Pulumi Command Provider

1.2.1 · active · verified Fri Apr 10

The Pulumi Command Provider allows users to execute commands and scripts, either locally or remotely, as part of their Pulumi infrastructure-as-code deployments. It integrates command execution directly into the Pulumi resource model, enabling complex provisioning tasks. The current version is 1.2.1, and the library generally follows a minor point release cadence for bug fixes and feature enhancements, with major versions indicating potential breaking changes.

Warnings

gotcha Commands are inherently not idempotent. Without explicit `triggers`, Pulumi won't rerun commands even if their inputs change, leading to potential resource drift. Always specify `triggers` if you want a command to rerun on input changes.
Fix: Explicitly define the `triggers` input for your `local.Command` or `remote.Command` resources. The `triggers` list should contain any values whose changes should cause the command to rerun.
gotcha By default, `local.Command` and `remote.Command` resources do not perform any 'delete' actions. If a command creates external resources, those resources will persist even if the Pulumi stack is destroyed or the command resource is removed, leading to unmanaged resources or cloud waste.
Fix: Always define a `delete` input for your command resources if they create persistent external resources. The `delete` command should perform cleanup actions to ensure proper resource lifecycle management.
gotcha Sensitive information output by commands (e.g., passwords, tokens) will appear in Pulumi logs unless explicitly marked as sensitive. This can pose a security risk.
Fix: Use `pulumi.Output.secret()` to wrap any command outputs that contain sensitive information before exporting them or passing them to other resources. For example, `pulumi.export("sensitive_output", pulumi.Output.secret(my_command.stdout))`.
breaking Upgrading to new major versions (e.g., from 1.x to 2.x) of the `pulumi-command` provider or the core Pulumi SDK can introduce breaking changes in resource properties, behavior, or required arguments. Always review release notes carefully.
Fix: Consult the official Pulumi upgrade guides and the provider's specific release notes before performing major version upgrades. Test your Pulumi programs thoroughly in a non-production environment.

Install

pip install pulumi-command Install stable version

Imports

local.Command
```
from pulumi_command import local
```
The `local` module is usually imported directly for its functionality, rather than importing `Command` specifically.
remote.Command
```
from pulumi_command import remote
```
Similar to `local`, the `remote` module is typically imported for its resources.
provider.Provider
```
from pulumi_command import provider
```

Quickstart

This quickstart demonstrates how to define a local command that simply echoes a message. The `triggers` input is crucial for ensuring the command re-runs when its inputs change. It also shows a commented-out section for setting up a remote command, highlighting the need for connection details like host, user, and a private key (preferably from an environment variable for security).

import pulumi
from pulumi_command import local
import os

# Example of a local command that echoes a message
# The `triggers` input ensures the command reruns if the message changes.
local_command = local.Command("echo-command",
    create="echo 'Hello from Pulumi local command!'",
    triggers=["Hello from Pulumi local command!"] # Ensures re-run on change
)

# Export the stdout of the command
pulumi.export("command_output", local_command.stdout)

# For remote commands, you'd typically configure SSH:
# from pulumi_command import remote
# remote_command = remote.Command("remote-script",
#     create="ls -la",
#     connection=remote.ConnectionArgs(
#         host="your_remote_host_ip",
#         user="your_username",
#         private_key=os.environ.get('SSH_PRIVATE_KEY', '') # Use environment variable for sensitive data
#     )
# )

view raw JSON →