https://pulumi.com logo
#azure
Title
# azure
m

most-waiter-72594

12/11/2023, 4:51 PM
Hi, Is there any way to do pre and post deployments in Pulumi. We would like to create firewall rule as pre deployment and delete the firewall rule after we finish the deployments as post deployment.
s

shy-mouse-10008

12/12/2023, 12:12 AM
I had a somewhat similar use-case, and I think pulumi is not designed for this kind of orchestration, but happy to be proven wrong if someone accomplished this in the past. As it is a programming language, I guess you could just call an API directly to do pre/post actions, while using pulumi resources for the core infra
m

most-waiter-72594

12/12/2023, 9:24 AM
Thanks @shy-mouse-10008 Just wondering if we could use CustomResourceOptions DependsOn ?
s

salmon-account-74572

12/12/2023, 5:45 PM
I don’t think
dependsOn
will help here. Can you provide more detail on why the firewall rules need to be created for the duration of the deployment process? Perhaps that would help me find a solution for you.
m

most-waiter-72594

12/13/2023, 2:09 PM
Thanks @salmon-account-74572 We want to create a sql user for a managed identity and once the user is created we would like to remove the firewall rule. From the azure pipeline the build agent needs to connect to the sql server and create the sql user after that we dont want to keep the firewall rule for the build agent
s

salmon-account-74572

12/13/2023, 4:32 PM
I see, gotcha. @shy-mouse-10008’s recommendation of making the necessary API calls is probably the most straightforward way to handle it. If you’re running in a CI/CD pipeline of some sort, you might be able to use pre-start/post-stop jobs/tasks to help. Pulumi itself doesn’t have a mechanism of which I’m aware to handle this sort of task.
b

bored-activity-40468

12/15/2023, 9:17 PM
Use automation api and separate stacks but both can run in sequence, the parent and child stack.
s

shy-mouse-10008

12/15/2023, 11:10 PM
Hehe, this an alternative on using the API directly. Have a Pulumi stack just for the network rule resource, and then: • Pulumi up network rule • Pulumi up main stack • Pulumi down network rule But this would require external orchestration We are using automation API, but the problem is sort of the same if you'd run it manually
b

bored-activity-40468

12/15/2023, 11:31 PM
True, it needs some orchestration. Here's an example of what that might look like, https://github.com/gitfool/Pulumi.Dungeon/blob/3a1cdb1ec9ad3d8094ae56795c4e03ca18e5a241/Cli/DeployCommand.cs#L53 This one is pretty straight forward. The whole application is sort of an opinionated version of the pulumi cli. It handles stack dependencies and will run dependent stacks first.