https://pulumi.com logo
#general
Title
# general
b

bright-orange-69401

02/19/2020, 8:29 AM
How do you manage multi-step
Resource
configuration in Pulumi ? I'm trying to set up an SSO between Okta and AWS using Pulumi, and that requires 3 steps with 2
Resources
: 1. Create
<http://okta.App|okta.App>
which generates metadata 2. Inject metadata and create
aws.iam.IdentityProvider
, which has an ARN 3. Inject
IdentityProvider
ARN back into the
<http://okta.App|okta.App>
Resource created in step 1 I'm trying to pack this logic into a
Component
but I struggle with step 3: can't seem to update a
Resource
as part of a
Component
Also tried using
_import
but there's an URN conflict because the imported resource (step 3) would actually be the same as step 1... Should I try creating a Dynamic Provider for that ? Can't it be done natively ?
@broad-dog-22463 any advice here ? Can we create and then update a
Resource
in a single Pulumi template ?
i

important-ram-83431

02/20/2020, 9:37 AM
@bright-orange-69401 I'm really interested on the answer to your question. If you find a solution, please, let us know.
👍 1
b

bright-orange-69401

02/24/2020, 12:29 PM
@important-ram-83431 I'm still working on it but the solution we've found is to create another
Resource
via a Dynamic Provider that merely performs step 3 (validation of the SAML) It's a similar process as the one used by Terraform & Pulumi for AWS ACM CertificateValidation The
Resource
just finds the SAML App by its ID and updates it with the metadata obtained in step 2 : it does not actually provision anything and does not have a
delete
method
Hope this helps
i

important-ram-83431

02/24/2020, 1:47 PM
I'll try it and give you feedback. By now, I set those steps as "manual" (yes, it also sounds terrible to me) and I'm working on other steps of the Pulumi deployment.
Many thanks, I'll keep you informed.
b

bright-orange-69401

02/24/2020, 1:55 PM
BTW if you problem is specific to Okta, there's an alternative method: https://controltower.aws-management.tools/infrastructure/sso/okta_sso/