This message was deleted.
# general
s
This message was deleted.
c
When you run
pulumi update
, it does the comparison against what is stored on pulumi.com. (i.e. the last time
pulumi update
was ran against that stack, which may have been from a different user.) If changes to the infrastructure were made outside of Pulumi, it’s possible you can run into conflicts that would cause issues with the subsequent update. You can run
pulumi refresh
which will “sync” the current state of cloud resources with what is stored on Pulumi.com. i.e. bring in any updates made manually. However, there isn’t a way to just answer the question “has a change been made outside of Pulumi.”
Is there a particular scenario you had in mind? It sounds like this is a feature we should consider adding.
l
I'm thinking of times where a quick manual change may be needed in production, but then we want to bring that change back under version control. Or just catching bad practices in test environments. CloudFormation is planned to have a Drift Detection feature which sounds like it will be very useful, but no idea when it will be released
w
Note that
pulumi refresh
presents a preview prior to doing the refresh - so it will tell you what changes have been made in the target environment which are not represented in the current checkpoint. As Chris notes, you can accept those and update the checkpoint to match the target cloud environment. You would of course then need to decide what if any changes you want to make sense to the desired state represented in your Pulumi program, depending on whether you wanted to make those manual patches permanent, or wanted to intentionally overwrite them with another desired state.
👍 1
l
okay, that sounds like it would be the equivalent. Not sure if it's possible yet, but I'd really like to enforce a process in the CD pipeline which says no deployments are allow to an environment if manual uncontrolled changes are detected
w
Absolutely - in fact, we are just about to add support for exactly that by using
refresh
with the
--expect-no-changes
flag, and failing CI if that doesn't pass. See https://github.com/pulumi/pulumi/pull/1394.
👍 1
l
that's awesome 🙂