Trying to create a certificate on Azure KeyVault, but cannot shake this error

azure:keyvault:Certificate (test):
    error: Plan apply failed: grpc: error while marshaling: proto: field "google.protobuf.Value.Kind" contains invalid UTF-8

const testCertificate = new azure.keyvault.Certificate("test", {
  certificatePolicy: {
    issuerParameters: {
      name: "Self",
    },
    keyProperties: {
      exportable: true,
      keySize: 2048,
      keyType: "RSA",
      reuseKey: true,
    },
    lifetimeActions: [{
      action: {
        actionType: "AutoRenew",
      },
      trigger: {
        daysBeforeExpiry: 30,
      },
    }],
    secretProperties: {
      contentType: "application/x-pkcs12",
    },
    x509CertificateProperties: {
      // Server Authentication = 1.3.6.1.5.5.7.3.1
      // Client Authentication = 1.3.6.1.5.5.7.3.2
      extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
      keyUsages: [
        "cRLSign",
        "dataEncipherment",
        "digitalSignature",
        "keyAgreement",
        "keyCertSign",
        "keyEncipherment",
      ],
      subject: `CN=*.${domainName}`,
      subjectAlternativeNames: {
        dnsNames: [
          // "<http://internal.contoso.com|internal.contoso.com>",
          // "domain.hello.world",
        ],
      },
      validityInMonths: 12,
    },
  },
  keyVaultId: keyVault.id,
  name: "generated-cert",
})

but the weird thing is that the certificate gets generated

Is there any way to retrieve the subnet id’s of a VPC to pass in to another function as a string? (before pulumi up is finished executing)

Following up on this thread: https://pulumi-community.slack.com/archives/C84L4E3N1/p1567635167287300 I definitely had the right profile and right region. No idea why Pulumi can’t see it.

I decided to manually delete it and try to get Pulumi to create it again

do you use the same account on your cli?

might be permissions or such in that case?

yep same account

My default profile is us-east-2 but I am explicitly using a us-east-1 provider on the certificate I was attempting to import

OK wait

My bad, CloudFront distributions require ACM certificates to be in the us-east-1 region, but other uses (ELB) require the certificate to be in THEIR region.

I thought they all had to be in us-east-1 for validation to work

👍

so it's ok?

trying now

ok

lol nope

Can you share your code?

maybe I need to delete everything, sec

so i've got an app that consists of a few microservices, each in their own repo. i'm deploying to kubernetes. right now, i've got a single repo with the pulumi code that deploys the entire stack, but i'd like to have the code that defines the resources specific to each microservice live alongside its corresponding code, so that e.g. review apps would work as desired without changing the code that deploys prod. is there a best practices for this? i was thinking of having an npm package inside each microservice repo, and then just `npm link`ing it when running a review app. then the "main code" would just import the various microservice packages. but maybe there's a better way of doing this.

Cross-posting for those of you who don't yet follow the #announcements channel 😄. https://pulumi-community.slack.com/archives/CB36DSVSA/p1567702858018400

The most magical thing about Pulumi, however, is that you get all the same predictability guarantees of an infrastructure as code tool, while still embracing general purpose languages.

spot on from the blog post. when I spoke about pulumi with colleagues first reaction was that "normal programming language is not declarative" , and therefore it is dangerous to use

I eventually found the

Dockerfile

source (https://github.com/pulumi/pulumi/blob/master/dist/docker/Dockerfile) Always good to know how it was built, so it would be nice if it was linked to from https://hub.docker.com/r/pulumi/pulumi.

Another suggestion after first contact, change

<http://get.pulumi.com|get.pulumi.com>

to curl silently. 😛

...
Step 4/5 : RUN curl -fsSL <https://get.pulumi.com> | bash -s -- --version $PULUMI_VERSION     && mv ~/.pulumi/bin/* /usr/local/bin     && pulumi version
 ---> Running in 8435a5532c49
=== Installing Pulumi v1.0.0 ===
+ Downloading <https://get.pulumi.com/releases/sdk/pulumi-v1.0.0-linux-x64.tar.gz>...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 46.3M  100 46.3M    0     0  29.2M      0  0:00:01  0:00:01 --:--:-- 29.2M
+ Extracting to /root/.pulumi/bin
...

Specifically to squash the "downloading" noise.

I've created a docker image, with Pulumi and node, and am trying out the remote editing features of Visual Studio Code. Excuse the stupid question, but is there a way to "step debug" the code, starting from

index.ts

and following along?

Hi 🙂 I have an EKS cluster created with pulumi, with some services / helm charts applied, I'm seeing the follow weirdness: When a helm chart is applied fresh, it creates an ELB and adds its security group to the node security group, and all works as expected. On a subsequent pulumu run, it says it want to update the node security group, and removes the rule so that the ELB can no longer reach the cluster. This also happens with a

Service

created without helm. I've recently upgraded pulumi to 1.0 - This cluster has been running for some time, and updates have been ok till now - although we did experience a similar thing when pulumi updated the AMI for the EKS cluster. Has anyone else observed something similar?

I dont know if it is GCP specific as we dont use other providers, but

new gcp.Provider("name", {project: "another-project"})

leaks ambient provider credentials into stack unencrypted

interface NodePoolNodeConfig {
        ...
        oauthScopes?: pulumi.Input<pulumi.Input<string>[]>;

nested

Input<>

, is it a problem with code generation or like that by design?

Is it possible to set Pulumi config variables via the command line tool? sort of like how the -var option is used in terraform