I've noticed a foot-gun when using resources that are not explicitly named in the provider. For example DNS records: • I add a DNS record named "foo" • I run

pulumi up

• I decide actually "bar" is a better name • I run

pulumi up

What I expect to happen: • DNS record is created, and then on the second

pulumi up

either left alone (option 1) or deleted and then re-created (option 2) What actually happens: • DNS record is created, and then on the second

pulumi up

the resource is created (no-op since it already exists) and then deleted. At this point the Pulumi state is inconsistent with the provider, since the record exists in the state but does not exist in the provider! Is there a way to avoid this kind of foot-gun?

Which provider is this in regards to? When you say "name" in your steps I want to assume "Pulumi name" but perhaps it's subdomain or something else? A code snippet would help as well

Yeh the engine doesn't handle these very well today: https://github.com/pulumi/pulumi/issues/9925 The response from the provider makes it think that it's a new separate resource that's been created, so the delete on the old ID should be safe but actually they're both the same physical resource.

oh there we go, thx Fraser 😄

Yeah "foo"/"bar" are the Pulumi name, and this affects resources which do not get a provider name

I'd suggest using aliases to rename them https://www.pulumi.com/docs/iac/concepts/options/aliases/ You could also mark them protected https://www.pulumi.com/docs/iac/concepts/options/protect/ so the engine doesn't try to delete them, or retain on delete https://www.pulumi.com/docs/iac/concepts/options/retainondelete/ which the engine will skip the delete for it (caveat that means they'll never get cleaned up) This is a surprisingly tricky problem but one we do keep thinking about on how to make it better.

is this a problem that affects terraform as well?

I'm not sure

Terraform is similar here, it also considers a resource to be different if you change its logical name, and you have to explicitly move resources to avoid this. (See https://developer.hashicorp.com/terraform/language/moved and https://developer.hashicorp.com/terraform/language/modules/develop/refactoring.)

@modern-zebra-45309 that's not the issue though - the issue is that the state gets out of sync with the provider

Sorry, seems like I have misunderstood what you're trying to do. I thought you were ultimately trying to rename a resource.

I'm trying to prevent accidental loss of resources when a logical name is changed. Typically the downside to not doing an explicit rename is that the resource is re-created, which might be a problem if it has state that would be lost, or if it would cause downtime, but if neither of those are concerns then that's fine. This case is exceptional, because changing the logical name can cause resources to be lost permanently.