Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
a
able-camera-57198
11/18/2021, 7:44 PMIs it possible to have Pulumi not delete a prior resource when replacing it with a new one?
b
billowy-army-68599
11/18/2021, 7:48 PMno this isn't possible at this time, would love to hear your use case. you can achieve this by deleting the resource from state using
pulumi state deletepulumi upa
able-camera-57198
11/18/2021, 7:49 PMFor sure, I'm re-issuing a new SSL certificate for my google cloud load balancer.
I have to specify all the various domains, so when I add a new service to my deployment or add another TLD tenant to our service, we end up having to reissue our certificates for each TLD.
Which Pulumi does an amazing job at, except... That it deletes the old one and our service goes down while the new one is still provisioning.
It would be neat if there was an
Immutable = trueImmutable =
{
"PropertyOne",
"PropertySeven",
},b
billowy-army-68599
11/18/2021, 7:52 PMare you specifying an explicit name for your certificate?
a
able-camera-57198
11/18/2021, 7:52 PMYes.
I hash up all the subdomain names.
b
billowy-army-68599
11/18/2021, 7:52 PMif you use autonaming on the resource, you'd get a create before delete which would avoid this
a
able-camera-57198
11/18/2021, 7:52 PMI think the problem is the create resolves before the resource is ready.
(pulumi doesn't end up exposed to the full lifecycle)
A new cert will go into this state, which is considered provisioned, but is technically not in a viable state.
I guess what I'd like is to be able to have my old cert linger and I'm even 100% okay with manually deleting it.
b
billowy-army-68599
11/18/2021, 7:54 PMahhh, yeah could you open an issue for that, with a repro?
short of deleting the cert from the state, there's not much else that can be done, I think
a
able-camera-57198
11/18/2021, 7:55 PMSo... Crazy thought, but what if there was some way to have pulumi be told to do that delete based on a name change?
Like "orphan this resource when the name property changes"
It'd be 100% explicitly opt-in. But I bet it might come in handy in other scenarios.
g
gentle-diamond-70147
11/18/2021, 7:59 PMIs
deleteBeforeReplacereplaceOnChangesa
able-camera-57198
11/18/2021, 7:59 PMNope.
I want "keep on replace" basically.
Or to be very very specific: "orphan on replace"
@billowy-army-68599 https://github.com/pulumi/pulumi/issues/8450
l
little-cartoon-10569
11/18/2021, 9:24 PMIt would also be handy for things that providers version themselves. One that jumps to mind is AWS EC2 image builder recipes. If I'm adding v2 of recipe X, I'd quite like to orphan-and-unmanage v1 of recipe X...
💪🏻 1
m
microscopic-florist-22719
11/18/2021, 9:59 PMThis is an interesting idea. @billowy-army-68599 could you open an issue in pulumi/pulumi with a summary of this thread?
f
freezing-van-87649
11/18/2021, 10:00 PM@microscopic-florist-22719: https://github.com/pulumi/pulumi/issues/8450
❤️ 2
m
microscopic-florist-22719
11/18/2021, 10:01 PMThanks!
a
alert-glass-49407
11/18/2021, 11:51 PMFWIW I think cloudformation calls this "DeletionPolicy: Retain"
👍 1