Closed
Description
openedon Oct 10, 2023
What happened?
Starting with pulumi-aws 6.x+, user pools get a constant update, with an empty diff.
Here is the output of a pulumi preview --json:
{
"config": {
"aws:region": "eu-west-3"
},
"steps": [
{
"op": "same",
"urn": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:pulumi:Stack::pulumi-repro-userpool-dev",
"oldState": {
"urn": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:pulumi:Stack::pulumi-repro-userpool-dev",
"custom": false,
"type": "pulumi:pulumi:Stack",
"outputs": {
"AppUsersPool": {
"accountRecoverySetting": {
"recoveryMechanisms": [
{
"name": "verified_email",
"priority": 1
}
]
},
"adminCreateUserConfig": {
"allowAdminCreateUserOnly": false,
"inviteMessageTemplate": null
},
"arn": "arn:aws:cognito-idp:eu-west-3:xxxxxxxxxxxxxx:userpool/eu-west-3_xxxxxxxxxxxxxx",
"autoVerifiedAttributes": [
"email"
],
"creationDate": "2023-10-10T07:01:18Z",
"customDomain": "",
"deletionProtection": "ACTIVE",
"deviceConfiguration": null,
"domain": "",
"emailConfiguration": {
"configurationSet": "",
"emailSendingAccount": "COGNITO_DEFAULT",
"fromEmailAddress": "",
"replyToEmailAddress": "",
"sourceArn": ""
},
"emailVerificationMessage": "",
"emailVerificationSubject": "",
"endpoint": "cognito-idp.eu-west-3.amazonaws.com/eu-west-3_xxxxxxxxxxxxxx",
"estimatedNumberOfUsers": 0,
"id": "eu-west-3_xxxxxxxxxxxxxx",
"lambdaConfig": null,
"lastModifiedDate": "2023-10-10T07:01:18Z",
"mfaConfiguration": "OPTIONAL",
"name": "test-user-pool",
"passwordPolicy": {
"minimumLength": 8,
"requireLowercase": true,
"requireNumbers": true,
"requireSymbols": true,
"requireUppercase": true,
"temporaryPasswordValidityDays": 300
},
"schemas": [
{
"attributeDataType": "String",
"developerOnlyAttribute": false,
"mutable": true,
"name": "name",
"numberAttributeConstraints": null,
"required": true,
"stringAttributeConstraints": {
"maxLength": "2048",
"minLength": "0"
}
}
],
"smsAuthenticationMessage": "",
"smsConfiguration": null,
"smsVerificationMessage": "",
"softwareTokenMfaConfiguration": {
"enabled": true
},
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool",
"userAttributeUpdateSettings": null,
"userPoolAddOns": null,
"usernameAttributes": [
"email"
],
"usernameConfiguration": {
"caseSensitive": false
},
"verificationMessageTemplate": {
"defaultEmailOption": "CONFIRM_WITH_CODE",
"emailMessage": "",
"emailMessageByLink": "",
"emailSubject": "",
"emailSubjectByLink": "",
"smsMessage": ""
}
},
"testuserpoolclient": {
"accessTokenValidity": 60,
"allowedOauthFlows": [],
"allowedOauthFlowsUserPoolClient": false,
"allowedOauthScopes": [],
"authSessionValidity": 3,
"callbackUrls": [],
"clientSecret": "[secret]",
"defaultRedirectUri": "",
"enablePropagateAdditionalUserContextData": false,
"enableTokenRevocation": true,
"explicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"id": "xxxxxxxxxxxxxx",
"idTokenValidity": 60,
"logoutUrls": [],
"name": "test-userpool-client",
"preventUserExistenceErrors": "ENABLED",
"readAttributes": [
"zoneinfo",
"website",
"email_verified",
"birthdate",
"address",
"gender",
"profile",
"phone_number_verified",
"preferred_username",
"given_name",
"locale",
"middle_name",
"picture",
"updated_at",
"name",
"nickname",
"phone_number",
"family_name",
"email"
],
"refreshTokenValidity": 30,
"supportedIdentityProviders": [],
"tokenValidityUnits": {
"accessToken": "minutes",
"idToken": "minutes",
"refreshToken": "days"
},
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client",
"userPoolId": "eu-west-3_xxxxxxxxxxxxxx",
"writeAttributes": [
"zoneinfo",
"website",
"birthdate",
"address",
"gender",
"profile",
"preferred_username",
"given_name",
"locale",
"middle_name",
"picture",
"updated_at",
"name",
"nickname",
"phone_number",
"family_name",
"email"
]
}
},
"created": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z",
"sourcePosition": "project:///../../private/tmp/pulumi-repro-userpool/node_modules/@pulumi/runtime/stack.ts#36,23"
},
"newState": {
"urn": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:pulumi:Stack::pulumi-repro-userpool-dev",
"custom": false,
"type": "pulumi:pulumi:Stack",
"outputs": {
"AppUsersPool": {
"accountRecoverySetting": {
"recoveryMechanisms": [
{
"name": "verified_email",
"priority": 1
}
]
},
"adminCreateUserConfig": {
"allowAdminCreateUserOnly": false,
"inviteMessageTemplate": null
},
"arn": "arn:aws:cognito-idp:eu-west-3:xxxxxxxxxxxxxx:userpool/eu-west-3_xxxxxxxxxxxxxx",
"autoVerifiedAttributes": [
"email"
],
"creationDate": "2023-10-10T07:01:18Z",
"customDomain": "",
"deletionProtection": "ACTIVE",
"deviceConfiguration": null,
"domain": "",
"emailConfiguration": {
"configurationSet": "",
"emailSendingAccount": "COGNITO_DEFAULT",
"fromEmailAddress": "",
"replyToEmailAddress": "",
"sourceArn": ""
},
"emailVerificationMessage": "",
"emailVerificationSubject": "",
"endpoint": "cognito-idp.eu-west-3.amazonaws.com/eu-west-3_xxxxxxxxxxxxxx",
"estimatedNumberOfUsers": 0,
"id": "eu-west-3_xxxxxxxxxxxxxx",
"lambdaConfig": null,
"lastModifiedDate": "2023-10-10T07:01:18Z",
"mfaConfiguration": "OPTIONAL",
"name": "test-user-pool",
"passwordPolicy": {
"minimumLength": 8,
"requireLowercase": true,
"requireNumbers": true,
"requireSymbols": true,
"requireUppercase": true,
"temporaryPasswordValidityDays": 300
},
"schemas": [
{
"attributeDataType": "String",
"developerOnlyAttribute": false,
"mutable": true,
"name": "name",
"numberAttributeConstraints": null,
"required": true,
"stringAttributeConstraints": {
"maxLength": "2048",
"minLength": "0"
}
}
],
"smsAuthenticationMessage": "",
"smsConfiguration": null,
"smsVerificationMessage": "",
"softwareTokenMfaConfiguration": {
"enabled": true
},
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool",
"userAttributeUpdateSettings": null,
"userPoolAddOns": null,
"usernameAttributes": [
"email"
],
"usernameConfiguration": {
"caseSensitive": false
},
"verificationMessageTemplate": {
"defaultEmailOption": "CONFIRM_WITH_CODE",
"emailMessage": "",
"emailMessageByLink": "",
"emailSubject": "",
"emailSubjectByLink": "",
"smsMessage": ""
}
},
"testuserpoolclient": {
"accessTokenValidity": 60,
"allowedOauthFlows": [],
"allowedOauthFlowsUserPoolClient": false,
"allowedOauthScopes": [],
"authSessionValidity": 3,
"callbackUrls": [],
"clientSecret": "[secret]",
"defaultRedirectUri": "",
"enablePropagateAdditionalUserContextData": false,
"enableTokenRevocation": true,
"explicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"id": "xxxxxxxxxxxxxx",
"idTokenValidity": 60,
"logoutUrls": [],
"name": "test-userpool-client",
"preventUserExistenceErrors": "ENABLED",
"readAttributes": [
"zoneinfo",
"website",
"email_verified",
"birthdate",
"address",
"gender",
"profile",
"phone_number_verified",
"preferred_username",
"given_name",
"locale",
"middle_name",
"picture",
"updated_at",
"name",
"nickname",
"phone_number",
"family_name",
"email"
],
"refreshTokenValidity": 30,
"supportedIdentityProviders": [],
"tokenValidityUnits": {
"accessToken": "minutes",
"idToken": "minutes",
"refreshToken": "days"
},
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client",
"userPoolId": "eu-west-3_xxxxxxxxxxxxxx",
"writeAttributes": [
"zoneinfo",
"website",
"birthdate",
"address",
"gender",
"profile",
"preferred_username",
"given_name",
"locale",
"middle_name",
"picture",
"updated_at",
"name",
"nickname",
"phone_number",
"family_name",
"email"
]
}
},
"created": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z",
"sourcePosition": "project:///../../private/tmp/pulumi-repro-userpool/node_modules/@pulumi/runtime/stack.ts#36,23"
},
"detailedDiff": null
},
{
"op": "update",
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client",
"provider": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:providers:aws::default_6_4_1::9543527e-e50a-4978-bc4d-bf41ca1d0686",
"oldState": {
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client",
"custom": true,
"id": "xxxxxxxxxxxxxx",
"type": "aws:cognito/userPoolClient:UserPoolClient",
"inputs": {
"accessTokenValidity": 60,
"enableTokenRevocation": true,
"explicitAuthFlows": [
"ALLOW_USER_SRP_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"idTokenValidity": 60,
"name": "test-userpool-client",
"preventUserExistenceErrors": "ENABLED",
"readAttributes": [
"given_name",
"email_verified",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"phone_number_verified",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email"
],
"tokenValidityUnits": {
"accessToken": "minutes",
"idToken": "minutes"
},
"userPoolId": "eu-west-3_xxxxxxxxxxxxxx",
"writeAttributes": [
"given_name",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email"
]
},
"outputs": {
"accessTokenValidity": 60,
"allowedOauthFlows": [],
"allowedOauthFlowsUserPoolClient": false,
"allowedOauthScopes": [],
"authSessionValidity": 3,
"callbackUrls": [],
"clientSecret": "[secret]",
"defaultRedirectUri": "",
"enablePropagateAdditionalUserContextData": false,
"enableTokenRevocation": true,
"explicitAuthFlows": [
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_USER_SRP_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"id": "xxxxxxxxxxxxxx",
"idTokenValidity": 60,
"logoutUrls": [],
"name": "test-userpool-client",
"preventUserExistenceErrors": "ENABLED",
"readAttributes": [
"zoneinfo",
"website",
"email_verified",
"birthdate",
"address",
"gender",
"profile",
"phone_number_verified",
"preferred_username",
"given_name",
"locale",
"middle_name",
"picture",
"updated_at",
"name",
"nickname",
"phone_number",
"family_name",
"email"
],
"refreshTokenValidity": 30,
"supportedIdentityProviders": [],
"tokenValidityUnits": {
"accessToken": "minutes",
"idToken": "minutes",
"refreshToken": "days"
},
"userPoolId": "eu-west-3_xxxxxxxxxxxxxx",
"writeAttributes": [
"zoneinfo",
"website",
"birthdate",
"address",
"gender",
"profile",
"preferred_username",
"given_name",
"locale",
"middle_name",
"picture",
"updated_at",
"name",
"nickname",
"phone_number",
"family_name",
"email"
]
},
"parent": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:pulumi:Stack::pulumi-repro-userpool-dev",
"dependencies": [
"urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool"
],
"provider": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:providers:aws::default_6_4_1::9543527e-e50a-4978-bc4d-bf41ca1d0686",
"propertyDependencies": {
"accessTokenValidity": null,
"enableTokenRevocation": null,
"explicitAuthFlows": null,
"idTokenValidity": null,
"name": null,
"preventUserExistenceErrors": null,
"readAttributes": null,
"tokenValidityUnits": null,
"userPoolId": [
"urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool"
],
"writeAttributes": null
},
"additionalSecretOutputs": [
"clientSecret"
],
"created": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z",
"sourcePosition": "project:///../../private/tmp/pulumi-repro-userpool/index.ts#42,35"
},
"newState": {
"urn": "urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client",
"custom": true,
"id": "xxxxxxxxxxxxxx",
"type": "aws:cognito/userPoolClient:UserPoolClient",
"inputs": {
"accessTokenValidity": 60,
"enableTokenRevocation": true,
"explicitAuthFlows": [
"ALLOW_USER_SRP_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH"
],
"idTokenValidity": 60,
"name": "test-userpool-client",
"preventUserExistenceErrors": "ENABLED",
"readAttributes": [
"given_name",
"email_verified",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"phone_number_verified",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email"
],
"tokenValidityUnits": {
"accessToken": "minutes",
"idToken": "minutes"
},
"userPoolId": "eu-west-3_xxxxxxxxxxxxxx",
"writeAttributes": [
"given_name",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email"
]
},
"parent": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:pulumi:Stack::pulumi-repro-userpool-dev",
"dependencies": [
"urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool"
],
"provider": "urn:pulumi:dev::pulumi-repro-userpool::pulumi:providers:aws::default_6_4_1::9543527e-e50a-4978-bc4d-bf41ca1d0686",
"propertyDependencies": {
"accessTokenValidity": null,
"enableTokenRevocation": null,
"explicitAuthFlows": null,
"idTokenValidity": null,
"name": null,
"preventUserExistenceErrors": null,
"readAttributes": null,
"tokenValidityUnits": null,
"userPoolId": [
"urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool"
],
"writeAttributes": null
},
"additionalSecretOutputs": [
"clientSecret"
],
"created": "0001-01-01T00:00:00Z",
"modified": "0001-01-01T00:00:00Z",
"sourcePosition": "project:///../../private/tmp/pulumi-repro-userpool/index.ts#42,35"
},
"diffReasons": [
"analyticsConfiguration"
],
"detailedDiff": null
}
],
"duration": 3751067875,
"changeSummary": {
"same": 2,
"update": 1
}
}
especially the diffReasons.
Running pulumi refresh does not fix anything
Example
index.ts
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
export const AppUsersPool = new aws.cognito.UserPool("test-user-pool", {
accountRecoverySetting: {
recoveryMechanisms: [{
name: "verified_email",
priority: 1,
}],
},
autoVerifiedAttributes: ["email"],
deletionProtection: "ACTIVE",
mfaConfiguration: "OPTIONAL",
name: "test-user-pool",
passwordPolicy: {
minimumLength: 8,
requireLowercase: true,
requireNumbers: true,
requireSymbols: true,
requireUppercase: true,
temporaryPasswordValidityDays: 300,
},
schemas: [{
attributeDataType: "String",
mutable: true,
name: "name",
required: true,
stringAttributeConstraints: {
maxLength: "2048",
minLength: "0",
},
}],
softwareTokenMfaConfiguration: {
enabled: true,
},
usernameAttributes: ["email"],
usernameConfiguration: {
caseSensitive: false,
},
});
export const testuserpoolclient = new aws.cognito.UserPoolClient("test-userpool-client", {
analyticsConfiguration: undefined,
accessTokenValidity: 60,
enableTokenRevocation: true,
explicitAuthFlows: [
"ALLOW_USER_SRP_AUTH",
"ALLOW_USER_PASSWORD_AUTH",
"ALLOW_REFRESH_TOKEN_AUTH",
],
idTokenValidity: 60,
name: "test-userpool-client",
preventUserExistenceErrors: "ENABLED",
readAttributes: [
"given_name",
"email_verified",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"phone_number_verified",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email",
],
tokenValidityUnits: {
accessToken: "minutes",
idToken: "minutes",
},
userPoolId: AppUsersPool.id,
writeAttributes: [
"given_name",
"zoneinfo",
"website",
"preferred_username",
"name",
"locale",
"phone_number",
"family_name",
"birthdate",
"middle_name",
"profile",
"picture",
"address",
"gender",
"updated_at",
"nickname",
"email",
],
});
package.json
{
"name": "pulumi-repro-userpool",
"main": "index.ts",
"devDependencies": {
"@types/node": "^16"
},
"dependencies": {
"@pulumi/aws": "^6.4.1",
"@pulumi/awsx": "^1.0.0",
"@pulumi/pulumi": "^3.0.0"
}
}
Output of pulumi about
CLI
Version 3.86.0
Go Version go1.21.1
Go Compiler gc
Plugins
NAME VERSION
aws 6.4.1
aws 5.42.0
awsx 1.0.5
docker 3.6.1
nodejs unknown
Host
OS darwin
Version 13.4.1
Arch arm64
This project is written in nodejs: executable='/opt/homebrew/bin/node' version='v20.5.1'
Current Stack: xxxxxxxx/pulumi-repro-userpool/dev
TYPE URN
pulumi:pulumi:Stack urn:pulumi:dev::pulumi-repro-userpool::pulumi:pulumi:Stack::pulumi-repro-userpool-dev
pulumi:providers:aws urn:pulumi:dev::pulumi-repro-userpool::pulumi:providers:aws::default_6_4_1
aws:cognito/userPool:UserPool urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPool:UserPool::test-user-pool
aws:cognito/userPoolClient:UserPoolClient urn:pulumi:dev::pulumi-repro-userpool::aws:cognito/userPoolClient:UserPoolClient::test-userpool-client
Found no pending operations associated with dev
Backend
Name pulumi.com
URL https://app.pulumi.com/xxxxxxxx
User xxxxxxxx
Organizations xxxxxxxx
Token type personal
Dependencies:
NAME VERSION
@pulumi/aws 6.4.1
@pulumi/awsx 1.0.5
@pulumi/pulumi 3.88.0
@types/node 16.18.58
Pulumi locates its logs in /var/folders/cc/5yb29g2d1ts89dsbzgzwq8040000gn/T/ by default
Additional context
No response
Contributing
Vote on this issue by adding a π reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
