-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refreshing project involving machine learning services managed network settings causes resources to be replaced #3225
Comments
This looks like a similar problem to #611 and #1112 - where certain sub-property collections are also represented as standalone resources. One oddity here is that the standalone resource gets removed on refresh. We'd need to identify why this isn't returned correctly by the API as there might be something else going on. Otherwise, the existing mechanism should be sufficient to handle maintaining the existing property transparently if it wasn't originally set. |
No you have to delete the ml workspace to delete the rule in the portal. |
When performing the create, we calculate the The Azure response contains an pulumi-azure-native/provider/pkg/provider/provider.go Lines 909 to 911 in d422a42
However, on this API, Azure is returning an identifier which is missing the subscription and resource group context: Original ID: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/pl-cs-ml-rgxxxxxx/providers/Microsoft.MachineLearningServices/workspaces/pk-ml-cs-workspace-2/outboundRules/mlsrule"
Azure's ID: "pk-ml-cs-workspace-2/outboundRules/mlsrule" This incorrect identifier is then used for subsequent requests, which then fail. |
It knows it’s attached to the workspace because it attaches the rule to the workspace which is weird. I thought it was like that vnet/subnet issue from before |
Manually fixing the
Therefore there's two separate issues at play here:
|
As it stands, I would advise against using the standalone rule resource until it's fixed by Azure as it's not currently workable given the broken API. At that point, it would be worth considering the enhancement to make it easier to manage rules just as external resources similar to VNets/Subnets. |
Yeah I’ve already advised them not to but they were only doing it because MS told them to. I don’t know how keen they are to start pushing MS to fix it but I’ll find out |
Ok, marking as blocked as there's no reason to start work on the ability to use standalone rule resources until we can successfully rules as resources without errors from the API. |
@danielrbradley which API endpoint is returning the wrong id? We are engaging with MS on this from our side. |
@Werner-Swart-83 the incorrect ID is being returned after awaiting the result of the e.g. |
@danielrbradley MS has confirmed that the fix for that endpoint has been applied to WestEurope. |
That's great! Thank you for the update @Werner-Swart-83 |
What happened?
When creating a
MachineLearningService.Workspace
it's possible to create the managednetwork outbound rules as a separate resource (and apparently customers are encouraged to do so by Microsoft). However, when you do this and runpulumi refresh
it updates the workspace resource with the values set in the network settings resource and then deletes the network settings rule resource.Then when the update happens, Pulumi recreates the settingsrule resource (because it no longer exists in Azure) and clears out the managed settings rule in the workspace and then the same thing happens all over again.
Example
Code can be found here: https://github.com/pulumi/customer-engineering/tree/master/customer-support/5019 (private repo)
Output of
pulumi about
Additional context
If you look at state export that I've taken before and after the refresh, you can see here that the
outboundRules
input is empty and we havenetworksettingsrule
resource here: https://github.com/pulumi/customer-engineering/blob/60d8ce2e2835bab670bce807e276934186ebb1fd/customer-support/5019/stack-before-refresh.json#L421-L479but after the refresh the ML workspace now has the network settings in the
outboundRule
section: https://github.com/pulumi/customer-engineering/blob/60d8ce2e2835bab670bce807e276934186ebb1fd/customer-support/5019/stack-after-refresh.json#L324-L334 and the setting rule resource is gone.I've also added https://github.com/pulumi/customer-engineering/blob/master/customer-support/5019/out.txt which are verbose logs and if you search for
HTTP/2.0 404 Not Found
you can see that it's the rules that can't be found.Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: