Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Group creation with mail nickname fails in preview #426

Open
pierskarsenbarg opened this issue Aug 15, 2023 · 2 comments
Open

Group creation with mail nickname fails in preview #426

pierskarsenbarg opened this issue Aug 15, 2023 · 2 comments
Labels
impact/usability Something that impacts users' ability to use the product easily and intuitively kind/bug Some behavior is incorrect or out of spec

Comments

@pierskarsenbarg
Copy link
Member

What happened?

Trying to create a new group resource where the mailNickname is generated using string interpolation.

Error message:

azuread:index:Group (pulumi-sandbox-root):
    error: Preview failed: diffing urn:pulumi:dev::adgroup::azuread:index/group:Group::pulumi-sandbox-root: `mail_nickname` is required for mail-enabled groups

Expected Behavior

Group successfully created

Steps to reproduce

Use code here: https://gist.github.com/pierskarsenbarg/102812d1f5f3f6adc8d1955ce38d6ea3

The update should fail.

If you set the mailNickname input to be normal string then it succeeds.

Also if you comment out the group resource (so only create the random string), run the update and then re-enable the group and run the update it works. It seems to only be when the two resources are created together. Even using dependsOn fails.

Output of pulumi about

CLI          
Version      3.77.0
Go Version   go1.20.6
Go Compiler  gc

Plugins
NAME          VERSION
azure-native  2.2.0
azuread       5.40.0
nodejs        unknown
random        4.13.2

Host     
OS       darwin
Version  13.4.1
Arch     x86_64

This project is written in nodejs: executable='/Users/piers/.nvm/versions/node/v18.12.1/bin/node' version='v18.12.1'

Current Stack: pierskarsenbarg/adgroup/dev

Found no resources associated with dev

Found no pending operations associated with dev

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/pierskarsenbarg
User           pierskarsenbarg
Organizations  pierskarsenbarg, karsenbarg, team-ce, demo

Dependencies:
NAME                  VERSION
@pulumi/azure-native  2.2.0
@pulumi/azuread       5.40.0
@pulumi/pulumi        3.77.1
@pulumi/random        4.13.2
@types/node           16.18.40

Pulumi locates its logs in /var/folders/69/3w1gr05s2pq36wn49bhyknym0000gn/T/ by default

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@pierskarsenbarg pierskarsenbarg added needs-triage Needs attention from the triage team kind/bug Some behavior is incorrect or out of spec labels Aug 15, 2023
@rquitales
Copy link
Member

It seems that the current issue stems from the fact that the random string is not generated during the preview stage. Consequently, when the upstream provider is invoked, the validation of the Pulumi program fails since the mail_nickname remains empty. This situation arises because the interpolation involving randomRootAccountEnding.result cannot be resolved in the preview context.

To circumvent this error, two potential approaches can be considered:

  1. Utilize the pulumi up --skip-preview command, which allows you to skip the preview stage and directly apply the changes. By doing so, you can bypass the validation issue.

  2. Alternatively, consider modifying the code to execute the logic only when it is not in dry-run mode. This can be accomplished by incorporating a condition to check for dry-run mode using pulumi.runtime.isDryRun().

Here's your code with the second point in mind:

import * as pulumi from "@pulumi/pulumi";
import * as random from "@pulumi/random";
import * as azuread from "@pulumi/azuread";

const current = azuread.getClientConfig({});

const randomRootAccountEnding = new random.RandomString("random", {
    length: 8,
    overrideSpecial: "_",
    special: true,
});

const awsAccountName = "sandbox";

if (!pulumi.runtime.isDryRun()) {
    const mailbox = new azuread.Group(`pulumi-${awsAccountName}-root`, {
        displayName: awsAccountName,
        mailNickname: pulumi.interpolate`pulumi-${awsAccountName}-root-${randomRootAccountEnding.result}`,
        mailEnabled: true,
        securityEnabled: true,
        types: ["Unified"],
        externalSendersAllowed: true,
        autoSubscribeNewMembers: true,
        owners: [
            current.then(current => current.objectId),
        ],
        members: [
            current.then(current => current.objectId),
        ],
    });
}

I think this opens up a bigger task of improving preview behaviour.

@rquitales rquitales added impact/usability Something that impacts users' ability to use the product easily and intuitively and removed needs-triage Needs attention from the triage team labels Aug 15, 2023
@pierskarsenbarg
Copy link
Member Author

pierskarsenbarg commented Aug 16, 2023
edited
Loading

It looks like the upstream provider has a custom diff validation function that doesn't look like it's running correctly in preview. I've tested it in terraform, and I get the same error message in response.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
impact/usability Something that impacts users' ability to use the product easily and intuitively kind/bug Some behavior is incorrect or out of spec
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pierskarsenbarg @rquitales