https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • c

    cool-egg-852

    11/13/2019, 5:43 PM
    @worried-city-86458 No because it’s not available via brew yet.
  • c

    cool-egg-852

    11/13/2019, 5:43 PM
    Waiting on that so I can give it a shot.
  • w

    worried-city-86458

    11/13/2019, 6:34 PM
    I think that reply was meant for me? 😁 Anyway, of course it doesn't work; just did a quick test on Ubuntu:
    root@fb4395867224:/workspaces/workspace/k8s-infra# p up --suppress-outputs 
    Previewing update (dev):
    
         Type                 Name           Plan     Info
         pulumi:pulumi:Stack  k8s-infra-dev           2 errors; 62 messages
     
    Diagnostics:
      pulumi:pulumi:Stack (k8s-infra-dev):
        Error: unknown flag: --name
        Error: unknown flag: --name
        Error: Error: Command failed: helm template /tmp/tmp-15734vCUw3xkKp2e/prometheus-operator --name po --values /tmp/tmp-15734vCUw3xkKp2e/prometheus-operator/values.yaml --values /tmp/tmp-1573Jv8VgGe57q3F.yaml 
    --namespace monitoring
        Error: unknown flag: --name
            at /workspaces/workspace/k8s-infra/node_modules/@pulumi/kubernetes/helm/v2/helm.js:112:23
            at /workspaces/workspace/k8s-infra/node_modules/@pulumi/pulumi/output.js:179:35
            at Generator.next (<anonymous>)
            at /workspaces/workspace/k8s-infra/node_modules/@pulumi/pulumi/output.js:21:71
            at new Promise (<anonymous>)
            at __awaiter (/workspaces/workspace/k8s-infra/node_modules/@pulumi/pulumi/output.js:17:12)
            at applyHelperAsync (/workspaces/workspace/k8s-infra/node_modules/@pulumi/pulumi/output.js:165:12)
            at /workspaces/workspace/k8s-infra/node_modules/@pulumi/pulumi/output.js:159:51
    ...
    Trying to be patient and failing, as usual.
    e
    • 2
    • 6
  • c

    cool-egg-852

    11/13/2019, 8:08 PM
    Oops yeah, was for you.
  • b

    billowy-laptop-45963

    11/13/2019, 8:11 PM
    is there a way of importing state more like terraforms import command to avoid littering code with
    import: ...
    ?
    w
    • 2
    • 1
  • c

    crooked-jelly-50877

    11/13/2019, 10:03 PM
    We are attempting to wrap up pulumi and associated tools in a docker container to make it easy for our users to bring up infra without having to install a bunch of tools, sdks, etc. Possibly creating a GCP cloud shell launcher. One minor nit we ran into is the users
    ~.pulumi
    directory. We volume mount that in docker to the users home dir, (or in cloud shell - to the users cloud shell home) - but the
    plugins
    directory does not have the right plugins installed
    s
    • 2
    • 4
  • c

    crooked-jelly-50877

    11/13/2019, 10:05 PM
    If the user is on mac/windows, the plugins are going to be wrong binary type (container is linux, host is not). On cloud shell the .plugins directory doesnt have any of the plugins by default.
  • c

    crooked-jelly-50877

    11/13/2019, 10:05 PM
    Hope that all makes sense
  • c

    crooked-jelly-50877

    11/13/2019, 10:05 PM
    Is there a way to (env var, etc?) to relocate the plugins directory outside of
    ~/.pulumi
  • c

    crooked-jelly-50877

    11/13/2019, 10:10 PM
    Would a
    PULUMI_PLUGINS_DIR
    env var be a reasonable RFE?
    t
    • 2
    • 6
  • w

    worried-city-86458

    11/13/2019, 10:44 PM
    @crooked-jelly-50877 you could try using Visual Studio Code Remote Containers (https://code.visualstudio.com/docs/remote/containers) That's what I'm using on Windows for a consistent Ubuntu environment and it's been great
    c
    • 2
    • 25
  • b

    breezy-butcher-78604

    11/14/2019, 1:27 AM
    hi all, just looking for some guidance on how to manage pure pulumi packages through CI/CD. We have a handful of Pulumi packages (typescript) that contain just infrastructure and no application code, the best example of this is our AWS VPC. What I was thinking was having this code built and published to our private NPM registry during the CI process. Once it comes to deployment, that module will be downloaded and
    pulumi up
    will be run from the root. this feels kind of funny though… what do you guys think and/or how are you managing Pulumi packages between CI and CD?
    g
    b
    • 3
    • 6
  • e

    early-match-56268

    11/14/2019, 12:26 PM
    Hey all, is there anything special I need to do to get the Pulumi GitHub app to comment on a PR? I can successfully run pulumi in an action and i have the Pulumi GitHub app installed but I cannot seem to figure out how to get it to comment on a pull request.
    a
    c
    • 3
    • 5
  • g

    glamorous-waitress-51149

    11/14/2019, 2:02 PM
    is there a way to ping versions when using this approach? @stocky-spoon-28903 @broad-dog-22463
    curl -fsSL
    <https://get.pulumi.com/>
    | bash
  • s

    stocky-spoon-28903

    11/14/2019, 2:04 PM
    @glamorous-waitress-51149 Ping?
  • g

    glamorous-waitress-51149

    11/14/2019, 2:05 PM
    sorry, pin
  • g

    glamorous-waitress-51149

    11/14/2019, 2:05 PM
    just had a look and might be able to use ``curl -fsSL`
    <https://get.pulumi.com/>
    `| bash --version 1.2.3``
    w
    • 2
    • 3
  • f

    famous-postman-81672

    11/14/2019, 2:06 PM
    Is there a prescribed way for running custom (local) logic after provisioning resources with Pulumi, or is this what custom hooks aim to address? https://github.com/pulumi/pulumi/issues/1691. Scenario (which only applies to development examples for me at this point): Provision an Application Insights instance in Azure and set a local user secret with the resulting Instrumentation Key. In my case, I'm using dotnet user secrets (though this question isn't specific to dotnet). I've done something similar with a Terraform local provisioner: https://github.com/ndonze/CentralizedApplicationLogging/blob/master/Terraform/main.tf
    • 1
    • 1
  • r

    red-football-97286

    11/14/2019, 2:57 PM
    Hi can anyone explain when I use an f-string with python in pulumi I get:
    :<pulumi.output.Output object at 0x000001854EFF2F88>
    config: "arn:aws:logs:eu-west-2:12345678:log-group:<pulumi.output.Output object at 0x000001854EFD6C48>:log-stream:<pulumi.output.Output object at 0x000001854EFF2F88>"
    g
    • 2
    • 2
  • h

    hallowed-air-65173

    11/14/2019, 3:38 PM
    Hi All. Does Pulumi support assumed roles with AWS? Also, does it support using the same cache that the AWS cli does? For example with the cli, I specify a profile with the assumed role in, that then prompts for my MFA and it caches the credentials (including session token) returned in a json file under ~./aws/cache/cli/*.json. Just trying to understand the expected workflow for using Pulumi. Thanks.
  • b

    busy-umbrella-36067

    11/14/2019, 4:27 PM
    Will the Pulumi team be at next weeks Kubecon in SD?
    w
    g
    • 3
    • 6
  • g

    glamorous-waitress-51149

    11/14/2019, 4:29 PM
    has anyone had issues with pulumi preview/up in the last week just hanging? We spotted it 7 days ago and initially thought it was our CI server but it’s not that and we think its pulumi
    b
    w
    • 3
    • 16
  • t

    tall-manchester-54682

    11/14/2019, 7:10 PM
    Hey all, I'm evaluating Pulumi, and I'm trying to find if they have any security certifications (e.g. ISO27001/SOC2). I couldn't find any on the website (https://www.pulumi.com/security/)
    t
    • 2
    • 3
  • m

    melodic-family-5784

    11/14/2019, 7:48 PM
    I am new to Pulumi and I am trying to figure out how to convert
    Output<string>
    to a
    string
    in TypeScript. My code looks something like:
    const config = new pulumi.Config();
    const ddAPIKey = config.requireSecret("my-api-key");
    
    const envVars = [
        { name: 'ECS_FARGATE', value: 'true' },
        { name: 'DD_API_KEY', value: ddAPIKey.apply(dd => dd) }
    ];
    a
    t
    • 3
    • 31
  • f

    fierce-machine-21789

    11/14/2019, 8:53 PM
    It seems simple enough to create an IAM policy in Pulumi (a policy to attach to an IAM User/Group/Role), but I'm finding it difficult to create a resource policy (a policy to attach to an AWS resource external to IAM, e.g., a KMS CMK).
    🤔 1
    w
    • 2
    • 7
  • h

    handsome-cat-98152

    11/15/2019, 11:02 AM
    Good day! Does one of you happen to know, how I can retrieve my
    access token
    ? It is needed for the
    pulumi login
    command
    a
    t
    c
    • 4
    • 4
  • s

    sparse-piano-12937

    11/15/2019, 12:27 PM
    A question, with the azure devops extension, this requires an Azure subscription (it's a property on the extension). Does this extension only support Azure resources? I want to build AWS resources through Azure DevOps.
    t
    g
    • 3
    • 5
  • n

    nice-cat-91582

    11/15/2019, 5:24 PM
    launching production :)
    🎉 9
  • b

    billowy-laptop-45963

    11/15/2019, 5:29 PM
    What's the best way to do the following cloudformation replacement:
    !Sub "arn:aws:ssm:${AWS::Region}:${AWS::AccountId}:parameter${SsmParameterPrefix}*"
    where ${AWS::*} are standard cloudformation values replaced at runtime by the current region/account id and ${SsmParameterPrefix} is a passed in value as a parameter.
    • 1
    • 4
  • f

    famous-postman-81672

    11/15/2019, 6:51 PM
    Does the Azure Blob Storage backend support Shared Access Signature (SAS) tokens instead of Access Keys? I've had success running Pulumi against an Azure Storage backend by supplying an Access Key via the
    AZURE_STORAGE_KEY
    environment variable, but I haven't had success supplying an SAS token. Looking for something similar to Terraform's
    sas_token
    support: https://www.terraform.io/docs/backends/types/azurerm.html#sas_token
    w
    • 2
    • 4
Powered by Linen
Title
f

famous-postman-81672

11/15/2019, 6:51 PM
Does the Azure Blob Storage backend support Shared Access Signature (SAS) tokens instead of Access Keys? I've had success running Pulumi against an Azure Storage backend by supplying an Access Key via the
AZURE_STORAGE_KEY
environment variable, but I haven't had success supplying an SAS token. Looking for something similar to Terraform's
sas_token
support: https://www.terraform.io/docs/backends/types/azurerm.html#sas_token
Currently exploring the
AZURE_STORAGE_SAS_TOKEN
environment variable since it looks like Pulumi uses: https://godoc.org/gocloud.dev/blob/azureblob
w

white-balloon-205

11/15/2019, 8:21 PM
I haven’t used it myself - but indeed I would expect that to work. Curious - did it work out for you?
f

famous-postman-81672

11/15/2019, 9:14 PM
It appears Pulumi is trying to use the SAS token from
AZURE_STORAGE_SAS_TOKEN
, but so far I haven't been able to authenticate successfully. I'm not convinced I'm providing the correct value for the SAS token, though. I'll work on this more in the coming week and report back if I can get it working
Closing the loop: Using an Azure Blob Storage backend with a Shared Access Signature (SAS) mostly seems to work, but an error is returned. Filed an issue: https://github.com/pulumi/pulumi/issues/3537
View count: 1