Run local command on Preview

[liamawhite]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

We use the local command to take our AWS credentials from stack config and create an AWS profile on the machine. This enables us to get EKS kubeconfig working. The issue we have here is that on CI machines if we wish to run preview commands, the profile doesn't get created on local disks.

What I'm proposing is adding a preview field, similar to create and delete but is executed when a preview is ran. I'm happy to do the implementation as this is a significant blocker for us so I'm mostly seeking clarity on whether this is something you would be willing to add.

Affected area/feature

Pulumi command library/provider.

[lukehoban]

I think something along these lines should be possible. The Pulumi provider interface allows providers to opt in to having their Create and Update invoked even during previews (passing a preview=true bit with the request). In that mode, some subset of the input properties may be unknown.

We could likely opt-in to this in this provider, and then allow users to control the behaviour in both preview=true and preview=false modes.

There are a few questions on the interface for this:

1. Should this be a separate preview input, or a bit which can be set which causes create to be invoked during preview? The latter is more aligned with the Pulumi provider interface, but may not be quite as expressive. I think @liamawhite's use case above actually would work well in the mode where this is a bit.
2. We are likely to add support for update (Consider adding support for diff and read #20), which is another place where preview would come into play. We would likely need separate previewCreate and previewUpdate if we chose separate commands, instead of a bit.
3. What should happen if the previewCreate is "unknown"? Should it skip running the preview, or error? This could happen for example if an output from another resource is interpolated into the previewCommand.

It would be useful to collect a few concrete examples that show how we would expect this to be used to inform these design decisions (and others that might come up as part of fleshing out a design/implementation for this).

[lukehoban]

We use the local command to take our AWS credentials from stack config and create an AWS profile on the machine.

BTW - Why can't this just be done directly in code? What is the reason a local.Command is preferred here?

[liamawhite]

BTW - Why can't this just be done directly in code? What is the reason a local.Command is preferred here?

We want to use the same credentials for EKS. EKS only gives you a command to retrieve the token in the kubeconfig, but the Pulumi EKS interface allows you to configure it to use a profile. So we use this profile specifier + the local.Command to interact with our clusters.

We do use the direct in code approach for Azure because AKS gives you a full token in the kubeconfig.

[liamawhite]

One other way we could do this is add an always field. Not sure if this would be in addition to or instead of create/delete though.

[nicklasfrahm]

I like the idea of an always field. My use case is that I want to use Pulumi to do things that I would usually do with ansible, such as apt upgrade etc.