Hi I m trying to make some checks for configuration drift I

Question

Hi I m trying to make some checks for configuration drift I ve got a folder which imports a set of resources and generates a `pulumi preview json` output from them I m struggling to get this output to be deterministic Each time I generate it the resources are in a different order Is there a way around this

careful-motherboard-93259 · Answer

FWIW my code is here Here s the makefile It does three stages 1 go to GitHub s API to fetch the resources and format them into a shape that `pulumi import` can read in `import resources` 2 use `pulumi import` to generate TypeScript files for each resource type in `import src` 3 run a `pulumi preview` on the TypeScript files to parse them into a summary output If there s a simpler way to do this I d love to hear about it

little-cartoon-10569 · Answer

Can you leverage `jq` and its sort capabilities

careful-motherboard-93259 · Answer

Yeah that s going to be my next port of call I just wondered if there was a pattern for doing this kind of thing in Pulumi itself It seems like checking for drift would be a fairly common problem

little-cartoon-10569 · Answer

No pretty rare slightly smiling face I ve never checked for drift Pulumi manages that for me

little-cartoon-10569 · Answer

Any time drift gets detected manually we have a little blameless post mortem and put effort into reducing the risk of it happening again

careful-motherboard-93259 · Answer

You mean because you just never touch the stuff manually

careful-motherboard-93259 · Answer

In this instance we re managing GitHub settings so the likelyhood of drift is pretty high