Summary
The provider currently does not support attaching a QoS policy to an object store bucket. This is the only granularity at which Pure FlashBlade exposes QoS for S3 workloads, so without provider support
there is no way to enforce per-bucket throttling via Terraform/Pulumi.
Context
The Pure FlashBlade REST API exposes QoS attachment for buckets in two ways:
-
Bucket.qos_policy field — a FixedReference to a QoS policy, settable on bucket create/update.
Confirmed in pypureclient/flashblade/_common/models/bucket_v_2_22.py:
qos_policy: Optional[FixedReference] = Field(
default=None,
description="The QoS policy for the bucket defines the performance controls that "
"can be applied to the aggregate performance of all the clients accessing "
"the bucket. If no policy is configured for a bucket, then no performance "
"controls are applied to it."
)
-
QosPolicyMember with member_type=buckets — would mirror the existing file-systems / realms flow.
Current state in the provider
internal/provider/bucket_resource.go does not expose any qos_policy field.qos_policy_member.go (the flashblade_qos_policy_member resource / mica:index:QosPolicyMember) explicitly excludes buckets:
member_type — "The type of the member. Valid values: file-systems, realms.
Note: buckets are not supported on API v2.22."
Consequence: flashblade_qos_policy can be created against an object store, but cannot be attached to anything S3-related, making the resource effectively a no-op for S3 use cases.
Requested change
Either of (preferred order):
Option A — Add qos_policy to the bucket resource (preferred)
Mirrors the REST API exactly: a single qos_policy (string, name of an existing policy) optional field on flashblade_bucket. Setting it to null/absent means no QoS attached. Updating it triggers a
PATCH on the bucket.
resource "flashblade_bucket" "example" {
name = "data-lake"
account = "myaccount"
qos_policy = flashblade_qos_policy.bucket_throttle.name # NEW
}This is the most idiomatic mapping and supports import cleanly.
Option B — Extend QosPolicyMember to accept member_type = buckets
Removes the existing restriction. Less idiomatic (QoS becomes a separately-managed link) but consistent with how file-systems and realms work today.
Either option unblocks the use case; A is cleaner.
Use case
We use this provider via pulumi-mica to manage 300+ projects' S3 footprint. Per-bucket QoS is the standard FinOps lever to prevent noisy-neighbor effects between dev/test workloads sharing a
FlashBlade. Today our Pulumi code creates QoS policies that go nowhere because the link can't be expressed.
Acceptance criteria
flashblade_bucket accepts a qos_policy field (Option A) or flashblade_qos_policy_member.member_type accepts "buckets" (Option B).- Acceptance test against a real FlashBlade verifies the policy is attached and detached.
- Documentation updated.
Workaround in the meantime
We are removing the unused flashblade_qos_policy resource creation from our codebase to avoid creating orphan policies on the array.
Summary
The provider currently does not support attaching a QoS policy to an object store bucket. This is the only granularity at which Pure FlashBlade exposes QoS for S3 workloads, so without provider support
there is no way to enforce per-bucket throttling via Terraform/Pulumi.
Context
The Pure FlashBlade REST API exposes QoS attachment for buckets in two ways:
Bucket.qos_policyfield — aFixedReferenceto a QoS policy, settable on bucket create/update.Confirmed in
pypureclient/flashblade/_common/models/bucket_v_2_22.py:QosPolicyMemberwithmember_type=buckets— would mirror the existingfile-systems/realmsflow.Current state in the provider
internal/provider/bucket_resource.godoes not expose anyqos_policyfield.qos_policy_member.go(theflashblade_qos_policy_memberresource /mica:index:QosPolicyMember) explicitly excludes buckets:Consequence:
flashblade_qos_policycan be created against an object store, but cannot be attached to anything S3-related, making the resource effectively a no-op for S3 use cases.Requested change
Either of (preferred order):
Option A — Add
qos_policyto the bucket resource (preferred)Mirrors the REST API exactly: a single
qos_policy(string, name of an existing policy) optional field onflashblade_bucket. Setting it tonull/absent means no QoS attached. Updating it triggers aPATCH on the bucket.
This is the most idiomatic mapping and supports
importcleanly.Option B — Extend
QosPolicyMemberto acceptmember_type = bucketsRemoves the existing restriction. Less idiomatic (QoS becomes a separately-managed link) but consistent with how
file-systemsandrealmswork today.Either option unblocks the use case; A is cleaner.
Use case
We use this provider via
pulumi-micato manage 300+ projects' S3 footprint. Per-bucket QoS is the standard FinOps lever to prevent noisy-neighbor effects between dev/test workloads sharing aFlashBlade. Today our Pulumi code creates QoS policies that go nowhere because the link can't be expressed.
Acceptance criteria
flashblade_bucketaccepts aqos_policyfield (Option A) orflashblade_qos_policy_member.member_typeaccepts"buckets"(Option B).Workaround in the meantime
We are removing the unused
flashblade_qos_policyresource creation from our codebase to avoid creating orphan policies on the array.