https://pulumi.com logo
#general
Title
# general
l

little-whale-73288

08/02/2021, 2:43 PM
Hi, is there a canonical way to emit a warning log message whenever a particular resource has been created?
possibly printing values of some outputs of this resource
m

millions-furniture-75402

08/02/2021, 2:48 PM
you can
pulumi.log
an applied output
l

little-whale-73288

08/02/2021, 2:51 PM
@millions-furniture-75402 thanks, but this:
Copy code
// Used by this Pulumi program for updates
const pulumiUp = new opsgenie.ApiIntegration("infrastructure/opsgenie pulumi up", {
    allowWriteAccess: true,
    type: "API",
}, {
    aliases: [{
        name: "infrastructure/opsgenie Pulumi provider",
    }],
})

pulumi.log.warn(
    pulumi.interpolate `${pulumiUp.name} key has been exposed, please rotate it at <https://taxamo.app.opsgenie.com/settings/integration/edit/API/${pulumiUp.id}>`, // this is line 30
    pulumiUp
)
causes this:
Copy code
integrations.ts(31,5): error TS2345: Argument of type 'Output<string>' is not assignable to parameter of type 'string'.
m

millions-furniture-75402

08/02/2021, 2:53 PM
You'll need to do it inside of the apply
pulumiUp.apply(v => { pulumi.log.warn(v.id); });
l

little-whale-73288

08/02/2021, 2:55 PM
@millions-furniture-75402 aaah, very nice 🙂. Any idea how to check if the resource has just been created?
@millions-furniture-75402 thanks for the tip
m

millions-furniture-75402

08/02/2021, 2:56 PM
The resource should be created if you're inside the apply.
I'm curious if you're trying to setup an SNS topic subscription to OpsGenie?
l

little-whale-73288

08/02/2021, 2:59 PM
nope, I am trying to set up Opsgenie API keys to be used with Pulumi in CICD
m

millions-furniture-75402

08/02/2021, 2:59 PM
gotcha, okay
l

little-whale-73288

08/02/2021, 3:00 PM
https://pulumi-community.slack.com/archives/C84L4E3N1/p1627916176046500?thread_ts=1627915428.043900&amp;cid=C84L4E3N1 - yeah, but I need this warning not to appear in subsequent runs when the resource already exists
m

millions-furniture-75402

08/02/2021, 3:01 PM
${pulumiUp.name} key has been exposed,
are you trying to work around the fact that this output exposes a secret?
l

little-whale-73288

08/02/2021, 3:02 PM
@millions-furniture-75402 I am using separate API keys for pulumi preview (because it can be ran from any branch) and for pulumi apply (because it can be ran only from the master) and I need to make it impossible to retrieve the pulumi update API key when running a pulumi preview
m

millions-furniture-75402

08/02/2021, 3:02 PM
You might just want 
additionalSecretOutputs
in opts
l

little-whale-73288

08/02/2021, 3:02 PM
otherwise anybody pushing to a non-master branch can push a CI job that will print the pulumi up API key
yeah, but the secret is still there
m

millions-furniture-75402

08/02/2021, 3:05 PM
when using
additionalSecretOutputs
it should mask secrets when printed. However, if the user has access to retrieve secrets, then they can definitely retrieve the value 🙂
l

little-whale-73288

08/02/2021, 3:05 PM
yep
m

millions-furniture-75402

08/02/2021, 3:06 PM
You might be bleeding into Dynamic Resource Providers if you need to tap into the lifecycle hooks of a resource https://www.pulumi.com/blog/dynamic-providers/
l

little-whale-73288

08/02/2021, 3:06 PM
alternatively I could just override the value of the
apiKey
attribute of the resource with 'undefined' if there was a way to do it