https://pulumi.com logo
#general
Title
# general
q

quiet-painter-30539

02/21/2020, 9:13 AM
We have started to use Pulumi and it's been mostly smooth, just some issues with EKS etc. But today I realized something that is considerably more difficult in Pulumi than in Terraform. When I create resources in Terraform I know exactly the resource name to query. This seems not be the case with Pulumi since it appends its own postfix to resource names. E.g. if I create an AWS Secret using terraform I know in my application code later on that the key is e.g. "dev-rds-password". But with Pulumi I don't know this in application code since the name is something like "dev-rds-password-b229d59" and in application code I have no idea what the postfix is. Is there some pattern for this? For now I need to look all AWS Secrets and check the tag values to find the right secret and find its name and only then I can query the secret value using that resource name.
t

tall-librarian-49374

02/21/2020, 9:17 AM
This is actually intentional. The best practice is not to give fixed names to resources unless required, so that’s Pulumi’s default. If you need to set a fixed name, you can always pass it as
name
property.
l

limited-rainbow-51650

02/21/2020, 9:20 AM
@quiet-painter-30539 in my TF days, I wrote quite some code where in general we always added a random part. This was to prevent running over each other’s toes when multiple deployments needed to be done with the same TF code. We consistently used DataSources to lookup the correct resource via tags. The reason to do it like that was that TF complained at the DataSource when it wasn’t found, rather than later where you fix the name and assume it is there.
I now get the randomization for free with Pulumi. 😉
q

quiet-painter-30539

02/21/2020, 9:24 AM
Ok. Is there some documentation how to use DataSources to look for the actual resource name?
l

limited-rainbow-51650

02/21/2020, 9:25 AM
In Pulumi, it is not called DataSources (this is a TF concept), but in the libraries, you have several methods prefixed with
get
. This is the Pulumi equivalent.
q

quiet-painter-30539

02/21/2020, 9:26 AM
Ok. Thanks!
l

limited-rainbow-51650

02/21/2020, 9:26 AM
Well, just checked some docs, and Pulumi also calls them Data Sources, e.g. https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/gcp/projects/
getProject
&
getOrganizationPolicy
q

quiet-painter-30539

02/21/2020, 9:31 AM
Just to make sure we are talking about the same thing. I was referring that I need to query the secret value in a Java application. But in Java I don't know the resource name Pulumi created. Is there some way to find this out in the Java application?
l

limited-rainbow-51650

02/21/2020, 9:39 AM
@quiet-painter-30539 is the Java application deployed via Pulumi? If so, you can pass the credential name as an env variable to the Java app during the deployment. From there, the Java app reads the env variable and queries the correct secret
q

quiet-painter-30539

02/21/2020, 9:42 AM
In Terraform this never was a problem since we always append the environment prefix to all resources, e.g. "dev-rds-password", "qa-rds-password" etc. and there never was any name conflicts. And in Java application code we just took the prefix somewhere and added it to the resource name and this way we could query the resource in Java code. Now that there is this random postfix Pulumi creates we cannot access the resources in Java since we don't know the resource name. This might be a show-stopper for us. Nope. We don't deploy apps using Pulumi. We should be able to do deployments without Pulumi.
l

limited-rainbow-51650

02/21/2020, 9:44 AM
Then use the suggestion of Mikhail and set the
name
property of the secret in Pulumi to prevent the randomization to happen.
q

quiet-painter-30539

02/21/2020, 9:47 AM
Yes. I guess we have to do that.
I turned off auto-naming for those resources that I need to access from the application code (e.g. Java application). Thanks for the help, this is not an issue anymore.