pulumi-community #general

little-energy-64187

08/19/2019, 4:46 PM

Continuing my import experiments

Copy code

const serviceAccount = new gcp.serviceAccount.Account("example", {
    displayName: "example",
    accountId: "example-service-account",
    project: "project"
}, { import: "projects/project/serviceAccounts/example-service-account@project.iam.gserviceaccount.com" })

const roles = new gcp.projects.IAMCustomRole("example", {
    roleId: "example",
    title: "example",
    description: "example roles",
    permissions: [
        'compute.addresses.list',
        'compute.instances.addAccessConfig',
        'compute.instances.deleteAccessConfig',
        'compute.instances.get',
        'compute.instances.list',
        'compute.projects.get',
        'container.clusters.get',
        'container.clusters.list',
        'resourcemanager.projects.get',
        'compute.networks.useExternalIp',
        'compute.subnetworks.useExternalIp',
        'compute.addresses.use',
    ]
}, { import: "projects/project/roles/example" })

const examplePolicyBinding = new gcp.serviceAccount.IAMBinding("example", {
    serviceAccountId: serviceAccount.accountId,
    members: ["serviceAccount:example-service-account@project.iam.gserviceaccount.com"],
    role: "projects/project/roles/example"
}, { import: "<mailto:example-service-account@project.iam.gserviceaccount.com|example-service-account@project.iam.gserviceaccount.com>" })

policy binding fails with

Wrong number of parts to Binding id [example-service-account@project.iam.gserviceaccount.com]; expected 'resource_name role'.

best-xylophone-83824

08/19/2019, 5:07 PM

typescript drives me crazy 😕 what does it want??

Copy code

config/gke01-london.ts:6:9 - error TS2322: Type '{ machineType: string; preemptible: boolean; }' is not assignable to type '"nodeConfig"'.

6         nodeConfig: {
          ~~~~~~~~~~

  node_modules/@pulumi/gcp/container/nodePool.d.ts:312:14
    312     readonly nodeConfig?: pulumi.Input<{
                     ~~~~~~~~~~
    The expected type comes from property 'nodeConfig' which is declared here on type 'NodePoolConfigArgs'

all I wanted is to check that provided config matches NodePoolArgs. Everything in

'NodePoolConfigArgs["nodeConfig"]'

is optional, yet even

{}

cannot be assigned to it.

quick-action-34599

08/19/2019, 9:54 PM

Having trouble with the same issue as this: https://github.com/pulumi/pulumi/issues/3063 Switching from node 11 to 8 doesn’t help though

quick-action-34599

08/19/2019, 9:55 PM

Neither does running

pulumi up -y || pulumi up -y

best-xylophone-83824

08/20/2019, 12:43 PM

terraform providers have a nice property that they can be replaced with a custom compiled binary. Am I right that Pulumi pulls TF providers as a dependency and to achieve same result (== quick local bugfix), I'd need to recompile Pulumi provider ?

quick-action-34599

08/20/2019, 2:41 PM

FYI guys most of the google search results for your API now result in 404 errors https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/elasticloadbalancingv2/

quick-action-34599

08/20/2019, 2:41 PM

searching for “pulumi addListenerRule”

adamant-dress-73325

08/20/2019, 3:58 PM

Hello, I am running into a spurious replace issue, is this a known problem? Pulumi believes that it needs to replace an ec2 instance to give it security group, but the instance already has the security group shown. It happens even after a

pulumi refresh

Copy code

++aws:ec2/instance:Instance: (create-replacement)
        <snip>
      ~ securityGroups: [
          + [0]: "sg-082e7a6e007b182dc"
        ]
    +-aws:ec2/instance:Instance: (replace)
      ~ securityGroups: [
          + [0]: "sg-082e7a6e007b182dc"
        ]

cool-hair-35481

08/20/2019, 6:16 PM

Hello everyone. I worked through this example and it was probably the easiest lambda / api gateway deployment (complete with secrets management) that I've done so far: https://github.com/pulumi/examples/tree/master/aws-ts-apigateway-auth0 | However I have a question. Let's say that I wanted to only deploy that authorizer and attach it to an existing API gateway? Can this be done?

bitter-dentist-28132

08/20/2019, 7:11 PM

can someone please publish a new version of the docker image, so that

pulumi/pulumi:latest

matches what's

latest

in npm?

alert-beard-9601

08/20/2019, 9:54 PM

Hey everyone, I'm new on the slack. I'm having issues importing an instance because I can't get the userData to match what pulumi expects. seems to not be comparing the same things

best-xylophone-83824

08/21/2019, 11:08 AM

How can I tell which of changes causes resource replace?

Copy code

+-gcp:container/cluster:Cluster: (replace) 🔒
        [id=gke01-london]
        [urn=urn:pulumi:gke01-london::gcp-gke::gcp:container/cluster:Cluster::gke01-london]
        [provider=urn:pulumi:gke01-london::gcp-gke::pulumi:providers:gcp::default_1_0_0_beta_1::1a4df25a-af6f-4fda-80df-2c8bd047655a]
      + authenticatorGroupsConfig: {
          + securityGroup: "gke-security-groups@$corp"
        }
      + maintenancePolicy        : {
          + dailyMaintenanceWindow: {
              + startTime : "01:00"
            }
        }
      + podSecurityPolicyConfig  : {
          + enabled   : true
        }

best-xylophone-83824

08/21/2019, 12:55 PM

Whats the reason URN doesn't include parent resource name, just a type? Including name would remove following requirement for users to think of:

Resources constructed as children of a component should make sure that their names will be unique across multiple instances of the component. In general, the name of the component instance itself (the name parameter passed in to the component constructor) shoud be used as part of the name of the child resources.

some-doctor-62800

08/21/2019, 2:30 PM

Is there some way to unprotect all resources for a specific

pulumi up

run?

some-doctor-62800

08/21/2019, 2:31 PM

We're basically trying to make an elevated process for CD that's different from the normal case when there are resources to be deleted

some-doctor-62800

08/21/2019, 2:31 PM

but having to unprotect resources one by one isn't ideal, having to leave them unprotected isn't awesome either

abundant-airplane-93796

08/21/2019, 3:02 PM

I'm having an issue with a GCP UptimeCheckConfig that wants to replace itself EVERY time I run pulumi. anyone got tips on how to debug this one?

abundant-airplane-93796

08/21/2019, 3:02 PM

nothing in the config should be dynamic

incalculable-angle-91273

08/21/2019, 5:28 PM

Hello, I’m seeing this error from the kubernetes provider:

Copy code

kubernetes:extensions:Deployment (istio-system/istio-pilot):
    error: Plan apply failed: 1 error occurred:
        * resource istio-system/istio-pilot was successfully created, but the Kubernetes API server reported that it failed to fully initialize or become live: Timeout occurred for 'istio-pilot'

But the api shows 2/2 up. It showed this before the timeout too:

Copy code

istio-pilot                     2/2     2            2           10m

does anyone have any thoughts on how I can further debug this? It appeared to deploy everything fine but pulumi timed out. @gorgeous-egg-16927 maybe?

early-intern-90238

08/21/2019, 6:23 PM

@incalculable-angle-91273 I have been seeing those lately as well, and when I run again they seem to go away. It seems like a check of some sort was missed because my cluster will show it as done but Pulumi thinks it's still pending. It also might be a timing thing where it's a race issue. I didn't dig too deep because on my third attempt it worked as expected. But I have seen it occur again here and there, especially on a full-stack creation.

brave-angle-33257

08/21/2019, 10:56 PM

having hard time again with outputs.. in my VPC stack, i output the aws zones being used from a simple object property, it’s defined as:

Copy code

subnet_zone_letters:string[] = ['a', 'b', 'c', 'd'];

I want to make sure the other stack uses the same values, so I pass them as an output:

Copy code

export let vpc_subnet_zone_letters = vpc.subnet_zone_letters;

that shows up in my outputs like:

Copy code

vpc_subnet_zone_letters: [
                [0]: "a"
                [1]: "b"
                [2]: "c"
                [3]: "d"
            ]

Finally, in another stack I want to load them and use them as part of a string input to another stack, and so far for the life of me I can’t get it to work:

Copy code

var vpc_subnet_zone_letters = vpc.getOutput('vpc_subnet_zone_letters');
    ...
    availabilityZones: [
        `us-east-2${vpc_subnet_zone_letters.apply(x=>`${x[0]}`)}`,
        `us-east-2${vpc_subnet_zone_letters.apply(x=>`${x[1]}`)}`,
    ],

straight-jordan-23612

08/22/2019, 12:43 AM

have a question relating to Gitlab for this group

straight-jordan-23612

08/22/2019, 12:44 AM

I am using stack references in a lambda deploy but keep getting the same outputs error undefined from the Gitlab runner. If run the same command locally it does not occur

straight-jordan-23612

08/22/2019, 12:46 AM

Copy code

pulumi:pulumi:Stack ff-data-import-lambda-dev running read pulumi:pulumi:StackReference factsfirstops/ff-infra/dev
    pulumi:pulumi:Stack ff-data-import-lambda-dev running TypeError: Cannot read property 'outputs' of undefined

colossal-thailand-53880

08/22/2019, 2:00 AM

Anyone from Pulumi support online? We're trying to upgrade our plan, but your billing system is giving us a

server error. Please help us give you more money.

high-translator-22614

08/22/2019, 2:05 AM

their office is in seattle, where's it's 7PM right now

damp-room-71337

08/22/2019, 10:35 AM

am I missing something, or is there no way to specify a name for an EKS cluster with Pulumi?

bitter-painter-81429

08/22/2019, 11:48 AM

Hi all, I am an employee of Zensar Technologies, Pune, IN & recently we undergone with the demo's of Pulumi by Experts & we have chosen this as a main tool for our IAC Framework. I am connected with Pulumi guys since few days to clear all technical aspects and doubts & we are satisfied with the response.

🎉 1

best-xylophone-83824

08/22/2019, 11:56 AM

Pulimi's example to create GKE cluster involves fetching master version programmatically, but it leads to GCP API errors when new version is released:

Copy code

~ gcp:container/cluster:Cluster: (update)
        [id=gke01-london]
        [urn=urn:pulumi:gke01-london::gcp-gke::gcp:container/cluster:Cluster::gke01-london]
        [provider=urn:pulumi:gke01-london::gcp-gke::pulumi:providers:gcp::default_1_0_0_beta_1::1a4df25a-af6f-4fda-80df-2c8bd047655a]
      ~ minMasterVersion: "1.13.7-gke.19" => "1.13.7-gke.24"
      ~ nodeVersion     : "1.13.7-gke.19" => "1.13.7-gke.24"
error: Plan apply failed: 1 error occurred:
	* updating urn:pulumi:gke01-london::gcp-gke::gcp:container/cluster:Cluster::gke01-london: googleapi: Error 400: Must specify a field to update., badRequest

best-xylophone-83824

08/22/2019, 12:09 PM

@broad-dog-22463,

pulumi up --refresh

should discover that cloud resource was deleted, right? It was deleted due to 'deleteBeforeCreate' on a previous run, then creation failed, so now I am adding '--refresh' in a hope that pulumi will figure out that resource is not there anymore, but it still tries to update 😕