Hi guys, I have a problem which I can't quite get my head around (as I suppose everyone here). Not sure it fits within this channel, but here we go: I need to open a firewall rule for pulumi to access to resource during just the stack deployment / preview, and which needs to be deleted afterwards. Basically, whether I'm running from GitHub actions or from my machine, I query my current public IP, authorize in the firewall, all the deployment works as intended, but it leaves the rules in the cloud provider. I'm using a pulumi resource to create the rule, but then it's supposed to be used for smth which will stay and be managed by pulumi, while I just want the firewall to be open temporarily. I tried to write custom code doing it through API and deleting it in the end, but it does't quite fit pulumi's lifecycle and couldn't get it right. Do you have a way to do that? Summary: I need to open a firewall rule while the stack is deploying / previewing, and automatically delete it afterwards. (azure-native, Azure SQL, access to the instance with @pulumiverse/mssql)

Hey @fancy-pencil-39264 you might want to consider using the Automation API and split this up in two stacks: 1. Stack one - adds the firewall rule 2. Stack two - provisions your main infra Using the automation API you can create the first stack, do the changes to the second and then delete the firewall stack after.

I did have a hunch from what I read that it was smth to investigate. Pretty clueless about it. I know I need to read about it, but can you give me in a few words what it is actually?

It is an abstraction over pulumi programs - it allows you to programatically create stacks

Ok. But then I will need 3. First azure native provider, creates the sql server. Then mssql provider to create stuff that are not supported in the other one (like creating logins, etc). This one is waiting for the server to be up. The firewall rule is created after azure-native has created the server, then I create manually the mssql provider doing stuff and finally I need to delete the rule

So A) We've got a new feature "lifecycle hooks" that is due to be released next week. That allows you to run custom code before and after resource operations. This might fit into that model B) I have looked at extending the engine to support temporary/ephemeral resources that get created/deleted on each run. It looks like quite a reasonable change given most of the work for it was needed for other features anyway, but I don't think we've had a public issue raised to drive product management to say "yes lets add this". If you raise an issue describing this scenario it helps to get features like that committed to and added.

Ok, that would be super cool to add this.