Hi everyone, I'm still stuck on this : https://pulumi-community.slack.com/archives/CJ909TL6P/p1572375960100600 Anybody has any suggestion, please ?

Is there any good way to apply a tag to all resources created by a project? I'd like to tag all of my AWS stuff with the name of the Pulumi stack that creates it

Have there been any changes to secrets in 1.4.0? I've started getting fails on CI without any other changes, the same stacks / state work fine locally.

error: decrypting secret value: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase

It's set correctly... the only slightly unusual thing is it contains lots of weird characters like $?`>[]' etc and ends in a semi-colon but this hasn't changed, only the pulumi version.

Hey, which version of node is recommanded for pulumi?

I am trying to save a private key with

--

at the start and pulumi's cli is interpreting that as a flag. Is there a way to get around that? I need to save it as a secret

Has anyone used pulumi import extensively to import ansible created resources or cloudformation created resources? If so do you recommend it? Any caveats? Any tips/tricks?

On a related question, if I want to completely abandon all resources managed by pulumi I can simply do

pulumi stack rm --force -y STACKNAME

right? This never touches actually deployed resources?

I have a Philosophical Pulumi Question™ - I have an infra project that has two different scripts to instantiate; one is a development-based one that spins up a bunch of Docker containers, and one is a production one that sets up AppService and like, a managed DB in Azure

Are those the same Pulumi "project" but different Stacks?

Or are those better managed by two separate Pulumi.yamls

(I realize that the real answer is, "Why not just use the production one for all your devs!" and if I wasn't so cheap and just one person, that'd be a much better solution 😅)

I think that you have to use two separate projects, because

Pulumi.yaml

at the end of the day defines the script that will be run

You can't be like

pulumi up -s ./path/to/index.js

or sth

Hi pulumi, I'd like to know is it possible to

protect

a resource without having to run

pulumi up

? i.e. to add the

protect: true

to something directly. More context on why in the thread:

Has anyone ever managed to set up an Azure VM that has public key authentication?

(i.e. used

osProfileLinuxConfig.sshKeys

)

It always barfs out with

InvalidParameter" Message="The value of parameter linuxConfiguration.ssh.publicKeys.keyData is invalid.

I'm using the output of

ssh-keygen -e -f ./path/to/public-key.pub

Alright

So the answer is, that you must use

-t rsa -b 2048

when you run

ssh-keygen

Any other type and you get this extremely specific and useful error message 😕

@ambitious-ram-5811 You can also generate an ssh key inside your program with `pulumi-tls`: https://github.com/pulumi/examples/blob/master/azure-ts-aks-keda/cluster.ts#L32-L35

Now that is handy

I'm over here generating them by hand like a sucker! 😅

Question: is there a best/cleanest way to handle the pattern of conditionally creating resources? For example, my

dev

and

prod

stacks might deploy an RDS instance, while my

test

stack just provisions a small EC2 server running Postgres. The resources deployed in the cloud are totally different, but everything else in the db infrastructure is the same.

Kubernetes: So If I try to set the min in my HPA I get an error, and the comment on intellisense says I need to enable HPAScaleToZero feature gate?

Azure func question: do you know how to manage existing Azure function with pulumi? I have tried to use

import

but I am getting

error: Plan apply failed: A resource with the ID "/subscriptions/02bc198f-4492-4ee8-adaf-ca7c5dbf4c16/resourceGroups/TDW-NPE-DEV-ARG-PaymentService/providers/Microsoft.Web/sites/TDW-NPE-DEV-APP-PayInSub" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_function_app" for more information.

hi all, trying to create some resources inside an AWS VPC defined by another stack. I’m using the

awsx.ec2.Vpc.fromExistingIds()

method but can’t quite figure out how to supply the right IDs. here’s what I’ve got so far:

function toArray<T>(v: T | T[]) {
    return Array.isArray(v) ? v : [v];
}

const cfg = new pulumi.Config();

// Grab the VPC ID from the existing VPC stack
const vpcStack = new pulumi.StackReference(cfg.require("vpcStack"));

// Now create a VPC object from the id
const vpc = awsx.ec2.Vpc.fromExistingIds("vpc", {
    vpcId: vpcStack.getOutput("vpcId"),
    publicSubnetIds: toArray(vpcStack.getOutput("publicSubnetIds"))
});

however when running pulumi up, i get the below error message. I’m pretty new to typescript so my guess is I’m not handling the

Output<T>

type returned from

getOutput()

properly. the output should be an array of subnet IDs, eg:

[
    "subnet-abcdefg123456",
    "subnet-foobah12345",
    "subnet-blahblahblah"
]

however it appears its not making it through properly.

Hi all 🙂 I'm trying to move an existing project from my personal organization to another organization, is there a way to do that from the console/CLI? couldn't find it 😞

Pretty new to both gcp and pulumi (coming from an aws/serverless framework background fwiw). It looks like the

HttpCallbackFunction

is meant to serve as an abstraction over the regular

gcp.cloudfunctions.Function

resource. Am I correct in assuming that only the latter allows for customization of the node runtime, available memory, etc.?