Hi, I'm using Pulumi in multiple projects to provision Cloud or Kubernetes resources. I wonder if it's possible to use it for non-provisioning use cases too. The project that I'm working on, creates some TLS certificates and puts them in Kubernetes secrets. Now, I want to make a program that regularly checks these generated certificates and alerts when they are near to expiry. I can make a non-Pulumi program to browse Kubernetes Secrets and check certificates, but I rather use Pulumi constructs - e.g. StackReference - to find generated certificates without connecting to Kubernetes. Unlike regular Pulumi programs, this program have nothing with pulumi commands like

up

. The rationale behind my preference is that I'll have yet another program to renew certificates and that program will have some commonality with this one. Has anyone dealt with a scenario like this?

if you’re using pulumi cloud, maybe you’d be able to use its api for this? https://www.pulumi.com/docs/pulumi-cloud/cloud-rest-api/#get-stack-state

One option is to have the stack in question produce outputs containing IDs etc. of the things you want to inquire about. Then you can use the Pulumi Automation API (https://www.pulumi.com/docs/using-pulumi/automation-api/) to open the stack and check out its outputs, using those in tandem with e.g. your language of choice's K8s SDK. So it's a "non-Pulumi program" in the sense that you are not managing Pulumi resources, but it uses the Automation API to get a hold of the relevant IDs and so in this way doesn't drift from Pulumi's state.

@lively-crayon-44649 Thank you. I used to process

pulumi stack export

and compare it with

Pulumi.stack.config

contents. I like your suggestion better.