Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permanent diff on digitalocean.App envs #624

Open
t0yv0 opened this issue Feb 21, 2024 · 1 comment
Open

Permanent diff on digitalocean.App envs #624

t0yv0 opened this issue Feb 21, 2024 · 1 comment
Labels
bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. kind/bug Some behavior is incorrect or out of spec

Comments

@t0yv0
Copy link
Member

t0yv0 commented Feb 21, 2024
edited
Loading

What happened?

User reports unexpected cycling and permanent diffs around the digitalocean.App envs fields.

Example

import * as digitalocean from "@pulumi/digitalocean";
import * as pulumi from "@pulumi/pulumi";

const config = new pulumi.Config();
const imageTag = process.env.IMAGE_TAG;
if (imageTag === undefined) {
  throw new Error("Environement variable IMAGE_TAG is missing!");
}

new digitalocean.Vpc("slack-entry-vpc", {
  name: "default-ams3",
  region: "ams3",
  ipRange: "10.110.0.0/20",
});

const databaseCluster = new digitalocean.DatabaseCluster(
  "slack-entry-db-cluster",
  {
    name: "slack-entry",
    engine: "pg",
    nodeCount: 1,
    region: "ams3",
    size: "db-s-1vcpu-1gb",
    version: "16",
    storageSizeMib: "10240",
  },
);

const database = new digitalocean.DatabaseDb("slack-entry-db", {
  name: "slack-entry",
  clusterId: databaseCluster.id,
});

const databaseUser = new digitalocean.DatabaseUser("slack-entry-db-user", {
  name: "app",
  clusterId: databaseCluster.id,
});

const databaseUrl = pulumi
  .all([
    databaseCluster.host,
    databaseCluster.port,
    databaseUser.name,
    databaseUser.password,
    database.name,
  ])
  .apply(([host, port, user, password, name]) => {
    const url = new URL(`postgresql://${host}`);
    url.port = port.toString();
    url.username = user;
    url.password = password;
    url.pathname = name;
    url.searchParams.append("sslmode", "require");
    return url.toString();
  });

new digitalocean.ContainerRegistry("slack-entry-registry", {
  name: "slack-entry",
  region: "ams3",
  subscriptionTierSlug: "basic",
});

const app = new digitalocean.App("slack-entry-app", {
  spec: {
    name: "slack-entry",
    alerts: [
      { disabled: false, rule: "DEPLOYMENT_FAILED" },
      { disabled: false, rule: "DOMAIN_FAILED" },
    ],
    databases: [
      {
        engine: "PG",
        name: database.name,
        production: true,
        clusterName: databaseCluster.name,
      },
    ],
    ingress: {
      rules: [
        {
          component: { name: "app", preservePathPrefix: false, rewrite: "" },
          match: { path: { prefix: "/" } },
        },
      ],
    },
    region: "ams",
    services: [
      {
        name: "app",
        alerts: [],
        image: {
          registryType: "DOCR",
          repository: "app",
          tag: imageTag,
        },
        instanceSizeSlug: "basic-xxs",
        instanceCount: 1,
        envs: [
          {
            key: "SLACKENTRY_DATABASE_URL",
            value: databaseUrl,
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_BASE_URL",
            value: "${APP_URL}", // eslint-disable-line no-template-curly-in-string
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_AUTH_BASE_URL",
            value: "${APP_URL}", // eslint-disable-line no-template-curly-in-string
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "PRISMA_FIELD_ENCRYPTION_KEY",
            value: config.requireSecret("prismaEncryptionKey"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_APP_ID",
            value: config.require("hubspotAppId"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_CLIENT_ID",
            value: config.require("hubspotClientId"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_CLIENT_SECRET",
            value: config.requireSecret("hubspotClientSecret"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_HUBSPOT_DEVELOPER_API_KEY",
            value: config.requireSecret("hubspotDeveloperApiKey"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_CLIENT_ID",
            value: config.require("slackClientId"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_CLIENT_SECRET",
            value: config.requireSecret("slackClientSecret"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_SIGNING_SECRET",
            value: config.requireSecret("slackSigningSecret"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_SLACK_BOT_NAME",
            value: config.require("slackBotName"),
            type: "GENERAL",
            scope: "RUN_TIME",
          },
          {
            key: "SLACKENTRY_COOKIE_SECRETS",
            value: config.requireSecret("cookieSecrets"),
            type: "SECRET",
            scope: "RUN_TIME",
          },
        ],
      },
    ],
  },
});

new digitalocean.DatabaseFirewall("slack-entry-db-firewall", {
  clusterId: databaseCluster.id,
  rules: [
    {
      type: "app",
      value: app.id,
    },
  ],
});

Output of pulumi about

N/A

Additional context

N/A

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@t0yv0 t0yv0 added needs-triage Needs attention from the triage team kind/bug Some behavior is incorrect or out of spec bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. labels Feb 21, 2024
@t0yv0
Copy link
Member Author

t0yv0 commented Feb 21, 2024

pulumi/pulumi-terraform-bridge#1417 possibly has other issues in this same category

@iwahbe iwahbe removed the needs-triage Needs attention from the triage team label Feb 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/diff kind/bug related to Pulumi generating wrong diffs on preview or up. kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@t0yv0 @iwahbe