Since resource creation is deferred with Pulumi, what's the process for updating an item before it gets created? Specifically, I've created two AWS SecurityGroup objects and want some of the egress rules in one to reference the other. The reason I'm breaking this up is that I don't want to manually define the order in which the groups get created. Creating each and maintaining a reference back seemed like a solution. However, when I pull up the object to modify it, I find the object seems to want a "resolved" value:

let thisGroup = createdSecGroups.get(thisGroupName);
                    if (item.allowed_other_sec_grps && item.allowed_other_sec_grps.length > 0) {
                        for (let allowed of item.allowed_other_sec_grps) {
                            let theOtherSecGrp = createdSecGroups.get(allowed + "_" + vpc);
                            if (theOtherSecGrp && thisGroup) {
                                thisGroup.egress.get().forEach(entry => {
                                    entry.securityGroups = theOtherSecGrp!.id;
                                });
                            }
                        }
                    }

This line is invalid:

entry.securityGroups = theOtherSecGrp!.id;

It looks like securityGroups wants a resolved string[] value. I'm guessing this is another case where I'm thinking about this all wrong... Suggestions are appreciated!

Just confirming: If a Pulumi user has access to a project, but NONE on a production stack, they should not be able to decrypt secrets associated with that stack, correct?

Is @pulumi/random deprecated? VSCode is not finding it

Hello, would Pulumi add TencentCloud to the cloud providers list? TencentCloud website: https://intl.cloud.tencent.com/ Terraform plugin: https://github.com/terraform-providers/terraform-provider-tencentcloud Any other informations I am glad to make addition.

We recently upgraded to use Pulumi Team Pro. My account has organizational Admin access, but I can't seem to create teams either manually or via GitHub. (we do have a GitHub Team setup in our organization) Any ideas as to why that could be?

Hi All, I'm provision an Azure storage account (ZRS) with management policy to move blob to Cool feature but got an error message 'tierToArchive is not supported for the account.' However, I'm able to set the rule manually on the portal. Could you please help?

Heyho, is there a way to disable secret encryption completely when using the local or bucket storage backend? The way I'm planning to use pulumi technically no secrets should end up in state therefore it would be convenient not having to bother with setting up a secret provider.

Hi everyone, I have a project with multiple stacks. There are some common configuration with the same values for some stacks. For example, I have 4 stacks:

#Pulumi.network.dev.yaml
encryptionsalt: ....
config:
  aws:region: us-east-2
  network:env.name: dev

#Pulumi.services.dev.yaml
encryptionsalt: ....
config:
  aws:region: us-east-2
  services:env.name: dev

#Pulumi.network.prod.yaml
encryptionsalt: ....
config:
  aws:region: us-east-1
  network:env.name: prod

#Pulumi.services.prod.yaml
encryptionsalt: ....
config:
  aws:region: us-east-1
  services:env.name: prod

Is this possible to extract common configurations to a file and import it when needed? For example, I would like to have something similar to this:

#Pulumi.common.dev.yaml
encryptionsalt: ....
config:
  aws:region: us-east-2
  common:env.name: dev

#Pulumi.network.dev.yaml
encryptionsalt: ....
config:
  aws:region: {{common.dev/aws:region}}
  network:env.name: {{common.dev/common:env.name}}

Or do you have other ideas to solve this issue?

Hi there, if I'm deploying a k8s cluster with pulumi and also what goes in to that cluster, should I use a single stack, or multiple? It would seem to make sense to have one, but would it be coupling infra to apps by doing that?

Also, if I want to test k8s deployments to a local instance, it would be nice to be able to run that separately from the aks deployment

is there a way to programmatically get all stacks in a project/account? use case: i'm replicating "prod" across several regions, and I want to create some origin groups for failover in the CDN, and it would be nice to simply aggregate all deployed replications

hi there. I’m loosing the focus on the word “stack”. The stack is mandatory the environment? (prod/stage/dev) ? I’m thinking about stack as “subproject” of a big project….a little like AWS cloudformation stacks. Am I on the wrong direction ?

is there a way to explicitly provide a passphrase for decoding secrets when doing a

StackReference

?

does importing s3 buckets not work? i get the error

invalid Amazon S3 ARN, unknown resource type, arn:aws:s3:::bucket-name

is it possible to import a resource and apply a diff on it? e.g. if i want to apply a replication config on several s3 buckets that i have in various stacks.

For organizations not in the Team Pro plan, users added have the “Member” role. What are the permissions of this role? The documentation mentions the ability to set default stack permissions for an organization but that does not seem to be visible in the settings view.

Is there any shorthand/better way for

pulumi up --replace $urn && pulumi up

to replace a resource and update it's dependencies? I tried

--target-replacement $urn --target-dependents

but the dependents didn't get updated/replaced until I ran

pulumi up

again.

Does Pulumi have any plans for validation or schema definition for config files? Looking for something similar to JSON schema.

What's the right way to lookup a resource that's been created in a loop to use in the

parent:

block of another resource? I got stuck because I can unwrap the promise to check the string, but I can't seem to do that and keep a reference to the resource which is what I actually need. For example, say I created a bunch of

kubernetes.core.v1.Namespace

resources in a function and now I have an array of them. What's the right way to do this:

// namespaces is an array of kubernetes.core.v1.Namespace
const myNamespace = namespaces.find(
    ns => ns.metadata.name === 'mynamespace' // Usual Output<string> is not a string problem
);

// Use mynamespace as parent
new k8s.helm.v2.Chart(
    'myChart',
    {
        path: chartPath,
    },
    {
        parent: myNamespace
    }
);

hey it seems that pulumi already infers the git sha1 of the environment it runs in (at least it ends up in some state / history metadata). Is there a way I can get the git_sha1 from

pulumi.runtime

or some other thing at runtime and use it in my config?

Quick question, we have a tool call janitor that removed old stuff in k8s cluster. When this happens we need to redeploy because pulumi doesn’t verify that resources are created? Something we can do for checking that

Hi All, I'm trying to provision Azure App Service Certificate using pulumi. However, I got an error message is 'The parameter AutoRenew has an invalid value.' below is my code. Tried to fine some sample on github but not luck. Please if you have.

const order = new azure.appservice.CertificateOrder('sample-dev', {
    name: 'sample-dev',
    csr: '*.host.dev',
    autoRenew: true,
    ...group,
    location: 'global',
    productType: 'WildCard',
    validityInYears: 3
  });

when I use a kubernetes.helm.v2.Chart component, is there any way to remove a Kubernetes object (in my case an Ingress definition) from the list of objects (I know I can use transformations to modify any object, but can’t find any documentation on how to remove one (if possible))?

One more question: if I have a variable with type pulumi.Input<string> can I use it in conditionals that check the actual string value somehow?

is there a way to view the compiled (from typescript) js that pulumi is executing?

I am thinking of using Pulumi with two different companies I work with, each with their own Team Starter or Pro account. Is there a way to tell Pulumi which account to associate itself with when running the command line? Environment variable of something.

Manual step in a Pulumi script I'm trying to perform a manual step as part of a deployment script (one-time-password, captcha, etc.), but due to the async nature of Pulumi I haven't succeeded in asking for the manual input as part of the

pulumi up

Has anyone succeeded in a similar project ? Code example would be epic

I'm having an issue with a local stack. Here's what happened: 1.

pulumi login --local

2.

pulumi stack init my-stack

(entered passphrase) 3.

aws-vault exec my-profile -- pulumi up

. got an error. some resources provisioned. 4. fixed stuff 5.

aws-vault exec my-profile -- pulumi up

. started getting

error: decrypting secret value: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase

6. weirder:

pulumi stack ls

returns empty list of stacks what is going on?

Hi All, I have an App Service Certificate for an domain. But dont know how to import the certificate into an AppService. Please share if you know. Thanks

Trying to setup a kubernetes cluster on GCP via pulumi