https://pulumi.com logo
#general
Title
# general
e

early-musician-41645

06/19/2019, 11:55 PM
Is there a way to pass a value to the
async delete
method of a dynamic resource provider?
My
async delete(id, props)
method requires some auth arguments to form a REST
DELETE
request. For the
async create(inputs)
I just added the auth data into the
inputs
and had no trouble. How can I make those available to
delete
?
w

white-balloon-205

06/20/2019, 12:01 AM
You can reference variables from the enclosing scope that contain these credentials - getting the values out of globals (perhaps from Pulumi config), or from parameters passed in to the Provider implementation somehow.
e

early-musician-41645

06/20/2019, 12:01 AM
It's more complicated - the auth is pulled from aws secretsmanager
w

white-balloon-205

06/20/2019, 12:01 AM
Putting these in the
inputs
probably isn't right here - there won't be any inputs during a
delete
.
e

early-musician-41645

06/20/2019, 12:02 AM
right, so how do I pass it to the provider?
w

white-balloon-205

06/20/2019, 12:03 AM
It's more complicated - the auth is pulled from aws secretsmanager
That should still be possible. Is it pulled from secrets manager at deployment time via
aws.secretsmanager.getSecretVersion
?
e

early-musician-41645

06/20/2019, 12:04 AM
I spent a couple days trying to get that method to work and eventually just used the
aws-sdk
instead. So the secret is pulled like this:
Copy code
28 var secretsmanager = new AWS.SecretsManager();
 29 secretsmanager.getSecretValue({ SecretId: "eshamay-test" }, function(err: any, data: any) {
 30   if (err) {
 31     console.log("ERROR getting secret for service account", err);
 32     throw err;
 33   } else {
 34     const savedSearch = new splunk.SavedSearch("foo-search", {
 35       name: "foo-eshamay-test-1",
 36       description: "eshamay's test search",
 37       search: 'search index=online_prod source="*10ay*" earliest=-5m | stats count as Total',
 38       splunkAuthSecret: data.SecretString,
 39     });
 40   }
 41 });
 42
the SavedSearch is my
pulumi.dynamic.Resource
so the resource is created in the callback
I worked around this by doing this:
Copy code
81 export class SavedSearch extends pulumi.dynamic.Resource {
 82   public readonly name: pulumi.Output<string>;
 83
 84   private static provider = new SavedSearchProvider();
 85
 86   constructor(name: string, props: SavedSearchInput, opts?: pulumi.CustomResourceOptions) {
 87     super(SavedSearch.provider, name, props, opts);
 88
 89     SavedSearch.provider.setAuth(props.splunkAuthSecret);
 90   }
 91 }
The creds are still in the
inputs
, but then I added a setter to the provider to create an instance variable that I can use in the
delete
method
Not ideal, but it works
w

white-balloon-205

06/20/2019, 12:16 AM
Yeah - something along those lines is likely going to be the best option. Writing a short example of a possibly slightly "nicer" interface now that I'll share.
Actually - going back to the original question. If you do want to pass this data through the resource properties, your
delete
implementation is passed the old
props
for the resource, so any credentials provided at creation time will be available on the
props
. Was that not working for you? Note that the Pulumi program does not run at all during a
destroy
- so there is no way to pass new values in during the deletes for a destroy - the only data you have available to you is either: 1. The old inputs from when the resource was created/updated. 2. The serialized implementation of the
delete
body, which itself may have serialized in some state captured during that last update.