Hi! I am converting a CDK lib to pulumi. Part of that lib is also a security group. It looks like this:

new aws.ec2.SecurityGroup(
  "ruwentest",
  {
    description: "ruwentest",
    vpcId: "vpc-123",
    ingress: []
  }
);

I can use

pulumi import ...

to bring it into pulumi. But pulumi shows immediately a drift since the autogenerated name from pulumi doesn't match the current security group name. I know I can set the name explicitly, but I want to avoid that since that breaks deployments when I need to recreate the resource. What I want is that if pulumi generates a name for something which I am importing right now, then it should take the existing name instead of generating a new one. Is there way to do that?

I’m not following here, have you used

pulumi import

to generate the code? if so it should have the correct name

No I am not using the generated code. I have written a little library and ideally it can be used by people who are converting from CDK (and therefore importing resources) and by people who start from scratch

ah, well the resource itself has an import resource option: https://www.pulumi.com/docs/intro/concepts/resources/options/import/

new aws.ec2.SecurityGroup(
  "ruwentest",
  {
    description: "ruwentest",
    vpcId: "vpc-123",
    ingress: []
  },
  { import: <id> }
);

What you could do is have a configurable flag that can be toggled if you’re importing

Yes I am actually dping that.. But if I import it like this and if I run afterwards

pulumi refreh

and

pulumi up

pulumi wants to replace the security group because the name has changed

can you show me an example output of that? you probably want to alias to the old name: https://www.pulumi.com/docs/intro/concepts/resources/options/aliases/

gimme a sec, I run through it again and post my code here

Why can’t you just make the name match the resource?

It is generic library code. I would like to benefit from the auto-naming features like zero downtime deployments

Hmm, I’m not sure that’ll be possible, you can’t import a resource without the properties matching

Since the name is normally auto-generated, I was hoping that I can somehow tweak pulumi to use the name form the imported resource instead of auto generating it. It would make the import experience much nicer

You can, but that requires setting the name property 😅

Logically I would expect something like that happening in pulumi: • generate a model how the resource has to look like based on the code • auto-generate names • read resource from cloud provider • diff And I would like it to be: • generate a model how the resource has to look like based on the code • read resources from cloud provider • if custom option X is set, fill in all auto generated names with values from the cloud provider • diff

Yes that’s all expected behaviour, the way you want it to operate would be a feature request, so I’d recommend filing a GitHub issue

Cool I'll do it. I wanted to first check that I don't miss anything obvious given that I am new to pulumi. Thanks!

It’d be in the main repo I think the team will triage it as needed

thx

@echoing-address-44214 do you have a link to your GitHub issue?

https://github.com/pulumi/pulumi/issues/12378 feel free to +1 😄