New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Component children of component resources don't inherit their parents providers #10640
Comments
I tried this with awsx classic, and confirmed it worked as expected: import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";
import * as classic from "@pulumi/awsx/classic";
export interface MyVpcArgs {
cidrBlock: string;
}
export class MyVpc extends pulumi.ComponentResource {
vpc: awsx.ec2.Vpc;
classicVpc: classic.ec2.Vpc;
constructor(
name: string,
args: MyVpcArgs,
opts?: pulumi.ComponentResourceOptions
) {
super("jaxxstorm:index:myvpc", name, {}, opts);
// gets created in the wrong account
this.vpc = new awsx.ec2.Vpc(
name,
{
cidrBlock: args.cidrBlock,
subnetSpecs: [
{
type: "Public",
cidrMask: 26,
},
{
type: "Isolated",
cidrMask: 26,
},
{
type: "Private",
cidrMask: 24,
},
],
natGateways: {
strategy: "OnePerAz",
},
tags: {
Name: name,
},
},
{ parent: this }
);
// gets created in the account I expect
this.classicVpc = new classic.ec2.Vpc(
name,
{
cidrBlock: args.cidrBlock,
},
{ parent: this }
);
}
} |
This issue also affects import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
export class MyComponent extends pulumi.ComponentResource {
constructor(
name: string,
opts?: pulumi.ComponentResourceOptions
) {
super("joshtest:index:mycomponent", name, {}, opts);
const trail = new awsx.cloudtrail.Trail(
`my-trail-${name}`,
{
name: `ComponentTrail-${name}`,
},
{ parent: this });
}
}
const usEast1Provider = new aws.Provider("us-east-1", {
region: "us-east-1",
});
// Gets created in my default region, us-west-2:
new MyComponent("ProviderOption", {
provider: usEast1Provider,
});
// Gets created in us-east-1:
new awsx.cloudtrail.Trail(
"non-component-trail",
{
name: "NonComponentTrail",
},
{
provider: usEast1Provider,
}
);
// Gets created in my default region, us-west-2:
new MyComponent("ProvidersOption", {
providers: [usEast1Provider],
}); |
Verified that the same behavior exhibits in Python. |
You should be able to workaround this issue by passing import * as pulumi from "@pulumi/pulumi";
import * as awsx from "@pulumi/awsx";
import * as aws from "@pulumi/aws";
export class MyComponent extends pulumi.ComponentResource {
constructor(
name: string,
opts?: pulumi.ComponentResourceOptions
) {
super("joshtest:index:mycomponent", name, {}, opts);
const trail = new awsx.cloudtrail.Trail(
`my-trail-${name}`,
{
name: `ComponentTrail-${name}`,
},
{ ...opts, parent: this });
}
} |
To clarify, the original behavior is correct for |
FYI: #10961 might be a variant of this issue, that affects |
@iwahbe I don't think this is a reasonable fix as this would add quite a significant amount of code between all our components which would be very susceptible to breaking. This really needs to be fixed in the core platform. |
@danielrbradley I'm not saying this is the solution. I'm saying this is a short term workaround until the fix (#10933) lands and the problem is solved in the engine. |
10933: Allow component resources to inherit `providers` from component resources r=iwahbe a=iwahbe <!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the [CONTRIBUTING](https://github.com/pulumi/pulumi/blob/master/CONTRIBUTING.md) documentation. --> # Description <!--- Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. --> Fixes #10640 ## Checklist <!--- Please provide details if the checkbox below is to be left unchecked. --> - [x] I have added tests that prove my fix is effective or that my feature works <!--- User-facing changes require a CHANGELOG entry. --> - [x] I have run `make changelog` and committed the `changelog/pending/<file>` documenting my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Service, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. --> - [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Service API version <!-- `@Pulumi` employees: If yes, you must submit corresponding changes in the service repo. --> Co-authored-by: Ian Wahbe <ian@wahbe.com>
What happened?
I defined a VPC inside a Component resource, and parented the VPC to the wrapping component.
The resource provider has a defined AWS account and allowed account id.
The VPC was created in the account I had set in my aws environment, not in the account I expected with the explicit resource provider.
Steps to reproduce
Create a Component Resource like so:
Then instantiate it via a provider:
Note the
allowedAccountIds
and the profile I've selected.Now, ensure your AWS credentials locally do not match the profile:
Now provision your Pulumi program, see where the resources get created
Expected Behavior
The resources should be provisioned in the account defined by the resource provider
Actual Behavior
The resources are not provisioned in the correct account
Versions used
Additional context
It is entirely possible I am misunderstanding something here
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: