https://pulumi.com logo
Join Slack
Powered by
so `protect` -- will it allow me to tear down ever...
# general
b
so 
protect
-- will it allow me to tear down everything except `protect`ed resources?
w
Currently no - an attempt to delete a `protect`ed resource will fail the deployment and other deletions will not be processed. I believe https://github.com/pulumi/pulumi/issues/3304 would address this.
b
oh
that's pretty.. limiting
w
Please do upvote that issue! (Or open a new one if there's another scenario you'd like to see supported here?)
b
wow, that's disappointing
w
Could you explain a little more what the scenario is you have in mind and how this blocks it?
b
I have a bunch of infra, including a database for example
and when I destroy, I don't really want to take out my storage without some manual intervention
w
Note that you can manually remove the resource from the state file so that it is no longer managed by Pulumi, and then destroy the stack to remove everything else. This would require editing the state file or using 
pulumi state delete
, but should be possible today. Note that in general, it is very likely you won't be able to delete other resources until you delete the protected resource - like you won't be able to delete the VPC or Roles used for a Database until you delete the database. So some amount of the infrastructure will also fail to destroy if you want to keep this resource around. Pulumi acts as conservatively as possible wrt 
protect
to ensure the least damage possible to you infrastructure if you have indicated something should be `protect`ed.
b
in my case it's just a bucket, rather than a database
I can get around it by
Copy code
// const bucket = new gcp.storage.Bucket("epictree-primary-vault-bucket", {
  //   location: "EU",
  //   name: "epictree-primary-vault-bucket"
  // });

  const bucket = gcp.storage.Bucket.get(
    "epictree-primary-vault-bucket",
    "epictree-primary-vault-bucket"
  );
commenting out the original 
new
👍 1
but, it's not ideal
I believe terraform works like I'm trying to use iirc
I did something to some prod databases back in the day that prevented them from being deleted, but they'd still be created if they were absent
just in case someone accidentally tried to destroy the prod infra
w
I believe terraform works like I'm trying to use iirc
I actually am not sure - though I would have guessed the opposite - that they were even more conservative and would fail the entire attempt to destroy before deleting anything if something was marked as protected. Will be interested to look into this.
b
Copy code
resource "digitalocean_droplet" "db" {
    lifecycle {
            prevent_destroy = true
    }
}
Open in Slack
PreviousNext
Powered by