Implicit importing of SNS Topics #3288
Comments
VenelinMartinov
added
kind/bug
|
Related to #2009 |
|
Looking into this more I think #3235 is the correct solution for this issue. From what I can tell, it was abandoned because SNS topics could no longer be recreated if there is a name conflict. Users would be able to specify that the resource should be If there are users who are currently depending on the implicit importing of SNS topics, they would have to switch to explicit importing (which we should enforce). The only hard failure appeared to be in the case of the provider itself being renamed/replaced (#2009). I would argue that there are no users that would rename a provider and go ahead with an apply which replaces all the resources in their stack. That is what would need to happen in order to hit this hard failure on recreating the SNS topic. @iwahbe, @VenelinMartinov, @t0yv0 my suggestion is to re-roll #3235, but let me know what you think. |
Not quite true - there'd also be a hard failure upon trying to create a stack with an SNS topic which already exists. This currently works fine but would not work with #3235. I suspect this is the most common path hit by users, so we'd be breaking most programs which are related to this issue. I believe the reason we originally abandoned the PR is that it wasn't obvious that the benefit outweighs the cost - it doesn't address #2009 and maybe users don't mind the implicit importing behaviour and the hard failures might be a net worse. I believe @iwahbe suggested reimplementing the hard failure as a warning - that wouldn't break the programs which currently work fine and will warn users of the odd implicit importing. In the case of a renamed provider it'd still get silently deleted but at least there's a warning about the behaviour. |
I would argue that this is the behavior that we want. There should be a failure in this case. Users would still be able to import the SNS topic by explicitly importing it, and this would be inline with what they must do for all other resources. I can see three different types of users, and in all three I think fixing the bug would be the preferred scenario.
Suppose an organization has an SNS topic that is being managed across 2-3 stacks (implying 2-3 applications). StackA makes a change to the topic, they now have to coordinate that change across the other two stacks and inform the owners of that topic that they are making the change, otherwise the next time StackB/C update their stacks it will revert the changes made by StackA. An even more dangerous scenario would be if StackA made a change like renaming the SNS topic. The SNS topic would be replaced and now the Topic that StackB/C are relying on no longer exists. There may be organizations that have come to rely on this scenario, but I think the far more likely scenario is that they are unaware of this and will eventually make a dangerous change. |
|
Yeah, I'd agree about the right behaviour and perhaps the breaking change isn't this bad since it doesn't affect existing programs. It's probably fine to merge this and should be a net positive for users. Perhaps we should add a link on how to get the previous behaviour in the error message. Users might be able to use the import resource option to get the old behaviour. |
|
Re-reading this carefully, I'm with Cory here on moving forward with the change as it makes this resource simpler to reason about and less surprising. Regarding the situation of a renamed provider and such, so do we have an example program? The linked analysis mentions the need to implement DiffConfig in the bridge that I don't quite follow - but anyway DiffConfig is now implemented in the bridge. I think also that if users run into this situation where renaming a provider cause an URN change on this resource and causes the engine to decide to Create and then Delete which would now fail (Create) because of a conflict on the cloud name, this type of situation calls for https://www.pulumi.com/docs/concepts/options/aliases/ I think. This may be something that can be remediated by teaching the engine to avoid the "double vision" problem and identify the resource as one resource by adding aliases. |
|
There is a test in https://github.com/pulumi/pulumi-aws/pull/3268/files#diff-bdde7c5c4464b1abd6a781ee2aa4b04235fdbf4832f1d6f584174a8528e8fe16 which reproes the issue for renamed providers.
Yeah, I believe that was erroneous - I was under the impression DiffConfig could tell the engine not to re-create the provider when it gets renamed but it never gets called for renames. Aliases is indeed the workaround here but I don't think that's very obvious for any user facing this. |
This is a re-roll of #3235. See [this comment](#3288 (comment)) for why we are re-rolling this. closes #3288 Co-authored-by: VenelinMartinov <[email protected]>
This is a re-roll of #3235. See this comment for why we are re-rolling this. closes #3288 Co-authored-by: VenelinMartinov [email protected]
What happened?
When deploying SNS topics which already exists, pulumi will implicitly import them.
This can cause confusing behaviour down the line, for example if the topic is defined twice and then one of them is destroyed, both of them will actually disapper.
Example
We tried to address this in #3235 and that also has a regression test. Unfortunately, we had to revert because it introduces a hard failure when replacing parent providers, see #3268
Output of
pulumi aboutTested in 6.18
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: