Hi! I am trying to import an existing password into a pulumi. The docs have some broken formatting, see https://www.pulumi.com/registry/packages/random/api-docs/randompassword/ I was trying

pulumi import "random:index/randomPassword:RandomPassword" my-name "the-password"

but I got as a result:

Diagnostics:
  random:index:RandomPassword (sch-dev-syd-ruwentest-redisredis-password):
    error: Preview failed: Cannot extract ID from "random_password" resource state: ID cannot be empty

Any ideas how to do it?

Importing is for mapping a cloud (or similar "remote") resource to an ID in your state. There is no remote resource for RandomPassword, it's entirely in your state file. You don't import a RandomPassword, just create a new one.

Hmm... Maybe let me explain my use cause. I got a little helper class, which generates in AWS a Redis Cluster, a Secrets Manager Secret and a few other things. I got this currently in cloud formation. I want to migrate that to pulumi. I want to use that class to create new Redis Clusters (with password etc) but I also want to use the class to maintain existing redis clusters. For new redis clusters I need to generate a new password. But for the existing ones, I want to import a password so that the new class can take care of the redis cluster in the future

You can create the password object and update the state. A better idea would be to not import the password, create the password in the normal way, and store it in a provider object like SSM Secure String Parameter or another cloud-based secret store. After you've created the store item and put in the random password, manually overwrite it in the cloud storage with the actual current password

But how does the password get into SSM secure string? I am using aws secrets manager, which is effectively the same thing

Yes, use secrets manager. RandomPassword only generates a value; you then put that value into secrets manager using Pulumi's aws.secretsmanager package

So I would have a random.generatePassword resource in my stack which is effectively unused?

Yes. But that is normal. Every time you rotate your passwords, they change only in your cloud provider (aws.secretsmanager). Your RandomPasword probably won't change.

hmm elasticache/redis takes currently a string as a password (https://www.pulumi.com/registry/packages/aws/api-docs/elasticache/replicationgroup/#authtoken_nodejs) I currently use the password for that. if I rotate the password outside of pulumi, pulumi might detect drift there

No, I'm fairly confident that Pulumi doesn't care or maintain values inside secret stores like secretsmanager. It only cares about setting them up. Same as with databases: it cares about the servers, not the data.

ElastiCache doesn't use Secrets Manager. It takes a password directly. The only reason I am storing the password in secrets manager is for my application

Copy code

Cannot extract ID from "random_password" resource state: ID cannot be empty

This should work, RandomPassword import just isn't working at the moment. https://github.com/pulumi/pulumi-random/issues/160