https://pulumi.com logo
Join Slack
Powered by
Hello, I'm a beginner using pulumi, I want to migr...
# getting-started
a
Hello, I'm a beginner using pulumi, I want to migrate my terraform project to pulumi but I don't understand some issues that I encounter. I'm creating pager duty user that I keep in a list of pager duty user 
[]*pagerduty.User
, same for pager duty teams. I will have to use the IDs for other ressources but I also want to compare a string with 
pulumi.StringOutput
is it only possible using the applyT function ? Also, if I want to make sure that the ID (or name or email) of the pagerduty user is avaible, i'il still need to use the applyT function ?
l
Yes. However, you shouldn't need to check the name of a PagerDuty user, since you're migrating: the users will already exist, you import them, it's all good. No clash.
Unless you're making a self-serve app of some sort, with automation-api. But you're migrating from Terraform, so you're not doing that 🙂
a
Yes I will import the users, So if I understand well, for the creation of a team membership, if I want to compare the created users to see if they belong to one the team that I just created I will do an applyT function and inside of that function, do a newteammembership ? because I tried to export a string value as a return of the applyT func but it didn't worked (gave me an internal.output type) And when I imported my users, I tried to do a pulumi up but I had a "waiting for RPCs: unexpected unknown property value for"
l
No. When using outputs with Pulumi constructors, you do not need applyT. Pulumi looks after that for you.
You generally shouldn't need to check the configuration of existing resources. That's not how infrastructure projects are generally architected. They're not like web applications.
a
I understand, but I have to create some users, then create teams and membership using my input saying that user A and B belong to team X and user C belong to team W. If i just store the ID of the user inside of my input User structure as a 
pulumi.IDOutput
, will pulumi handle (in the membership resource) the wait (that the user is created) ?
l
Don't the teams and memberships already exist in AWS? You don't need to do any checks. Just import everything. Set the desired state. Pulumi does the rest.
Yes, Pulumi will handle it. You import the membership, and you set the memberships user and group IDs to the IDs of the user and group that you've already just imported. It just works.
It'll be a pain while importing; there's almost no chance that you'll get it going perfectly, first time. You'll need to tweak code and update properties and all that. But it would work perfectly if you magically got everything set up just right, and could tell which properties need to be left unset, which need to be set to defaults, and which need to be properly set. But you'll figure it all out in a couple of iterations.
a
Yes it already exist, but when I import a user it just give me onea function for each User and I don't want this. Thats why I'm coding the infrastructure from scratch, using loop for example. But as I'm also a little bit new to golang, i'm wondering how to create users, teams and membership, but the membership is a little bit tricky because there is multiple teams and users
l
Are your PagerDuty users frequently changing? Are they important parts of your infrastructure? If a PagerDuty user leaves the company and is off-boarded, do you want a code review to ensure that you're removed the correct user from your infrastructure?
In most cases like yours, where there's no SSO and you're managing your users like this, I think you should want tight control over your users. You don't want to manage them fungibly, in a loop. You do want them listed expiictly.
It also makes importing them a lot easier.
a
Not frequently, but still, I don't want to hardcode this or anything else, They are listed in an input file in a list of structure (with mails and so on). I had in mind to create all of our users, then store the IDs, create all of the teams then store the IDs, then check in my input file which user belong to which team, retrieve the stored IDs and create a membership, is this a good way to do it ?
l
No. You create all the users and teams in the normal way, and use the IDs of both to create the memberships. It all happens in code. You don't store the IDs anywhere. They're values in variables. Pulumi stores the values in state.
Also, if you want to not hardcode all the users, you're not going to be able to import them effectively. The data massaging you would need to do would be horrific and gigantic. I strongly recommend against that.
If you want to create your users in a loop, which I recommend against, then it will be much easier to create new users and destroy the old ones.
a
So if I have 6 users and 2 teams, you suggest that I create 18 resources ? I created a 
map[*string*]*pagerduty.User{}
to store my user with 
createdUsers[userInfo.Email] = user
, same for teams, and i did
Copy code
for _, user := range users {
        if len(user.Teams) != 0 {
            for _, teamName := range user.Teams {
                pdUserID = pdUsers[user.Email].ID()
                pdTeamID = pdTeams[teamName].ID()
                _, err := pagerduty.NewTeamMembership(ctx, teamName+user.Email, &pagerduty.TeamMembershipArgs{
                    UserId: pdUserID,
                    TeamId: pdTeamID,
                    Role:   pulumi.String("manager"),
                })
and it works. But I had a bug, I imported the team membership and I had this diff :
Copy code
[provider: urn:pulumi:alteia::pagerduty::pulumi:providers:pagerduty::default_4_8_1::5838e4ef-9af4-4874-b4a7-1183eb53abc8 => urn:pulumi:alteia::pagerduty::pulumi:providers:pagerduty::default::1676f13a-f0a9-4f25-9cc8-22a9d3ec30f7]
   + role : "manager"
even though the role was already defined ... I applied and it works also ... Same for users where pulumi wanted to remove the timezone ... 🤷‍♂️
l
If you have 6 users and 2 teams, then you need 8 resources, plus however many memberships are required to get the right users in the right teams. Since it's working for you, you should keep going; I'm glad my reservations about how it would work are proving wrong. Why do you store the IDs outside of the resources? You use 
user.Email
, can you not use 
user.ID
? Why do you have to use 
pdUsers[user.Email].ID
? I'm assuming that 
user
is the resource returned by Pulumi.
a
Yes 8 resources + membership so around 10+ resources 'm not storing the ID outside the resources, i store the resource in a map and the email is the key. So when I want to search for a user it's better to search in the map using the email. pdUsers is the name of the map, user.email is the key and ID is the ID of the user
Open in Slack
PreviousNext
Powered by