https://pulumi.com logo
#general
Title
# general
m

modern-toothbrush-56347

07/29/2021, 2:58 PM
Hi all, Is there a way to create a "temporary" resource for use inside the Pulumi program only? I'm creating an Azure MySQL Server (DBforMySQL) and then use the "MySQL" Pulumi package to create some users and grants. However, I need to create a firewall rule in between these steps so that the MySQL Pulumi package can connect to the database. Ideally after creating the users I'd like to remove the firewall rule.
b

brave-planet-10645

07/29/2021, 4:30 PM
You're using pulumi to describe the final state and then it works out how best to get there. In other words, you can't create and then delete the firewall rule. What you could do, is use our automation api to run two different programs back to back. The first sets up the server and db, creates the firewall rules, sets up the users and grants. The second then removes those rules. Then just run one program after the other
m

modern-toothbrush-56347

07/29/2021, 4:40 PM
Thank you, I'll take a look
b

bored-oyster-3147

07/29/2021, 8:25 PM
That's kind of a tricky scenario since you'd probably want 3 projects so 3 separate programs. If you tried to do it in 2 programs than it would need to be 2 programs operating against the same project. Your second program would need to declare a subset of the resources declared by the first program, and it would need to operate against the same stack/project so that the second program would declare a "new final state" without the firewall rules but still including everything else, causing just the firewall rules to be destroyed. So that might be painful. However if you did it with 3 separate projects with 3 separate programs it could be like: • Project A: server and db • Project B: firewall rules • Project C: users and grants And then in automation API you would do: 1. Deploy Project A 2. Deploy Project B 3. Deploy Project C 4. Destroy Project B Ofc if you abstract your pulumi program to receive some conditional on whether or not to construct the firewall rules than the first scenario with 2 programs operating against the same project/stack might be trivial. But I think it might be easy to mess that up when maintaining the program.
2 Views