https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • t

    thousands-london-78260

    02/26/2020, 2:11 PM
    Yay, terraform recently implemented a long awaited feature “Add desired_status argument to google_compute_instance” (https://github.com/terraform-providers/terraform-provider-google/pull/5734). Which means you can create instances in a TERMINATED state (since you don’t pay for them then). What’s the process of bumping pulumi-gcp? Is that something I should make a PR for, happens on a timed schedule?
  • s

    stocky-spoon-28903

    02/26/2020, 3:00 PM
    @thousands-london-78260 When it’s in a release it will get brought over
  • s

    stocky-spoon-28903

    02/26/2020, 3:00 PM
    @broad-dog-22463 manages much of that, but it shouldn’t be too long following a release upstream
  • b

    bitter-dentist-28132

    02/26/2020, 9:10 PM
    i'm using IAM STS temp credentials to run pulumi from my laptop. how would i run it in a gitlab job? i've tried setting up an access/secret key but it just tells me that it's invalid creds
  • b

    bitter-dentist-28132

    02/26/2020, 9:10 PM
    do i have to
    pulumi config set
    ? i'm just using the standard env vars right now
  • b

    bitter-dentist-28132

    02/26/2020, 9:10 PM
    i figured pulumi would read them
  • l

    late-advantage-85073

    02/26/2020, 9:36 PM
    Is there a doc on organizing your pulumi code? I am playing with the Auth0 sample and the API gateway sample (typescript) and am unsure if I should merge them into one big index.js or if there is a modular approach to applying them to the same stack.
    👍 1
    o
    g
    b
    • 4
    • 7
  • b

    busy-umbrella-36067

    02/26/2020, 11:22 PM
    is there any way to get properties of the provider being used? E.g. Determining if the AWS provider is using a
    profile
    or an assumed
    role_arn
    We’re publishing abstracted AWS/K8S providers for our software devs and using env vars or depending on the pulumi config isn’t viable because a user may be using an explicitly created provider in their IaC
    c
    w
    • 3
    • 6
  • a

    aloof-ram-68069

    02/27/2020, 11:20 AM
    hi, is there any workaround for https://github.com/pulumi/pulumi-aws/issues/814? It''s a real blocker for me. I can't deploy one of required Stacks (others stacks are deployed well).
    w
    • 2
    • 1
  • d

    damp-account-75122

    02/27/2020, 5:36 PM
    Hello, I am getting started with an organization and a naive run of
    pulumi new
    creates a project and stack in my personal account rather than the org. I cannot find a switch or env var to instruct pulumi to use the org as the default account. Is this possible? Thanks!
    g
    m
    • 3
    • 12
  • s

    swift-painter-31084

    02/27/2020, 6:49 PM
    Quick security question about key management practices: So far my keys for GitHub actions deploys into AWS accounts/environments have just been manually added to GitHub Secrets and used as environment variables for Pulumi's action to deploy with. It occurred to me that it would be possible to store those secrets as Pulumi config secrets. Is that considered a safe approach?
    c
    • 2
    • 1
  • l

    limited-rainbow-51650

    02/27/2020, 6:50 PM
    Can I rename a Pulumi project? If so, what are the steps to do it?
    c
    • 2
    • 1
  • r

    red-salesclerk-85731

    02/27/2020, 7:08 PM
    How does Pulumi Terraform Bridge deal with default values configured in a resource? I am running into an issue i.e. a resource is defined as this:
    "list_policy": {
    		(...)
    				"allow": {
    					(...)
    							"all": {
    								Type:         schema.TypeBool,
    								Optional:     true,
    ############ --->		    	Default:      false,                 <-- Default Value #########
    								ExactlyOneOf: []string{"list_policy.0.allow.0.all", "list_policy.0.allow.0.values"},
    							},
    							"values": {
    								Type:         schema.TypeSet,
    								Optional:     true,
    								ExactlyOneOf: []string{"list_policy.0.allow.0.all", "list_policy.0.allow.0.values"},
    								Elem:         &schema.Schema{Type: schema.TypeString},
    								Set:          schema.HashString,
    							},
    						},
    					},
    				},
    https://github.com/terraform-providers/terraform-provider-google/blob/1f9e0cb9c3cef1c65cfd2054ca8dfd2795ac42a6/google/resource_google_organization_policy.go#L55 And I created it like this:
    new projects.OrganizationPolicy('Only allow resource in Europe', {
        constraint: 'gcp.resourceLocations',
        project: gcloud.project,
        listPolicy: {
            allow: {
                values: ['in:europe-west4-locations']
            }
        }
    })
    What would be the value of
    resource.listPolicy.allow.all
    ?
    w
    • 2
    • 9
  • c

    calm-quill-21760

    02/27/2020, 7:45 PM
    Since resource creation is deferred with Pulumi, what's the process for updating an item before it gets created? Specifically, I've created two AWS SecurityGroup objects and want some of the egress rules in one to reference the other. The reason I'm breaking this up is that I don't want to manually define the order in which the groups get created. Creating each and maintaining a reference back seemed like a solution. However, when I pull up the object to modify it, I find the object seems to want a "resolved" value:
    let thisGroup = createdSecGroups.get(thisGroupName);
                        if (item.allowed_other_sec_grps && item.allowed_other_sec_grps.length > 0) {
                            for (let allowed of item.allowed_other_sec_grps) {
                                let theOtherSecGrp = createdSecGroups.get(allowed + "_" + vpc);
                                if (theOtherSecGrp && thisGroup) {
                                    thisGroup.egress.get().forEach(entry => {
                                        entry.securityGroups = theOtherSecGrp!.id;
                                    });
                                }
                            }
                        }
    This line is invalid:
    entry.securityGroups = theOtherSecGrp!.id;
    It looks like securityGroups wants a resolved string[] value. I'm guessing this is another case where I'm thinking about this all wrong... Suggestions are appreciated!
    w
    • 2
    • 4
  • s

    swift-painter-31084

    02/27/2020, 10:37 PM
    Just confirming: If a Pulumi user has access to a project, but NONE on a production stack, they should not be able to decrypt secrets associated with that stack, correct?
    c
    • 2
    • 5
  • b

    bitter-zebra-93800

    02/27/2020, 11:04 PM
    Is @pulumi/random deprecated? VSCode is not finding it
    g
    • 2
    • 2
  • a

    able-monitor-26199

    02/28/2020, 4:34 AM
    Hello, would Pulumi add TencentCloud to the cloud providers list? TencentCloud website: https://intl.cloud.tencent.com/ Terraform plugin: https://github.com/terraform-providers/terraform-provider-tencentcloud Any other informations I am glad to make addition.
    d
    • 2
    • 2
  • s

    swift-painter-31084

    02/29/2020, 1:41 AM
    We recently upgraded to use Pulumi Team Pro. My account has organizational Admin access, but I can't seem to create teams either manually or via GitHub. (we do have a GitHub Team setup in our organization) Any ideas as to why that could be?
    c
    • 2
    • 1
  • w

    wet-sunset-4939

    03/01/2020, 4:44 AM
    Hi All, I'm provision an Azure storage account (ZRS) with management policy to move blob to Cool feature but got an error message 'tierToArchive is not supported for the account.' However, I'm able to set the rule manually on the portal. Could you please help?
  • g

    glamorous-printer-66548

    03/01/2020, 7:47 AM
    Heyho, is there a way to disable secret encryption completely when using the local or bucket storage backend? The way I'm planning to use pulumi technically no secrets should end up in state therefore it would be convenient not having to bother with setting up a secret provider.
  • h

    handsome-xylophone-18806

    03/01/2020, 11:49 AM
    Hi everyone, I have a project with multiple stacks. There are some common configuration with the same values for some stacks. For example, I have 4 stacks:
    #Pulumi.network.dev.yaml
    encryptionsalt: ....
    config:
      aws:region: us-east-2
      network:env.name: dev
    #Pulumi.services.dev.yaml
    encryptionsalt: ....
    config:
      aws:region: us-east-2
      services:env.name: dev
    #Pulumi.network.prod.yaml
    encryptionsalt: ....
    config:
      aws:region: us-east-1
      network:env.name: prod
    #Pulumi.services.prod.yaml
    encryptionsalt: ....
    config:
      aws:region: us-east-1
      services:env.name: prod
    Is this possible to extract common configurations to a file and import it when needed? For example, I would like to have something similar to this:
    #Pulumi.common.dev.yaml
    encryptionsalt: ....
    config:
      aws:region: us-east-2
      common:env.name: dev
    #Pulumi.network.dev.yaml
    encryptionsalt: ....
    config:
      aws:region: {{common.dev/aws:region}}
      network:env.name: {{common.dev/common:env.name}}
    Or do you have other ideas to solve this issue?
    👍 1
    r
    e
    +2
    • 5
    • 6
  • g

    gorgeous-elephant-23271

    03/01/2020, 12:48 PM
    Hi there, if I'm deploying a k8s cluster with pulumi and also what goes in to that cluster, should I use a single stack, or multiple? It would seem to make sense to have one, but would it be coupling infra to apps by doing that?
    b
    g
    s
    • 4
    • 11
  • g

    gorgeous-elephant-23271

    03/01/2020, 12:49 PM
    Also, if I want to test k8s deployments to a local instance, it would be nice to be able to run that separately from the aks deployment
  • b

    bitter-dentist-28132

    03/02/2020, 4:31 PM
    is there a way to programmatically get all stacks in a project/account? use case: i'm replicating "prod" across several regions, and I want to create some origin groups for failover in the CDN, and it would be nice to simply aggregate all deployed replications
    b
    e
    g
    • 4
    • 5
  • v

    victorious-helmet-11068

    03/02/2020, 4:40 PM
    hi there. I’m loosing the focus on the word “stack”. The stack is mandatory the environment? (prod/stage/dev) ? I’m thinking about stack as “subproject” of a big project….a little like AWS cloudformation stacks. Am I on the wrong direction ?
    g
    • 2
    • 2
  • b

    bitter-dentist-28132

    03/02/2020, 6:04 PM
    is there a way to explicitly provide a passphrase for decoding secrets when doing a
    StackReference
    ?
  • b

    bitter-dentist-28132

    03/02/2020, 6:58 PM
    does importing s3 buckets not work? i get the error
    invalid Amazon S3 ARN, unknown resource type, arn:aws:s3:::bucket-name
    a
    s
    • 3
    • 6
  • b

    bitter-dentist-28132

    03/02/2020, 7:54 PM
    is it possible to import a resource and apply a diff on it? e.g. if i want to apply a replication config on several s3 buckets that i have in various stacks.
    w
    • 2
    • 1
  • p

    prehistoric-account-60014

    03/02/2020, 8:49 PM
    For organizations not in the Team Pro plan, users added have the “Member” role. What are the permissions of this role? The documentation mentions the ability to set default stack permissions for an organization but that does not seem to be visible in the settings view.
    c
    • 2
    • 8
  • e

    echoing-breakfast-73834

    03/02/2020, 10:31 PM
    Is there any shorthand/better way for
    pulumi up --replace $urn && pulumi up
    to replace a resource and update it's dependencies? I tried
    --target-replacement $urn --target-dependents
    but the dependents didn't get updated/replaced until I ran
    pulumi up
    again.
Powered by Linen
Title
e

echoing-breakfast-73834

03/02/2020, 10:31 PM
Is there any shorthand/better way for
pulumi up --replace $urn && pulumi up
to replace a resource and update it's dependencies? I tried
--target-replacement $urn --target-dependents
but the dependents didn't get updated/replaced until I ran
pulumi up
again.
View count: 1