busy-dusk-74339
01/17/2020, 2:32 PMpulumi preview --diff
it highlights securityGroups
as having changes, but the contents of the object are identical to the instance above that it wants to delete …busy-dusk-74339
01/17/2020, 2:33 PM- aws:ec2/instance:Instance: (delete)
[id=i-0b024d1ad4cb75dba]
[urn=urn:pulumi:dev::talend_poc::aws:ec2/instance:Instance::talend_poc_instance]
[provider=urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334]
ami : "ami-04bfa3d65c8508b02"
disableApiTermination: true
getPasswordData : false
iamInstanceProfile : "talend_poc_profile-1f0f54b"
instanceType : "m4.xlarge"
keyName : "ops"
rootBlockDevice : {
deleteOnTermination: true
volumeSize : 300
}
securityGroups : [
[0]: "sg-095e0af0371379410"
[1]: "sg-078d2ef15a737ac03"
]
sourceDestCheck : true
subnetId : "subnet-08d1f41a5bd97f622"
tags : {
Name : "talend-poc"
application: "talend-poc"
}
userData : "IyEvYmluL2Jhc2gKCnN..."
busy-dusk-74339
01/17/2020, 2:33 PMpulumi:pulumi:Stack: (same)
[urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:Stack::talend_poc-dev]
> pulumi:pulumi:StackReference: (read)
[id=PLOS/iam/dev]
[urn=urn:pulumi:dev::talend_poc::pulumi:pulumi:StackReference::PLOS/iam/dev]
name: "PLOS/iam/dev" +-aws:ec2/instance:Instance: (replace)
[id=i-099b9ef2206465ee3]
[urn=urn:pulumi:dev::talend_poc::aws:ec2/instance:Instance::talend_poc_instance]
[provider: urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_8_0::90aafd96-3c4a-4649-9def-fb795391f334 => urn:pulumi:dev::talend_poc::pulumi:providers:aws::default_1_18_0::output<string>]
~ securityGroups: [
+ [0]: "sg-095e0af0371379410"
+ [1]: "sg-078d2ef15a737ac03"
]
helpful-kitchen-78641
01/17/2020, 7:44 PMPulumi.stack.yaml
config:
aws:profile: StagingAdmin
and in my index.ts
code I would like to do something like:
const prof = config.require('aws:profile');
helpful-kitchen-78641
01/17/2020, 7:50 PMconst prof = aws.config.profile;
busy-dusk-74339
01/17/2020, 10:39 PMbusy-dusk-74339
01/17/2020, 10:40 PMloud-nest-15724
01/18/2020, 1:41 PMmysterious-egg-7415
01/18/2020, 4:27 PMsteep-toddler-94095
01/19/2020, 3:17 AMbuild.cacheFrom
parameter does not seem to allow me to use an image with a different name as the cache source. It's different from how docker --cache-from
works. Am I out of luck on this if i want to use another image for the build cache?broad-dog-22463
01/20/2020, 10:50 AMconst providers: {[key: string]: aws.Provider} = {
"us-east-1": new aws.Provider("us-east-1", {region: "us-east-1"}),
"us-east-2": new aws.Provider("us-east-2", {region: "us-east-2"}),
"us-west-2": new aws.Provider("us-west-2", {region: "us-west-2"})
};
for (const providerKey of Object.keys(providers)) {
const provider = providers[providerKey];
const lambda = new aws.lambda.Function(`my-lambda-function-${providerKey}`, {
name: "lambda-for-account-cleanup",
runtime: aws.lambda.Go1dxRuntime,
timeout: 900,
role: iamRoleArn,
handler: "main",
code: new pulumi.asset.FileArchive("../deployment.zip"),
environment: {
variables: {
"DESTROY_ENABLED": "false"
}
},
tags: {
"Owner": "Stack72",
"Purpose": "AccountCleanup",
}
}, {provider: provider});
}
limited-rainbow-51650
01/20/2020, 11:09 AMlimited-rainbow-51650
01/20/2020, 11:10 AMcuddly-smartphone-89735
01/20/2020, 2:03 PMkubeconfig
parameter with the output of a Azure KubernetesCluster
resource. But for some reason, when I run pulumi up
before even provisioning anything, it fails because the k8s
resource already tries to connect to the cluster (which doesn't exist at this point in time). I thought that a missing dependency was the issue, but even when I specify the dependency explicitly, it will fail with the connection error. Any ideas? Basically I just want to provision a cluster (with azure provider) and then configure that same cluster (with k8s provider).nutritious-judge-27316
01/20/2020, 2:12 PMred-football-97286
01/20/2020, 2:47 PMlimited-rain-96205
01/20/2020, 7:18 PMfresh-summer-65887
01/20/2020, 8:57 PMpulumi up
takes 6 to 7 minutes. Is this typical? Seems a bit long....bored-river-53178
01/20/2020, 9:16 PMeager-gold-58845
01/21/2020, 1:22 AMruntime.registerStackTransformation(args => {
return {
...args,
props: {
...args.props,
tags: {
owner: "stewartnoll"
}
}
}
});
but ran into the problem pointed out in the question's thread where not all aws resources support a tag resulting in a failure at pulumi up
. Followed up by moving to a more explicit approach that sets tags on those things I specifically care about:
runtime.registerStackTransformation(args => {
if (args.type === 'aws:lambda/function:Function' || args.type === '<ANOTHER TYPE HERE>') {
return {
...args,
props: {
...args.props,
tags: {
owner: "stewartnoll"
}
}
}
}
return undefined;
});
Although this has the benefit of reducing cognitive load on future devs adding functions to the stack, there's still the issue of adding a different resource to the stack that supports tags but isn't captured in the condition. If this were dot net I'd use reflection to map args.type
to the dot net Type and check if the Type has the property Tags
which would cover all resource types (including those that haven't been created by aws yet). I've been Googling a bunch on how to do something similar in TypeScript but haven't had any luck. Does anyone know of a way to do this or a better approach?flat-insurance-25294
01/21/2020, 1:37 AMbetter-rainbow-14549
01/21/2020, 10:40 AMcold-motorcycle-78950
01/21/2020, 4:30 PMbig-potato-91793
01/21/2020, 4:31 PMError: ENOENT: no such file or directory, open '/Users/alexandrelemieux/tm/pulumi/ticketmaster/node_modules/grpc/node_modules/needle/test/keys/ssl.cert'
at Object.openSync (fs.js:448:3)
at Object.readFileSync (fs.js:348:35)
at Object.<anonymous> (/Users/alexandrelemieux/tm/pulumi/ticketmaster/node_modules/grpc/node_modules/needle/test/helpers.js:9:13)
at Module._compile (internal/modules/cjs/loader.js:738:30)
at Object.Module._extensions..js (internal/modules/cjs/loader.js:749:10)
at Module.load (internal/modules/cjs/loader.js:630:32)
at tryModuleLoad (internal/modules/cjs/loader.js:570:12)
at Function.Module._load (internal/modules/cjs/loader.js:562:3)
at Module.require (internal/modules/cjs/loader.js:667:17)
at require (internal/modules/cjs/helpers.js:20:18)
npm ERR! Test failed. See above for more details.
flat-insurance-25294
01/21/2020, 5:06 PMbroad-boots-45639
01/21/2020, 6:21 PM--set
. Pulumi looks to be writing these values into a yaml file in tmp, but they’re cleaned up as soon as the command fails:
Command failed: helm template /tmp/tmp-2518liO6nRLE4N1X/sumologic --name-template sumobundle --values /tmp/tmp-2518liO6nRLE4N1X/sumologic/values.yaml --values /tmp/tmp-25188Uk68Vj0j9UB.yaml --namespace sumologic
I’d like to validate the values in these files and confirm that the secrets are being passed in. Before I do something hacky, is there a better way I could go about troubleshooting this problem or maybe force Pulumi to retain its artifacts from the preview?incalculable-engineer-92975
01/21/2020, 8:21 PMfast-dinner-32080
01/21/2020, 8:39 PMcool-egg-852
01/21/2020, 9:41 PMelegant-dress-88912
01/22/2020, 5:30 AMpulumi up
shows secure outputs in plain text, is it a known issue? I am using pulumi random:
import * as random from "@pulumi/random";
...
const redisPassword = new random.RandomPassword("redis", {
length: 10,
special: false
});
export const redisStgPassword = redisPassword.result;
Per docs, pulumi should display at as`[secret]` : https://www.pulumi.com/docs/intro/concepts/programming-model/#stack-outputs and https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/random/#RandomPassword while in my case it displays it in plaintext every invocation of pulumi up
or pulumi stack output
I am using pulumi 1.8.1 and random 1.4.0elegant-dress-88912
01/22/2020, 5:30 AMpulumi up
shows secure outputs in plain text, is it a known issue? I am using pulumi random:
import * as random from "@pulumi/random";
...
const redisPassword = new random.RandomPassword("redis", {
length: 10,
special: false
});
export const redisStgPassword = redisPassword.result;
Per docs, pulumi should display at as`[secret]` : https://www.pulumi.com/docs/intro/concepts/programming-model/#stack-outputs and https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/random/#RandomPassword while in my case it displays it in plaintext every invocation of pulumi up
or pulumi stack output
I am using pulumi 1.8.1 and random 1.4.0white-balloon-205
01/22/2020, 5:32 AMadditionalSecretOutputs
to ensure outputs are secret (unless they were also inputs which were provided a secret value).
https://github.com/pulumi/pulumi-terraform-bridge/issues/10 will make it so that this additional annotation is not required, and "Sensitive" outputs from upstream providers will automatically be marked as secret.elegant-dress-88912
01/22/2020, 5:33 AMrandom.RandomPassword
and tls.PrivateKey
(which are from terraform modules), but didn't work for k8s.Secret. Any idea? Code:
const vaultAuthAccount = new k8s.core.v1.ServiceAccount(
...
// read from created account token secret
export const vaultAuthToken64 = k8s.core.v1.Secret.get(
"vault-auth-token",
pulumi.interpolate`${vaultAuthAccount.metadata.namespace}/${vaultAuthAccount.secrets[0].name}`,
{
additionalSecretOutputs: ["data"]
}
).data.apply(d => (d as { token: string }).token);
get
of https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/kubernetes/core/v1/#Secret does not honor this optionOutput
from non-secure Output
? I could use this as w/a.white-balloon-205
01/22/2020, 5:53 AMget
not respecting this option).elegant-dress-88912
01/22/2020, 5:53 AMwhite-balloon-205
01/22/2020, 5:54 AMmb there is some way to create secureYeah -from non-secureOutput
?Output
pulumi.secret(output)
should work.elegant-dress-88912
01/22/2020, 5:54 AM