https://pulumi.com logo
Powered by
b

best-hydrogen-40271

10/23/2019, 7:33 PM
so 
protect
-- will it allow me to tear down everything except `protect`ed resources?
w

white-balloon-205

10/23/2019, 7:34 PM
Currently no - an attempt to delete a `protect`ed resource will fail the deployment and other deletions will not be processed. I believe https://github.com/pulumi/pulumi/issues/3304 would address this.
b

best-hydrogen-40271

10/23/2019, 7:35 PM
oh
that's pretty.. limiting
w

white-balloon-205

10/23/2019, 7:36 PM
Please do upvote that issue! (Or open a new one if there's another scenario you'd like to see supported here?)
b

best-hydrogen-40271

10/23/2019, 7:39 PM
wow, that's disappointing
w

white-balloon-205

10/23/2019, 7:40 PM
Could you explain a little more what the scenario is you have in mind and how this blocks it?
b

best-hydrogen-40271

10/23/2019, 7:42 PM
I have a bunch of infra, including a database for example
and when I destroy, I don't really want to take out my storage without some manual intervention
w

white-balloon-205

10/23/2019, 7:44 PM
Note that you can manually remove the resource from the state file so that it is no longer managed by Pulumi, and then destroy the stack to remove everything else. This would require editing the state file or using 
pulumi state delete
, but should be possible today. Note that in general, it is very likely you won't be able to delete other resources until you delete the protected resource - like you won't be able to delete the VPC or Roles used for a Database until you delete the database. So some amount of the infrastructure will also fail to destroy if you want to keep this resource around. Pulumi acts as conservatively as possible wrt 
protect
to ensure the least damage possible to you infrastructure if you have indicated something should be `protect`ed.
b

best-hydrogen-40271

10/23/2019, 7:44 PM
in my case it's just a bucket, rather than a database
I can get around it by
Copy code
// const bucket = new gcp.storage.Bucket("epictree-primary-vault-bucket", {
  //   location: "EU",
  //   name: "epictree-primary-vault-bucket"
  // });

  const bucket = gcp.storage.Bucket.get(
    "epictree-primary-vault-bucket",
    "epictree-primary-vault-bucket"
  );
commenting out the original 
new
👍 1
but, it's not ideal
I believe terraform works like I'm trying to use iirc
I did something to some prod databases back in the day that prevented them from being deleted, but they'd still be created if they were absent
just in case someone accidentally tried to destroy the prod infra
w

white-balloon-205

10/23/2019, 7:48 PM
I believe terraform works like I'm trying to use iirc
I actually am not sure - though I would have guessed the opposite - that they were even more conservative and would fail the entire attempt to destroy before deleting anything if something was marked as protected. Will be interested to look into this.
b

best-hydrogen-40271

10/23/2019, 7:48 PM
Copy code
resource "digitalocean_droplet" "db" {
    lifecycle {
            prevent_destroy = true
    }
}
Powered by