ignoreChanges
This option specifies a list of properties which will be ignored when updating existing resources. Any properties specified in this list, that are also specified in the resource’s arguments, will only be used when creating the resource—and ignored entirely while updating it.
For instance, in this example, the resource’s prop property will have its value of "new-value" set when initially creating resource, but from then on, any and all changes will be ignored: (from pulumi.com/docs)
res = MyResource("res", prop="new-value", opts=ResourceOptions(ignore_changes=["prop"]))
adding secrets to config
pulumi config set secrets:SSH_KEY --secret < PATH_TO_KEY
OnCreateResource hooks
There is no straightforward way to do this, but two options exist (pulumi-community.slack.com).
1. Use dynamic providers/resources
This approach creates a new dynamic resources that depends on the resource that was created. It has its own create()
implementation that
serves as the hook.
See pulumi.com/docs and an example implementation for AWS EC2 provisioners, __main__.py and provisioners.py on GitHub.
Example:
from typing import Optional, Any from uuid import uuid4 import pulumi from pulumi import dynamic class OnCreateWarningProvider(dynamic.ResourceProvider): warning_printed = False def print_warning(self, message): if not self.warning_printed: pulumi.warn(message) OnCreateWarningProvider.warning_printed = True def create(self, inputs: Any): self.print_warning(inputs['message']) return dynamic.CreateResult(id_=uuid4().hex, outs={}) class OnCreateWarning(dynamic.Resource): def __init__(self, name: str, message: str, opts: Optional[pulumi.ResourceOptions] = None): super().__init__( OnCreateWarningProvider(), name, {'message': message}, opts=opts )
which gets called by
messaging.OnCreateWarning( name=f"on-create-warning-{resource_name}", message="Resource was created!", opts=pulumi.ResourceOptions(depends_on=[resource]), )
2. Using CrossGuard
With a CrossGuard ResourceValidationPolicy
, see for example github.com/pulumi. Run Pulumi with
pulumi up --policy-pack path-to-policy-code/