A user's state file can occasionally get into a bad _state_ (e.g. https://github.com/pulumi/pulumi/issues/3583) and must be fixed either with pulumi state delete ... or through manual changes. Unfortunately, some bad states prevent pulumi state delete ... from functioning (such as the error below and linked issue) and the user must resort to manual editing the state file which is error-prone.
% pulumi state delete 'urn:pulumi:dev::p-parent-delete-test-::aws:s3/bucket:Bucket$aws:s3/bucket:Bucket::child'
error: .pulumi/stacks/dev.json: snapshot integrity failure; refusing to use it: child resource urn:pulumi:dev::p-parent-delete-test-::aws:s3/bucket:Bucket$aws:s3/bucket:Bucket::child refers to missing parent urn:pulumi:dev::p-parent-delete-test-::aws:s3/bucket:Bucket::parent
Allow pulumi state delete ... to still proceed when a user's state is in a "snapshot integrity failure" _state_ as this is safer than the user manually editing the state file.
Update: As @joeduffy pointed out this is available via --disable-integrity-checking, but we should make this an interactive prompt rather than a flag so that the user knows this is an option.
Understandably, this might not be feasible in all cases (invalid JSON), but some cases like this should still be allowed.
Does --disable-integrity-checking work around this?
Does
--disable-integrity-checkingwork around this?
Only if you know that option exists! 馃う
Thanks! That indeed allows the pulumi state delete command to proceed and fix the state. Closing this.
_Actually_, I'm going to reopen this. That option is indeed available via pulumi state delete --help but I feel the user experience could be better here.
We prompt the user聽interactively before proceeding with the pulumi state delete. We should also make the disable-integrity-checking functionality interactive so that it's more discoverable for the end user.
Agree, might also be nice for integrity errors to mention the flag.
Agree, might also be nice for integrity errors to mention the flag.
Yep, that would work too.
Most helpful comment
Does
--disable-integrity-checkingwork around this?