Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
b
better-shampoo-48884
03/22/2021, 6:33 PMyou could also use the protect: true on those things once you're happy with them (https://www.pulumi.com/docs/intro/concepts/resources/#protect)
f
fresh-summer-65887
03/22/2021, 7:05 PMYeah considered that too. But it's easy to just remove it (though that might not be a refactoring but more deliberate altering)
w
worried-knife-31967
03/22/2021, 7:17 PMI'm not sure if you're aware (I wasn't), it's not the same as a terraform
prevent_destroyi.e. once you've added it, it's there, you can't just remove the code and it will destroy it.
In Azure I've coupled that with a lock on the resource for extra protection.
f
fresh-summer-65887
03/22/2021, 7:48 PMThis also works in CI scenarios?
interesting.
Thanks for info 🙂
w
worried-knife-31967
03/22/2021, 8:30 PMI've hit it in CI (which is where I noticed it), but I was using the Azure Blob backend, I'm not sure if that's a nuance of the Azure blob backend though.
https://www.pulumi.com/docs/reference/cli/pulumi_state_unprotect/
When you look at the CLI though, it does seem to suggest that it's the only way to remove the protect bit from the state