https://pulumi.com logo
Join Slack
Powered by
is there a way to use pulumi to execute HCL code w...
# general
m
is there a way to use pulumi to execute HCL code without converting it ?
b
no, this is not supported. Would love to hear your use case, but we'll likely not support any DSL
m
well, terraform is not exactly straight forward in terms of automation within pipelines and executing it programmatically. At the same time I am leaning towards switching to pulumi entirely however there is a tone of HCL code pre-created within the team so it's going to be quite difficult to convince people to switch. Thought that if there would be a way to run native HCL programmatically as it is possible with pulumi it would be a good starting point to convince the others to switch
I guess this is another question but is pulumi using terraform providers or have their own ?
b
tf2pulumi should help, and if you need help having the conversations internally, we can run workshops and do demos to show the value proposition of programming languages over DSLs, happy to connect over a call if that helps?
👍 1
with regards to terraform providers, we bridge some terraform providers to provide pulumi providers with a CRUD interface to make calls to the cloud provider APIs, however as of today, we have "native" generated providers for the 3 major cloud providers, AWS, Azure and GCP. These providers automatically get the latest API resources as they are released by the cloud providers
m
I see, right now I'm trying to write few examples of pulumi automation and how it can solve some of the problems we encounter daily in my org and then if the feedback is positive we could probably think of trying to do some convincing organization wide.
I wish there would be some more examples of automation API on Github for AWS and Azure. People are getting a bit fed up with the way terraform providers are being maintained so it would definitely help to produce some go-to example code
b
i'm happy to help with anything else you'd like to see!
m
Awesome. Thanks. I'll read through and see if I am able to achieve what I have in mind which currently is. 1. Having only single .py file 2. Configure azure "backend" against single azure subscription 3. Import single resource 4. TBD All within single .py file. Do you think this is possible with azure_native plugin and automation API ?
b
by "backend" do you mean the state storage?
1 and 3 are very possible yeah!
m
sorry, I meant configure the provider, not the backend. AKA, just configure it to be pointing at particular azure subscription to perform operations
AKA running the
Copy code
pulumi config set
within the .py file itself
b
here's an example
m
ha! beautiful, and if I want to import and not create I'm assuming it would be to to with 
stack.import_stack
?
b
you want to import an existing resource, you mean?
stack's are Pulumi's mechanism to allow you to create configurable infrastructure, so you can't import a stack
m
erm, yeah. I just want to import existing resource for a start
and see how pulumi see it underneath
so for instance, what's described here: https://www.pulumi.com/docs/guides/adopting/import/ But I want to perform that operation entirely within mentioned single .py file
I can only see : cancel, create, create_or_select, destroy, exportt_stack, get_all_config, get_config, history, import_stack, info, name, outputs, preview, refresh etc etc.. But no import
b
automation API is a higher level, so it's a different SDK, you'd need to define the state of your resource you want to import inside a Pulumi program, add the 
import
resource option and then put that Pulumi program as an inline rogram like this: https://github.com/pulumi/automation-api-examples/blob/main/python/inline_program/main.py#L9
m
I see, I'll give it a try. thanks
So I created a NSG used in this example: https://www.pulumi.com/docs/reference/pkg/azure-native/network/networksecuritygroup/#create-network-security-group-with-rule Then I created another one by hand and it doesnt seem to recognise that there is another security rule created. Terraform would try to destroy it as it's not in the code. Is this desired behaviour ?
b
you need to use 
--refresh
terraform refreshes by default, Pulumi doesn't
m
I see, well that makes sense. Is there some sort of tutorial for folks coming form terraform with gems like this ?
b
not at the moment, but this is a good example of something we should have a documentation point
👍 1
m
I also noticed some behaviours which I don't think is right. For example the securityRules parameter of networkSecurity group are detected as change when they are just swapped around in a list. Technically it is a change however it is not to the state on azure so it should be ignored. Also removal of the rule is detected as change rather than deletion which makes sense from API perspective but not from what people are used to from terraform. Where's the appropriate place for feedback like this ? Github issues or here?
b
Morning! GitHub issues on the provider is the best place for feedback, However in the situation you're talking about, we aren't looking for an exact match to terraforms experience. There will be some differences in behavior that is expected
1
👍 1
25 Views
Open in Slack
PreviousNext
Powered by