproduce
e
enough-garden-22763
03/10/2023, 2:54 PMSo you're getting "objectEncoder failed"?
n
narrow-match-14013
03/10/2023, 2:55 PMyes
checkmate:index:HttpHealth (tierone-check-http):
error: objectEncoder failed on property "url": Expected a string, got: {&{{<http://tier1-obstester-ap10w8ez.staging.azure.tetrate.com>}}}but then when i run it elsewhere it was working haha
e
enough-garden-22763
03/10/2023, 2:57 PMThe error itself is coming from the provider, definitely. One thing to try is to run
PULUMI_DEBUG_GRPC=$PWD/trace.json pulumi upn
narrow-match-14013
03/10/2023, 2:58 PMok i'll try that out
from the provider? or from the bridge? or i guess could be either?
e
enough-garden-22763
03/10/2023, 2:59 PMPULUMI_DEBUG_GRPC just looks at the inter-process comm. At that level there's just 3 procs: pulumi program, pulumi CLI, and pulumi provider. The provider uses the bridge as a lib in-proc.
With luck I can maybe take that request and mock up a provider and turn this into a test.
n
narrow-match-14013
03/10/2023, 3:00 PMwhats extra weird is if we take the resulting string (either what you see in the log output there, or do a apply(console.log)) and put it in literally, it works!
e
enough-garden-22763
03/10/2023, 3:00 PMYeah well I kind of suspect something is off wrt the on-the-wire encoding of Outputs but I can't seem to pin it down yet.
n
narrow-match-14013
03/10/2023, 3:02 PMi guess i dont know exactly how this works but its confusing to me that this would matter. if pulumi can successfully compose these outputs for OTHER providers why would it be different for this provider?
i guess thats what we're hoping to find out...
e
enough-garden-22763
03/10/2023, 3:02 PMWell hopefully I will be able to answer this once we fix it 🙂
Also please make sure youre' on the latest
n
narrow-match-14013
03/10/2023, 3:03 PMok i generated the trace.json. will upload in a sec just making sure nothing sensitive is in there
i'm on pf/v0.4.0
e
enough-garden-22763
03/10/2023, 3:03 PMYeah you can filter it to the call that's got the url
These gRPC traces are not sanitized yet for PW so good to filter
n
narrow-match-14013
03/10/2023, 3:07 PMtrace.checkmate.json
let me know if you need more context
i'm also going to run it with the url hardcoded and see whats different
e
enough-garden-22763
03/10/2023, 3:08 PMYeah looks like this is the call that dies
{
"method": "/pulumirpc.ResourceProvider/Create",
"request": {
"urn": "urn:pulumi:azure.161rc2-1-24::hosted-test::checkmate:index/httpHealth:HttpHealth::tierone-check-http",
"properties": {
"consecutiveSuccesses": 10,
"interval": 2000,
"timeout": 900000,
"url": {
"4dabf18193072939515e22adb298388d": "1b47061264138c4ac30d75fd1eb44270",
"value": "<http://tier1-obstester-ap10w8ez.staging.azure.tetrate.com>"
}
}
},
"response": {},
"metadata": {
"kind": "resource",
"mode": "client",
"name": "checkmate"
}
}It used to print errors here in "response" but something got borked (side note). So this is great this is the encoding of the URL
Can you show me the subset of the httpHealth:HttpHealth resource schema definition, how does it define the URL attribute
n
narrow-match-14013
03/10/2023, 3:10 PMsure one sec
e
enough-garden-22763
03/10/2023, 3:11 PMhttps://github.com/pulumi/pulumi/blob/a69ad7bc961b6e8656f8ffafaf1f2dadb4965165/sdk/go/common/resource/properties.go#L628-#L628 and is specialsigkey and 1b47061264138c4ac30d75fd1eb44270 is "SecretSig" so this is essentially marked secret
n
narrow-match-14013
03/10/2023, 3:12 PMUntitled.go
e
enough-garden-22763
03/10/2023, 3:12 PMSo looks like the data is sent with the secret marker but the serializer doesn't expect a secret so it fails! This gives me a pretty solid clue. I could make it tolerate secrets on the wire. But also good to understand why the value is marked secret.
n
narrow-match-14013
03/10/2023, 3:12 PMoh interesting
wonder how that happened
i dont think it should be a secret in our code?? let me look closer
e
enough-garden-22763
03/10/2023, 3:13 PMSo OK the schema doesn't mandate it to be secret
Do you have ProviderInfo that sets SchemaInfo to make it secret? Guessting not
One possibility is that it can be marked secret if the Output value is in some "apply" chain where antecedent is secret.
Anyway, thanks so much! I think I should be able to repro and chase this down now! This is great.
n
narrow-match-14013
03/10/2023, 3:15 PMi dont see anywhere that it should be secret but i think this is the right track anyway
glad you saw a path so quickly !
let me know if you need any more info of course
e
enough-garden-22763
03/10/2023, 3:20 PMReproduced
import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";
export const pw = new random.RandomPassword("pw1", {length: 8})
export const pet = new random.RandomPet("pet", {separator: pw.result});This is the minimal repro. Brilliant. Will chase it down from here.
n
narrow-match-14013
03/10/2023, 3:20 PMamazing
as extra confirmation,
pulumi.unsecrete
enough-garden-22763
03/10/2023, 5:12 PMn
narrow-match-14013
03/10/2023, 5:34 PMnice! fast!