This message was deleted.

I had a somewhat similar use-case, and I think pulumi is not designed for this kind of orchestration, but happy to be proven wrong if someone accomplished this in the past. As it is a programming language, I guess you could just call an API directly to do pre/post actions, while using pulumi resources for the core infra

Thanks @shy-mouse-10008 Just wondering if we could use CustomResourceOptions DependsOn ?

I don’t think

dependsOn

will help here. Can you provide more detail on why the firewall rules need to be created for the duration of the deployment process? Perhaps that would help me find a solution for you.

Thanks @salmon-account-74572 We want to create a sql user for a managed identity and once the user is created we would like to remove the firewall rule. From the azure pipeline the build agent needs to connect to the sql server and create the sql user after that we dont want to keep the firewall rule for the build agent

I see, gotcha. @shy-mouse-10008’s recommendation of making the necessary API calls is probably the most straightforward way to handle it. If you’re running in a CI/CD pipeline of some sort, you might be able to use pre-start/post-stop jobs/tasks to help. Pulumi itself doesn’t have a mechanism of which I’m aware to handle this sort of task.

Use automation api and separate stacks but both can run in sequence, the parent and child stack.

Hehe, this an alternative on using the API directly. Have a Pulumi stack just for the network rule resource, and then: • Pulumi up network rule • Pulumi up main stack • Pulumi down network rule But this would require external orchestration We are using automation API, but the problem is sort of the same if you'd run it manually

True, it needs some orchestration. Here's an example of what that might look like, https://github.com/gitfool/Pulumi.Dungeon/blob/3a1cdb1ec9ad3d8094ae56795c4e03ca18e5a241/Cli/DeployCommand.cs#L53 This one is pretty straight forward. The whole application is sort of an opinionated version of the pulumi cli. It handles stack dependencies and will run dependent stacks first.