Is there any way to target -only- a new code block for

pulumi up

? I know it's possible to

-t

existing URNs for updating (again, would also work if there was an -exclude, but hey) - but if its new code it wouldn't have a URN to target yet.. Basically, can i get pulumi to create only this:

+   │  ├─ azure-native:keyvault:Secret                                                     secret-keypair-vault-public-1                                  create

Why? If that's the only change, Pulumi will detect that and apply only that change.

(sorry about the really delayed response). Essentially I frequently end up in states where the stack is moderately broken one way or another, either due to config drift (which I know shouldn't happen), or more usually due to a

pulumi up

leaving the stack in a failed state (y'know, having to export, delete, import, up, manually change the things it changed but didnt, etc). I've come to the conclusion that my two pulumi programs are Too Big for pulumi. Nevermind the fact that each of them use 4+gb of memory in node every time i run them, it is just simply too fragile when tiny errors and timeouts in pulumi operations cause 1-2 days of manual risky work to correct. Simply put - i have two stacks - infra + k8s. the infra stack creates multiple resource groups in multiple regions in azure and populates them with aks, storage accounts, keyvaults, networks, subnets, nsgs, etc etc etc. the K8s takes the stack output from the infra run in order to use the AKS in each region + keyvault + (sometimes other things) in conjunction with the kubernetes apply stuff. Here i've got a few helm charts, some crds (using crd2pulumi as well), and other stuff set up in a coordinated way. The infra stack creates about ~100 resources per region, and the k8s one ~170 per region.