https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • c

    calm-greece-42329

    02/22/2019, 11:06 PM
    Forgive me if this is dumb, Pulumi is my first intro to typescript. I am trying to create a k8s custom resource but my
    @pulumi/kubernetes
    doesn’t have
    apiextensions.v1beta1.CustomResource
    but it looks like its in the `v0.20.3`release I am using: https://github.com/pulumi/pulumi-kubernetes/blob/v0.20.3/sdk/nodejs/provider.ts#L3098
    c
    • 2
    • 52
  • c

    chilly-dusk-63796

    02/22/2019, 11:34 PM
    😛artypus-8bit:Thanks for supporting our 😛artyk8s:Kubernetes in production with Pulumi meetup yesterday! For folks who didn't make it, here is a Youtube link to Part 1: @breezy-hamburger-69619's talk (part 2 is on the way!)

    https://www.youtube.com/watch?v=uJ9gyCy8Ho8&t=5s▾

    . Feel free to join our meetup group and stay tuned for more future events! https://www.meetup.com/Pulumi-Seattle/
    ❤️ 3
    😛artypus: 2
  • c

    calm-greece-42329

    02/23/2019, 12:02 AM
    if
    core.v1.Secret
    doesn’t have
    .id
    , whats the recommended path for adding it to a volume?
    c
    g
    • 3
    • 25
  • e

    early-musician-41645

    02/23/2019, 12:21 AM
    Can someone help me answer this software procurement question for our infosec?
    Which of the following external compliance standards is the software/tool audited against? Please attach a copy of the report for InfoSec.
    
    Select all that are applicable:
    
    Cloud Security Alliance STAR Self-Assessment
    ISO 27001
    Penetration Test
    PCI
    Security Whitepaper
    SOC 2
    SOC 3
    None
    s
    g
    +2
    • 5
    • 4
  • w

    wide-nightfall-60999

    02/23/2019, 10:14 AM
    I am trying to get started with pulumi and GCP. (I am new to both). I did what is described https://pulumi.io/quickstart/gcp/setup.html. But I am getting an error "error: Plan apply failed: googleapi: Error 400: The user does not have access to service account "default". Ask a project owner to grant you the iam.serviceAccountUser role on the service account., badRequest". I can create gke clusters using gcloud cli and the service account. I am not sure why pulumi is trying to use "default" service account. Any help is appreciated
    w
    • 2
    • 3
  • w

    wide-nightfall-60999

    02/23/2019, 10:16 AM
    pulumi.dev.yaml
    config:
      gcp:project: kubeval
  • w

    wide-nightfall-60999

    02/23/2019, 10:17 AM
    main.py
    import pulumi
    from pulumi_gcp import container
    
    cluster = container.Cluster("kubia", zone="europe-west1-b", initial_node_count=2, project="kubeval")
  • i

    important-carpenter-15282

    02/24/2019, 7:38 PM
    Hey y'all, are you expecting to do a release of
    @pulumi/kubernetes
    soon that deps on 0.16.15? I need
    deleteBeforeReplace
    opt-in. 😉
    s
    • 2
    • 8
  • b

    billions-lock-73409

    02/24/2019, 9:35 PM
    I’m creating a VPC with
    awsx.ec2.Vpc
    and the VPC and associated resources (subnets, nats, igw, etc.) don’t have any names on them, yet I’m specifying it in the constructor call. Is this expected?
    w
    • 2
    • 5
  • b

    boundless-monkey-50243

    02/25/2019, 12:21 AM
    So I see that there's a
    pulumi-vsphere
    provider on Github. Any idea when there might be a
    pulumi-nsxt
    provider built on Terraform's
    nsxt
    provider for vSphere networking? (I'm not in a place at my current shop to invest the time building one myself--particularly as this is not a Go shop and I am not a Go programmer--but I may be able to sell Pulumi here if it's not super far out.)
    s
    • 2
    • 2
  • b

    boundless-monkey-50243

    02/25/2019, 12:21 AM
    (I'm already eventually going to have to sell making a provider for our public cloud offering; VMware is a transitory step for my team to moving to our public cloud, and I don't want to waste my bullets.)
  • m

    miniature-potato-84713

    02/25/2019, 12:23 AM
    Which permission(s) am I missing when I get a
    error creating EKS Cluster (helloworld-eksCluster-8325104): AccessDeniedException: User: arn:aws:iam:…:user/Jens is not authorized to perform: eks:CreateCluster on resource: arn:aws:eks:us-west-2:…:cluster/helloworld-eksCluster-8325104
    I’ve got
    AmazonEKSClusterPolicy
    and
    AmazonEKSServicePolicy
    attached directly to my User.
    w
    • 2
    • 2
  • g

    gray-greece-11354

    02/25/2019, 3:25 AM
    Hi guys
  • g

    gray-greece-11354

    02/25/2019, 3:30 AM
    I am trying to communicate/deply aws lambda via pulumi by following node code on url https://pulumi.io/quickstart/aws/tutorial-rest-api.html and additionally I login to aws from cmd, also my user have full rights for lambda. But it is giving below error: aws:lambda:Function (hello66382ec5): error: Plan apply failed: Error creating Lambda function: AccessDeniedException: Cross-account pass role is not allowed. status code: 403, request id: 882ffd22-38ab-11e9-b66c-07979886e804 aws:iam:RolePolicyAttachment (hello4c238266): error: Plan apply failed: Error attaching policy arn:aws:iam::aws:policy/AmazonS3FullAccess to IAM Role hello4c238266-531ff17: NoSuchEntity: The role with name hello4c238266-531ff17 cannot be found. status code: 404, request id: 8845a738-38ab-11e9-ae34-1b91e3cf7465 aws:iam:RolePolicyAttachment (hello66382ec5-32be53a2): error: Plan apply failed: Error attaching policy arn:aws:iam::aws:policy/AWSLambdaFullAccess to IAM Role hello66382ec5-b302f63: NoSuchEntity: The role with name hello66382ec5-b302f63 cannot be found. status code: 404, request id: 881262ee-38ab-11e9-b9bc-f57a45e4467f kindly help
    w
    • 2
    • 6
  • i

    incalculable-diamond-5088

    02/25/2019, 1:16 PM
    is there a plan for datadog support? We’re currently using terraform to provision monitors, etc and it would be great if we could do it with pulumi
    s
    • 2
    • 4
  • w

    worried-engineer-33884

    02/25/2019, 2:28 PM
    @stocky-spoon-28903 I am still working on the solidserver provider. I merged the diff: https://github.com/dustinfarris/pulumi-solidserver/pull/1 but getting this error when I run make:
    error: failed to gather package metadata: problem gathering resources: 6 errors occurred:
            * cannot find package "<http://github.com/terraform-providers/terraform-provider-solidserver|github.com/terraform-providers/terraform-provider-solidserver>" in any of:
            /Users/dustinfarris/Projects/go/src/github.com/dustinfarris/pulumi-solidserver/vendor/github.com/terraform-providers/terraform-provider-solidserver (vendor tree)
            /usr/local/Cellar/go/1.11.5/libexec/src/github.com/terraform-providers/terraform-provider-solidserver (from $GOROOT)
            /Users/dustinfarris/Projects/go/src/github.com/terraform-providers/terraform-provider-solidserver (from $GOPATH)
    It is looking for
    terraform-providers/terraform-provider-solidserver
    but this should be
    alexissavin/terraform-provider-solidserver
    . I grepped the boilerplate code and I'm not finding "terraform-providers" anywhere meaningful. Any ideas?
  • s

    stocky-spoon-28903

    02/25/2019, 2:29 PM
    One sec
  • s

    stocky-spoon-28903

    02/25/2019, 2:30 PM
    Ahh, this is likely a bug in tfgen that assumes we’re only ever wrapping official providers and thus where they live
  • s

    stocky-spoon-28903

    02/25/2019, 2:31 PM
    Is there more of a backtrace than this?
  • w

    worried-engineer-33884

    02/25/2019, 2:31 PM
    not really, but hold on i'll paste everything
  • s

    stocky-spoon-28903

    02/25/2019, 2:31 PM
    Maybe as a gist?
  • w

    worried-engineer-33884

    02/25/2019, 2:31 PM
    -.txt
  • w

    worried-engineer-33884

    02/25/2019, 2:31 PM
    does that work? ☝️
  • s

    stocky-spoon-28903

    02/25/2019, 2:35 PM
    Yup I’ll investigate
    ❤️ 1
    w
    • 2
    • 8
  • f

    faint-vegetable-61837

    02/25/2019, 4:09 PM
    Hi, I ran into problems when trying to set an RSA key as pulumi config;
    pulumi config set rsaKey "$(<~/.ssh/id_rsa)" --secret
    
    Error: bad flag syntax: -----BEGIN OPENSSH PRIVATE KEY-----
    Is there an option to set config from file contents?
    • 1
    • 1
  • f

    faint-vegetable-61837

    02/25/2019, 4:15 PM
    Also, I was wondering, is it advisable to load RSA key from a file during stack update instead of storing it in stack state? I'd prefer this due to security concerns
  • r

    rhythmic-engineer-70935

    02/25/2019, 6:29 PM
    I can not create the record in the example:
  • b

    billions-lock-73409

    02/25/2019, 6:42 PM
    Struggling to get my IAM policy to work, I’m trying to reference an ARN for a KMS key I created and marked as a dependency, but the
    Output
    isn’t ever resolved and the object (not the arn) ends up getting shoved in the json thus causing the error:
    Plan apply failed: Error putting IAM role policy ******: MalformedPolicyDocument: Syntax errors in policy.
        	status code: 400, request id: 5d766e02-392b-11e9-b9bc-f57a45e4467f
    c
    • 2
    • 13
  • b

    better-rainbow-14549

    02/25/2019, 6:57 PM
    just about every time i try and e.g. generate a config that's dependent on some output<>s it takes me 10 goes and i end up with something like
    "appsettings.Production.json": {
        "HttpProxy":{
            "HostMappings":{
                "v1.services":{
                    "__pulumiOutput":true,
                    "isKnown":{}
                }
            }
        }
    }
    c
    l
    • 3
    • 109
  • j

    jolly-lifeguard-22556

    02/25/2019, 7:57 PM
    Any chance someone could point me in the right direction for properly setting up GCP credentials such that my Pulumi program can create Projects and Folders? I've created an Organization account (seems to be a prerequisite) but can't seem to find a way to generate credentials that have the required
    roles/resourcemanager.projectCreator
    permissions. Doesn't seem like Service Accounts are an option at the Organization level
Powered by Linen
Title
j

jolly-lifeguard-22556

02/25/2019, 7:57 PM
Any chance someone could point me in the right direction for properly setting up GCP credentials such that my Pulumi program can create Projects and Folders? I've created an Organization account (seems to be a prerequisite) but can't seem to find a way to generate credentials that have the required
roles/resourcemanager.projectCreator
permissions. Doesn't seem like Service Accounts are an option at the Organization level
View count: 1