Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BucketV2 to Bucket aliasing is no longer working #4471

Open
t0yv0 opened this issue Sep 18, 2024 · 0 comments
Open

BucketV2 to Bucket aliasing is no longer working #4471

t0yv0 opened this issue Sep 18, 2024 · 0 comments
Labels
kind/bug Some behavior is incorrect or out of spec

Comments

@t0yv0
Copy link
Member

t0yv0 commented Sep 18, 2024

Describe what happened

BucketV2 is aliased to Bucket but is not able to seamlessly read its state.

References: #4470

Sample program

Starting from this program:

name: y1
runtime: yaml
resources:
  my-bucket:
    type: aws:s3:Bucket
    properties:
      bucket: "my-bucket-26224917"

      serverSideEncryptionConfiguration:
        rule:
          applyServerSideEncryptionByDefault:
            sseAlgorithm: "AES256"
      lifecycleRules:
         - enabled: true
           expiration:
             days: 30
      policy:
        fn::toJSON:
          Version: "2012-10-17"
          Id: "PutObjPolicy"
          Statement:
            - Sid: "DenyObjectsThatAreNotSSEKMS"
              Principal: "*"
              Effect: "Deny"
              Action: "s3:PutObject"
              Resource: "arn:aws:s3:::my-bucket-26224917/*"
              Condition:
                "Null":
                  "s3:x-amz-server-side-encryption-aws-kms-key-id": "true"
      tags:
        Environment: "Dev"
      objectLockConfiguration:
        objectLockEnabled: "Enabled"
      versioning:
        enabled: true

And going to this program:

name: y1
runtime: yaml
resources:
  my-bucket:
    type: aws:s3:BucketV2
    properties:
      bucket: "my-bucket-26224919"
      serverSideEncryptionConfigurations:
        - rules:
          - applyServerSideEncryptionByDefaults:
              - sseAlgorithm: "AES256"
      lifecycleRules:
         - enabled: true
           expirations:
             - days: 30
      policy:
        fn::toJSON:
          Version: "2012-10-17"
          Id: "PutObjPolicy"
          Statement:
            - Sid: "DenyObjectsThatAreNotSSEKMS"
              Principal: "*"
              Effect: "Deny"
              Action: "s3:PutObject"
              Resource: "arn:aws:s3:::my-bucket-26224919/*"
              Condition:
                "Null":
                  "s3:x-amz-server-side-encryption-aws-kms-key-id": "true"
      tags:
        Environment: "Dev"
      objectLockEnabled: true
      versionings:
        - enabled: true

The alias kicks in and sends the Bucket state to the BucketV2 resource to process. However due to the accumulated schema drift, the reading of the Bucket state no longer works. Instead it generates this error:

    warning: urn:pulumi:t2::y1::aws:s3/bucketV2:BucketV2::my-bucket verification warning: Use the aws_s3_bucket_policy resource instead
    warning: urn:pulumi:t2::y1::aws:s3/bucketV2:BucketV2::my-bucket verification warning: Use the aws_s3_bucket_server_side_encryption_configuration resource instead
    warning: urn:pulumi:t2::y1::aws:s3/bucketV2:BucketV2::my-bucket verification warning: Use the aws_s3_bucket_versioning resource instead
    error: diffing urn:pulumi:t2::y1::aws:s3/bucketV2:BucketV2::my-bucket: 1 error occurred:
        * [server_side_encryption_configuration] missing expected [

Log output

See above.

Affected Resource(s)

Bucket
BucketV2

Output of pulumi about

CLI          
Version      3.130.0
Go Version   go1.22.6
Go Compiler  gc

Plugins
KIND      NAME  VERSION
resource  aws   unknown
language  yaml  unknown

Host     
OS       darwin
Version  14.6.1
Arch     arm64

This project is written in yaml

Current Stack: anton-pulumi-corp/y1/t2

TYPE                  URN
pulumi:pulumi:Stack   urn:pulumi:t2::y1::pulumi:pulumi:Stack::y1-t2
pulumi:providers:aws  urn:pulumi:t2::y1::pulumi:providers:aws::default
aws:s3/bucket:Bucket  urn:pulumi:t2::y1::aws:s3/bucket:Bucket::my-bucket


Found no pending operations associated with t2

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/anton-pulumi-corp
User           anton-pulumi-corp
Organizations  anton-pulumi-corp, moolumi, demo, pulumi
Token type     personal

No dependencies found

Pulumi locates its logs in /var/folders/gd/3ncjb1lj5ljgk8xl5ssn_gvc0000gn/T/com.apple.shortcuts.mac-helper// by default

Additional context

We must have regressed this somewhere but failed to call out in https://www.pulumi.com/blog/announcing-6-0-of-the-pulumi-aws-classic-provider/

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@t0yv0 t0yv0 added kind/bug Some behavior is incorrect or out of spec needs-triage Needs attention from the triage team labels Sep 18, 2024
@t0yv0 t0yv0 mentioned this issue Sep 18, 2024
Open
19 tasks
@corymhall corymhall removed the needs-triage Needs attention from the triage team label Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t0yv0 @corymhall