https://pulumi.com logo
#general
Title
# general
f

fierce-carpet-95079

04/18/2019, 1:06 PM
I am having an issue with Pulumi resources not being destroyed correctly because dependent resources that need to be destroyed first have not finished. How do you change the order in which items are destroyed and make sure that items wait on the dependent resources to be destroyed first? (Stack details posted in the thread)
Example I have this stack
Copy code
pulumi up
Previewing update (test-cf-stite):

     Type                                    Name                      Plan       
 +   pulumi:pulumi:Stack                     typescript-test-cf-stite  create     
 +   ├─ aws:cloudfront:OriginAccessIdentity  pulumi-oid                create     
 +   └─ aws:s3:Bucket                        pulumi-test               create     
 
Resources:
    + 3 to create

Do you want to perform this update? yes
Updating (test-cf-stite):

     Type                                    Name                      Status      
 +   pulumi:pulumi:Stack                     typescript-test-cf-stite  created     
 +   ├─ aws:cloudfront:OriginAccessIdentity  pulumi-oid                created     
 +   ├─ aws:s3:Bucket                        pulumi-test               created     
 +   ├─ aws:s3:BucketPolicy                  pulumi-test               created     
 +   ├─ aws:s3:BucketObject                  index.html                created     
 +   └─ aws:cloudfront:Distribution          s3_distribution           created     
 
Outputs:
    result: {
		…
        }

Resources:
    + 6 created
The first time I run destroy the S3 bucket and the originAccessIdentity are not deleted because they need the distribution and bucket objects to be deleted prior to their own deletion
Copy code
pulumi destroy
Previewing destroy (test-cf-stite):

     Type                                    Name                      Plan       
 -   pulumi:pulumi:Stack                     typescript-test-cf-stite  delete     
 -   ├─ aws:s3:BucketPolicy                  pulumi-test               delete     
 -   ├─ aws:cloudfront:OriginAccessIdentity  pulumi-oid                delete     
 -   ├─ aws:s3:Bucket                        pulumi-test               delete     
 -   ├─ aws:cloudfront:Distribution          s3_distribution           delete     
 -   └─ aws:s3:BucketObject                  index.html                delete     
 
Resources:
    - 6 to delete

Do you want to perform this destroy? yes
Destroying (test-cf-stite):

     Type                                    Name                      Status                  Info
     pulumi:pulumi:Stack                     typescript-test-cf-stite  **failed**              1 error
 -   ├─ aws:cloudfront:OriginAccessIdentity  pulumi-oid                **deleting failed**     1 error
 -   ├─ aws:s3:BucketObject                  index.html                deleted                 
 -   ├─ aws:s3:BucketPolicy                  pulumi-test               deleted                 
 -   ├─ aws:s3:Bucket                        pulumi-test               **deleting failed**     1 error
 -   └─ aws:cloudfront:Distribution          s3_distribution           deleted                 
 
Diagnostics:
  aws:cloudfront:OriginAccessIdentity (pulumi-oid):
    error: Plan apply failed: deleting urn:pulumi:test-cf-stite::typescript::aws:cloudfront/originAccessIdentity:OriginAccessIdentity::pulumi-oid: CloudFrontOriginAccessIdentityInUse: The CloudFront origin access identity is still being used.
        status code: 409, request id: 6e564af1-61d8-11e9-9dd7-c780d1eb40e1
 
  pulumi:pulumi:Stack (typescript-test-cf-stite):
    error: update failed
 
  aws:s3:Bucket (pulumi-test):
    error: Plan apply failed: deleting urn:pulumi:test-cf-stite::typescript::aws:s3/bucket:Bucket::pulumi-test: error deleting S3 Bucket (pulumi-test): BucketNotEmpty: The bucket you tried to delete is not empty
        status code: 409, request id: 97DAABBD513F9967, host id: Rseeqo0ynSBY7our/eQKsciIFBDBrG6muXDi4+QJhU4G0jaWRLn2V/zfeJlWNyBTau+n7QoPkuQ=
 
Resources:
    - 3 deleted
If I run destroy a second time then the rest of the resources are cleaned up since the distribution and bucket objects are now deleted.
Copy code
pulumi destroy
Previewing destroy (test-cf-stite):

     Type                                    Name                      Plan       
 -   pulumi:pulumi:Stack                     typescript-test-cf-stite  delete     
 -   ├─ aws:cloudfront:OriginAccessIdentity  pulumi-oid                delete     
 -   └─ aws:s3:Bucket                        pulumi-test               delete     
 
Resources:
    - 3 to delete

Do you want to perform this destroy? yes
Destroying (test-cf-stite):

     Type                                    Name                      Status      
 -   pulumi:pulumi:Stack                     typescript-test-cf-stite  deleted     
 -   ├─ aws:cloudfront:OriginAccessIdentity  pulumi-oid                deleted     
 -   └─ aws:s3:Bucket                        pulumi-test               deleted     
 
Resources:
    - 3 deleted
Is there a way to change the destroy sequencing so I only need to run the command once?
g

gentle-diamond-70147

04/18/2019, 2:50 PM
You can use
dependsOn
to influence the underlying dependency graph. https://pulumi.io/reference/programming-model.html#dependson
f

fierce-carpet-95079

04/18/2019, 3:52 PM
Thanks!