Okay, update seems like I can ignore the pulumi.stack.yaml files if I refresh before any operations (.refreshConfig(stackName))

Just realised it also will add the defaults set in the Pulumi.yaml, as it takes the current value regardless if it was explicitly set in the pulumi.stack.yaml

Hi folks! We use Pulumi to deploy resources in Azure and are surprised by how slow

pulumi preview

often is: Shouldn't it just compare the resources in my code with those in the state (which should be nearly instantaneous)? However, it seems

pulumi preview

(even with

--refresh false

) still connects to Azure in the background. Why is that? Is there a way to prevent that?

Hello. I am trying to figure out how Pulumi is different from Terraform. Can anyone tell me?

Hello, one of the recent releases broke 3000 of our stacks https://github.com/pulumi/pulumi/releases/tag/v3.202.0

[components/{go,nodejs}] Send component inputs to be saved in state. This brings NodeJS and Go inline with Python behaviour

caused by

error: pre-step event returned an error: failed to save snapshot: serializaing checkpoint: marshalling checkpoint: json: unsupported value: +Inf
error: update failed

+ snapshotRetentionDays: {
                                  + def      : {
                                      + checks: [
                                      +     [0]: {}
                                        ]
                                      + type  : "number"
                                    }
                                  + format   : <null>
                                  + isFinite : true
                                  + isInt    : false
                                  + maxValue : +Inf
                                  + minValue : 0
                                  + type     : "number"
                                  + ~standard: {
                                      + vendor : "zod"
                                      + version: 1
                                    }
                                }

export abstract class LambdaFunction<Def extends config.ServiceDef> extends pulumi.ComponentResource {
  protected readonly rcName: lib.pulumi.ResourceNameFn;

  fn: aws.lambda.Function;
  role: aws.iam.Role;
  rolePolicy: aws.iam.RolePolicy;

  public readonly region: string;
  public readonly observabilityEnvironment: string;
  protected readonly eventInvokeConfig: aws.lambda.FunctionEventInvokeConfig | undefined;
  protected serviceDef: Def;
  protected args: FunctionArgs<Def>;

  protected constructor(
    name: string,
    args: FunctionArgs<Def>,
    opts?: pulumi.ComponentResourceOptions,
    type?: string,
    extras?: BaseExtras
  ) {
    super(type ?? "org:aws:lambda:Function", name, args, opts);
    // ....
  }}

Hi all, is it possible somehow to create temporary resources in another resource's lifecycle hooks? Background: https://github.com/pulumi/pulumi/discussions/20702

How to provision a pulumi access token for user X? Say I am owner of an org, and I want to create a pulumi personal access token for user X so that I can add this token to their pulumi-managed dev machine automatically, without requiring users to create an access token manually and then manually adding it to their environmental variables. Is this possible? The

AccessToken

provider (https://www.pulumi.com/registry/packages/pulumiservice/api-docs/accesstoken/) does not seem to allow to specify for a user. What would you suggest?

Hello I'm using sst v3 which is based on pulumi, for some reason my stack preview command fails with this message: error: an unhandled error occurred: Program exited with non-zero exit code: 1 I tried adding

-v=11 --logflow --logtostderr

flags to pulumi by editing sst code, I got a lot of logs but none of them seem to tell why did it exit Someone else suffered from the same issue, they say that upgrading Github Actions Runner spec with more compute and RAM fixed the issue for them, for me I run the command on my laptop, here are my laptop specs: 24GB RAM, AMD Ryzen 7 7840HS CPU, and NVMe disk I guess pulumi exits due to memory error or something even though I don't see any out-of-memory errors logged. I tried changing my OS limits for open files through ulimit(my OS is Arch Linux) without any luck Pulumi version is 3.205(I upgraded what sst uses) but versions dating back to 3.146 didn't work. Nodejs version is 22.20, I'm using Typescript. As for my stack, it seems that the number of deployed resources is what causes the problem not a specific resource, this has been confirmed by removing resource A and trying then adding resource A back and delete resource B instead and trying the command Whether I remove resource A or B the command

preview

succeeds, but keeping both of them fail the command(this is just a demonstration, the number of resources is way bigger than that)

If anyone can help, I'll appreciate it, I've been debugging this problem for weeks now

set the channel topic: Ask any question about Pulumi! This week's community helper: @lemon-scooter-94063 and @modern-spring-15520 On rotation: Monday–Friday Tag for anything you’re stuck on! See the FAQ at: https://www.pulumi.com/docs/support/faq/

Hello, folks! my organization was archived today. I think it's a free plan for us. What can I do?

So while performing migration of Backend from pulumi cloud to s3+dynamoDB+kms, We're getting this error:

Is it possible to require MFA for all user accounts associated with an organization? I see the following from Pulumi Cloud Adds Multi-factor Authentication:

Limitations

Initially, MFA in Pulumi Cloud will support TOTP (time-based one-time passwords) and it will only be available for Pulumi Cloud-backed users. Users authenticating with a third party (such as GitHub or GitLab) will need to use MFA through those providers at this time. Some other future improvements we are considering and will prioritize based on feedback we hear from customers are extending support for WebAuthN/passkeys, Duo, SMS/Email OTP and admins enforcing MFA for their entire organization.

Yet maybe that is out of date?

Startup hooks. Is it possible to define a callback for the Pulumi bootstrapping stage where I can check if Pulumi has been launched with the correct environment? I have several different clients using Pulumi in different execution environments and I forget who is who. eg

function pulumiBootstrap() {
  const execCommand = process.argv.join(' ');

  if (process.env.AWS_VAULT !== "abc-profile") {
    throw new Error(`Run from: aws-vault exec abc-profile -- ${execCommand}`);
  }
}

Automation and handling of exceptions - resources deleted when part of a program crashes Hi. We're creating resources in azure with the azure-native package and use java/groovy with the automation api. We're not sure if we're doing something wrong or if we misunderstand something.. Our issue is that if one part of the program crashes, e.g when getting the value of an output, rest of the program executes and end up deleting already created resource.

Hi...is anyone using github copilot agent with building pulumi components?

Hello, just curious what the default value of PULUMI_PARALLEL is?

I will be streaming in ~30 minutes, where I will be using ai to help me write a complex Pulumi component that I previously built with Terraform and AI. would be happy to see you there at https://twitch.tv/dmfigol

set the channel topic: Ask any question about Pulumi! This week's community helper: @green-answer-22914 On rotation: Monday–Friday Tag for anything you’re stuck on! See the FAQ at: https://www.pulumi.com/docs/support/faq/

Hello! I just watched a video by the dotnet team on the new . This seems like a perfect option for Pulumi. Create a simple single file, import your modules from another project, and bam! I realize this is new territory, but I was wondering if the Pulumi team had any considerations on it.

Hello, since last week (and it is worse today) we got an error 500 when we try to access our environment, can we get some help please ?

set the channel topic: Ask any question about Pulumi! This week's community helper: @modern-spring-15520 On rotation: Monday–Friday Tag for anything you’re stuck on! See the FAQ at: https://www.pulumi.com/docs/support/faq/

Is there an easy, programmatic way for me to import private keys from terraform's tls provider into pulumi state? Or do I just need to hack the state manually? I have around 20 keys I need to import, so I'm looking for any shortcuts 🙂

Hello lovely Pulumi users, my org has been trialling Pulumi - we're using the Kubernetes operator with ArgoCD to spin up databases for an app to use as a backend. One of the things that gives us pause for how we'd roll this out to production is how to make sure we're catching any unintended delete/recreate operations. I can think of three broad ways to handle this: • Find a way to report the output of

pulumi preview

when making a pull request • Use the

protect

resource option? (link) • Have users merge in a change that uses the new operator preview functionality (link), then review the output of that, then make a second PR to remove the preview flag Running a CI job that generates a

preview

and posts the output in a comment on the PR seems like the cleanest and safest option to me, but I don't know a way to de-translate the stack definition from the custom resource kubernetes manifest format! Has anyone else looked at this kind of problem? If so, would love to know what you came up with.

Hello Pulumi people! I am using Pulumi for our team’s kubernetes cluster. Now I have set up a CRD with pulumi_kubernetes.apiextensions.v1.CustomResourceDefinition. I am wondering how do I create resources using the CRD? Any help would be appreciated!

hello

hi all! What's the

template | url

parameter in

pulumi up

? it's not documented in the reference manual

If you’re in France near Sophia-Antipolis on November 25th, come join me pulumipus chill hoodie at Air France IT & Data! I’ll be talking about GitOps Promotion Tools! Powered by some interesting Pulumi programs under the hood, of course. pulumipus dancing music https://community.cncf.io/events/details/cncf-cloud-native-sophia-antipolis-presents-move-promotions-out-of-ci-implementing-gitops-promotion-tools/

Not sure if anyone else is seeing this, but running

pulumi up

on the latest version, it seems like changes (and “unchanged”) are being done sequentially instead of in parallel. If I set

PULUMI_PARALLEL=100

, the first 100 are in parallel, and the rest is sequential Pretty much only using AWS so maybe it’s an issue with the provider Side note: previews are still fast, but the actual updates are not

Have a candidate work trialing with us but he cant do anything because when he runs pulumi up it just hangs with no error message. We are paying customers on a 2 year contract and would be grateful if someone on the team could help with this asap.