No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

do tools exist to scan your cloud, compare that to your pulumi state, and report any unmanaged resources?

Not that I know of, but that would be pretty cool :eyes:
I'm certain a hacky version could be done, likely wrapping azcli, since it can output in json. If this tool could be taught to modify pulumi state, then we'd have auto-importing, and that would be super cool.

Codegen to reflect the imported stuff would be the next step after that, but codegen sounds hard

yeah.... i wouldn't trust codegen for this

i just mean for auditing/alerting, and then people can figure out if it needs to be imported, cleaned up, or excluded

I could envision a basic solution that leverages the cloud CLIs to generate a list of ARNs and similarly get the ARNs from pulumi state and diff the collections.  You can probably get ChatGPT to stub out the basics for you even.

i really don't need help stubbing. if anything, i need help identifying the weird edge cases (like azure virtual disks should not be included unless they're not attached) or designing the exceptions system (eg, allow excluding entire resource groups instead of just specific resource)

Sounds like you need policies somewhere.  Pulumi offers Policy as Code that can help with that, or cloud native solutions, or OPA and the like.

maybe, but shit happens, so a system to identify the weirdness would still be useful

like, azure has like 50 ways to implicitly make additional resources, and then they don't conform to the policies that compliance engines are looking for, and it's a whole _thing_