https://pulumi.com logo
c

careful-motherboard-93259

11/12/2021, 1:56 AM
Hi, I'm trying to make some checks for configuration drift. I've got a folder which imports a set of resources and generates a
pulumi preview --json
output from them. I'm struggling to get this output to be deterministic. Each time I generate it, the resources are in a different order. Is there a way around this?
FWIW my code is here: https://github.com/cucumber/github-settings/blob/main/.github/workflows/drift.yaml Here's the makefile: https://github.com/cucumber/github-settings/blob/main/Makefile It does three stages: 1. go to GitHub's API to fetch the resources, and format them into a shape that
pulumi import
can read (in
import/resources
) 2. use
pulumi import
to generate TypeScript files for each resource type (in
import/src
) 3. run a
pulumi preview
on the TypeScript files to parse them into a summary output. If there's a simpler way to do this I'd love to hear about it!
l

little-cartoon-10569

11/12/2021, 2:48 AM
Can you leverage
jq
and its sort capabilities?
c

careful-motherboard-93259

11/12/2021, 6:00 PM
Yeah, that's going to be my next port of call, I just wondered if there was a pattern for doing this kind of thing in Pulumi itself. It seems like checking for drift would be a fairly common problem.
l

little-cartoon-10569

11/14/2021, 7:39 PM
No, pretty rare 🙂 I've never checked for drift. Pulumi manages that for me.
Any time drift gets detected manually, we have a little blameless post-mortem and put effort into reducing the risk of it happening again.
c

careful-motherboard-93259

11/17/2021, 12:13 AM
You mean because you just never touch the stuff manually?
In this instance we're managing GitHub settings, so the likelyhood of drift is pretty high.