What's the lock emoji?

~ scaleway:object/bucket:Bucket: (update) 🔒

This update doesn't have a diff, but it still needs to run on

pulumi up

, and I don't want it to

What does this error mean?

error: unrecognized resource type (Check): docker-buildindexImage

Can someone talk some sense into me for multi-region setups? I think I am on-board with the idea of there being one stack per region (e.g.

staging-us-east-1

,

prod-us-west-2

, etc), but then I started thinking about the global resources (like route53, global accelerator, MRAPs) and then I thought that we’d need a

prod-globals

… but some regional resources need the global resource to exist FIRST and sometimes the global resource needs the REGIONAL resource to exist first. So that sorta suggests the need for having stack variants for

pre-globals

and

post-globals

. Am I nuts? I.e. in order to support 2 “environments” like

staging

and `prod`in 2 regions, we’d need 8 pulumi stacks (!!!). That’s a lot but it would at least avoid any circular headaches with deployments/automation. alternatively, there could be a single multi-region stack for each “environment” — that way there’s no cross-stack dependencies and the relationship between the variants of global- vs. regional-resources is explicit. But doing something like canary deployments where you release one region at a time would become a real bear to pull off…

Is there a way in Pulumi to store shared config values? e.g. if you have certain config things that you want to be used across multiple stacks? I didn’t see anything in the docs…

anyone have the pulumi cli command freeze on a

pulumi destroy

😬?

Currently encountering this issue with the snowflake provider. The docs say they are importable but no luck. Has anyone faced this issue with this provider? I'm not really sure what to do if I can't import these.

Also facing a separate issue where my schemas in snowflake did import, but preview shows they need to be replaced and I'm not understanding why. Here is the preview diff for a targeted schema:

pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:test::snowflakeDefinitions::pulumi:pulumi:Stack::snowflakeDefinitions-test]
    +-snowflake:index/schema:Schema: (replace) 🔓
        [id=TEST_BUSINESS_ANALYTICS_DB.PRIVATE]
        [urn=urn:pulumi:test::snowflakeDefinitions::snowflake:index/schema:Schema::TEST_BUSINESS_ANALYTICS_DB.PRIVATE]
        [provider=urn:pulumi:test::snowflakeDefinitions::pulumi:providers:snowflake::default_2_6_0::bc0356d8-dc13-4223-ac09-07c026ccdd53]
      - dataRetentionTimeInDays: 1
      ~ isTransient            : "false" => "default"
      - showOutputs            : [
      -     [0]: {
              - comment      : ""
              - createdOn    : "2024-04-04 17:33:47.509 -0700 PDT"
              - databaseName : "TEST_BUSINESS_ANALYTICS_DB"
              - droppedOn    : "0001-01-01 00:00:00 +0000 UTC"
              - isCurrent    : false
              - isDefault    : false
              - name         : "PRIVATE"
              - options      : ""
              - owner        : "ACCOUNTADMIN"
              - ownerRoleType: "ROLE"
              - retentionTime: "1"
            }
        ]
      ~ withManagedAccess      : "false" => "default"

Is there a way to do a bulk import and ignore errors for resources that don't exist?

Hi! I'm new here (especially to slack) but have been planning to use Pulumi for the launch of my project for over a year and have gotten into it very seriously recently after refreshing on concepts with the continuous delivery and infrastructure as code books. I actually started with a homebrew solution to get stuff operational and SSH in and set stuff up with the digitalocean API directly, then tried terraform, then discovered and went for the pulumi automation API and have been playing around with it and pulumi for weeks now, and I gotta say I absolutely love it and am at the point where I've achieved an ease and separation of concerns typical of good application code (attaching earlier screenshot for reference of the high point I've experienced recently with this). This leads me to my problem... and I wouldn't ask here unless I was desperate. I'm using pulumi and doing infrastructure as code because I want to be able to deploy manage servers in a largely immutable fashion, e.g. if I have some files on my computer I want hosted on (maybe a contrived example given that S3 buckets can be used) but that I want hosted on NGINX somewhere, the ideal workflow would be to create a server, upload them, assign a floating IP to the server and use that to connect, then when I change the files, I'd also want this immutable workflow where I create another server, upload all of the files over SSH (separately from the creation of the droplet in the lifecycle) and only when all of them are there switch to the new server. Although this particular example is contrived, I was really looking towards writing components like this and to incorporate some sort of smoke tests. Things I tried include: 1) Trying to get a ComponentResource which includes my droplet replaced, but when I did this replace_on_changes didn't work for my input property and it did not get replaced, just a change detected iirc. 2) I also tried tainting the component resource manually and getting it replaced with ``pulumi state taint``but it changed none of the children. 3) I tried adding a local command to my component, having it depend on the droplet and having it fail, and I know that failing dependent resources won't change anything, I did this in isolation, see screenshot 3. This also leads me to an adjacent but equally relevant issue 1) What am I supposed to do If I want to make a component where I take the name of a docker image to install and port to publish, and then have the encapsulated droplet get redeployed/replaced with a new one? If the name if the input to the component changes then all of the internal components stay the same especially if I'm setting them up with a command, I've considered making a hash of the inputs and changing the name of the droplets for this but haven't thought far enough ahead about the implications. Any help would be appreciated, even if it's that Pulumi doesn't support this use case in any capacity, or if it requires something more complex, I'm not above getting my hands dirty if need be.

@modern-spring-15520 I don't know if this is inappropriate or not but I just want to try my luck since it says I can @ you, and it says you're an employee. Are zero downtime deployments possible in pulumi with droplets/ec2 instances/pick your poison or is this something I should be using multiple stacks for? I've spent like a week diving into this and trying just about everything and I kind of feel like they're not since the definition of done for one of these resources isn't provisioning or one check being done, it's weather or not they're created on the underlying API. And... as of this past hour I kind of played around with terraform and found out they're trivial with additional provisioning code there. So I guess I'm just asking to confirm, that if I want this, I have to use the automation API/multiple stacks and be more careful about how I approach this?

I just read that OpenTofu introduces ephemeral resources, which is great because I was gonna ask for it in pulimi. I could use ephemeral resources to • spin up a bastion node (Server resource) • set up a ssh tunnel (that would require a new Process resource, for running processes, as opposed to LocalCommand) • or set up a kubernetes port-forward (also a Process resource) to manage other services, for example a database Unlike hooks, these resources would be also required at refresh

Hey fellow community members! If you happen to be in Denmark next week, why not join our first ever Copenhagen Pulumi User Group on the 9th of October? Or know someone interested? Why not share the word and spread the Pulumi love! Here’s the link to RSVP and all the details: https://www.meetup.com/copenhagen-pulumi-user-group/events/310408791/

Hey everyone, i was wonderjng if community can support through merchandise and swags for a tech. YouTuber like me who's advocating for CNCF projects. I have been planning to make a full length video about pulumi and its amazing benefits over other iac tools. I have been also running a 30days30projects challenge. Let me know if someone from marketting or community management team can join me to connect further!

Would it be possible to get the PDF invoice attached to the automatic email you get after payment? Our automatic flow can only parse PDFs and it's tedious to have to download and email the PDF manually

I seem to have come across a bug? Unexpected behavior at least: I’m building a lambda function from a local zip file. I’m looping over 2 regions. But only the first region gets the updated code.

pulumi preview

etc. show that there are no changes, but when I look in the AWS dashboard I can see that one region still has the old code. This is an app with one stack that deploys to 2 region. I think the culprit is somehow this:

code=pulumi.FileArchive("path/to/lambda.zip"),

I even tried making 2 copies of the file (one for each region), but pulumi still isn’t seeing that one of the lambdas needs to be updated. 🤔 Any ideas?

can you do templated values in the project-level config, eg. in Pulumi.yaml

config:
  kubernetes:namespace: my_project-{stack}

with the docker provider, you can configure env vars

DOCKER_REGISTRY_PASS

and

DOCKER_REGISTRY_USER

but they dont work unless you add this config

config:
  docker:registryAuth:
    - address: <http://ghcr.io|ghcr.io>

im trying to move completely away from configuring providers in stacks and switch to env vars. is there a workaround here? not sure why it needs address because the name im passing to

getRegistryImage

is fully-qualified to ghcr.io

Hi can anyone tell me why am I unable to delete stacks?

error: [403] You do not have permission to perform this operation.

Is

pulumi team

subscription still limited to 1 admin?

Hi folks. I just upgraded to Pulumi Enterprise, and am trying to configure SAML SSO with Google Workspace. I get to the point where I'm pasting the

GoogleIDPMetadata.xml

into the Pulumi Membership requirements setup wizard, but I get an error:

Error Changing Requirements

Bad Request: ERR_OMU_PERSONAL_STACKS: Requesting user has active programs in a single-user organization.

Can anyone help me resolve this?

Question regarding

retainOnDelete

and

k8s.yaml.ConfigGroup

. I can set

retainOnDelete

on the

ConfigGroup

itself, but the child resources (the things in a specified yaml file) don't seem to inherit that setting. Is there any way to make that setting propagate to those child resources? alternatively, is there a way to manually add the marker via cli?

Does Pulumi not support in-place storage update for timestream influxDB?

aws:timestreaminfluxdb:DbInstance (scan-event-influxdb-eu-west-1):
    error: creating Amazon Timestream for InfluxDB DB Instance ("scan-event-influxdb-eu-west-1-instance"): operation error Timestream InfluxDB: CreateDbInstance, https response error StatusCode: 400, RequestID: 451efc9d-4854-4e44-ba88-e349b623f095, ConflictException: The DbInstance with id [989171ap4k], name [scan-event-influxdb-eu-west-1-instance], customer [590309927493] already exists: operation error Timestream InfluxDB: CreateDbInstance, https response error StatusCode: 400, RequestID: 451efc9d-4854-4e44-ba88-e349b623f095, ConflictException: The DbInstance with id [....], name [scan-event-influxdb-eu-west-1-instance], customer [...] already exists

Anyone deploying with

docker.Container

and container registry? I've added

registryAuth

to the docker provider, but it can't find the images. Pushing works fine though

hi eveyone, had a repo that was a bit out of date and moving to more recent versions of pulumi and the pulumi/gcp provider:

"@pulumi/pulumi": "^3.130.0",
"@pulumi/gcp": "^9.2.0"

now all of my resources want to add the new

pulumiLabels

entry and i'm failing with this error on all of my dns records

googleapi: Error 400: The field 'entity.managedZone.id' cannot be modified., immutableField

naturally, don't want to delete my managedZone and recreate to get past this but unsure of what to do next.

is PULUMI_CONFIG_PASSPHRASE still used if we're using an s3 backend with a kms secret provider? just wondering if i need to set that to something random still, or if kms is all it needs. i ask because it's still asking me to set that when i run the automation api, even though the secrets backend is set to a kms alias

i'm trying to fetch the RDS root CA in my pulumi program so i can set it as a config value in kubernetes. is there a way to turn the contents of a URL into a pulumi resource?

Pulumi error handling: what am I missing? I have a function that checks pre-emptively to ensure we are using the proper service account. If I include this code IN the stack, at least I see error messages but I still get a strange stack trace. >> More in thread TL;DR how do I raise an error properly, get the messages printed to the console, and not see an ugly stack trace for

RangeError: Invalid string length

?

Hi, there is a weird behaviour I see with pulumi or gke. As per preview it suppose to attach multiple secondary boot disks to the gke nodepool. But only first one in the list getting attached and left out remaining. When tried manual nodepool creation, it's working. But with Pulumi it's not. Is it some bug in pulumi or gke? or combination of both? Attached screenshot.. no where I see error during pulumi up

Hope I get some help here

Hello, has anyone tested out pulumi with AWS's new ARC feature? Have my configuration 99% there, but cannot figure out how to configure ungraceful execution on my Aurora global plan. This is how I currently have it in my code vs what the documentation says. When I try to deploy it I get:

operation UPDATE failed with "GeneralServiceException": Service returned error code InternalFailure (Service: ArcRegionSwitch, Status Code: 500, Request ID: 6db4ab0c-5e8b-40cb-9ce7-b48fbb70a1ed) (SDK Attempt Count: 4)

. Not sure if this feature is just not fully covered yet?

ungraceful: {
                  failover: "failover"
}

Hey i've got a bit of an unusual one. We're running pulumi inside Temporal workers (via automation API) and for temporal to know if the worker is dead/stuck we trigger "heartbeat" on every stdout line of pulumi. Since pulumi outputs periodic

.

as it works, this usually works but we still occasionally see heartbeat timeouts even with relatively long timeouts (3 minutes) Are there any other ways to hook into pulumi to know if it is still "alive"? some kind of healthcheck we can do on it? The coarse solution would be to just check if the pulumi process is still running at all...