https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    bland-lamp-97030

    08/04/2018, 8:04 AM
    I have similar concerns regarding the ability for specific team members to deploy particular stacks, like locking down prod stacks to senior members
  • w

    white-balloon-205

    08/04/2018, 3:16 PM
    Hi Jarshwah! Yes - we will be adding richer Role Based Access Control for teams in the coming weeks, and both of these are things we’ll allow you to grant or deny based on role applied to an individual or group. cc @square-apartment-28429
  • c

    colossal-beach-47527

    08/04/2018, 4:08 PM
    Yup, what Luke said! We have a lot of plans in this area and I am eagerly working out the details to get them launched. @bland-lamp-97030 I’ll follow up with a PM soon with the details and ways you can accomplish that today. (And post it to Pulumi.io, too.
  • s

    stocky-spoon-28903

    08/04/2018, 4:13 PM
    Looking forward to seeing what comes out of that!
  • s

    stocky-spoon-28903

    08/04/2018, 5:25 PM
    Is there a way to expand the graph view on app.pulumi.com to include the internals of components?
  • s

    stocky-spoon-28903

    08/04/2018, 5:25 PM
    This is all I currently see
  • b

    big-piano-35669

    08/04/2018, 5:34 PM
    Assuming you have more than just that automatic Stack resource, this looks like a bug to me. We should show components (e.g., cloud:Table, et al enjoy this). If you have your checkpoint file handy -- via
    pulumi stack export
    -- and it doesn't contain sensitive info, would you mind sharing and/or filing an issue with it?
  • s

    stocky-spoon-28903

    08/04/2018, 5:34 PM
    I can put it in a secret gist but would rather not post it in an issue.
  • b

    big-piano-35669

    08/04/2018, 5:35 PM
    Sure thing. The main thing I would need to see is the resource URNs and their parent fields, so feel free to strip out the rest.
  • s

    stocky-spoon-28903

    08/04/2018, 5:35 PM
    https://gist.github.com/jen20/28f3d86440730979910ae08c6be61f90
  • s

    stocky-spoon-28903

    08/04/2018, 5:36 PM
    I found another interesting issue here too actually - there may be a good explanation but it was somewhat surprising.
  • s

    stocky-spoon-28903

    08/04/2018, 5:37 PM
    I changed the LambdaCert component with this commit: https://github.com/jen20/lambda-cert/pull/2/commits/e0b5fd2bf5766efdb4777ff330b208fa54a70715 and ensured that
    inputs. generateJavaKeyStore
    was false. However, running
    pulumi update
    didn’t show an update to
    environment
    on the function.
  • b

    big-piano-35669

    08/04/2018, 5:39 PM
    I see the problem; the
    urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:LambdaCert::algo-vault-lambda-cert
    resource has an empty
    parent
    property. This should never happen except for the top-level stack resource. I vaguely remember some bug a while back where if the resource got created "late" in the asynchronous evaluation of a script, it would get mis-parented, but I thought we fixed this. I'll file an issue on our side and take a look.
    s
    • 2
    • 30
  • s

    stocky-spoon-28903

    08/04/2018, 6:26 PM
    Hmm,
    aws.iam.PolicyDocument::merge
    would be a useful thing. Basically something that would go through statements in several policy fragments and find the intersection.
    w
    • 2
    • 1
  • b

    bland-lamp-97030

    08/05/2018, 12:39 AM
    Thanks for the info Luke and Chris, I'm just experimenting at this stage but anticipating questions from the team
  • s

    stocky-spoon-28903

    08/05/2018, 10:40 PM
    I’ve opened up a bunch of issues on
    pulumi-aws
    about cases where objects could be passed instead of IDs in some of the less-used areas of the SDK. I intend to address all of them at some point this week but thought I’d open issues to refer back to as I come across specifics. Please let me know if you’d rather have an omnibus issue for these to reduce noise etc
    w
    b
    • 3
    • 2
  • s

    stocky-spoon-28903

    08/05/2018, 11:25 PM
    I found another fun issue today with
    aws.autoscaling.Group
    . The following property value:
    tags: [
                    {
                        key: "Name",
                        value: "Vault Server",
                        propagateAtLaunch: true,
                    },
                ],
    gives an error when updating:
    Previewing update of stack 'vault-test-dev'
    Previewing changes:
    
         Type                                      Name                              Plan          Info
     *   pulumi:pulumi:Stack                       pulumi-vault-test-vault-test-dev  no change     1 error
     ~   ├─ operator-error:aws:vault:VaultServers  algo-vault-servers                update        changes: + physicalStorageTableName,serverCount,ser
     +   │  └─ aws:ec2:PlacementGroup              algo-vault-placement-group        create
     *   └─ global                                 global                            no change     1 error
    
    Diagnostics:
      global: global
        error: aws:autoscaling/group:Group resource 'algo-vault-autoscaling-group' has a problem: tag.0: expected object, got slice
    
      pulumi:pulumi:Stack: pulumi-vault-test-vault-test-dev
        error: One or more resource validation errors occurred; refusing to proceed
    
    error: an error occurred while advancing the preview
  • s

    stocky-spoon-28903

    08/05/2018, 11:27 PM
    I’m using the
    dev
    dependency of
    @pulumi/aws
    , so the type definition is:
    readonly tags?: pulumi.Input<{
            key: pulumi.Input<string>;
            propagateAtLaunch: pulumi.Input<boolean>;
            value: pulumi.Input<string>;
        }[]>;
  • s

    stocky-spoon-28903

    08/05/2018, 11:32 PM
    I’m guessing this might be related to the discussion here: https://github.com/pulumi/pulumi-aws/pull/277#issuecomment-406806336
  • s

    stocky-spoon-28903

    08/05/2018, 11:34 PM
    Setting it via
    tagsCollection
    doesn’t work either (which makes sense given the above):
    Diagnostics:
      aws:autoscaling:Group: algo-vault-autoscaling-group
        error: Plan apply failed: creating urn:pulumi:vault-test-dev::pulumi-vault-test::operator-error:aws:vault:VaultServers$aws:autoscaling/group:Group::algo-vault-autoscaling-group: algo-vault-autoscaling-group-dae2d47: invalid tag attributes: key missing
    
        error: update failed
  • w

    white-balloon-205

    08/06/2018, 2:57 PM
    @stocky-spoon-28903 Not sure exactly what's going on there - I've opened https://github.com/pulumi/pulumi-aws/issues/293 so we can take a look.
    s
    • 2
    • 10
  • s

    stocky-spoon-28903

    08/07/2018, 12:15 AM
    I think
    aws.elasticloadbalancingv2.Listener
    is missing a
    MaxItemsOne: boolRef(true)
    on the
    defaultActions
    property
    w
    • 2
    • 6
  • c

    colossal-beach-47527

    08/07/2018, 4:34 AM
    Another shameless plug in case you missed the first announcement: Hi everyone! I’m looking into adding “workflow features” to the Pulumi.com service. For example, showing the results of
    pulumi preview
    ran in your CI/CD system on GitHub. Or optionally requiring another project member to review and approve infrastructure changes to a stack. If you are interested in providing feedback on the design and/or would like early access to prototypes, please send me a direct message. I’d love to get your input and will follow up with the details for how to get started!
    s
    • 2
    • 1
  • s

    stocky-spoon-28903

    08/07/2018, 2:52 PM
    If I see:
    ~   ├─ pulumi:providers:aws                        default                               update        changes: ~ version
    and
    warning: resource plugin aws is expected to have version >=0.14.6-dev-1533615635-g36bed34, but has 0.14.6-dev-1533603906-g1e50892; the wrong version may be on your path, or this may be a bug in the plugin
  • s

    stocky-spoon-28903

    08/07/2018, 2:52 PM
    Will that resolve itself on update? (If so, it might be a good warning to make less severe!)
    m
    • 2
    • 2
  • s

    stocky-spoon-28903

    08/07/2018, 3:35 PM
    Actually have a new problem with ASG tags - if any of the values are computed I get a “required value not set”. I have a reproduction (slight modification of the last one) here: https://gist.github.com/jen20/ccc91ab961843babf93b119fe67e1938
    w
    • 2
    • 5
  • s

    stocky-spoon-28903

    08/07/2018, 6:14 PM
    Is there a way in the Terraform bridge to override the type of something in but define a conversion function or similar?
  • m

    microscopic-florist-22719

    08/07/2018, 6:14 PM
    Hm, I don't think so. Can you share a brief example of what you're thinking?
  • s

    stocky-spoon-28903

    08/07/2018, 6:14 PM
    e.g. Health Check on an NLB is defined in the terraform provider as a string because it could either be a number or
    "traffic"
  • s

    stocky-spoon-28903

    08/07/2018, 6:14 PM
    In typescript this would be better represented as
    number | "traffic"
Powered by Linen
Title
s

stocky-spoon-28903

08/07/2018, 6:14 PM
In typescript this would be better represented as
number | "traffic"
View count: 1