Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warnings emitted when importing aws:lb:TargetGroup, One or more imported inputs failed to validate #4361

Closed
Zaid-Ajaj opened this issue Aug 13, 2024 · 7 comments
Closed

Warnings emitted when importing aws:lb:TargetGroup, One or more imported inputs failed to validate #4361

Zaid-Ajaj opened this issue Aug 13, 2024 · 7 comments
Assignees
@flostadler
Labels
area/import An issue related to `pulumi import` or the import resource option. awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed

Comments

@Zaid-Ajaj
Copy link

Zaid-Ajaj commented Aug 13, 2024
edited
Loading

When importing resources of type aws:lb:TargetGroup with pulumi import, the resource is imported, however it emits warnings:

  aws:lb:TargetGroup (targetGroup):
    warning: One or more imported inputs failed to validate. This is almost certainly a bug in the `aws` provider. The import will still proceed, but you will need to edit the generated code after copying it into your program.
    warning: aws:lb/targetGroup:TargetGroup resource 'targetGroup' has a problem: "health_check.0.port" must be a valid port number (1-65536) or "traffic-port". Examine values at 'targetGroup.healthCheck.port'.
    warning: aws:lb/targetGroup:TargetGroup resource 'targetGroup' has a problem: "health_check.0.port" must be a valid port number (1-65536) or "traffic-port". Examine values at 'targetGroup.healthCheck.port'.
    warning: aws:lb/targetGroup:TargetGroup resource 'targetGroup' has a problem: expected health_check.0.protocol to be one of ["HTTP" "HTTPS" "TCP"], got . Examine values at 'targetGroup.healthCheck.protocol'.

This has surfaced when using the Pulumi Importer, issue Zaid-Ajaj/pulumi-tool-importer#2 (comment)
@Zaid-Ajaj Zaid-Ajaj added the area/import An issue related to `pulumi import` or the import resource option. label Aug 13, 2024
@Zaid-Ajaj Zaid-Ajaj mentioned this issue Aug 13, 2024
Closed
@flostadler flostadler added the needs-triage Needs attention from the triage team label Aug 13, 2024
@flostadler
Copy link
Contributor

flostadler commented Aug 14, 2024
edited
Loading

Similarly to #4362, the elbv2 target_group resource isn't handling optional values in read properly.
Here pointers are just converted to their primitives, which yields "" for port and protocol:
https://github.com/hashicorp/terraform-provider-aws/blob/3724def77810f619392ecb79fd3e40915c0b0214/internal/service/elbv2/target_group.go#L1170-L1176

@flostadler flostadler added kind/bug Some behavior is incorrect or out of spec and removed needs-triage Needs attention from the triage team labels Aug 14, 2024
@flostadler
Copy link
Contributor

This seems to only replicate if the targetType is set to lambda, otherwise healthcheck port and protocol are set even if healthchecks are disabled.

To repro, run the following program and then import the TG using the targetGroupArn output like so:
pulumi import aws:lb/targetGroup:TargetGroup importTest "REPLACE_ME_WITH_TG_ARN"

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

const vpc = new awsx.ec2.Vpc("lb-vpc", {
    cidrBlock: "10.0.0.0/16",
    subnetStrategy: "Auto",
    subnetSpecs: [
      {
        type: "Public",
        name: "public-subnet",
      },
    ],
    numberOfAvailabilityZones: 3,
    natGateways: {
      strategy: "None"
    }
  });

const secGroup = new aws.ec2.SecurityGroup("allowTls", {
    description: "Allow TLS inbound traffic and all outbound traffic",
    vpcId: vpc.vpcId,
    tags: {
        Name: "allow_tls",
    },
});

const loadbalancer = new aws.lb.LoadBalancer("my-lb", {
    loadBalancerType: "application",
    securityGroups: [secGroup.id],
    subnets: vpc.publicSubnetIds,
    internal: true,
});

const targetGroup = new aws.lb.TargetGroup("my-tg", {
    port: 80,
    protocol: "HTTP",
    targetType: "lambda",
    vpcId: vpc.vpcId,
    healthCheck: {
        enabled: false,
        timeout: 20,
    }
});

export const targetGroupArn = targetGroup.arn;

const listener = new aws.lb.Listener("my-listener", {
    loadBalancerArn: loadbalancer.arn,
    port: 80,
    defaultActions: [{
        type: "forward",
        targetGroupArn: targetGroup.arn,
    }],
});

The import will generate a resource like this which has an invalid value for port. As as workaround just remove that value:

const importTest = new aws.lb.TargetGroup("importTest", {
    healthCheck: {
        enabled: false,
        matcher: "200",
        path: "/",
        port: "", // <-- here the wrong port value got inserted
        timeout: 20,
    },
    ipAddressType: "ipv4",
    name: "my-tg-bd8a19b",
    targetType: "lambda",
});

Running pulumi up with the wrongly inserted port/protocol removed does not yield a diff because those attributes are ignored when computing the diff and when applying it .

@flostadler flostadler added the awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). label Aug 14, 2024
@flostadler
Copy link
Contributor

Upstream issue: hashicorp/terraform-provider-aws#38861

@t0yv0
Copy link
Member

t0yv0 commented Aug 14, 2024

Adding this to pulumi/pulumi-terraform-bridge#2028 that has some useful context - @flostadler in particular I think this could be mitigated by pulumi/pulumi-terraform-bridge#2314 which we were attempting recently.

@t0yv0
Copy link
Member

t0yv0 commented Sep 24, 2024

Although upstream reports fixed, this still is an issue on latest.

    warning: aws:lb/targetGroup:TargetGroup resource 'importTest' has a problem: "health_check.0.port" must be a valid port number (1-65536) or "traffic-port". Examine values at 'importTest.healthCheck.port'.
    warning: aws:lb/targetGroup:TargetGroup resource 'importTest' has a problem: "health_check.0.port" must be a valid port number (1-65536) or "traffic-port". Examine values at 'importTest.healthCheck.port'.

CLI          
Version      3.130.0
Go Version   go1.22.6
Go Compiler  gc

Plugins
KIND      NAME    VERSION
resource  aws     6.52.0
resource  awsx    2.15.0
resource  docker  4.5.5
resource  docker  3.6.1
language  nodejs  unknown

Host     
OS       darwin
Version  14.6.1
Arch     arm64

This project is written in nodejs: executable='/Users/anton/bin/node' version='v18.18.2'

Current Stack: anton-pulumi-corp/aws-4361/dev

TYPE                                                 URN
pulumi:pulumi:Stack                                  urn:pulumi:dev::aws-4361::pulumi:pulumi:Stack::aws-4361-dev
pulumi:providers:awsx                                urn:pulumi:dev::aws-4361::pulumi:providers:awsx::default_2_15_0
awsx:ec2:Vpc                                         urn:pulumi:dev::aws-4361::awsx:ec2:Vpc::lb-vpc
pulumi:providers:aws                                 urn:pulumi:dev::aws-4361::pulumi:providers:aws::default_6_47_0
aws:ec2/vpc:Vpc                                      urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::lb-vpc
aws:ec2/internetGateway:InternetGateway              urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::lb-vpc
aws:ec2/subnet:Subnet                                urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::lb-vpc-public-subnet-3
aws:ec2/subnet:Subnet                                urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::lb-vpc-public-subnet-1
aws:ec2/subnet:Subnet                                urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::lb-vpc-public-subnet-2
aws:ec2/routeTable:RouteTable                        urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::lb-vpc-public-subnet-3
aws:ec2/routeTable:RouteTable                        urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::lb-vpc-public-subnet-1
aws:ec2/routeTable:RouteTable                        urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::lb-vpc-public-subnet-2
aws:ec2/routeTableAssociation:RouteTableAssociation  urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::lb-vpc-public-subnet-3
aws:ec2/routeTableAssociation:RouteTableAssociation  urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::lb-vpc-public-subnet-1
aws:ec2/route:Route                                  urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::lb-vpc-public-subnet-3
aws:ec2/route:Route                                  urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::lb-vpc-public-subnet-1
aws:ec2/routeTableAssociation:RouteTableAssociation  urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::lb-vpc-public-subnet-2
aws:ec2/route:Route                                  urn:pulumi:dev::aws-4361::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::lb-vpc-public-subnet-2
pulumi:providers:pulumi                              urn:pulumi:dev::aws-4361::pulumi:providers:pulumi::default
pulumi:providers:aws                                 urn:pulumi:dev::aws-4361::pulumi:providers:aws::default_6_52_0
aws:lb/targetGroup:TargetGroup                       urn:pulumi:dev::aws-4361::aws:lb/targetGroup:TargetGroup::my-tg
aws:ec2/securityGroup:SecurityGroup                  urn:pulumi:dev::aws-4361::aws:ec2/securityGroup:SecurityGroup::allowTls
aws:lb/loadBalancer:LoadBalancer                     urn:pulumi:dev::aws-4361::aws:lb/loadBalancer:LoadBalancer::my-lb
aws:lb/listener:Listener                             urn:pulumi:dev::aws-4361::aws:lb/listener:Listener::my-listener


Found no pending operations associated with dev

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/anton-pulumi-corp
User           anton-pulumi-corp
Organizations  anton-pulumi-corp, moolumi, demo, pulumi
Token type     personal

Dependencies:
NAME            VERSION
@pulumi/aws     6.52.0
@pulumi/awsx    2.15.0
@pulumi/pulumi  3.134.0
@types/node     18.19.50
typescript      5.6.2

Pulumi locates its logs in /var/folders/gd/3ncjb1lj5ljgk8xl5ssn_gvc0000gn/T/com.apple.shortcuts.mac-helper// by default

@flostadler
Copy link
Contributor

The upstream fix wasn't released yet. They just released it as part of v5.69.0. This should be fixed when we pull this release into pu-aws.

@t0yv0
Copy link
Member

t0yv0 commented Sep 27, 2024

Done in b62cf93 presumably.

@t0yv0 t0yv0 closed this as completed Sep 27, 2024
@t0yv0 t0yv0 added the resolution/fixed This issue was fixed label Sep 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@flostadler flostadler

Labels
area/import An issue related to `pulumi import` or the import resource option. awaiting-upstream The issue cannot be resolved without action in another repository (may be owned by Pulumi). kind/bug Some behavior is incorrect or out of spec resolution/fixed This issue was fixed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@t0yv0 @flostadler @Zaid-Ajaj