* Implement the --exclude-protected feature This piggybacks on the same machinery used by the --target flag. By examining the stack, we find a list of all resources managed by Pulumi (in that stack). We then form them into a DAG, and mark all resources as either protected or unprotected. A resource is protected it has the `Protect` flag set or is has a child with the `protect` flag set. It is unprotected otherwise. We then pass the urns of unprotected resources to the update options passed to the destroy operation in the same way that `--target` does. * Update changelog * Handle providers correctly * Add integration test * Protect dependencies of protected resources * Handle --exclude-protected in separate function * Simplify implementation via DependencyGraph * Add TransitiveDependenciesOf * Cleanup unused functions * Gate printed message behind !jsonDisplay * Ensure provider is not `""` * Clean up documentation (and some code)
36 lines
1.7 KiB
TypeScript
36 lines
1.7 KiB
TypeScript
import * as pulumi from "@pulumi/pulumi";
|
|
|
|
|
|
class Resource extends pulumi.ComponentResource {
|
|
constructor(name: string, _?: {}, opts?: pulumi.ComponentResourceOptions) {
|
|
super("my:module:Resource", name, {}, opts);
|
|
}
|
|
}
|
|
|
|
|
|
|
|
const bucket1 = new Resource("my-bucket", {}, { protect: true });
|
|
// Because `protect` is explicitly set to false, we will delete this.
|
|
new Resource("my-bucket-child", {}, { protect: false, parent: bucket1 });
|
|
new Resource("my-bucket-child-protected", {}, { protect: true, parent: bucket1 });
|
|
|
|
const bucket2 = new Resource("my-2bucket", {}, { protect: false });
|
|
new Resource("my-2bucket-child", {}, { protect: false, parent: bucket2 });
|
|
new Resource("my-2bucket-protected-child", {}, { protect: true, parent: bucket2 });
|
|
|
|
const p = new Resource("provided-bucket", {}, { protect: true })
|
|
// Inherits protected status from `p`. This is protected in the state, and is thus safe.
|
|
new Resource("provided-bucket-child", {}, { parent: p })
|
|
new Resource("provided-bucket-child-unprotected", {}, { parent: p, protect: false })
|
|
|
|
// If possible, we should do a test with providers, that looks something like
|
|
// this. Doing a provider test with component resources is problematic because
|
|
// `ComponentResources` don't have CRUD operations.
|
|
//
|
|
// import * as aws from "@pulumi/aws";
|
|
// new aws.s3.Bucket("provider-unprotected", {}, { provider: prov })
|
|
// const p = new aws.s3.Bucket("provided-bucket", {}, { provider: prov, protect: true })
|
|
// // Inherits protected status from `p`. This is protected in the state, and is thus safe.
|
|
// new aws.s3.Bucket("provided-bucket-child", {}, { parent: p })
|
|
// new aws.s3.Bucket("provided-bucket-child-unprotected", {}, { parent: p, protect: false })
|