chore(pulumi): save findings from experiments

2026-02-13 15:24:24 +00:00 · 2024-05-23 01:15:12 +02:00
parent 2bf30ca453
commit a5025dd28b
2 changed files with 69 additions and 1 deletions
--- a/snippets/pulumi.fish
+++ b/snippets/pulumi.fish
@@ -1,4 +1,4 @@
-#!fish
+#!/usr/bin/env fish

 function pulumi-all-of-type
 	pulumi stack export \
@@ -34,3 +34,6 @@ end
 # Get the URN (or other stuff) of resources that would be deleted
 pulumi preview --json | jq -r '.steps[]|select(.op=="delete").urn' -
 pulumi preview --json | jq -r '.steps[]|select(.op=="delete").oldState.id' -
+
+# Remove from the state all resources that would be deleted
+pulumi preview --json | jq -r '.steps[]|select(.op=="delete").urn' - | xargs -n1 pulumi state delete --force
--- a/snippets/pulumi.iam-groups-generation.ts
+++ b/snippets/pulumi.iam-groups-generation.ts
@@ -0,0 +1,65 @@
+import * as aws from "@pulumi/aws";
+
+const iamGroups = new Map<string, aws.iam.Group>();
+[ "business-intelligence", "engineering", "product" ].forEach(
+    (name: string) => iamGroups.set(
+        name,
+        new aws.iam.Group(
+            name,
+            { name: name },
+            {
+                import: name,
+                protect: true,
+            },
+        ),
+    ),
+);
+
+const iamUsers = new Map<string, aws.iam.User>();
+[
+    {
+        name: "me",
+        groups: [ "engineering" ],
+    },
+    {
+        name: "admin",
+        groups: [
+            "business-intelligence",
+            "engineering",
+            "product",
+        ],
+    },
+].forEach(
+    (user: { name: string, groups: string[] }) => {
+        // Create the IAM user
+        const iamUser = new aws.iam.User(
+            user.name,
+            { name: user.name },
+            {
+                ignoreChanges: [
+                    // tags are used to store the users' keys' id
+                    "tags",
+                    "tagsAll",
+                ],
+                import: user.name,
+                protect: true,
+            },
+        );
+
+        // Add the IAM user to the 'users' Map
+        iamUsers.set(user.name, iamUser);
+
+        // Add the user to the groups in its definition.
+        iamUser.name.apply(username => new aws.iam.UserGroupMembership(
+            username,
+            {
+                user: username,
+                groups: user.groups,
+            },
+            {
+                import: `${username}/${user.groups.join('/')}`,
+                protect: true,
+            },
+        ));
+    },
+);