Is it possible to have Pulumi not delete a prior r...
# generala
able-camera-57198
11/18/2021, 7:44 PMIs it possible to have Pulumi not delete a prior resource when replacing it with a new one?
b
billowy-army-68599
11/18/2021, 7:48 PM
no this isn't possible at this time, would love to hear your use case. you can achieve this by deleting the resource from state using
pulumi state deletepulumi upa
able-camera-57198
11/18/2021, 7:49 PMFor sure, I'm re-issuing a new SSL certificate for my google cloud load balancer.
able-camera-57198
11/18/2021, 7:50 PMI have to specify all the various domains, so when I add a new service to my deployment or add another TLD tenant to our service, we end up having to reissue our certificates for each TLD.
able-camera-57198
11/18/2021, 7:50 PMWhich Pulumi does an amazing job at, except... That it deletes the old one and our service goes down while the new one is still provisioning.
able-camera-57198
11/18/2021, 7:51 PMIt would be neat if there was an
Immutable = true Copy code
Immutable =
{
"PropertyOne",
"PropertySeven",
},b
billowy-army-68599
11/18/2021, 7:52 PM
are you specifying an explicit name for your certificate?
a
able-camera-57198
11/18/2021, 7:52 PMYes.
able-camera-57198
11/18/2021, 7:52 PMI hash up all the subdomain names.
b
billowy-army-68599
11/18/2021, 7:52 PM
if you use autonaming on the resource, you'd get a create before delete which would avoid this
a
able-camera-57198
11/18/2021, 7:52 PMI think the problem is the create resolves before the resource is ready.
able-camera-57198
11/18/2021, 7:52 PM(pulumi doesn't end up exposed to the full lifecycle)
able-camera-57198
11/18/2021, 7:53 PMable-camera-57198
11/18/2021, 7:53 PMA new cert will go into this state, which is considered provisioned, but is technically not in a viable state.
able-camera-57198
11/18/2021, 7:54 PMI guess what I'd like is to be able to have my old cert linger and I'm even 100% okay with manually deleting it.
b
billowy-army-68599
11/18/2021, 7:54 PM
ahhh, yeah could you open an issue for that, with a repro?
billowy-army-68599
11/18/2021, 7:54 PM
short of deleting the cert from the state, there's not much else that can be done, I think
a
able-camera-57198
11/18/2021, 7:55 PMSo... Crazy thought, but what if there was some way to have pulumi be told to do that delete based on a name change?
able-camera-57198
11/18/2021, 7:55 PMLike "orphan this resource when the name property changes"
able-camera-57198
11/18/2021, 7:55 PMIt'd be 100% explicitly opt-in. But I bet it might come in handy in other scenarios.
g
gentle-diamond-70147
11/18/2021, 7:59 PMIs
deleteBeforeReplacereplaceOnChangesa
able-camera-57198
11/18/2021, 7:59 PMNope.
able-camera-57198
11/18/2021, 8:00 PMI want "keep on replace" basically.
able-camera-57198
11/18/2021, 8:00 PMOr to be very very specific: "orphan on replace"
able-camera-57198
11/18/2021, 8:06 PM@billowy-army-68599 https://github.com/pulumi/pulumi/issues/8450
l
little-cartoon-10569
11/18/2021, 9:24 PMIt would also be handy for things that providers version themselves. One that jumps to mind is AWS EC2 image builder recipes. If I'm adding v2 of recipe X, I'd quite like to orphan-and-unmanage v1 of recipe X...
💪🏻 1
m
microscopic-florist-22719
11/18/2021, 9:59 PM
This is an interesting idea. @billowy-army-68599 could you open an issue in pulumi/pulumi with a summary of this thread?
f
freezing-van-87649
11/18/2021, 10:00 PM@microscopic-florist-22719: https://github.com/pulumi/pulumi/issues/8450
❤️ 2
m
microscopic-florist-22719
11/18/2021, 10:01 PM
Thanks!
a
alert-glass-49407
11/18/2021, 11:51 PMFWIW I think cloudformation calls this "DeletionPolicy: Retain"
👍 1
2 Views