steep-caravan-65104
03/06/2020, 7:29 AMindex.ts
, then pulumi up
shows the expected behaviour. However, if I change the double quotes to single quotes, then GCP keys from one of the imported files are prompted for deletion. This looks like a pulumi bug. Please let me know if you need any additional details, I can file a github issue or provide more details in private chat.
cluster.ts
import * as gcp from "@pulumi/gcp";
import { config } from "./config";
import { regionalKeyring } from "./keyrings";
export const experimentsregionalClusterKey = new gcp.kms.CryptoKey(
config.regionalClusterKey,
{
keyRing: regionalKeyring.selfLink,
rotationPeriod: "31556952s",
name: config.regionalClusterKey,
purpose: "ENCRYPT_DECRYPT"
},
{
protect: true
}
);
export const regionalClusterKeyEDPerms = new gcp.kms.CryptoKeyIAMBinding(
config.regionalClusterKeyEDPermsName,
{
cryptoKeyId: `${config.gcpProject}/${config.gcpRegion}/${config.regionalKeyring}/${config.regionalClusterKey}`,
members: [config.k8sServiceAgent],
role: "roles/cloudkms.cryptoKeyEncrypterDecrypter"
}
);
index.ts
with single quotes in the export
statements.
This prompts for deletion of the key and permissions imported from the cluster.ts
file above when performing pulumi up
export * from './pulumi'
export * from './cluster'
export * from './cloudbuild'
export * from './apps/zzz'
pulumi up
output with this file. The deletion fails in preview as the key is protected.
gcp:kms:CryptoKey <regional-cluster-key-name> delete 1 error
index.ts
with double quotes in the export
statements. This does NOT prompt for deletion of any resources which is the expected behaviour.
export * from "./pulumi";
export * from "./cluster";
export * from "./cloudbuild";
export * from "./apps/zzz";
white-balloon-205
03/07/2020, 6:16 PMglamorous-printer-66548
03/08/2020, 12:20 AMsteep-caravan-65104
03/09/2020, 3:57 AM