https://pulumi.com logo
Join Slack
Powered by
# general
  • b
    We have found ourselves in a situation where we have an unsatisfactory solution, but we wanted to know if there is a better, more elegant alternative. • We have a project containing shared infrastructure, with stacks allocated per environment (UAT/PROD). • We also have projects containing infrastructure per partner/environment (e.g., PARTNER-A-UAT, PARTNER-B-UAT, etc.), and they have stack references to the shared infrastructure (Ex, a VPC in the shared environment is referenced by partner/environment to add a subnet). • We manage triggering Pulumi previews and updates in CircleCI, where the workflow builds out the shared infra, then the partners. Which works fine in the full CI/CD workflow • We want to be able to run the shared and partner lower env previews for Pull Requests in GitHub. The problem is that without running the actual Pulumi apply in the shared environment and adding, for example, the VPC referenced in the partner stack, it will fail. Our hacky solution is to: 1. Are we running the code currently in a 
    preview
    ? 2. If so, mock all stack references to the shared project. Is there a better way to do this?
    👀 3
    m
    w
    • 3
    • 18
  • b
    Hello Pulumi Community! I am on the community rotation this week and will be going through and responding to questions
    👋🏻 1
    👋 5
  • b
    Feel free to DM me if you have a question!
  • s
    Hi community! Is there a tool in the Pulumi ecosystem similar to Terragrunt that helps coordinate multiple Pulumi projects—for example, handling init, destroy, and managing dependencies between them? Would the Pulumi Automation API be the right comparison here?
    l
    • 2
    • 3
  • s
  • g
    Anyone here using Fargate that would know what I'm doing wrong? Not sure if it's an AWS issue or a Pulumi issue. Getting:
    Copy code
    awsx:ecs:FargateTaskDefinition resource 'my-resource' has a problem: Requested resources exceed the maximum allowed for Fargate. Requested: 17 vCPU and 2GB. Max: 16 vCPU and 120GB.
    For:
    Copy code
    import { ecs } from '@pulumi/awsx/types/input'
import TaskDefinitionContainerDefinitionArgs = ecs.TaskDefinitionContainerDefinitionArgs

const serviceContainerDefinition: TaskDefinitionContainerDefinitionArgs = {
// ...
        cpu: 16384,
        memory: 32768,
    }
    Should be a valid config according to this: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html#task_size
    m
    • 2
    • 2
  • a
    Is there any way to extract the Duration of a pulumi update/destroy (through automation api) from the output? (seeing that the duration is only part of the standard output so something along the lines 
    pulumi_output = stack.up(on_output=print)
    or do I need to parse the output in a callback for achieving this?
  • i
    I’m having some issues trying to connect my claude code to the pulumi mcp. I am logged into pulumi, but is it expecting other variables in the environment? I get 
    pulumi: npx @pulumi/mcp-server@latest - ✗ Failed to connect
    , the current CLI is 
    3.194.0
    .
    g
    • 2
    • 7
  • b
    Hi All. I recently started using Pulumi and accidentally created both a personal and an organization account for myself. Now, the organization account I created is showing that the free trial has ended. My company, Modivcare, already has an existing organization account that we use, and I’m trying to switch to that account. However, when I go to the settings to switch, I can’t seem to find it listed. Any help would be appreciated!
    l
    • 2
    • 1
  • i
    Hello, Is there any way to get the Github environment public key (replicating this https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#get-an-environment-public-key in Pulumi)? The documentation, what little there is, is useless and the Pulumi "AI" just made me waste an hour trying to implement it's hallucination passed of as a solution.
    l
    • 2
    • 1
  • m
    Hi my new role uses Pulumi across Python/Node where each repo has its own decoupled infra. I am moving to create a monorepo for all our infrastructure. I come from a Terraform background and was wondering what is the recommended way to do it? Can a monorepo with Pulumi infrastructure exists across different languages? I have a strict requirement that my platform team creates reusable modules across things such as AWS S3/RDS/etc. Is this possible with Pulumi? Are there any examples showing how this works?
    a
    l
    m
    • 4
    • 4
  • p
    Hi everyone, Is there some mechanism that would allow me to run my code on error? Here're some examples of what I need: Let's say an azure resource provider runs into some errors like: • 429 rate limit exceeded • 409 already exists • a random issue I dont yet know how to handle That I want to react on by: • requesting and logging the remaining rate limits • logging the resource ID, URN and parent to the filesystem so that I can import the resource before trying again (which happens to be needed for example in case of some intermittent issues on Azure) • log it to some analytical tool
    l
    • 2
    • 3
  • p
    Hi all, I have a bit of a wild issue (at least to me) and not found any kind of resource about it yet. We are using Pulumi to manage the state of our 3 environments (dev, staging, prod) and the staging envrionment is always slow. Slow meaning 4+ minutes for previews and updates while dev and prod are done in 20ish seconds or faster. It doesn't matter which operation I am running, it doesn't matter which resource is updated (or no resource at all). I have enabled debug logs and compared a 
    pulumi preview
    on prod vs staging (with no changes in each of them) and found things like     • ~On staging it's doing LOTS of 
    <https://api.pulumi.com/api/stacks/[COMPANY> NAME]/[COMPANY NAME]/staging/decrypt
    calls at the start, specifically there's 2 blocks of lots of these calls which roughly add 2 minutes each (so this is the issue)Staging has 50 resources less than prod but is slowerThe log files on staging is 20MB smaller (just interesting I thought) Does anyone have an idea on what this could be / how to debug this more? It's starting to drive us nuts I am an absolute idiot, for some reason staging didnt have our own Azure KV as secrets prvider while the other stacks had it. I'll leave this here because others may be as stupid and find this but god damn this is stupid
    😅 2
    l
    • 2
    • 1
  • g
    Hello Pulumi Community! 👋 I am on the community rotation this week and will be going through and responding to questions
    🎉 3
    🔥 3
    a
    q
    i
    • 4
    • 7
  • l
    i’m trying to figure out the best pattern for updating a resource after creation, based on the creation of other resources. see the thread for a specific use case.
    l
    • 2
    • 4
  • p
    Hi, I'm trying to work with secrets on the Project level. I've seen this documentation: https://www.pulumi.com/blog/project-config-mvp/ However there is no information on the secrets and I cant figure out how to work with the Project level config (Pulumi.yaml) via 
    pulumi config
    commands, so what I did was that I created a stack, moved the encryption related blocks to the Pulumi.yaml as well as the secrets, where I simply added the 
    value:
    block to the secrets and unsurprisingly, the 
    pulumi config get ...
    command crashes. Attached image shows what the Pulumi.yaml looks like and the crash looks like this (I'd post it as a GH issue, but it does feel like its my fault):
    Copy code
    ================================================================================
The Pulumi CLI encountered a fatal error. This is a bug!
We would appreciate a report: <https://github.com/pulumi/pulumi/issues/>
Please provide all of the text below in your report.
================================================================================
Pulumi Version:   v3.185.0
Go Version:       go1.24.5
Go Compiler:      gc
Architecture:     amd64
Operating System: windows
Panic:            attempt to decrypt value

goroutine 1 [running]:
runtime/debug.Stack()
        runtime/debug/stack.go:26 +0x5e
main.panicHandler(0xc000f55f1f)
        <http://github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/main.go:37|github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/main.go:37> +0x45
panic({0x294d2a0?, 0x36d41d0?})
        runtime/panic.go:792 +0x132
<http://github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.panicCrypter.DecryptValue(...)|github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.panicCrypter.DecryptValue(...)>
        <http://github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/crypt.go:125|github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/crypt.go:125>
<http://github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.object.decrypt({{0x294d2a0|github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.object.decrypt({{0x294d2a0>?, 0xc001c270f0?}, 0x59?}, {0x3701038, 0x4ecd580}, {0x0, 0x0, 0x0}, {0x29c6a23bff8, 0x4ecd580})    
        <http://github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/object.go:96|github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/object.go:96> +0xfa
<http://github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.object.Decrypt(...)|github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.object.Decrypt(...)>
        <http://github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/object.go:79|github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/object.go:79>
<http://github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.Value.Value({{0xc001bf5b00|github.com/pulumi/pulumi/sdk/v3/go/common/resource/config.Value.Value({{0xc001bf5b00>?, 0x2be8480?}, 0x5?, 0x0?, 0xc000054156?}, {0x29c6a23bff8, 0x4ecd580})
        <http://github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/value.go:70|github.com/pulumi/pulumi/sdk/v3@v3.184.0/go/common/resource/config/value.go:70> +0xc5
<http://github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config.getConfig({0x3701000|github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config.getConfig({0x3701000>, 0x4ecd580}, {0x370c2d0, 0xc001974330}, {0x0}, {0x36eccc8?, 0x4ecd580?}, {0x370e140, 0xc001bba870}, {{0xc000054150, ...}, ...}, ...)
        <http://github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config/config.go:1141|github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config/config.go:1141> +0x7ab
<http://github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config.newConfigGetCmd.func1(0xc001b15808|github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config.newConfigGetCmd.func1(0xc001b15808>?, {0xc001a3a730, 0x1, 0x2eeabe2?})
        <http://github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config/config.go:309|github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/config/config.go:309> +0x2cb
<http://github.com/spf13/cobra.(*Command).execute(0xc001b15808|github.com/spf13/cobra.(*Command).execute(0xc001b15808>, {0xc001a3a700, 0x1, 0x1})
        <http://github.com/spf13/cobra@v1.8.0/command.go:983|github.com/spf13/cobra@v1.8.0/command.go:983> +0xad4
<http://github.com/spf13/cobra.(*Command).ExecuteC(0xc001b14f08)|github.com/spf13/cobra.(*Command).ExecuteC(0xc001b14f08)>
        <http://github.com/spf13/cobra@v1.8.0/command.go:1115|github.com/spf13/cobra@v1.8.0/command.go:1115> +0x44f
<http://github.com/spf13/cobra.(*Command).Execute(...)|github.com/spf13/cobra.(*Command).Execute(...)>
        <http://github.com/spf13/cobra@v1.8.0/command.go:1039|github.com/spf13/cobra@v1.8.0/command.go:1039>
main.main()
        <http://github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/main.go:64|github.com/pulumi/pulumi/pkg/v3/cmd/pulumi/main.go:64> +0x65
    g
    • 2
    • 4
  • s
    Hello Pulumi community, I've been using Pulumi (+Azure Native + our own builder methods) for about a month now and it's been an education. However for the moment I'm struggling with a fairly specific problem having to do with managed environments and certificates in Azure. Details are over in the Azure channel to avoid double posting. Thanks for any pointers. 🙂
  • i
    hey all, any ideas how i might begin to debug this issue?
    Copy code
    kafka:index:Acl (acl-xyz):
    error: deleting urn:pulumi:test::cloud::kafka:index/acl:Acl::acl-xyz: 1 error occurred:
    	* failed to list ACLs: kafka server: This most likely occurs because of a request being malformed by the client library or the message was sent to an incompatible broker. See the broker logs for more details
    nothing showing up in the redpanda server logs, my best guess is that redpanda api has drifted from compatibility with the kafka api...but can't be sure unless i see something concrete is there a way to enable verbose logging on the client?
  • h
    i am creating an resources in a pulumi component resource, if I run 
    pulumi up
    and only create that resource, it works, if I run 
    pulumi up
    and allow other resources to be created, that resource hangs indefinitely
    e
    • 2
    • 17
  • b
    pulumi import
    doesn't seem to work: using either the token from pulumi registry or what's seen in the preview doesn't work
    1
    l
    • 2
    • 13
  • b
    Hi for some reason pulumi is trying to delete my tools-ou even though during the up, it shouldn't be modified.
    Untitled
    1
    l
    • 2
    • 4
  • e
    Hey, so I have another custom-provider related question. I'm saving my API token in the provider config. Trouble is, the provider gets recreated along with all it's resources when I need to update that token. From what I've gathered from this issue it seems I need to "implement DiffConfig", but I'm unsure on how to do that. I see no mentions of DiffConfig in the documentation, nor in example or even real world providers.
    l
    • 2
    • 3
  • c
    Hey, Has anyone migrated an existing EKS cluster from Pulumi AWS provider to Pulumi EKS provider without recreating the cluster? Trying to move to the EKS provider for better management, but the cluster is in prod and must stay intact. Any tips on importing, avoiding destructive changes, or handling state?
    g
    • 2
    • 1
  • w
    Hey, I'm having some trouble configuring OIDC authentication with Pulumi cloud from our Github Actions pipeline. I've followed the documentation and am on the step to configure the OIDC Authorization policy but I don't have the option to use organisation token types. Any ideas?
    m
    f
    • 3
    • 17
  • f
    Hey! The employee who made our pulumi provider left our company. Who should I contact or what do I need to do in regards to requested registry changes?
    g
    • 2
    • 1
  • s
    Hello, I am trying to get an item out of an InputList construct inside an Apply block (in C#). What's the proper incantation to make this work? InputList only has Add and Concat and I can't figure out what kind of structure it is to access the resource ID inside.
    l
    e
    • 3
    • 2
  • s
  • f
    My talk "Infrastructure as Code with Python and Pulumi" got accepted for PyConES'25! I'll be sharing about how to use Python an Pulumi as real OSS, real programming languages, as IaC for managing your infrastructure. PyConEs'25, 17-19/Oct in Seville, Spain. Anyone attending? Come say hello!
    🙌🏻 1
    🎉 8
    🙌 5
    pulumipus chill hoodie 2
  • t
    Are delete lifecycle operations always leaf nodes in the graph? It seems that way. I haven't been able to get anything to run AFTER a delete, or to depend on the outcome of a delete operation.
    w
    • 2
    • 3
  • r
    I tried renaming a Role's name under Settings, but didn't work (though it says save successfully). Is this a known bug?