Ability to fully control the name of resources

[mikhailshilkov]

I've already filed pulumi/pulumi-cloud#504 but this issue is more general.

When I provision Azure resources, they get created with postfixes (random strings appended at the end), e.g. pulumifunc1sacd7c2fa0.

I would like to have the ability to define the full name of any resource created by pulumi in full:

• Companies might (and probably should) have policies around naming
• It limits the length available for descriptive names
• Names are then used in things like logging and instrumentation
• Longer bogus names are just harder to read

@joeduffy's initial comment:

I assume you'd prefer not to have them by default for anything. It's possible we should make this easier with a global flag or something (--disableNameMangling).
The reason we do it is just so you don't encounter naming collisions when standing up multiple stacks, otherwise people tend to accidentally use names that need to be globally unique, and then only find out when it's "too late" (as in, hundreds of names, and they are trying to stand up a stack in a new region or something).
But it's very possible we were trying to be too clever here

[lukehoban]

Note that you should be able to apply the name property to the resources in question to provide exact names (not generated ones). That should be a workaround in general.

I'll leave this issue open to track the idea of having some sort of global --disableNameMangling flag.

[mikhailshilkov]

Uh? How do I do that?

[lukehoban]

Uh? How do I do that?

Sorry for the delay. In general, you can do this with:

let x = new Resource("foo", {
  name: "somethingotherthanfoo",
});

[lukehoban]

There are three ways I can imagine supporting this:

1. A --disableNameMangling to pulumi stack init
2. A config setting on pulumi: that controls this
3. Custom config settings on individual providers to opt in/out of this like (azure:)

[joeduffy]

@lukehoban This feels like something we should get a head start on, at least design-wise, since it's been reported by several users. Is it worth assigning to someone to come up with a design proposal to review with the community during M19, even if implementation is deferred until M20?

[nesl247]

Any update on this? I don't understand why it defaults to mangling the names, and then having to provide it twice seems strange.

Specifically on kubernetes this is really irritating.

[lukehoban]

Some really good additional feedback on this topic at pulumi/pulumi-azure#209 (comment) which should be considered as part of changes here.

[joeduffy]

We are planning on doing something here soon. As this has come up several times, I wanted to at least write down the reason Pulumi auto-names resources by appending a suffix, and refer to the documentation. We understand this is confusing and plan to explore options for what we can do here, including opt-in, opt-out, and explicit controls both globally and at the individual resource level.

By auto-appending random suffixes (usually a string of hex), the engine is able to

• Create-before-delete resources during replacement, which minimizes potential downtimes. If names are likely to collide, the engine would need to do the opposite: first, delete the transitive set of resources, then re-provision the new ones. This is far more disruptive than what the engine does now, which resembles a "mini blue/green deployment," at the resource level.

• Reduce the likelihood of naming collisions when standing up multiple stacks. This makes it much easier to stand up new Pulumi environments (e.g., stage, dev, prod, etc), without needing to manually suffix all the names themselves (especially problematic when using components).

These are non-trivial benefits, so whatever we do will need to weigh the tradeoffs involved here. For what it's worth, AWS CloudFormation does something very similar to this, for similar reasons.

More complete documentation can be found at https://www.pulumi.com/docs/reference/programming-model/#autonaming. Thanks for the patience as we figure out the right path forward!

[jrdot]

This is the only main issue still preventing us from choosing Pulumi as a technology to adapt to a Production environment over Terraform.
The resource names generated by pulumi are ugly, also specifying a resource name and being restrained to edit/replace a resource is definitely not a workaround.

I agree, and not all resources are allowed to customize, azure_native.containerservice.ManagedCluster didn't work.

[mikhailshilkov]

not all resources are allowed to customize, azure_native.containerservice.ManagedCluster didn't work

@joserafaelterra You should be able to set it with the resourceName property. If that doesn't work for you, please open an issue with a repro in azure-native. Thank you!

[pgavlin]

I’m wondering if there’s a way to make this work without needing to touch all of our providers.

The larger picture here is that it’s not pulumi per se that is in charge of autonaming. Instead, autonaming is handled on a per-resource basis with each provider. An important aspect of this is that pulumi does not know which properties of which resources are subject to autonaming. As a consequence of this approach, there’s no easy way to change autonaming within pulumi itself--these changes must happen within the providers.

We have made a some recent progress towards making autonames more predictable and presentable: #8631. The title is somewhat misleading, as those changes alone do not make autonames deterministic. We’re still working on consuming these changes from the providers, but once they have been consumed, updated providers will be able to produce friendlier autonames using sequence numbers.

If we want to be more flexible here (ala the changes suggested in #1518 (comment)), we’ll probably need to change the provider interface even further, e.g. by adding autoname information to Pulumi Package schemas and using that to handle autonaming within pulumi itself.

If we want to make adjustments here without touching all of the providers, one approach might be to add a pulumi.autoname() API to our SDKs. This API could leave a sentinel value in the resource’s properties that pulumi is able to detect and then replace with an autoname. Parameterizing that API would allow users to control autonaming on a very fine-grain basis at the cost of needing (oddly enough) to explicitly autoname resources.

[xSAVIKx]

Just want to add another example that is not directly Pulumi issue, but if the auto-naming could have been configured, I could have avoided this issue as well: GoogleCloudPlatform/buildpacks#172.

TL;DR: some builders require name extension to have e.g. .zip if it's a zip archive. And with the auto-naming, even if I specify the resource name with .zip the unique hex will be added after the .zip breaking the functionality.

[Frassle]

If we want to make adjustments here without touching all of the providers, one approach might be to add a pulumi.autoname() API to our SDKs. This API could leave a sentinel value in the resource’s properties that pulumi is able to detect and then replace with an autoname. Parameterizing that API would allow users to control autonaming on a very fine-grain basis at the cost of needing (oddly enough) to explicitly autoname resources.

If providers could tell us which property was a name as part of the schema we wouldn't even need a special sentinel value here, we could just make it an optional property and if the engine sees it's null it could generate the autoname before passing off to the provider to create.

N.B Even if we changed autonames to work like above I think we still want sequence numbers on Check because providers might want other pseudo-random properties and we don't want the engine to know about every possible one of them.

[mikhailshilkov]

If providers could tell us which property was a name as part of the schema

There are different auto-naming strategies across providers. Azure Native would define whether to add a random suffix based on the resource type (e.g. Cosmos Account is globally unique and thus randomized, but Cosmos Database is unique per server and thus is just named with a straight logical name); Google Native uses composite names with slashes for some resources, etc. If we want to do this in the engine, we'd need to negotiate the autonaming format between the engine, the provider, and (potentially) the user configuration. I guess the schema could have some templated way to describe the auto-name format.

[Frassle]

@mikhailshilkov thanks for that didn't realize it was so varying, makes a lot of sense to just leave this in the providers then and deal with that we're going to need to do some updates.

[lukehoban]

One option here that is possible today, though not quite as expressive as what is being discussed in other comments above, is to use stack transformations to change the naming strategy for some or all resources. For example:

const prefix = `${pulumi.getProject()}-${pulumi.getStack()}-`;

pulumi.runtime.registerStackTransformation(args => {
    if (args.props.name === undefined) {
        return {
            props: {...args.props, name: prefix + args.name },
            opts: args.opts,
        };
    }
    return undefined;
});

This will construct the physical name for all resources to be a standard prefix followed by the logical name. This transformation could also choose to do different things for different resource types (or only apply this for certain resource types). The one big limitation to this approach is that it cannot gain access to the random value that is part of the current autonaming approach. Because of that, this approach will lead to delete-before-create replacement semantics (since the physical name is the same, and thus the resource must be deleted before the name can be reused).

[amuntean-godaddy]

Is there any chance to have this issue resolved ? I see is stays unresolved for 4 years already.

Auto naming consumes 8 characters, and if the cloud provider has limitation on naming length, it can become a issue to set any meaningful naming.
The ability to control the nr. of characters on random part or at least the ability to access the hash value generated by pulumi in order to use @lukehoban transform method will be helpful.

[mikhailshilkov]

@amuntean-godaddy There are a few tradeoffs around this issue, so it keeps slipping through as under-specified. Apologies for delays here.

We are planning to make another attempt to suggest a design proposal for this issue within Q3'22. We will post it here for discussion, and then, hopefully, the actual implementation will follow shortly after.

[TechWatching]

@lukehoban Here is the naming restrictions and rules on Azure we were talking about the other day. Having these rules hard coded in the Azure Native provider would be great to have valid random names automatically.

[oplancelot]

@amuntean-godaddy There are a few tradeoffs around this issue, so it keeps slipping through as under-specified. Apologies for delays here.

We are planning to make another attempt to suggest a design proposal for this issue within Q3'22. We will post it here for discussion, and then, hopefully, the actual implementation will follow shortly after.

Thank you for your work, but please don't make decisions for the client, give us a global switch, and everyone is happy.
In formal projects, there is a definitive documentation of naming conventions, and the current situation can cause confusion.

[Frassle]

Thank you for your work, but please don't make decisions for the client

This isn't really about us making decisions for the client, this is about us trying to work out how to even do this from an engineering perspective. We fully understand that this would be a useful feature, we're trying to work out how to do add it without this being overly expensive/complicated to implement.

give us a global switch, and everyone is happy.

A global switch to turn off autoname suffixes? I don't think that will make everyone happy, there are other requests around naming that are more than just not adding the random suffixes.
Also even that is tricky to add, autonaming is not done in a central location but instead by each provider. So at that point we have to make the decision of if you set "no autonames" how should providers that don't yet understand that option be handled? Given the constraints I think we'd probably just log a warning and then continue to use the provider and get auto-names, but maybe that's not strict enough so now what was a simple "on/off" flag becomes a tri-state of "on/off_warn/off_error", and then we get requests for "I want autonames off and error in general, but I want to allow this one provider through because I know I'm setting explicit names for it". So now we've got a tri-state flag and an exclusion rule list.

That's a lot of engineering effort, and it's not clear it's worth it and I probably haven't even thought of all the other complexities involved here.
We will keep thinking on this problem, but it's not an easy one.

[oplancelot]

That's a lot of engineering effort, and it's not clear it's worth it and I probably haven't even thought of all the other
complexities involved here. We will keep thinking on this problem, but it's not an easy one.

It's really hard, and you deserve respect.
For example, I want to create s3 bucket , if the name I want to already exists, I will get a prompt ""Bucket %s exists."", then I will modify it, or modify this in the naming document about the S3 name rules (obviously this one is sloppy), but I don't want to get a random name, because I can't tell the developer to say," please put the image in this bucket that I only know about after building"...it would be weird.
the project requires a lot of collaboration, some information needs to be shared, and most of the time it has to be deterministic.

[Frassle]

please put the image in this bucket that I only know about after building"...it would be weird.

Have you considered using stack outputs to do that? https://www.pulumi.com/learn/building-with-pulumi/stack-outputs/
You can then tell them that the bucket will be deployed as part of a given stack, and that it's id will be output as "bucketID" for example and they can just query the stack output (either via another pulumi stack, via the cli, or direct http request) to see what the ID is.

It's not deterministic, but it might still solve your information sharing problems.

[oplancelot]

for _, i
nfra := range infras {

			_, err = helm.NewRelease(ctx, infra, &helm.ReleaseArgs{
				Chart: pulumi.String("../k8s/helm/" + infra),
				// ValueYamlFiles pulumi.AssetOrArchiveArrayOutput `pulumi:"valueYamlFiles"`
				ValueYamlFiles: pulumi.AssetOrArchiveArray{inf_fileAsset1, inf_fileAsset2, inf_fileAsset3, inf_fileAsset4},
				Name:           pulumi.String(infra),
				// Namespace:      pulumi.String("eshop"),
				Values: pulumi.Map{
					"app.name":        pulumi.String(app_name),
					"ingress.hosts":   dns,
					"inf.k8s.dns":     dns,
					"inf.mesh.enable": pulumi.Bool(false),
				},
				// Version: nil,

			})
			if err != nil {
				return err
			}

		}

I posted with the above code and it was ok the first time, if I run it again I get the following, actually nothing has changed, I think it's caused by " auto-naming", the google brought me here.

ce that already exists. Unable to continue with install: Service "payment-api" in namespace "default" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-name" must equal "payment-api-b91e4e15": current value is "payment-api-3359461c"

[oplancelot]

please put the image in this bucket that I only know about after building"...it would be weird.

Have you considered using stack outputs to do that? https://www.pulumi.com/learn/building-with-pulumi/stack-outputs/ You can then tell them that the bucket will be deployed as part of a given stack, and that it's id will be output as "bucketID" for example and they can just query the stack output (either via another pulumi stack, via the cli, or direct http request) to see what the ID is.

It's not deterministic, but it might still solve your information sharing problems.

may be, It's a way, but why can't it be done according to the agreed documentation, some people don't want to write extra code, and more importantly, some development teams don't have permissions to list all S3 buckets.

[Frassle]

may be, It's a way, but why can't it be done according to the agreed documentation, some people don't want to write extra code, and more importantly, some development teams don't have permissions to list all S3 buckets.

For sure it was just a suggestion that might have been applicable in your case. I totally understand that some teams need the deterministic names that they then share via other channels. Scenarios like that are why we understand this issue to be valuable to fix.

I posted with the above code and it was ok the first time, if I run it again I get the following, actually nothing has changed, I think it's caused by " auto-naming", the google brought me here.

I would suggest raising that issue at https://github.com/pulumi/pulumi-kubernetes/ it might be an issue with helm specifically.

[sanmai-NL]

Is overriding auto-naming as supported not sufficient?

[sanmai-NL]

@joeduffy

We are planning on doing something here soon. As this has come up several times, I wanted to at least write down the reason Pulumi auto-names resources by appending a suffix, and refer to the documentation. We understand this is confusing and plan to explore options for what we can do here, including opt-in, opt-out, and explicit controls both globally and at the individual resource level.

By auto-appending random suffixes (usually a string of hex), the engine is able to

• Create-before-delete resources during replacement, which minimizes potential downtimes. If names are likely to collide, the engine would need to do the opposite: first, delete the transitive set of resources, then re-provision the new ones. This is far more disruptive than what the engine does now, which resembles a "mini blue/green deployment," at the resource level.

That assumes that there's no atomic rename-and-reconfigure operation, or that a separate renaming operation (similar to temporary file naming algorithms) is not a feasible strategy.

• Reduce the likelihood of naming collisions when standing up multiple stacks. This makes it much easier to stand up new Pulumi environments (e.g., stage, dev, prod, etc), without needing to manually suffix all the names themselves (especially problematic when using components).

If Resources are created in the context of a Resource Component's constructor, then they could auto-name differently. This is a software engineering challenge, not a fundamental problem.

These are non-trivial benefits, so whatever we do will need to weigh the tradeoffs involved here. For what it's worth, AWS CloudFormation does something very similar to this, for similar reasons.

More complete documentation can be found at https://www.pulumi.com/docs/reference/programming-model/#autonaming. Thanks for the patience as we figure out the right path forward!

Okay, so I understand some people don't want to supply the name as resource constructor argument twice. But you can use variables for that, if DRY is the concern.

Personally, the most pressing concern I have is the arbitrary and limiting naming rules that cloud providers impose and how that will interact with any naming algorithm Pulumi devises. For example, Azure limits some resources such as Storage Accounts to 24 characters.

In terms of declarative style, idempotency etc. a lot can be said for predictable resource names within the provider's namespace. @oplancelot's professional collaboration requirements are of course also entirely realistic, I have them too. Even if the ‘collaboration’ is very advanced, in the form of automated interoperability. Or of the ability for other tools to statically analyze Pulumi source code (as in, resource specs created by users). All of this becomes harder by Pulumi auto-naming opaquely.

I think the whole concept of Stacks is problematic and more trouble than it's worth. Instead of Stacks, the caller could supply a name prefix when standing up, much to the same effect, just without facilities for Stack-specific configuration. Because of Stacks, you have had to introduce the concept of ‘fully-qualified Stack names’ (#11387) as well because of collisions.

I think Pulumi currently muddies its functionality between an interactive configuration tool and an infra-as-code-library. It is normal for infra-as-code that things like different environments and their configuration, naming etc. have to be solved by the user (developer). There are many approaches to that depending on the use case. Either static naming, querying some namespace, generating names either human-readable or machine-readable or both, guaranteed unique or just random.

[sanmai-NL]

By the way, another interesting problem. Some resources get cloud provider names even as they're not first-class resources in Pulumi. For example, FrontendIPConfiguration in Azure. Pulumi cannot do a delete-after-create in any case here. One may ask, what's the value of delete-after-create if it doesn't cover some important cases anyway?

[Raniz85]

To add to the complexity here I would like to adjust the auto-naming strategy.

My current example is an Azure web app with multiple environments with one stack per environment. I would like to use auto-naming so that I get the random suffixes that makes replacement easier, but I would also like to include the stack name in the auto naming so that globally unique resources such as Azure ContainerRegistry doesn't collide between stacks.

At the moment I include the application name and stack name in each resource name to guide the auto naming, like this:

const webAppRegistry = new azure.containerregistry.Registry(`MyWebAppRegistry${stack}`, {
    resourceGroupName: resourceGroup.name,
   ...
}

But this gets rather tedious and means that all resources have longer names than are necessary. I would rather control it via a callback or format, something like this:

const stack = pulumi.getStack()

pulumi.setAutoNamingFormat("MyWebApp{resourceName}" + stack + "{randomSuffix}");

const webAppRegistry = new azure.containerregistry.Registry(`Registry`, {
    resourceGroupName: resourceGroup.name,
   ...
}

Where Pulumi would substitute {resourceName} and {randomSuffix} with proper values.

[rtrindvg]

I love @Raniz85 suggestion, because I would use a hyphen in the auto naming scheme (to adhere to our naming standards) but right now I need to finish the pulumi object name with a dangling hyphen in the end to achieve this, which is terrible visually.

Also there are some object in some libraries (like azure native app gateway) which needs to refer to it's own name in it's definition, but with the autonaming in place, it becomes impossible. I used an workaround using @pulumi/random but this needs me manually controlling when to rotate the name whenever the resource needs to be replaced.

Having a way to refer to the name after autonaming is in place would help a lot on these cases.

[gunzy83]

Nobody else mentioned it here, so I am going to drop my $0.02.

This might be controversial: I think the Logical and Physical names of resources are two completely different things and should rarely be in any way the same. I will admit that forcing of suffixes to generate physical names of resources based on the logical name does solve some problems, but it also introduces other problems:

• discoverability of resources in the service they are deployed in (due to how generic those names will be)
• extremely long resource names in the Pulumi output if you go the other direction and try to make them identify the resource in a human-readable way

A perfect example of this is an Aurora cluster. I have a project that creates Aurora clusters and RDS instances (there is enough commonality here) and the logical names of the cluster and instances look like this:

• aurora-cluster
• instance-a
• instance-b

If I were to let auto-naming take over from here I would get resource names like this:

• aurora-cluster-asdfghjk
• instance-a-asdfghjk
• instance-b-asdfghjk

Logging into the console and seeing this you would have no idea what DB was what and tools like Teleport would be unusable for our end users (constantly needing to look up the ID to know which DB they are logging into).

Of course there are many compromises like including those identifiers in the logical name (makes reading the Pulumi output just that bit more annoying and less consistent between stacks) but then leaving in superfluous logical items (like instance) you end up ugly physical names as well.

I appreciate there are name and other options like namePrefix (AWS) and generateName (k8s, not currently working) that allow better control of naming but it would be extremely valuable to be able to disallow auto-naming based on the logical name to comply with organisation naming standards.

[Gonkers]

I have been using Azure for over 10 years and 4+ years of using Terraform professionally. I thought I would try Pulumi out personally to see how I would like it. I just stared a little bit ago and already; I found this automatic naming policy to be incredibly irritating. So much so that I don't think I'll bother with Pulumi in the future. I understand putting on the Mickey Mouse gloves for new users because as a new user I want to "fall into the pit of success". But if I want to take off the gloves, please let me manage the automatic naming policy globally.

And the inconsistency is also baffling. The docs say...

For cases that require specific names, you can override auto-naming by specifying a physical name. Most resources have a name property that you can use to name the resource yourself.

Well that would be better if they all had a Name property, but they don't. The custom name property for a ResourceGroup is ResourceGroupName and the custom name property for a StorageAccount is AccountName.

[gunzy83]

Well that would be better if they all had a Name property, but they don't. The custom name property for a ResourceGroup is ResourceGroupName and the custom name property for a StorageAccount is AccountName.

I get your point and the documentation does just say name but a heap of this is based on the API of the service behind it (perfect example: S3 buckets use bucket/bucketPrefix to specify a name and avoid autonaming, this is the same in Terraform btw). I am not sure if that is enough of an annoyance to not consider Pulumi considering Terraform seems to do the same thing.

[wouter-b]

Well four years later, the first issue I encountered when starting with pulumi today ;-)