pulumi-community #general

Docs

Join the conversation Join Slack

Channels

general

bitter-dentist-28132

09/04/2019, 8:16 PM

how can i read an output from the previous run of a stack?

salmon-account-74572

09/04/2019, 8:20 PM

Looks like Pulumi has hit 1.0, is that correct?

early-musician-41645

09/04/2019, 8:57 PM

With the recent news from EKS, I'm wondering if Pulumi has support for the OIDC IdP in the

eks.Cluster

https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/

quick-action-34599

09/04/2019, 10:12 PM

Anyone got an idea why Pulumi would say a certificate could not be found, but the arn exists in AWS?

fast-cricket-95212

09/05/2019, 12:40 AM

Is there a plan to add a Twilio module to Pulumi?

fast-cricket-95212

09/05/2019, 4:44 AM

Is there a plan to add support for Firebase Cloud Messaging and Firebase Apps?

best-xylophone-83824

09/05/2019, 9:32 AM

new documentation styling is much easier to use, thanks!

best-xylophone-83824

09/05/2019, 10:02 AM

something is off with new app.pulimi.com, firefox shows "page is slowing down your browser"

salmon-beard-79336

09/05/2019, 11:54 AM

Trying to create a certificate on Azure KeyVault, but cannot shake this error

azure:keyvault:Certificate (test):
    error: Plan apply failed: grpc: error while marshaling: proto: field "google.protobuf.Value.Kind" contains invalid UTF-8

const testCertificate = new azure.keyvault.Certificate("test", {
  certificatePolicy: {
    issuerParameters: {
      name: "Self",
    },
    keyProperties: {
      exportable: true,
      keySize: 2048,
      keyType: "RSA",
      reuseKey: true,
    },
    lifetimeActions: [{
      action: {
        actionType: "AutoRenew",
      },
      trigger: {
        daysBeforeExpiry: 30,
      },
    }],
    secretProperties: {
      contentType: "application/x-pkcs12",
    },
    x509CertificateProperties: {
      // Server Authentication = 1.3.6.1.5.5.7.3.1
      // Client Authentication = 1.3.6.1.5.5.7.3.2
      extendedKeyUsages: ["1.3.6.1.5.5.7.3.1"],
      keyUsages: [
        "cRLSign",
        "dataEncipherment",
        "digitalSignature",
        "keyAgreement",
        "keyCertSign",
        "keyEncipherment",
      ],
      subject: `CN=*.${domainName}`,
      subjectAlternativeNames: {
        dnsNames: [
          // "<http://internal.contoso.com|internal.contoso.com>",
          // "domain.hello.world",
        ],
      },
      validityInMonths: 12,
    },
  },
  keyVaultId: keyVault.id,
  name: "generated-cert",
})

salmon-beard-79336

09/05/2019, 11:55 AM

but the weird thing is that the certificate gets generated

big-nail-28315

09/05/2019, 2:21 PM

Is there any way to retrieve the subnet id’s of a VPC to pass in to another function as a string? (before pulumi up is finished executing)

quick-action-34599

09/05/2019, 2:58 PM

Following up on this thread: https://pulumi-community.slack.com/archives/C84L4E3N1/p1567635167287300 I definitely had the right profile and right region. No idea why Pulumi can’t see it.

quick-action-34599

09/05/2019, 2:58 PM

I decided to manually delete it and try to get Pulumi to create it again

some-doctor-62800

09/05/2019, 2:59 PM

do you use the same account on your cli?

some-doctor-62800

09/05/2019, 2:59 PM

might be permissions or such in that case?

quick-action-34599

09/05/2019, 3:17 PM

yep same account

quick-action-34599

09/05/2019, 3:17 PM

My default profile is us-east-2 but I am explicitly using a us-east-1 provider on the certificate I was attempting to import

quick-action-34599

09/05/2019, 3:21 PM

OK wait

quick-action-34599

09/05/2019, 3:22 PM

My bad, CloudFront distributions require ACM certificates to be in the us-east-1 region, but other uses (ELB) require the certificate to be in THEIR region.

quick-action-34599

09/05/2019, 3:23 PM

I thought they all had to be in us-east-1 for validation to work

broad-dog-22463

09/05/2019, 3:23 PM

👍

broad-dog-22463

09/05/2019, 3:23 PM

so it's ok?

quick-action-34599

09/05/2019, 3:23 PM

trying now

broad-dog-22463

09/05/2019, 3:24 PM

quick-action-34599

09/05/2019, 3:38 PM

lol nope

gentle-diamond-70147

09/05/2019, 3:39 PM

Can you share your code?

quick-action-34599

09/05/2019, 3:39 PM

maybe I need to delete everything, sec

bitter-dentist-28132

09/05/2019, 3:52 PM

so i've got an app that consists of a few microservices, each in their own repo. i'm deploying to kubernetes. right now, i've got a single repo with the pulumi code that deploys the entire stack, but i'd like to have the code that defines the resources specific to each microservice live alongside its corresponding code, so that e.g. review apps would work as desired without changing the code that deploys prod. is there a best practices for this? i was thinking of having an npm package inside each microservice repo, and then just `npm link`ing it when running a review app. then the "main code" would just import the various microservice packages. but maybe there's a better way of doing this.

white-balloon-205

09/05/2019, 5:02 PM

Cross-posting for those of you who don't yet follow the #announcements channel 😄. https://pulumi-community.slack.com/archives/CB36DSVSA/p1567702858018400

best-xylophone-83824

09/05/2019, 5:26 PM

The most magical thing about Pulumi, however, is that you get all the same predictability guarantees of an infrastructure as code tool, while still embracing general purpose languages.

spot on from the blog post. when I spoke about pulumi with colleagues first reaction was that "normal programming language is not declarative" , and therefore it is dangerous to use

Title

best-xylophone-83824

09/05/2019, 5:26 PM

The most magical thing about Pulumi, however, is that you get all the same predictability guarantees of an infrastructure as code tool, while still embracing general purpose languages.

spot on from the blog post. when I spoke about pulumi with colleagues first reaction was that "normal programming language is not declarative" , and therefore it is dangerous to use

colossal-beach-47527

09/05/2019, 6:05 PM

I’ve been thinking about this aspect a lot myself. I think as an industry we’ve over-emphasized “declarative” as a silver bullet, when in fact it just isn’t well suited for a lot of situations. If you look at the Kubernetes space, there are reems of YAML and configuration files. So much so that even more complex wrappers such as Ksonnet and Cue are built on top of it — trying to simplify the experience, while still being 100% declarative. But at the end of the day, what is the problem you are trying to solve? If your goal is to make it easier to understand how you are setting up your cloud infrastructure, then if you are setting up 100 EC2 VMs, having a “for loop” that executes 100 iterations is sufficiently clear. Of course you can write super-complicated, difficult-to-maintain code using a real programming language. But that’s why we have code reviews, type checking, linters, style guides, etc. It’s easy to make code readable and understandable. When you are using a purely declarative model, you don’t have much flexibility.

👍 1

brave-salesmen-42327

09/05/2019, 7:08 PM

Chris said it eloquently, but I think the short rebuttal is, "Declarative doesn't scale well or flat our work in certain cases" The solution in the past has been jamming stuff on top of the declarative language; you end up with amalgamations of the worst traits of both models mixed up and on top of one another. Then there's the intended audience. If someone is really comfortable in modern programming languages and has to write your cloud infrastructure code, and they are not so comfortable with terraform or cloud formation speak, just give them the tool they are most experienced and comfortable with. You will get better results. It's a bit of a fallacy to appeal to Fear to govern policy: imperative languages are dangerous, we should not use them. There's no proof that they are "dangerous" and even if you could make that assertion, discarding a powerful tool out of fear is not wise.

bitter-dentist-28132

09/05/2019, 7:30 PM

i'd be pretty surprised if most orgs aren't running a collection of bash scripts on top of their helm/terraform code anyway.

👍 4

View count: 1