import os from dotenv import load_dotenv import pulumi from pulumi import automation as auto from pulumi_gcp import compute # Load environment variables from .env load_dotenv(r"C:\Users\USER\OneDrive\Desktop\scaling_considerations\prod\deployment_manager\.env") # 1. Define the Pulumi program def pulumi_program(): # Create a VPC network compute_network = compute.Network("network", auto_create_subnetworks=True) # Allow HTTP and SSH access compute_firewall = compute.Firewall( "firewall", network=compute_network.self_link, allows=[compute.FirewallAllowArgs(protocol="tcp", ports=["22", "80"])], source_ranges=["0.0.0.0/0"], ) # Reserve a static external IP instance_addr = compute.Address("address", region=os.environ["GCP_REGION"]) # Define instance metadata to run a Docker container container_metadata = { "gce-container-declaration": """ spec: containers: - name: hello image: nginxdemos/hello ports: - containerPort: 80 restartPolicy: Always """, "google-logging-enabled": "true", } # Launch the VM with Container-Optimized OS and the container compute_instance = compute.Instance( "instance", machine_type="e2-medium", metadata=container_metadata, boot_disk=compute.InstanceBootDiskArgs( initialize_params=compute.InstanceBootDiskInitializeParamsArgs( image="cos-cloud/cos-stable" ) ), network_interfaces=[ compute.InstanceNetworkInterfaceArgs( network=compute_network.id, access_configs=[ compute.InstanceNetworkInterfaceAccessConfigArgs( nat_ip=instance_addr.address ) ], ) ], zone=os.environ["GCP_ZONE"], service_account=compute.InstanceServiceAccountArgs( scopes=["https://www.googleapis.com/auth/cloud-platform"] ), opts=pulumi.ResourceOptions(depends_on=[compute_firewall]), ) # Export outputs pulumi.export("instanceName", compute_instance.name) pulumi.export("instanceIP", instance_addr.address) # 2. Use the Automation API with env values def main(): stack_name = "dev" project_name = "gcp-vm-docker" # Load environment variables gcp_project = os.environ["GCP_PROJECT"] gcp_region = os.environ["GCP_REGION"] gcp_zone = os.environ["GCP_ZONE"] # Create or select a stack stack = auto.create_or_select_stack(stack_name=stack_name, project_name=project_name, program=pulumi_program,) print("Installing plugins...") stack.workspace.install_plugin("gcp", "v6.0.0") # Adjust version as needed print("Setting config from environment variables...") stack.set_config("gcp:project", auto.ConfigValue(value=gcp_project)) stack.set_config("gcp:region", auto.ConfigValue(value=gcp_region)) stack.set_config("gcp:zone", auto.ConfigValue(value=gcp_zone)) print("Refreshing stack...") stack.refresh(on_output=print) print("Updating stack...") up_result = stack.up(on_output=print) print(f"Instance name: {up_result.outputs['instanceName'].value}") print(f"Instance IP: {up_result.outputs['instanceIP'].value}") if name == "__main__": main()

Hi all, We see a lot of requests to our state backend when doing a

pulumi up

without any changes. Is this expected behavior? I would expect Pulumi to only make a snapshot if something changes, is that not the case? We have found the skip-checkpoints flag, but would like to better understand the underlying issue (if any) before we enable it. Our large >3000 resource stacks are currently taking a very long time (>40min) to

up

even if there are little or no changes and are looking to speed it up.

Is there any way to enforce on a stack or org level what pulumi client version is being used? Essentially want to confirm that users are using the same version, or at least a sufficiently updated one

Can a dynamic provider depend on outputs from another resource?

I ran into an issue where I have a set of resources with dependencies between them, where the graph I want to create is a DAG (ie. no cycles) but because of the way the resources are grouped into ComponentResources, there's no way to set up the dependencies correctly. Is there a way to add a dependency to a resource after creating it?

What is the recommended way to promote code from one environment to another, for example from dev to stage then to prod? I can use the pulumi project and stacks constructs but im not sure if that gives me the controls that i need. For example if i create an AWS EKS cluster in a project and launched it to all stacks (dev, stage, prod). Then i need to make a change, something that is not as easy as a parameter that can be in the stack environment config, something like changing networking cni. This will be a bunch of various code changes and it could take a while to roll out with testing along the way in the various environments (dev, stage, prod). Once i have made this change in dev and it is working for me, i would like to open a PR to get it reviewed, merged and then versioned so that the next environment can use it. I would like that the project or stack can reference a github URL that can ref a tag/commit. I am coming from the Terraform world where you can do this via:

module "consul" {
  source = "github.com/hashicorp/example?ref=v1.2.0"
}

Is there something similar in pulumi? Does this make sense to do or am i trying to follow too closely to what i have done in Terraform? I have found Pulumi Components: https://www.pulumi.com/docs/iac/using-pulumi/extending-pulumi/build-a-component/#sharing-via-git. This gets me most of the way there but i still have to run a

pulumi package add <repo_url>@<release-version>

Which means i have to run this command and the CI/CD pipeline has to run it as well. This would mean adding a script that runs this command with the version? So the person updating it would have to update the version here? Not the worst thing but the workflow seems to be just a little off as in it is making the user look into another file that is not a Pulumi file to update a version number. Other notes: • i am only using python • I dont want to publish these publicly. Not that there are any secrets or proprietary things in it. For now, we dont want to spend time to make it publicly consumable.

If you haven't taken a look at Pulumi IDP, this video is a quick 3 minute introduction to Pulumi IDP ( and why you might want to build a platform in general ) :

hey team, I think aws-native provider is somewhat broken as I am seeing that fields that are marked "forces replacement" in docs are actually not triggering replace. I am pretty sure it was not the case before. can someone check? nvm, opened an issue

Hi, I'm having an issue trying to using pulumi/auth-actions with GitHub. I get the following error:

Error: Invalid response from token exchange 400: Bad Request (invalid_request: validation error: invalid token: upstream error: fetching oidc issuer signing key upstream error: invalid certificate thumprint on OIDC provider response)

When I try to go to the dashboard OIDC Issuers it returns a 404 so I can't try to recreate the issuer to try to fix

hey, we're experiencing an issue where some data seems to be disappearing from our Pulumi Cloud account, is there anything going on which might be causing this?

Hi! Tomorrow 6/12 at 5 PM CET / 11 AM ET I will stream about writing pulumi component with TS and Go. While I know Python well and used Pulumi with Python mostly, I barely know anything about TS and Go. so if you are interested in joining me for the ride where I will for sure struggle 😅, I'd love to see you there! https://twitch.tv/dmfigol

Hey, is it possible to save the outputs from a preview? I'd like to have access to what pulumi believes the outputs will be after a preview has taken place and the

--json

command doesn't provide this in a straightforward way

Hello everyone, I'm trying to deploy Mistral-OCR from Azure AI Foundry. I'm not sure how it suppose to be done. I tried to do similar resources as done by Azure Portal UI. I have created AI Hub an AI Project inside it. Here is similar infrastructure being created Can you help me with some docs about how to deploy Mistral model? Should is use

azureNative.machinelearningservices.ServerlessEndpoint

or

azureNative.cognitiveservices.Deployment

? I can share some code snippets later on

hey team, I need some help with typescript cross-lang components. I was building this sample component and here are the issues noticed 1. it works when I reference it locally, but not via git. I don't see any helpful error messages

-> % pulumi package add <https://github.com/dmfigol/pulumi-aws-vpc-typescript>
Downloading provider: github.com_dmfigol_pulumi-aws-vpc-typescript.git
Added package "pulumi-aws-vpc-ts" to Pulumi.yaml
error: Detected that /home/dmfigol/.pulumi/plugins/resource-github.com_dmfigol_pulumi-aws-vpc-typescript.git-v0.0.0-x026726ba8803765d31f11953b7efb095be00747b/pulumi-resource-github.com_dmfigol_pulumi-aws-vpc-typescript.git exited prematurely. 
       This is *always* a bug in the provider. Please report the issue to the provider author as appropriate.
       To assist with debugging we have dumped the STDOUT and STDERR streams of the plugin:

2. sometimes/often when I change my typescript code, my stack is not picking up those changes and I get error like this:

Diagnostics:
  pulumi:pulumi:Stack (pulumi-aws-vpc-ts-dev):
    Error: pulumi-aws-vpc-ts:index:VPC is not assignable from {vpcCidr: string}
    Cannot assign '{vpcCidr: string}' to 'pulumi-aws-vpc-ts:index:VPC':
      vpcCidrr: Missing required property 'vpcCidrr'
      Existing properties are: vpcCidrr

even though both pulumi.yaml and interface have correct attributes. it starts to work after I rerun emitting of js files from ts, but I haven't been able to fully understand what causes this problem exactly. seems like some cached value of schema? but where and how to fix it? UPD: I was able to fix it by deleting sdks/ folder completely. but is it really supposed to be this way? 3. what is the value of specifying pulumi.input in the interface? it seems everything works without it, e.g.:

export interface VpcArgs {
    tags?: { [key: string]: string };  // versus
    tags?: { [key: string]: pulumi.Input<string> };
}

4. are there more references in how to type complex attributes, e.g. optional maps, optional nested objects, etc.? this doc page references a single string as input and it is not very helpful

Hi, I am using Pulumi ESC. Any way to transfer environments from a user to an organization? Probably not possible with the UI, but I was looking at

EscClient.clone_environment

method in the python library, which seems to be what I want, except that it only supports cloning environments within the same org. Do you have any recommendatinon on how to achieve this?

Hey I'm getting this:

brian.yeh@Brians-MacBook-Pro central-ocpp % pulumi refresh
Please choose a stack, or create a new one: staging
Previewing refresh (staging)

View in Browser (Ctrl+O): <https://app.pulumi.com/heynairb/central-ocpp/staging/previews/f51a5768-ca08-4d23-87f9-379162481e55>



error: failed to decrypt configuration key 'central-ocpp:SENTRY_DSN': [400] Bad Request: invalid ciphertext

When I use the cli. It happens any time I access anything related to a secret. But the GHA that deploys these secret values work fine. What's wrong? Is there a way to fix? Also if I set a new secret, the deploy isn't able to decrypt it.

Hi i use the latest pulumi version 3.177.0 to install plugins offline from a file like:

pulumi plugin install resource gitlab 6.5.0 --file gitlab6.5.0.tar.gz

Pulumi still tries to read from an online resource https://api.pulumi.com/api/preview/registry/packages?limit=499&name=gitlab Isnt it possible to install plugins in an offline env?

Hey All, We have the engineers on the Pulumi AI team answering questions on reddit tomorrow. If you have any questions you'd like to ask, ask away. https://www.reddit.com/r/pulumi/comments/1lcyfyi/pulumi_ama_wednesday_ask_us_anything_ai_pulumi/ https://pulumi-community.slack.com/archives/CB36DSVSA/p1750094061203539

Now that pulumi has released pulumi_operator v2 but there is no #C01F5GS6G3X anymore (archived), where do we talk about it? I want to understand things like: On the stack CRD we have : • EnvRefs: we populate from one of the from • Workflow/spec/env/valueFrom • Workflow/spec/envFrom Is there any difference on all of this in the context of setting envvars from configmaps or secrets on the workspace pod? I understand that all of them do the same?

Another pulumi operator question: on my migration journey… we mount files in the V1 pulumi operator (e.g.

~/.aws/config

). Checking the workflow template, it states on the containers:

List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated.

Do we have a way to mount extra stuff?

Hey, I found an old Slack message with this same issue but it had no responses. Wondering if anyone has since ran into this. Using C#, I'm trying to mock the output of a

StackReference

for unit testing where I'm using

RequireOutput

in the stack. I set up mocking to add a value to the output using

ImmutableDictionary.CreateBuilder<string, object>()

like in the docs. However, the

RequireOutput

throws this exception:

System.NullReferenceException: Object reference not set to an instance of an object.
   at Output<object> Pulumi.StackReference.RequireOutput(Input<string> name)+(ValueTuple<string, string, ImmutableDictionary<string, object>> v) => { }
   at Output<ValueTuple> Pulumi.Output<T>.Apply(Func<T, Task> func)+(T t) => { }
   at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)
   at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<WithIsSecret>g__GetData|0(?)+GetData(?)
   at Pulumi.Deployment.TestAsync(IMocks mocks, Func`2 runAsync, TestOptions options)
   at Thread.Uniti.Azure.Environment.Tests.EnvironmentStackTests.InitializeAsync() in /Users/john.marian/Repos/uniti/backend/Infrastructure/Azure/Thread.Uniti.Azure.Environment/tests/EnvironmentStackTests.cs:line 22
   at Xunit.v3.XunitTestRunnerBase`2.CreateTestClassInstance(TContext ctxt) in /_/src/xunit.v3.core/Runners/XunitTestRunnerBase.cs:line 62
   at Xunit.v3.ExceptionAggregator.RunAsync[T](Func`1 code, T defaultValue) in /_/src/xunit.v3.core/Exceptions/ExceptionAggregator.cs:line 146

hi, I was planning to try using Go for component resource, but I haven't found any good tutorial? it seems on this page https://www.pulumi.com/docs/iac/using-pulumi/extending-pulumi/build-a-component/ go examples are not available.

Hi guys, sorry is this was asked before 🙏 At work we have stacks files, each of them handles cluster provisioning and k8s resources as well as some grafana dashboards. We have approximately 150 stacks. I would like to build on top of

pulumi automation api

a way to

make changes to the files and later CI to run refresh a previews in the MR

, but all the examples I saw for

pulumi automation api

interacts directly with the backend (our backend lives in a bucket BTW!) is there any examples or doc to avoid using the state backend and only verify and makes stack files changes? Thanks!

I am currently evaluating Pulumi using my work email address with the free version of Pulumi. Once I am happy that it meets our requirements, we will purchase the Team version. When we do this, will any stacks that I have deployed during the free version be available to all team members?

Would'nt it be great if we could use Plumi to deploy inrastructure using drag and drop canvas. I am working on building a platform for the same.

Does the Pulumi Kubernetes Operator support stacks in any namespace, or only in the namespace the operator is deployed in? The non-code documentation is sparse in this regard.

Hey everybody, we are migrating our Terraform provider from SDK v2 to the Plugin Framework, our Pulumi provider is using the SDK v2 bridge, what are the necessary steps we need to take so our Pulumi provider is compatible with the Plugin Framework? Here is our Pulumi provider repo: https://github.com/pulumiverse/pulumi-cpln

Are there any plans to support OpenShift Kubernetes?

I posted a short video about building an internal developer platform:

Hey - so y'all released Pulumi 3.180.0; but there is no release in GitHub. We are using asdf plugin to install Pulumi from GitHub. https://www.pulumi.com/docs/iac/download-install/versions/ https://github.com/pulumi/pulumi/releases/tag/v3.178.0 Can someone invoke this build/release on GitHub?