https://pulumi.com logo
Join Slack
Powered by
Is there a way to pass a value to the `async delet...
# general
e
Is there a way to pass a value to the 
async delete
method of a dynamic resource provider?
My 
async delete(id, props)
method requires some auth arguments to form a REST 
DELETE
request. For the 
async create(inputs)
I just added the auth data into the 
inputs
and had no trouble. How can I make those available to 
delete
?
w
You can reference variables from the enclosing scope that contain these credentials - getting the values out of globals (perhaps from Pulumi config), or from parameters passed in to the Provider implementation somehow.
e
It's more complicated - the auth is pulled from aws secretsmanager
w
Putting these in the 
inputs
probably isn't right here - there won't be any inputs during a 
delete
.
e
right, so how do I pass it to the provider?
w
It's more complicated - the auth is pulled from aws secretsmanager
That should still be possible. Is it pulled from secrets manager at deployment time via 
aws.secretsmanager.getSecretVersion
?
e
I spent a couple days trying to get that method to work and eventually just used the 
aws-sdk
instead. So the secret is pulled like this:
Copy code
28 var secretsmanager = new AWS.SecretsManager();
 29 secretsmanager.getSecretValue({ SecretId: "eshamay-test" }, function(err: any, data: any) {
 30   if (err) {
 31     console.log("ERROR getting secret for service account", err);
 32     throw err;
 33   } else {
 34     const savedSearch = new splunk.SavedSearch("foo-search", {
 35       name: "foo-eshamay-test-1",
 36       description: "eshamay's test search",
 37       search: 'search index=online_prod source="*10ay*" earliest=-5m | stats count as Total',
 38       splunkAuthSecret: data.SecretString,
 39     });
 40   }
 41 });
 42
the SavedSearch is my 
pulumi.dynamic.Resource
so the resource is created in the callback
I worked around this by doing this:
Copy code
81 export class SavedSearch extends pulumi.dynamic.Resource {
 82   public readonly name: pulumi.Output<string>;
 83
 84   private static provider = new SavedSearchProvider();
 85
 86   constructor(name: string, props: SavedSearchInput, opts?: pulumi.CustomResourceOptions) {
 87     super(SavedSearch.provider, name, props, opts);
 88
 89     SavedSearch.provider.setAuth(props.splunkAuthSecret);
 90   }
 91 }
The creds are still in the 
inputs
, but then I added a setter to the provider to create an instance variable that I can use in the 
delete
method
Not ideal, but it works
w
Yeah - something along those lines is likely going to be the best option. Writing a short example of a possibly slightly "nicer" interface now that I'll share.
Actually - going back to the original question. If you do want to pass this data through the resource properties, your 
delete
implementation is passed the old 
props
for the resource, so any credentials provided at creation time will be available on the 
props
. Was that not working for you? Note that the Pulumi program does not run at all during a 
destroy
- so there is no way to pass new values in during the deletes for a destroy - the only data you have available to you is either: 1. The old inputs from when the resource was created/updated. 2. The serialized implementation of the 
delete
body, which itself may have serialized in some state captured during that last update.
Open in Slack
PreviousNext
Powered by