i wrote this dynamic provider so we can build poli...
# contributes
stocky-fireman-97153
03/08/2021, 4:24 PMi wrote this dynamic provider so we can build policies dynamically as we add resources that share a KMS key. is this a bad idea? đ
stocky-fireman-97153
03/08/2021, 4:26 PMfor example
1. create KMS key
2. create bucket using KMS key
3. add bucket policy which grants RW access which in turns updates the KMS key policy
4. add SQS queue using KMS key
5. add queue policy which grants RW access which in turn updates the KMS key policy
6. etc
c
clever-sunset-76585
03/08/2021, 4:45 PMItâs not so much that itâs a bad idea than do you really need to use a dynamic provider here? In other words, could you use a normal function to which you pass args and get back a dynamic policy in a similar fashion? Dynamic providers are especially useful when you want to leverage the resource CRUD lifecycle for something that cannot be achieved by using the resources in a provider. For example, say, you want to create some other resource that Pulumi doesnât recognize but you want to manage its lifecycle (i.e. creation, update, deletion) via Pulumi and have the lifecycle depend on another resource. That doesnât mean you shouldnât use dynamic provider to do other things. Perhaps, I havenât fully understand your use case.
s
stocky-fireman-97153
03/08/2021, 5:58 PMyeah thatâs what i was curious about.. iâm really just using the dynamic provider to generate the final policy document at provisioning time
stocky-fireman-97153
03/08/2021, 5:59 PMthis frees the developer of tracking when the âlastâ resource needed to update the key policy
stocky-fireman-97153
03/08/2021, 6:00 PMis there another way to trigger something at create/update time?