https://pulumi.com logo
Join Slack
Powered by
# general
  • a

    acoustic-application-9266

    08/16/2025, 9:56 AM
    Helo Everyone. I want to ask if any of you managed to deploy Dynatrace OneAgent to Azure App Services via Pulumi? #CRVK66N5U
  • f

    few-apartment-82932

    08/16/2025, 1:30 PM
    Hi, I have an issue with @pulumi/gcp, when I try to create a resource like this:
    Copy code
    const readonlyRole = new gcp.organizations.IAMCustomRole(
        "gouach-public-assets-read-only",
        {
          orgId: config.require("gcpOrganizationId"),
          title: "Gouach Public Assets bucket Read-only policy",
          description: "Allow only storage.objects.get on the public-assets bucket",
          permissions: ["storage.objects.get"],
          stage: "GA",
        },
      );
  • f

    few-apartment-82932

    08/16/2025, 1:30 PM
    I get this error :
    Copy code
    error: gcp:organizations/iAMCustomRole:IAMCustomRole resource 'gouach_public_assets_read_only' has a problem: "role_id" ("gouach_public_assets_read_only-d35e3d9") doesn't match regexp "^[a-zA-Z0-9_\\.]{3,64}$". Examine values at 'gouach_public_assets_read_only.roleId'.
  • f

    few-apartment-82932

    08/16/2025, 1:31 PM
    so the GCP plugin tries to add "-" hyphens in roleId, although GCP doesn't allow it
  • f

    few-apartment-82932

    08/16/2025, 1:31 PM
    is that normal? shouldn't the plugin auto-generate role-ids with underscore "_" instead?
  • f

    few-apartment-82932

    08/16/2025, 1:31 PM
    for now I have to override it with
    {... roleId: "my_role_id_with_underscores"}
    but that's beside the point of using Pulumi to handle everything automatically, no ?
  • f

    few-apartment-82932

    08/16/2025, 1:33 PM
    (using @pulumi/gcp 8.40.0)
  • f

    few-apartment-82932

    08/16/2025, 1:46 PM
    Cross-posted at https://github.com/pulumi/pulumi-gcp/issues/3328
    e
    • 2
    • 1
  • m

    mammoth-restaurant-4670

    08/18/2025, 6:03 PM
    Hey everybody 👋 I'm the community helper this week and would love to hear about what you're building, what's going well, and what you're struggling with. Tag me for any questions and I'll be glad to help you out. pulumipus dancing music
    🔥 3
    🙌 2
    👋🏻 1
    👋 3
    m
    • 2
    • 1
  • f

    fast-sandwich-30809

    08/18/2025, 8:06 PM
    We've been seeing this: `previously-imported resources that still specify an ID may not be replaced; please remove the \`import\` declaration from your program` left and right this week. When we try to import something but guess the properties wrong, we used to get a warning that the input would fail, and it told us which properties to change. But now we just get this error that is incorrectly assuming we've imported the resource before
    e
    • 2
    • 2
  • l

    little-cartoon-10569

    08/18/2025, 10:15 PM
    Does anyone use the
    @pulumiverse/mssql
    provider or recommend any other provider for managing logins and users in SQL server (specifically, RDS)? We're having a fair few issues getting it to work long-term. Right now, we're having problems refresh and/or updating old projects. This is the error message:
    error: Failed to retrieve SQL login settings: sql: no rows in result set
    We can access the server and view the login using the same DB credentials as Pulumi is using, so we're confused by this.
    m
    • 2
    • 11
  • s

    straight-mouse-47114

    08/19/2025, 5:18 PM
    I’m trying to get state refreshed running
    pulumi refresh
    but after applying I get the same updates running refresh again, like the state isn’t actually being updated. This is happening with
    vault.kubernetes.AuthBackendRole
    trying to refresh boundServiceAccountNamespaces. There’s 3 resources that can’t seem to apply the refresh no matter how many times I run the command. No warnings or errors, refresh command exits successfully.
    m
    • 2
    • 1
  • c

    clever-dog-35937

    08/19/2025, 8:29 PM
    Pulumi Cloud: is there a way to get which projects are importing an environment? It's available in the UI on the "Imported By" tab. I'd like to make a webhook when an environment is updated to cascade trigger
    pulumi up
    all stacks that import the environment. I looked in the API docs and couldn't find it or another best practice. Currently the alternative seems to be getting all projects, then looping through each project and seeing if it imports the environment 😞 In the webapp basically exactly what I want is coming from
    <https://api.pulumi.com/api/esc/environments/><org>/<esc_project>/<environment>/referrers?allRevisions=true&latestStackVersionOnly=true
    Copy code
    {
      "referrers": {
        "latest": [
          {
            "stack": {
              "project": "<project1>",
              "stack": "dev",
              "version": 6
            }
          },
          {
            "stack": {
              "project": "<project2>",
              "stack": "dev",
              "version": 47
            }
          },
          {
            "stack": {
              "project": "<project3>",
              "stack": "qa",
              "version": 8
            }
          },
          {
            "stack": {
              "project": "<project4>",
              "stack": "dev",
              "version": 20
            }
          }
        ]
      },
      "continuationToken": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
    }
    m
    • 2
    • 1
  • l

    little-cartoon-10569

    08/20/2025, 1:14 AM
    @mammoth-restaurant-4670 Do you know how (Linux) Pulumi CLI decides when to report that its version is lagging behind the released version? I've just noticed that I'm on 3.166, but 3.190 is out. In the past I've reliably been kept within a couple of versions of latest by virtue of the console log message that includes the upgrade script(let). But not this time.
    m
    • 2
    • 3
  • r

    rich-electrician-70437

    08/20/2025, 5:46 AM
    Hi everyone, I am running into problems when trying to authenticate with our Github Enterprise Repositories: Currently I am trying to deploy resources via yaml, using custom resources. What I first tested was this:
    Copy code
    name: greeter-yaml
    runtime: yaml
    description: YAML
    packages:
      greeter:
        source: "<https://github.com/julienp/pulumi-component-package.git/greeter-plugin>"
    resources:
      greeting:
        type: greeter:index:Greeter
        properties:
          who: "Alex"
    outputs:
      greeting:
        value: ${greeting.greeting}
    config:
      pulumi:tags:
        value:
          pulumi:template: templates/
    This uses the resource from a publicly available gituhb repository. This works fine, when calling "pulumi install" it downloads the resources and I am able to use it without any problems: Now the issue is, if I clone this repo and copy the files 1:1 to our Github Enterprise Repository (visibility status is Internal) and try to install the resources from there, I keep running into this error:
    Copy code
    Installing packages defined in Pulumi.yaml...
    Installing package 'greeter'...
    error: installing `packages` from Pulumi.yaml: failed to install package 'greeter': failed to get schema: authentication required: Anonymous access denied
    I tried using a Github PAT, which I set in the pulumi config under github:token, and also tried to set it as an env variable, but to no avail.
    e
    • 2
    • 3
  • m

    modern-spring-15520

    08/20/2025, 4:18 PM
    I opened #C099VF43UDC — our off-topic lounge 🛋️ Bring memes, pets, hobbies, side projects, and interesting links. Be kind. No support. See you there!
    meow party 3
    💜 1
    👌 1
    • 1
    • 1
  • m

    millions-evening-86225

    08/20/2025, 4:47 PM
    👋 brand question - is there a version of the Pulumi logo/icon available without the white ring? Checking the brand page (https://www.pulumi.com/brand/), it appears not (but it's there for the main logo) - so I figured I'd ask here to be sure
    n
    • 2
    • 5
  • c

    curved-army-44908

    08/21/2025, 2:45 PM
    Hi everyone, I’m currently working on testing my Pulumi code and aiming for good coverage with unit testings. I’ve been following this tutorial, but I’ve run into several issues (mainly race conditions) when trying to run unit tests with a broader scope and multiple mocks of Pulumi calls. The tutorial doesn’t seem to provide many examples of this kind of Pulumi unit testing. Do you know where I could find some good examples of Pulumi unit tests (we use Pulumi with AWS as our main provider) or any best-practice guidelines? Thank you!
    m
    l
    • 3
    • 5
  • m

    many-machine-38128

    08/22/2025, 10:14 AM
    Hey guys, last week a new version of the Cloudflare Terraform provider came out and the auto upgrade bot has been failing to upgrade the pulumi cloudflare package. I commented on the PR earlier this week but figured I would give another nudge here. Apologies to bother and thank you so much! https://github.com/pulumi/pulumi-cloudflare/issues/1334
  • g

    great-sundown-78827

    08/22/2025, 8:38 PM
    Hey.. I'm tryihng to install a Terraform provider in my Typescript Pulumi project and we're getting this error:
    Copy code
    pulumi package add terraform-provider vantage-sh/vantage
    warning: <nil>: #/functions/pulumi:providers:vantage%2FterraformConfig/inputs/properties/__self__/$ref: reference to provider resource '/resources/pulumi:providers:vantage' is deprecated, use '#/provider' instead; 
    warning: <nil>: #/functions/pulumi:providers:vantage%2FterraformConfig/inputs/properties/__self__/$ref: reference to provider resource '/resources/pulumi:providers:vantage' is deprecated, use '#/provider' instead; 
    Successfully generated a Nodejs SDK for the vantage package at /Users/diranged/git/nextdoor/infra-observability/sdks/vantage
    npm warn ERESOLVE overriding peer dependency
    npm warn While resolving: jest-config@30.0.5
    npm warn Found: @types/node@18.19.123
    npm warn node_modules/@jest/core/node_modules/jest-config/node_modules/@types/node
    npm warn
    npm warn Could not resolve dependency:
    npm warn peerOptional @types/node@"*" from jest-config@30.0.5
    npm warn node_modules/@jest/core/node_modules/jest-config
    npm warn   jest-config@"30.0.5" from @jest/core@30.0.5
    npm warn   node_modules/@jest/core
    npm error code 1
    npm error path ..../sdks/vantage
    npm error command failed
    npm error command sh -c node ./scripts/postinstall.js
    npm error Command failed: tsc: ../../node_modules/jest-mock/build/index.d.ts(8,21): error TS2726: Cannot find lib definition for 'esnext.disposable'.
    I haven't yet tracked down what is failing... ive tried upgrading to Node 24, and we are usiing Typescript 5.9... all of our dependencies are updated to the latest versions. Any thoughts?
    w
    • 2
    • 56
  • s

    steep-plastic-74107

    08/25/2025, 8:50 PM
    Hi all 👋 I'm going to be the community helper this week! Feel free to tag me on any questions you've got 🙂 I'd love to hear what you're working on!
    👋🏻 1
    👋 3
  • r

    rough-fireman-9197

    08/26/2025, 12:37 PM
    Hey, I've noticed a few courses you offer (eyeing up IDP in particular) - Do these pop up at random, looks like I've missed the start on the IDP one. Or can these be picked up at anytime. My work is interested in looking at the tool and I want to get and have some backing with these courses 🙂
    m
    n
    • 3
    • 3
  • d

    delightful-lock-10393

    08/26/2025, 11:50 PM
    Hi @dazzling-car-20021, This is Suresh from Melbourne, Australia. I’m a big follower of Pulumi and use it extensively for my internal projects. Since most of the live sessions occur between 2 AM – 4 AM AEST, I usually rely on the recordings. However, I’ve been unable to access them via BigMarker. Here’s what happens: • I’m subscribed to BigMarker and log in successfully. • On the Attending Webinars page • I can see the “View Recording” links next to each session (screenshot attached). • But when I click those links, I’m redirected to a Pulumi documentation page instead of the intended YouTube recording. • This issue occurs across all session recording links. Could you please advise if there’s an alternate way to access the recordings, or if this is a known issue with BigMarker? Thanks for all the great content from Pulumi! CC: @stocky-restaurant-98004
    m
    d
    • 3
    • 6
  • s

    steep-motorcycle-5349

    08/27/2025, 11:07 AM
    Hello, Using Golang lib wafv2 for managing waf and cloudfront and also rulegroups. Have a challenge to implement this rule:
    Copy code
    {
      "Name": "AWS-AWSManagedRulesAntiDDoSRuleSet",
      "Priority": 4,
      "Statement": {
        "ManagedRuleGroupStatement": {
          "VendorName": "AWS",
          "Name": "AWSManagedRulesAntiDDoSRuleSet",
          "ManagedRuleGroupConfigs": [
            {
              "AWSManagedRulesAntiDDoSRuleSet": {
                "ClientSideActionConfig": {
                  "Challenge": {
                    "UsageOfAction": "DISABLED",
                    "Sensitivity": "HIGH",
                    "ExemptUriRegularExpressions": [
                      {
                        "RegexString": "\\/api\\/|\\.(acc|avi|css|gif|ico|jpe?g|js|json|mp[34]|ogg|otf|pdf|png|tiff?|ttf|webm|webp|woff2?|xml)$"
                      }
                    ]
                  }
                },
                "SensitivityToBlock": "LOW"
              }
            }
          ],
          "RuleActionOverrides": [
            {
              "Name": "DDoSRequests",
              "ActionToUse": {
                "Count": {}
              }
            }
          ]
        }
      },
      "OverrideAction": {
        "None": {}
      },
      "VisibilityConfig": {
        "SampledRequestsEnabled": true,
        "CloudWatchMetricsEnabled": true,
        "MetricName": "AWS-AWSManagedRulesAntiDDoSRuleSet"
      }
    }
    Seems to be lib doesn't have the proper config:
    Copy code
    type WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigArgs struct {
        AwsManagedRulesAcfpRuleSet       WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAcfpRuleSetPtrInput       `pulumi:"awsManagedRulesAcfpRuleSet"`
        AwsManagedRulesAtpRuleSet        WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesAtpRuleSetPtrInput        `pulumi:"awsManagedRulesAtpRuleSet"`
        AwsManagedRulesBotControlRuleSet WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigAwsManagedRulesBotControlRuleSetPtrInput `pulumi:"awsManagedRulesBotControlRuleSet"`
        LoginPath                        pulumi.StringPtrInput                                                                                      `pulumi:"loginPath"`
        PasswordField                    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigPasswordFieldPtrInput                    `pulumi:"passwordField"`
        PayloadType                      pulumi.StringPtrInput                                                                                      `pulumi:"payloadType"`
        UsernameField                    WebAclRuleStatementManagedRuleGroupStatementManagedRuleGroupConfigUsernameFieldPtrInput                    `pulumi:"usernameField"`
    Does someone know the workaround?
  • g

    great-sundown-78827

    08/27/2025, 2:40 PM
    Terraform Bridge and a "Missing ID" When managing a
    vantage_team
    via the Pulumi-wrapped Terraform provider, the resource is created successfully and a
    token
    (e.g.,
    team_…
    ) is returned as an output. However, the Pulumi resource ID is never set and remains
    "missing ID"
    in state. Because the ID is empty, Pulumi treats the resource as absent on subsequent previews/updates and plans a replace instead of an in-place update. Example code:
    Copy code
    import * as pulumi from "@pulumi/pulumi";
    import * as vantage from "@local/vantage";
    ...
    const team = new vantage.Team("TestTeam", {
      name: "TestTeam",
      description: "TestTeam",
      workspaceTokens: [],
    });
    State:
    Copy code
    {
      "urn": "urn:pulumi:default::...::vantage:team:NDTeam$vantage:index/team:Team::TestTeam",
      "custom": true,
      "id": "missing ID",
      "type": "vantage:index/team:Team",
      "inputs": {
        "description": "TestTeam",
        "name": "TestTeam",
        "workspaceTokens": []
      },
      "outputs": {
        "description": "TestTeam",
        "name": "TestTeam",
        "token": "team_a3a926c31733487a",
        "userEmails": [],
        "userTokens": [],
        "workspaceTokens": []
      },
      "provider": "urn:pulumi:default::...::pulumi:providers:vantage::default_0_1_62::2d400833-a014-45c3-b5cf-177eb33a4956"
    }
    @white-camera-67848 Is this a bug in the provider - ie, is there some missing connection in the provider that needs to tell it to map the "outputs.token" field (which is the unique ID of the team) to the "id" field in the state file?
    e
    • 2
    • 9
  • e

    echoing-noon-85874

    08/27/2025, 4:16 PM
    Hi I am getting 500 error on pulumi dashboard
    s
    • 2
    • 7
  • m

    millions-train-91139

    08/27/2025, 6:42 PM
    Can someone explain to me a core difference between pulumi and terraform If I understand correctly
    terraform apply
    by default refreshes resources. So what's the point of having a state if you refresh all the time, you may ask - because it refreshes only the resources that were picked up by the diff between the configuration (hcl) and the state, so should be fast + refresh only whats needed. On the other hand, pulumi does not refresh by default when running
    pulumi up
    - and when doing
    pulumi up -r
    this will refresh all the resources in the state. So effectively this means when Pulumi is using providers such as
    pulumi-gcp
    , which are based on
    terraform-google-cloud
    - you see unique to pulumi errors that do not happen in terraform - for example GCP SQL instance resource on terraform has correct diskSize (when auto resize is on) / settingsVersion - while pulumi fails on regular
    up
    because it does not refresh and the googleapis are not receiving the right values, which is only fixable by running a full refresh on the entire stack. Is this true?
    f
    s
    • 3
    • 3
  • c

    chilly-sunset-85353

    08/27/2025, 7:27 PM
    I posted this in the dotnet channel but it's also a more general question that I think applies to pulumi as a whole: https://pulumi-community.slack.com/archives/CQ2QFLNFL/p1756322646789759 The general version is: can you tie a resource and an immediate "get" on that resource together in such a way that the "get" isn't known (and thus isn't called) unless pulumi knows that the resource definitely exists? EDIT: This has been resolved, the issue was that the Endpoint itself was returning the wrong error code when the resource didn't exist. I was thrown off because the URL it was calling was identical to the GetSecret call I was attempting to (not) make.
    • 1
    • 4
  • m

    many-telephone-49025

    08/28/2025, 10:06 AM
    Hey folks, You are using Pulumi and want to share your story, lessons learned, or a cool project? Our next Berlin Pulumi User Group is on September 11 and we are looking for community speakers. It doesn’t matter if it’s a quick lightning talk or a full session. This is your chance to inspire others, show what you’ve built, and connect with the community. Check out the event here: https://www.meetup.com/berlin-pulumi-user-group/events/310227212/?slug=berlin-pulumi-user-group&amp;eventId=310227212 Ping me if you’d like to speak in the #C09056S6091 channel or DM. Would love to have you on stage.
  • f

    flaky-country-91356

    08/29/2025, 2:50 AM
    Hi everyone! is there an equivalent of pulumi state delete in pulumi's automation api? Thanks!
    l
    e
    • 3
    • 2