Helo Everyone. I want to ask if any of you managed to deploy Dynatrace OneAgent to Azure App Services via Pulumi? #CRVK66N5U

Hi, I have an issue with @pulumi/gcp, when I try to create a resource like this:

const readonlyRole = new gcp.organizations.IAMCustomRole(
    "gouach-public-assets-read-only",
    {
      orgId: config.require("gcpOrganizationId"),
      title: "Gouach Public Assets bucket Read-only policy",
      description: "Allow only storage.objects.get on the public-assets bucket",
      permissions: ["storage.objects.get"],
      stage: "GA",
    },
  );

I get this error :

error: gcp:organizations/iAMCustomRole:IAMCustomRole resource 'gouach_public_assets_read_only' has a problem: "role_id" ("gouach_public_assets_read_only-d35e3d9") doesn't match regexp "^[a-zA-Z0-9_\\.]{3,64}$". Examine values at 'gouach_public_assets_read_only.roleId'.

so the GCP plugin tries to add "-" hyphens in roleId, although GCP doesn't allow it

is that normal? shouldn't the plugin auto-generate role-ids with underscore "_" instead?

for now I have to override it with

{... roleId: "my_role_id_with_underscores"}

but that's beside the point of using Pulumi to handle everything automatically, no ?

(using @pulumi/gcp 8.40.0)

Cross-posted at https://github.com/pulumi/pulumi-gcp/issues/3328

Hey everybody 👋 I'm the community helper this week and would love to hear about what you're building, what's going well, and what you're struggling with. Tag me for any questions and I'll be glad to help you out. pulumipus dancing music

We've been seeing this: `previously-imported resources that still specify an ID may not be replaced; please remove the \`import\` declaration from your program` left and right this week. When we try to import something but guess the properties wrong, we used to get a warning that the input would fail, and it told us which properties to change. But now we just get this error that is incorrectly assuming we've imported the resource before

Does anyone use the

@pulumiverse/mssql

provider or recommend any other provider for managing logins and users in SQL server (specifically, RDS)? We're having a fair few issues getting it to work long-term. Right now, we're having problems refresh and/or updating old projects. This is the error message:

error: Failed to retrieve SQL login settings: sql: no rows in result set

We can access the server and view the login using the same DB credentials as Pulumi is using, so we're confused by this.

I’m trying to get state refreshed running

pulumi refresh

but after applying I get the same updates running refresh again, like the state isn’t actually being updated. This is happening with

vault.kubernetes.AuthBackendRole

trying to refresh boundServiceAccountNamespaces. There’s 3 resources that can’t seem to apply the refresh no matter how many times I run the command. No warnings or errors, refresh command exits successfully.

Pulumi Cloud: is there a way to get which projects are importing an environment? It's available in the UI on the "Imported By" tab. I'd like to make a webhook when an environment is updated to cascade trigger

pulumi up

all stacks that import the environment. I looked in the API docs and couldn't find it or another best practice. Currently the alternative seems to be getting all projects, then looping through each project and seeing if it imports the environment 😞 In the webapp basically exactly what I want is coming from

<https://api.pulumi.com/api/esc/environments/><org>/<esc_project>/<environment>/referrers?allRevisions=true&latestStackVersionOnly=true

{
  "referrers": {
    "latest": [
      {
        "stack": {
          "project": "<project1>",
          "stack": "dev",
          "version": 6
        }
      },
      {
        "stack": {
          "project": "<project2>",
          "stack": "dev",
          "version": 47
        }
      },
      {
        "stack": {
          "project": "<project3>",
          "stack": "qa",
          "version": 8
        }
      },
      {
        "stack": {
          "project": "<project4>",
          "stack": "dev",
          "version": 20
        }
      }
    ]
  },
  "continuationToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}

@mammoth-restaurant-4670 Do you know how (Linux) Pulumi CLI decides when to report that its version is lagging behind the released version? I've just noticed that I'm on 3.166, but 3.190 is out. In the past I've reliably been kept within a couple of versions of latest by virtue of the console log message that includes the upgrade script(let). But not this time.

Hi everyone, I am running into problems when trying to authenticate with our Github Enterprise Repositories: Currently I am trying to deploy resources via yaml, using custom resources. What I first tested was this:

name: greeter-yaml
runtime: yaml
description: YAML
packages:
  greeter:
    source: "<https://github.com/julienp/pulumi-component-package.git/greeter-plugin>"
resources:
  greeting:
    type: greeter:index:Greeter
    properties:
      who: "Alex"
outputs:
  greeting:
    value: ${greeting.greeting}
config:
  pulumi:tags:
    value:
      pulumi:template: templates/

This uses the resource from a publicly available gituhb repository. This works fine, when calling "pulumi install" it downloads the resources and I am able to use it without any problems: Now the issue is, if I clone this repo and copy the files 1:1 to our Github Enterprise Repository (visibility status is Internal) and try to install the resources from there, I keep running into this error:

Installing packages defined in Pulumi.yaml...
Installing package 'greeter'...
error: installing `packages` from Pulumi.yaml: failed to install package 'greeter': failed to get schema: authentication required: Anonymous access denied

I tried using a Github PAT, which I set in the pulumi config under github:token, and also tried to set it as an env variable, but to no avail.

I opened #C099VF43UDC — our off-topic lounge 🛋️ Bring memes, pets, hobbies, side projects, and interesting links. Be kind. No support. See you there!

👋 brand question - is there a version of the Pulumi logo/icon available without the white ring? Checking the brand page (https://www.pulumi.com/brand/), it appears not (but it's there for the main logo) - so I figured I'd ask here to be sure

Hi everyone, I’m currently working on testing my Pulumi code and aiming for good coverage with unit testings. I’ve been following this tutorial, but I’ve run into several issues (mainly race conditions) when trying to run unit tests with a broader scope and multiple mocks of Pulumi calls. The tutorial doesn’t seem to provide many examples of this kind of Pulumi unit testing. Do you know where I could find some good examples of Pulumi unit tests (we use Pulumi with AWS as our main provider) or any best-practice guidelines? Thank you!

Hey guys, last week a new version of the Cloudflare Terraform provider came out and the auto upgrade bot has been failing to upgrade the pulumi cloudflare package. I commented on the PR earlier this week but figured I would give another nudge here. Apologies to bother and thank you so much! https://github.com/pulumi/pulumi-cloudflare/issues/1334

Hey.. I'm tryihng to install a Terraform provider in my Typescript Pulumi project and we're getting this error:

pulumi package add terraform-provider vantage-sh/vantage
warning: <nil>: #/functions/pulumi:providers:vantage%2FterraformConfig/inputs/properties/__self__/$ref: reference to provider resource '/resources/pulumi:providers:vantage' is deprecated, use '#/provider' instead; 
warning: <nil>: #/functions/pulumi:providers:vantage%2FterraformConfig/inputs/properties/__self__/$ref: reference to provider resource '/resources/pulumi:providers:vantage' is deprecated, use '#/provider' instead; 
Successfully generated a Nodejs SDK for the vantage package at /Users/diranged/git/nextdoor/infra-observability/sdks/vantage
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: jest-config@30.0.5
npm warn Found: @types/node@18.19.123
npm warn node_modules/@jest/core/node_modules/jest-config/node_modules/@types/node
npm warn
npm warn Could not resolve dependency:
npm warn peerOptional @types/node@"*" from jest-config@30.0.5
npm warn node_modules/@jest/core/node_modules/jest-config
npm warn   jest-config@"30.0.5" from @jest/core@30.0.5
npm warn   node_modules/@jest/core
npm error code 1
npm error path ..../sdks/vantage
npm error command failed
npm error command sh -c node ./scripts/postinstall.js
npm error Command failed: tsc: ../../node_modules/jest-mock/build/index.d.ts(8,21): error TS2726: Cannot find lib definition for 'esnext.disposable'.

I haven't yet tracked down what is failing... ive tried upgrading to Node 24, and we are usiing Typescript 5.9... all of our dependencies are updated to the latest versions. Any thoughts?

Hi all 👋 I'm going to be the community helper this week! Feel free to tag me on any questions you've got 🙂 I'd love to hear what you're working on!

Hey, I've noticed a few courses you offer (eyeing up IDP in particular) - Do these pop up at random, looks like I've missed the start on the IDP one. Or can these be picked up at anytime. My work is interested in looking at the tool and I want to get and have some backing with these courses 🙂

Hi @dazzling-car-20021, This is Suresh from Melbourne, Australia. I’m a big follower of Pulumi and use it extensively for my internal projects. Since most of the live sessions occur between 2 AM – 4 AM AEST, I usually rely on the recordings. However, I’ve been unable to access them via BigMarker. Here’s what happens: • I’m subscribed to BigMarker and log in successfully. • On the Attending Webinars page • I can see the “View Recording” links next to each session (screenshot attached). • But when I click those links, I’m redirected to a Pulumi documentation page instead of the intended YouTube recording. • This issue occurs across all session recording links. Could you please advise if there’s an alternate way to access the recordings, or if this is a known issue with BigMarker? Thanks for all the great content from Pulumi! CC: @stocky-restaurant-98004

Hello, Using Golang lib wafv2 for managing waf and cloudfront and also rulegroups. Have a challenge to implement this rule:

{
  "Name": "AWS-AWSManagedRulesAntiDDoSRuleSet",
  "Priority": 4,
  "Statement": {
    "ManagedRuleGroupStatement": {
      "VendorName": "AWS",
      "Name": "AWSManagedRulesAntiDDoSRuleSet",
      "ManagedRuleGroupConfigs": [
        {
          "AWSManagedRulesAntiDDoSRuleSet": {
            "ClientSideActionConfig": {
              "Challenge": {
                "UsageOfAction": "DISABLED",
                "Sensitivity": "HIGH",
                "ExemptUriRegularExpressions": [
                  {
                    "RegexString": "\\/api\\/|\\.(acc|avi|css|gif|ico|jpe?g|js|json|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?|xml)$"
                  }
                ]
              }
            },
            "SensitivityToBlock": "LOW"
          }
        }
      ],
      "RuleActionOverrides": [
        {
          "Name": "DDoSRequests",
          "ActionToUse": {
            "Count": {}
          }
        }
      ]
    }
  },
  "OverrideAction": {
    "None": {}
  },
  "VisibilityConfig": {
    "SampledRequestsEnabled": true,
    "CloudWatchMetricsEnabled": true,
    "MetricName": "AWS-AWSManagedRulesAntiDDoSRuleSet"
  }
}

Seems to be lib doesn't have the proper config:

type WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs struct {
    AwsManagedRulesAcfpRuleSet       WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetPtrInput       `pulumi:"awsManagedRulesAcfpRuleSet"`
    AwsManagedRulesAtpRuleSet        WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetPtrInput        `pulumi:"awsManagedRulesAtpRuleSet"`
    AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetPtrInput `pulumi:"awsManagedRulesBotControlRuleSet"`
    LoginPath                        pulumi.StringPtrInput                                                                                      `pulumi:"loginPath"`
    PasswordField                    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldPtrInput                    `pulumi:"passwordField"`
    PayloadType                      pulumi.StringPtrInput                                                                                      `pulumi:"payloadType"`
    UsernameField                    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldPtrInput                    `pulumi:"usernameField"`

Does someone know the workaround?

Terraform Bridge and a "Missing ID" When managing a

vantage_team

via the Pulumi-wrapped Terraform provider, the resource is created successfully and a

token

(e.g.,

team_…

) is returned as an output. However, the Pulumi resource ID is never set and remains

"missing ID"

in state. Because the ID is empty, Pulumi treats the resource as absent on subsequent previews/updates and plans a replace instead of an in-place update. Example code:

import * as pulumi from "@pulumi/pulumi";
import * as vantage from "@local/vantage";
...
const team = new vantage.Team("TestTeam", {
  name: "TestTeam",
  description: "TestTeam",
  workspaceTokens: [],
});

State:

{
  "urn": "urn:pulumi:default::...::vantage:team:NDTeam$vantage:index/team:Team::TestTeam",
  "custom": true,
  "id": "missing ID",
  "type": "vantage:index/team:Team",
  "inputs": {
    "description": "TestTeam",
    "name": "TestTeam",
    "workspaceTokens": []
  },
  "outputs": {
    "description": "TestTeam",
    "name": "TestTeam",
    "token": "team_a3a926c31733487a",
    "userEmails": [],
    "userTokens": [],
    "workspaceTokens": []
  },
  "provider": "urn:pulumi:default::...::pulumi:providers:vantage::default_0_1_62::2d400833-a014-45c3-b5cf-177eb33a4956"
}

@white-camera-67848 Is this a bug in the provider - ie, is there some missing connection in the provider that needs to tell it to map the "outputs.token" field (which is the unique ID of the team) to the "id" field in the state file?

Hi I am getting 500 error on pulumi dashboard

Can someone explain to me a core difference between pulumi and terraform If I understand correctly

terraform apply

by default refreshes resources. So what's the point of having a state if you refresh all the time, you may ask - because it refreshes only the resources that were picked up by the diff between the configuration (hcl) and the state, so should be fast + refresh only whats needed. On the other hand, pulumi does not refresh by default when running

pulumi up

- and when doing

pulumi up -r

this will refresh all the resources in the state. So effectively this means when Pulumi is using providers such as

pulumi-gcp

, which are based on

terraform-google-cloud

- you see unique to pulumi errors that do not happen in terraform - for example GCP SQL instance resource on terraform has correct diskSize (when auto resize is on) / settingsVersion - while pulumi fails on regular

up

because it does not refresh and the googleapis are not receiving the right values, which is only fixable by running a full refresh on the entire stack. Is this true?

I posted this in the dotnet channel but it's also a more general question that I think applies to pulumi as a whole: https://pulumi-community.slack.com/archives/CQ2QFLNFL/p1756322646789759 The general version is: can you tie a resource and an immediate "get" on that resource together in such a way that the "get" isn't known (and thus isn't called) unless pulumi knows that the resource definitely exists? EDIT: This has been resolved, the issue was that the Endpoint itself was returning the wrong error code when the resource didn't exist. I was thrown off because the URL it was calling was identical to the GetSecret call I was attempting to (not) make.

Hey folks, You are using Pulumi and want to share your story, lessons learned, or a cool project? Our next Berlin Pulumi User Group is on September 11 and we are looking for community speakers. It doesn’t matter if it’s a quick lightning talk or a full session. This is your chance to inspire others, show what you’ve built, and connect with the community. Check out the event here: https://www.meetup.com/berlin-pulumi-user-group/events/310227212/?slug=berlin-pulumi-user-group&eventId=310227212 Ping me if you’d like to speak in the #C09056S6091 channel or DM. Would love to have you on stage.

Hi everyone! is there an equivalent of pulumi state delete in pulumi's automation api? Thanks!