https://pulumi.com logo
#azure
Title
# azure
r

rhythmic-receptionist-62263

06/13/2023, 1:26 AM
Hi Can anyone confirm what sort of config drift detection is in place for Pulumi. I have a case where I'm doing azure policies with pulumi, some policy assignments have been deleted outside of pulumi but Pulumi is not detecting anything amiss. My expectation was that when pulumi up is run then it would detect that some policy assignments are not longer present and replace them. But in practice it thinks they are still present and no changes need to be made. I ran a destroy and up again and it recreated everything. Then I intentionally deleted all the policy assignment and reran pulumi up and again it showed no changes being required. Is there something I'm missing here? or is there something I'm missing in my code?
b

billowy-army-68599

06/13/2023, 1:28 AM
@rhythmic-receptionist-62263 Pulumi doesn’t refresh the provisioned resource by default. You need to run pulumi up -r
r

rhythmic-receptionist-62263

06/13/2023, 1:58 AM
Ah thanks, is there a reason why as a user that wants to run this on a schedule wouldn't want to have the refresh parameter specified?
b

billowy-army-68599

06/13/2023, 1:59 AM
nope, it’s just slightly quicker without refresh 🙂 you can configure refresh to run per stack in the config file as well
in
Pulumi.yaml
Copy code
options:
  refresh: always
r

rhythmic-receptionist-62263

06/13/2023, 2:04 AM
ah awesome, thanks @billowy-army-68599 didn't realise there was a config item for that.
i

icy-doctor-13719

06/14/2023, 3:16 PM
here’s a github action that someone on here shared with me a while back that ive been using for months:
Copy code
name: cron_azure_drift_pulumi_REDACTED

on:
  schedule:
    - cron: '0 0 * * 1'
  workflow_dispatch:

env:
  DOTNET_VERSION: '7.0.x'
  azure-creds: ${{ secrets.AZURE_CREDENTIALS_REDACTED }}
  stack: REDACTED

jobs:
  drift-check:
    name: Drift Check
    runs-on: ubuntu-latest

    steps:
      - uses: actions/checkout@v2

      # Log in to Azure
      - uses: azure/login@v1
        with:
          creds: ${{ env.azure-creds }}

      - uses: actions/setup-dotnet@v1
        with:
          dotnet-version: 7.x
      - name: Setup Pulumi CLI
        uses: pulumi/setup-pulumi@v2.0.0

      - name: Detect drift
        id: pulumi-drift
        working-directory: REDACTED
        shell: bash {0}
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
        run: |
          out=$(pulumi preview -v=0 --refresh --diff --expect-no-changes --stack "REDACTED/${{ env.stack }}")
          printf 'status=%s\noutput<<EOF\n%s\nEOF' $? "$out" >> $GITHUB_OUTPUT

      - name: Create Issue on Drift
        if: ${{ contains(steps.pulumi-drift.outputs.output, 'to update') }}
        uses: dacbd/create-issue-action@main
        with:
          token: ${{ github.token }}
          title: Drift Detected in `${{ env.stack }}`
          body: |
            ### Configuration Drift was Detected in `${{ env.stack }}`
            - [Failed Run](<https://github.com/${{> github.repository }}/actions/runs/${{ github.run_id }})
            - [Codebase](<https://github.com/${{> github.repository }}/tree/${{ github.sha }})
            ### Details
            `
${{ steps.pulumi-drift.outputs.output }}
Copy code
`
          assignees: REDACTED
          labels: REDACTED

      # Log out of Azure
      - name: logout
        run: az logout
2 Views