What is the best way to handle when normal operation hits IAC'y code ?
With IAC'y code I mean when under normal operation the code needs to create or destroy resources or make configuations of those resources.
Examples from Azure
Example 1: a user is added to a customer. In application that adds a subscription for a topic in the Azure Event Grid. Is this IAC that Pulumi should handle or just in code as it is not IAC'y enough ?
Example 2: a new customer is added. In application that adds a container on the blob storages for documents for that customer so it is easier to adhere to GDPR. IAC'y ?
Example 3: a new customer is added. The creation of a new database is made for the customers data. IAC'y?
Example 4: a new customer is added. The autorization system creates the default setup for the customer. IAC'y?
I have myself been experimenting by using that Pulumi is made with a programming language. I am trying to read data from an external source (I have created earlier in the pipeline) in Typescript and based on that build the pulumi with state (from the external source). I will then only call the Pipeline when changes happen.
I have not gotten it to work but it might be something I am missing.
07/12/2022, 9:18 PM
There is no right answer. But the more you can do through code, the more reproducability you have; the more you can do through git-versioned code, the more auditability you have; and the more you automate, the less repetitive work you have. So generally, try to do it all through IaC.
Business processes might make this infeasible though.
All of the use cases you provide seem like good candidates for IaC, and probably for automation-api.
07/13/2022, 3:52 AM
Thank you for your answer. Normal operation and IAC is both in code.
I have gotten Pulumi to load my state that is set in normal operation by external parties and I just need to trigger the pipeline to create or remove the resources/configurations