Hi I am converting a CDK lib to pulumi Part of that lib is a Pulumi Community #general

Hi! I am converting a CDK lib to pulumi. Part of ...

echoing-address-44214

03/08/2023, 2:05 AM

Hi! I am converting a CDK lib to pulumi. Part of that lib is also a security group. It looks like this:

Copy code

new aws.ec2.SecurityGroup(
  "ruwentest",
  {
    description: "ruwentest",
    vpcId: "vpc-123",
    ingress: []
  }
);

I can use

pulumi import ...

to bring it into pulumi. But pulumi shows immediately a drift since the autogenerated name from pulumi doesn't match the current security group name. I know I can set the name explicitly, but I want to avoid that since that breaks deployments when I need to recreate the resource. What I want is that if pulumi generates a name for something which I am importing right now, then it should take the existing name instead of generating a new one. Is there way to do that?

billowy-army-68599

03/08/2023, 2:13 AM

I’m not following here, have you used

pulumi import

to generate the code? if so it should have the correct name

echoing-address-44214

03/08/2023, 2:14 AM

No I am not using the generated code. I have written a little library and ideally it can be used by people who are converting from CDK (and therefore importing resources) and by people who start from scratch

billowy-army-68599

03/08/2023, 2:16 AM

ah, well the resource itself has an import resource option: https://www.pulumi.com/docs/intro/concepts/resources/options/import/

Copy code

new aws.ec2.SecurityGroup(
  "ruwentest",
  {
    description: "ruwentest",
    vpcId: "vpc-123",
    ingress: []
  },
  { import: <id> }
);

What you could do is have a configurable flag that can be toggled if you’re importing

billowy-army-68599

03/08/2023, 2:16 AM

a more advanced patten would be to optionally use a transformation to include the import id if some external thing detects you’re doing an import https://www.pulumi.com/docs/intro/concepts/resources/options/transformations/

echoing-address-44214

03/08/2023, 2:17 AM

Yes I am actually dping that.. But if I import it like this and if I run afterwards

pulumi refreh

and

pulumi up

pulumi wants to replace the security group because the name has changed

billowy-army-68599

03/08/2023, 2:17 AM

can you show me an example output of that? you probably want to alias to the old name: https://www.pulumi.com/docs/intro/concepts/resources/options/aliases/

echoing-address-44214

03/08/2023, 2:18 AM

gimme a sec, I run through it again and post my code here

echoing-address-44214

03/08/2023, 2:23 AM

my security group

echoing-address-44214

03/08/2023, 2:23 AM

my code

Copy code

new aws.ec2.SecurityGroup(
  "ruwentest",
  {
    description: "ruwentest",
    vpcId: standardAwsEnvironment.getVpcId(),
    ingress: [],
    // name: "ruwentest-52f4618",
  },
  { import: "sg-0c09aeb634822eed9" }
);

echoing-address-44214

03/08/2023, 2:24 AM

image.png

echoing-address-44214

03/08/2023, 2:26 AM

pulumi autogenerates the name

ruwentest-5f93af2

and that clashes with the existing name

ruwentest-52f4618

echoing-address-44214

03/08/2023, 2:42 AM

Does it make sense @billowy-army-68599?

billowy-army-68599

03/08/2023, 2:46 AM

Why can’t you just make the name match the resource?

echoing-address-44214

03/08/2023, 2:47 AM

It is generic library code. I would like to benefit from the auto-naming features like zero downtime deployments

billowy-army-68599

03/08/2023, 2:51 AM

Hmm, I’m not sure that’ll be possible, you can’t import a resource without the properties matching

billowy-army-68599

03/08/2023, 2:51 AM

You could use ignoreChanges for the name, but that presents its own problems

echoing-address-44214

03/08/2023, 2:55 AM

Since the name is normally auto-generated, I was hoping that I can somehow tweak pulumi to use the name form the imported resource instead of auto generating it. It would make the import experience much nicer

billowy-army-68599

03/08/2023, 3:01 AM

You can, but that requires setting the name property 😅

echoing-address-44214

03/08/2023, 3:04 AM

Logically I would expect something like that happening in pulumi: • generate a model how the resource has to look like based on the code • auto-generate names • read resource from cloud provider • diff And I would like it to be: • generate a model how the resource has to look like based on the code • read resources from cloud provider • if custom option X is set, fill in all auto generated names with values from the cloud provider • diff

echoing-address-44214

03/08/2023, 3:05 AM

but looking at the code, it might not be that simple 😉

echoing-address-44214

03/08/2023, 3:07 AM

But I would expect that from such a change various resources and their import process would benefit

echoing-address-44214

03/08/2023, 3:08 AM

If I specify the name during the import phase and remove it afterwards, pulumi still wants to generate a new name and therefore replace the resource

billowy-army-68599

03/08/2023, 3:14 AM

Yes that’s all expected behaviour, the way you want it to operate would be a feature request, so I’d recommend filing a GitHub issue

echoing-address-44214

03/08/2023, 3:15 AM

Cool I'll do it. I wanted to first check that I don't miss anything obvious given that I am new to pulumi. Thanks!

echoing-address-44214

03/08/2023, 3:16 AM

would it be on the pulumi project itself? or on teh aws-provider?

billowy-army-68599

03/08/2023, 4:00 AM

It’d be in the main repo I think the team will triage it as needed

echoing-address-44214

03/08/2023, 4:01 AM

thx

salmon-gold-74709

03/20/2023, 7:09 PM

@echoing-address-44214 do you have a link to your GitHub issue?

echoing-address-44214

03/20/2023, 11:19 PM

https://github.com/pulumi/pulumi/issues/12378 feel free to +1 😄

16 Views

Open in Slack

Previous Next