Channels
#general
Title
f
full-artist-27215
12/01/2021, 7:20 PMAre there any patterns for creating Pulumi resource names based on output values? I suspect the answer is "No; don't do that"... we've got a project that we'd like to drive with stack outputs from another project, but aren't really able to create resources in the second stack that have meaningful names, since that information is technically an output from the stack reference. For now, we're just auto-generating resource names (e.g.
resource-{i}il
little-cartoon-10569
12/01/2021, 8:17 PM"No; don't do that".
I frequently wrap resources in thin objects that contain their name, in order to work around this. So if I have an array of (for example) policies that I want to attach to an array of roles, but the policies are created / managed elsewhere, then I'll pass around something like a PolicyInfo object that looks like
{ name: string; policy: aws.iam.Policy }r
rough-hydrogen-27449
12/01/2021, 8:24 PMso to be clear here we're consuming a stack reference to another stack where resources are created, then creating "derivative" resources from the stack outputs of the other stack.
Concretely, we're creating a Confluent Cloud API key, service account, and Kafka cluster in the "other" stack and then creating a Kafka topic and Kafka ACL in the "main" stack, consuming the API credentials and Kafka cluster bootstrap server URL via the stack reference.
In particular, I'd like to be able to name the ACLs such that it's clear which service account they belong to, e.g.:
Copy code
for topic in topics:
kafka.Acl(
f"{topic.name}-{service_account_id}-{'write' if write else 'read'}-acl",
....
)kafka.AclstrOutput[T]strservice_account_idThere shouldn't be any actual pulumi execution graph issues here, as the values are definitely created by the time this "main" stack is run, it's just a matter of mechanically how can I consume an
Output[T]Tl
little-cartoon-10569
12/01/2021, 9:07 PMUnfortunately there is an execution graph issue here, as stack references are not known to be resolved at the time they are requested. You know that they are, but Pulumi may have to wait for the other stack to finish upping, or wait for the values to come back from a remote backend. It's all asynchronous and can fail, so an Output is required.
Since you know the name of the stack, and the resources in the stack, can you use that knowledge to provide a fixed string value in the main stack?
You can create the resources inside an
apply()r
rough-hydrogen-27449
12/01/2021, 9:09 PMhardcoding would be problematic because we'd have to know to change things in two places, the goal is to "drive" the main stack via the other stack
what's the issue with creating a resource inside an
.apply()l
little-cartoon-10569
12/01/2021, 9:10 PMCan you inject the configuration / name into both projects from one place?
r
rough-hydrogen-27449
12/01/2021, 9:10 PMthat's a good idea, possibly
another thing I was thinking of is using an out-of-band system (e.g. Vault) instead of a stack output
l
little-cartoon-10569
12/01/2021, 9:11 PMIt does work, you can safely do it. The problem is that
apply()r
rough-hydrogen-27449
12/01/2021, 9:11 PM😬 yikes lol
ok, I see now
thanks :)
👍 1
l
little-cartoon-10569
12/01/2021, 9:12 PMValues retrieved via pulumi.Config are not Outputs, so if you can use that, problem solved?
r
rough-hydrogen-27449
12/01/2021, 9:12 PMhmmm, yeah that sounds like a promising approach
thanks a lot!
l
little-cartoon-10569
12/01/2021, 9:13 PMYou need to use
requiregetgetr
rough-hydrogen-27449
12/01/2021, 9:13 PMyeah, that's totally cool here though, I definitely want it to fail if the value is not present
👍 1
f
full-artist-27215
12/01/2021, 9:32 PMThanks @little-cartoon-10569!
👍 1