https://pulumi.com logo
Title
e

echoing-oil-42947

04/28/2023, 3:35 PM
Is there some way to create a resource when running pulumi up; but then destroy it when pulumi up is finished? (e.g. to open a firewall)
s

salmon-account-74572

04/28/2023, 4:10 PM
The Command provider would be one way. If the firewall vendor has a provider, then that would be another way (of course).
e

echoing-oil-42947

04/28/2023, 4:11 PM
Yeah I've been working with the command provider
I ended up just going with 2 command resources and manual dependency declarations
s

salmon-account-74572

04/28/2023, 4:13 PM
If the firewall has an API, you could choose to potentially interact with their API directly from whatever language you’re using.
If not…well, the Command provider is probably the only option.
e

echoing-oil-42947

04/28/2023, 4:15 PM
It's a RouterOS Firewall, so SSH is pretty ergonomic
s

salmon-account-74572

04/28/2023, 4:28 PM
Fair enough!
e

echoing-oil-42947

04/28/2023, 4:47 PM
As a slightly related question; is there a way to get something more helpful than "Process failed with exit code 1" when an ssh remote command fails?
s

salmon-account-74572

04/28/2023, 4:51 PM
Unfortunately, no (not AFAIK).
b

brave-motorcycle-67487

04/28/2023, 9:30 PM
Depending on what exactly needs to happen, it may be easier to do that externally to pulumi. We generally run pulumi from Github Actions and there's a step that comes before the pulumi run that sets up a vpn connection; if I needed to open and close a firewall hole I would probably write a little shell or python script that does that and wraps pulumi in the middle
e

echoing-oil-42947

04/28/2023, 9:32 PM
That's probably a better idea than what I have running
I've also considered some sort of stack automation, the issue is that all of the credentials are in pulumi configuration and I don't really want to move them if I can avoid it