Can't create Schema Registry API keys on package version 2.0.0 #561
Description
Describe what happened
When trying to create a Schema Registry API Key, it breaks and shows the following error on terminal
unexpected API Key "EVG****"'s resource:
{
"api_version": "srcm/v2",
"environment": "env-****",
"id": "lsrc-****",
"kind": "SchemaRegistry",
"related": "https://api.confluent.cloud/srcm/v2/schema-registries/lsrc-*****",
"resource_name": "crn://api.confluent.cloud/organization=********/schema-registry=lsrc-******"
}
There are two things about this:
- Even though pulumi throws an error on terminal, the API key was created on Confluent Cloud registry schema as expected, but since Pulumi threw, it cannot track the state, so the api key is orphaned, since its not possible to retrieve the secret key. I tried
pulumi up3 consecutive times, and all of them gave the same result: api key created on confluent and pulumi throwing - I did not change one line of code, I just downgraded the package to
1.53.0and ranpulumi upagain, and it worked: api key was created and pulumi didn't throw, so something is up when using the latest version2.0.0
For what I could gather from the differences between version 2.0.0 and 1.5.3 is that on preview, the managed resource apiVersion that the getSchemaRegistryClusterOutput resource outputs, its srcm/v3 on 2.0.0 and srcm/v2 on 1.5.3, maybe this is the problem, because all the rest was the same on both previews
// Snippet from preview when using package on version 2.0.0
managedResource : {
apiVersion : "srcm/v3"
environment: {
id : "env-****"
}
id : "lsrc-****"
kind : "Cluster"
}
owner : {
apiVersion: "iam/v2"
id : "sa-****"
kind : "ServiceAccount"
}
-----
// Snippet from preview when using package on version 1.5.3
managedResource : {
apiVersion : "srcm/v2"
environment: {
id : "env-****"
}
id : "lsrc-****"
kind : "Cluster"
}
owner : {
apiVersion: "iam/v2"
id : "sa-****"
kind : "ServiceAccount"
}
Sample program
import * as confluentcloud from '@pulumi/confluentcloud';
import * as pulumi from '@pulumi/pulumi';
export const confluentEnvironment = new confluentcloud.Environment('environment', {
displayName: 'development',
streamGovernance: {
package: 'ESSENTIALS',
},
});
export const schemaRegistry = confluentcloud.getSchemaRegistryClusterOutput({
environment: {
id: confluentEnvironment.id,
},
});
const schemaRegistryServiceAccount = new confluentcloud.ServiceAccount('schema-registry-sa', {
displayName: 'dev-schema-registry-sa',
description: 'Service account for dev applications access schema registry',
});
const schemaRegistryRoleBinding = new confluentcloud.RoleBinding('schema-registry-rb', {
principal: schemaRegistryServiceAccount.id.apply((id) => `User:${id}`),
roleName: 'EnvironmentAdmin',
crnPattern: confluentEnvironment.resourceName,
});
const schemaRegistryApiKey = new confluentcloud.ApiKey(
'schema-registry-api-key',
{
displayName: 'dev-schema-registry-apps',
description: pulumi.interpolate`Schema Registry API Key that is owned by ${schemaRegistryServiceAccount.displayName} service account`,
owner: {
id: schemaRegistryServiceAccount.id,
kind: schemaRegistryServiceAccount.kind,
apiVersion: schemaRegistryServiceAccount.apiVersion,
},
managedResource: {
id: schemaRegistry.id,
kind: schemaRegistry.kind,
apiVersion: schemaRegistry.apiVersion,
environment: {
id: confluentEnvironment.id,
},
},
},
{
dependsOn: [schemaRegistryRoleBinding],
},
);
Log output
No response
Affected Resource(s)
confluentcloud.ApiKey
Output of pulumi about
➜ pulumi about
CLI
Version 3.128.0
Go Version go1.22.5
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 6.47.0
resource confluentcloud 1.53.0
language nodejs 18.20.4
Host
OS darwin
Version 14.6.1
Arch arm64
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).