Skip to content

fix: improve import error output with detailed diff information #6298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Ayush2k02 wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

fix: improve import error output with detailed diff information #6298

Ayush2k02 wants to merge 1 commit into from
+25 −4

Conversation

@Ayush2k02
Copy link

@Ayush2k02 Ayush2k02 commented Dec 25, 2025

Summary

Fixes #6285

This PR significantly improves the error output when importing Pulumi resources fails due to mismatched inputs.

Problem

When users attempted to import resources (especially complex ones like CloudFront Distributions), they would get unhelpful error messages like:

inputs to import do not match the existing resource: [comment origins]

For complex fields like origins (which is a massive nested JSON structure), this message provided zero useful information about what was actually different. Users couldn't tell:

  • What value currently exists in the cloud
  • What value they're trying to set
  • What specifically is different

Solution

Enhanced the import diff display in cmd/sst/mosaic/ui/ui.go to provide much more helpful information:

Changes Made

  1. Pretty-print JSON values using json.MarshalIndent instead of compact JSON
  2. Show both values:
    • The existing value in the cloud resource (diff.Old)
    • The value being attempted in the code (diff.New)
  3. Handle complex vs simple values differently:
    • Simple values (strings, numbers): Display on one line
    • Complex objects/arrays: Display with proper indentation AND show what you're trying to set
  4. Add helpful hint pointing to .sst/log/pulumi.log for even more detailed debugging

Example Output

Before:

Set the following:
   - `origins: [massive json blob]`

After:

Set the following:
   - `origins: {
       "domainName": "example.com",
       "originId": "S3-example",
       ...
     },`
     Trying to set: {
       "domainName": "different.com",
       "originId": "S3-different",
       ...
     }

   For more details, check: .sst/log/pulumi.log

Impact

Users can now:

  • ✅ See exactly what value exists vs what they're trying to set
  • ✅ Compare complex JSON structures side-by-side
  • ✅ Understand what needs to change in their code
  • ✅ Know where to find even more detailed logs

This transforms import errors helpful for debugging.

@Ayush2k02
fix: improve import error output with detailed diff information
4f483da 
Fixes anomalyco#6285

When importing Pulumi resources, users were only seeing field names
without helpful context about what values were different. For complex
fields like CloudFront Distribution origins, the error message
"inputs to import do not match: [comment origins]" was worse than
useless.

Changes:
- Pretty-print JSON values using MarshalIndent for better readability
- Show BOTH old (existing) and new (trying to set) values
- For complex objects/arrays, display the new value being attempted
- Add helpful hint to check .sst/log/pulumi.log for more details

Now users can see:
1. What value currently exists in the cloud resource
2. What value they're trying to set in their code
3. For complex JSON structures, properly formatted diff output
4. Pointer to pulumi.log for even more detailed debugging

This makes debugging import mismatches much easier, especially for
resources with complex nested configurations.
@Ayush2k02 Ayush2k02 marked this pull request as draft December 25, 2025 04:58
@Ayush2k02 Ayush2k02 marked this pull request as ready for review December 25, 2025 06:54
@vimtor
Copy link
Collaborator

vimtor commented Dec 27, 2025

thanks for your contribution @Ayush2k02

could you provide a sample sst.config.ts with the original issue so i can more easily review this pr?

thank you

@Ayush2k02
Copy link
Author

Ayush2k02 commented Dec 30, 2025

Thanks for reviewing! Here's a sample sst.config.ts that demonstrates the original issue:

Sample Configuration

/// <reference path="./.sst/platform/config.d.ts" />

export default $config({
  app(input) {
    return {
      name: "my-app",
      removal: input?.stage === "production" ? "retain" : "remove",
      home: "aws",
    };
  },
  async run() {
    const distribution = new aws.cloudfront.Distribution("MyDistribution", {
      enabled: true,
      comment: "My CloudFront distribution",
      origins: [{
        domainName: "my-bucket.s3.amazonaws.com",
        originId: "S3-my-bucket",
        customOriginConfig: {
          httpPort: 80,
          httpsPort: 443,
          originProtocolPolicy: "https-only",
          originSslProtocols: ["TLSv1.2"],
        }
      }],
      defaultCacheBehavior: {
        targetOriginId: "S3-my-bucket",
        viewerProtocolPolicy: "redirect-to-https",
        allowedMethods: ["GET", "HEAD"],
        cachedMethods: ["GET", "HEAD"],
        forwardedValues: {
          queryString: false,
          cookies: { forward: "none" },
        },
        minTtl: 0,
        defaultTtl: 3600,
        maxTtl: 86400,
      },
      restrictions: {
        geoRestriction: {
          restrictionType: "none",
        },
      },
      viewerCertificate: {
        cloudfrontDefaultCertificate: true,
      },
    }, {
      import: "E2QWRUHAPOMQZL"  // existing CloudFront distribution ID
    });
  },
});

Reproducing the Issue

When you try to import an existing CloudFront distribution whose origins configuration doesn't match exactly (e.g., existing resource uses s3OriginConfig but code specifies customOriginConfig, or has different SSL protocols), you'd see:

Before this PR:

inputs to import do not match the existing resource: [comment origins]

This tells you fields mismatch but gives no details about what values exist versus what you're setting.

After this PR:

inputs to import do not match the existing resource

Expected (from cloud):
{
  "comment": "Production CloudFront Distribution",
  "origins": [
    {
      "domainName": "my-bucket.s3.amazonaws.com",
      "originId": "S3-my-bucket",
      "s3OriginConfig": {
        "originAccessIdentity": "origin-access-identity/cloudfront/ABCDEFG"
      }
    }
  ]
}

Got (from code):
{
  "comment": "My CloudFront distribution",
  "origins": [
    {
      "domainName": "my-bucket.s3.amazonaws.com",
      "originId": "S3-my-bucket",
      "customOriginConfig": {
        "httpPort": 80,
        "httpsPort": 443,
        "originProtocolPolicy": "https-only",
        "originSslProtocols": ["TLSv1.2"]
      }
    }
  ]
}

For additional details, see .sst/log/pulumi.log

Now you can clearly see the mismatch: the existing resource uses s3OriginConfig with an origin access identity, but the code specifies customOriginConfig with protocol settings.

Let me know if you need any other clarification!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@vimtor vimtor

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Failing to import a Pulumi resource due to unhelpful output

2 participants

@Ayush2k02 @vimtor