acoustic-application-9266
08/16/2025, 9:56 AMfew-apartment-82932
08/16/2025, 1:30 PMconst readonlyRole = new gcp.organizations.IAMCustomRole(
"gouach-public-assets-read-only",
{
orgId: config.require("gcpOrganizationId"),
title: "Gouach Public Assets bucket Read-only policy",
description: "Allow only storage.objects.get on the public-assets bucket",
permissions: ["storage.objects.get"],
stage: "GA",
},
);
few-apartment-82932
08/16/2025, 1:30 PMerror: gcp:organizations/iAMCustomRole:IAMCustomRole resource 'gouach_public_assets_read_only' has a problem: "role_id" ("gouach_public_assets_read_only-d35e3d9") doesn't match regexp "^[a-zA-Z0-9_\\.]{3,64}$". Examine values at 'gouach_public_assets_read_only.roleId'.
few-apartment-82932
08/16/2025, 1:31 PMfew-apartment-82932
08/16/2025, 1:31 PMfew-apartment-82932
08/16/2025, 1:31 PM{... roleId: "my_role_id_with_underscores"}
but that's beside the point of using Pulumi to handle everything automatically, no ?few-apartment-82932
08/16/2025, 1:33 PMfew-apartment-82932
08/16/2025, 1:46 PMmammoth-restaurant-4670
08/18/2025, 6:03 PMfast-sandwich-30809
08/18/2025, 8:06 PMlittle-cartoon-10569
08/18/2025, 10:15 PM@pulumiverse/mssql
provider or recommend any other provider for managing logins and users in SQL server (specifically, RDS)? We're having a fair few issues getting it to work long-term. Right now, we're having problems refresh and/or updating old projects. This is the error message:
error: Failed to retrieve SQL login settings: sql: no rows in result setWe can access the server and view the login using the same DB credentials as Pulumi is using, so we're confused by this.
straight-mouse-47114
08/19/2025, 5:18 PMpulumi refresh
but after applying I get the same updates running refresh again, like the state isn’t actually being updated. This is happening with vault.kubernetes.AuthBackendRole
trying to refresh boundServiceAccountNamespaces. There’s 3 resources that can’t seem to apply the refresh no matter how many times I run the command. No warnings or errors, refresh command exits successfully.clever-dog-35937
08/19/2025, 8:29 PMpulumi up
all stacks that import the environment.
I looked in the API docs and couldn't find it or another best practice. Currently the alternative seems to be getting all projects, then looping through each project and seeing if it imports the environment 😞
In the webapp basically exactly what I want is coming from <https://api.pulumi.com/api/esc/environments/><org>/<esc_project>/<environment>/referrers?allRevisions=true&latestStackVersionOnly=true
{
"referrers": {
"latest": [
{
"stack": {
"project": "<project1>",
"stack": "dev",
"version": 6
}
},
{
"stack": {
"project": "<project2>",
"stack": "dev",
"version": 47
}
},
{
"stack": {
"project": "<project3>",
"stack": "qa",
"version": 8
}
},
{
"stack": {
"project": "<project4>",
"stack": "dev",
"version": 20
}
}
]
},
"continuationToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
}
little-cartoon-10569
08/20/2025, 1:14 AMrich-electrician-70437
08/20/2025, 5:46 AMname: greeter-yaml
runtime: yaml
description: YAML
packages:
greeter:
source: "<https://github.com/julienp/pulumi-component-package.git/greeter-plugin>"
resources:
greeting:
type: greeter:index:Greeter
properties:
who: "Alex"
outputs:
greeting:
value: ${greeting.greeting}
config:
pulumi:tags:
value:
pulumi:template: templates/
This uses the resource from a publicly available gituhb repository. This works fine, when calling "pulumi install" it downloads the resources and I am able to use it without any problems:
Now the issue is, if I clone this repo and copy the files 1:1 to our Github Enterprise Repository (visibility status is Internal) and try to install the resources from there, I keep running into this error:
Installing packages defined in Pulumi.yaml...
Installing package 'greeter'...
error: installing `packages` from Pulumi.yaml: failed to install package 'greeter': failed to get schema: authentication required: Anonymous access denied
I tried using a Github PAT, which I set in the pulumi config under github:token, and also tried to set it as an env variable, but to no avail.modern-spring-15520
08/20/2025, 4:18 PMmillions-evening-86225
08/20/2025, 4:47 PMcurved-army-44908
08/21/2025, 2:45 PMmany-machine-38128
08/22/2025, 10:14 AMgreat-sundown-78827
08/22/2025, 8:38 PMpulumi package add terraform-provider vantage-sh/vantage
warning: <nil>: #/functions/pulumi:providers:vantage%2FterraformConfig/inputs/properties/__self__/$ref: reference to provider resource '/resources/pulumi:providers:vantage' is deprecated, use '#/provider' instead;
warning: <nil>: #/functions/pulumi:providers:vantage%2FterraformConfig/inputs/properties/__self__/$ref: reference to provider resource '/resources/pulumi:providers:vantage' is deprecated, use '#/provider' instead;
Successfully generated a Nodejs SDK for the vantage package at /Users/diranged/git/nextdoor/infra-observability/sdks/vantage
npm warn ERESOLVE overriding peer dependency
npm warn While resolving: jest-config@30.0.5
npm warn Found: @types/node@18.19.123
npm warn node_modules/@jest/core/node_modules/jest-config/node_modules/@types/node
npm warn
npm warn Could not resolve dependency:
npm warn peerOptional @types/node@"*" from jest-config@30.0.5
npm warn node_modules/@jest/core/node_modules/jest-config
npm warn jest-config@"30.0.5" from @jest/core@30.0.5
npm warn node_modules/@jest/core
npm error code 1
npm error path ..../sdks/vantage
npm error command failed
npm error command sh -c node ./scripts/postinstall.js
npm error Command failed: tsc: ../../node_modules/jest-mock/build/index.d.ts(8,21): error TS2726: Cannot find lib definition for 'esnext.disposable'.
I haven't yet tracked down what is failing... ive tried upgrading to Node 24, and we are usiing Typescript 5.9... all of our dependencies are updated to the latest versions.
Any thoughts?steep-plastic-74107
08/25/2025, 8:50 PMrough-fireman-9197
08/26/2025, 12:37 PMdelightful-lock-10393
08/26/2025, 11:50 PMsteep-motorcycle-5349
08/27/2025, 11:07 AM{
"Name": "AWS-AWSManagedRulesAntiDDoSRuleSet",
"Priority": 4,
"Statement": {
"ManagedRuleGroupStatement": {
"VendorName": "AWS",
"Name": "AWSManagedRulesAntiDDoSRuleSet",
"ManagedRuleGroupConfigs": [
{
"AWSManagedRulesAntiDDoSRuleSet": {
"ClientSideActionConfig": {
"Challenge": {
"UsageOfAction": "DISABLED",
"Sensitivity": "HIGH",
"ExemptUriRegularExpressions": [
{
"RegexString": "\\/api\\/|\\.(acc|avi|css|gif|ico|jpe?g|js|json|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?|xml)$"
}
]
}
},
"SensitivityToBlock": "LOW"
}
}
],
"RuleActionOverrides": [
{
"Name": "DDoSRequests",
"ActionToUse": {
"Count": {}
}
}
]
}
},
"OverrideAction": {
"None": {}
},
"VisibilityConfig": {
"SampledRequestsEnabled": true,
"CloudWatchMetricsEnabled": true,
"MetricName": "AWS-AWSManagedRulesAntiDDoSRuleSet"
}
}
Seems to be lib doesn't have the proper config:
type WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs struct {
AwsManagedRulesAcfpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetPtrInput `pulumi:"awsManagedRulesAcfpRuleSet"`
AwsManagedRulesAtpRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetPtrInput `pulumi:"awsManagedRulesAtpRuleSet"`
AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetPtrInput `pulumi:"awsManagedRulesBotControlRuleSet"`
LoginPath pulumi.StringPtrInput `pulumi:"loginPath"`
PasswordField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldPtrInput `pulumi:"passwordField"`
PayloadType pulumi.StringPtrInput `pulumi:"payloadType"`
UsernameField WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldPtrInput `pulumi:"usernameField"`
Does someone know the workaround?great-sundown-78827
08/27/2025, 2:40 PMvantage_team
via the Pulumi-wrapped Terraform provider, the resource is created successfully and a token
(e.g., team_…
) is returned as an output. However, the Pulumi resource ID is never set and remains "missing ID"
in state. Because the ID is empty, Pulumi treats the resource as absent on subsequent previews/updates and plans a replace instead of an in-place update.
Example code:
import * as pulumi from "@pulumi/pulumi";
import * as vantage from "@local/vantage";
...
const team = new vantage.Team("TestTeam", {
name: "TestTeam",
description: "TestTeam",
workspaceTokens: [],
});
State:
{
"urn": "urn:pulumi:default::...::vantage:team:NDTeam$vantage:index/team:Team::TestTeam",
"custom": true,
"id": "missing ID",
"type": "vantage:index/team:Team",
"inputs": {
"description": "TestTeam",
"name": "TestTeam",
"workspaceTokens": []
},
"outputs": {
"description": "TestTeam",
"name": "TestTeam",
"token": "team_a3a926c31733487a",
"userEmails": [],
"userTokens": [],
"workspaceTokens": []
},
"provider": "urn:pulumi:default::...::pulumi:providers:vantage::default_0_1_62::2d400833-a014-45c3-b5cf-177eb33a4956"
}
@white-camera-67848 Is this a bug in the provider - ie, is there some missing connection in the provider that needs to tell it to map the "outputs.token" field (which is the unique ID of the team) to the "id" field in the state file?echoing-noon-85874
08/27/2025, 4:16 PMmillions-train-91139
08/27/2025, 6:42 PMterraform apply
by default refreshes resources.
So what's the point of having a state if you refresh all the time, you may ask - because it refreshes only the resources that were picked up by the diff between the configuration (hcl) and the state, so should be fast + refresh only whats needed.
On the other hand, pulumi does not refresh by default when running pulumi up
- and when doing pulumi up -r
this will refresh all the resources in the state.
So effectively this means when Pulumi is using providers such as pulumi-gcp
, which are based on terraform-google-cloud
- you see unique to pulumi errors that do not happen in terraform - for example GCP SQL instance resource on terraform has correct diskSize (when auto resize is on) / settingsVersion - while pulumi fails on regular up
because it does not refresh and the googleapis are not receiving the right values, which is only fixable by running a full refresh on the entire stack.
Is this true?chilly-sunset-85353
08/27/2025, 7:27 PMmany-telephone-49025
08/28/2025, 10:06 AMflaky-country-91356
08/29/2025, 2:50 AM