https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • w

    worried-engineer-33884

    04/10/2020, 5:46 PM
    Having an issue with node 12.x monitor mock for
    call
    not being mocked as expected. Works fine on 11.x. Anyone else notice this?
    w
    • 2
    • 4
  • f

    famous-translator-53768

    04/10/2020, 6:56 PM
    hi im new to all things pulumi 🙂 going to give a crack this weekend
    👋 4
    😛artypus-8bit: 1
  • g

    green-morning-1318

    04/10/2020, 7:13 PM
    Welcome Lutando 😄 👋 feel free to ask for help when you’re stuck
    🙏 2
    f
    • 2
    • 1
  • w

    worried-engineer-33884

    04/10/2020, 7:53 PM
    @white-balloon-205 @microscopic-florist-22719 I'm absolutely thrilled to report that our test suite of over 700 unit tests that took 15-20 minutes to run, after rewriting everything to use the new monitor mock feature, has been reduced to 17 seconds!!! We couldn't be happier. Thank you so much for this! cc @gentle-diamond-70147 @big-piano-35669
    😛ulumipus-8bit: 2
    👏 2
    🚀 5
    g
    b
    • 3
    • 4
  • f

    fast-dinner-32080

    04/10/2020, 9:36 PM
    Hey guys, I am creating namespaces using the Rancher2 provider but rancher adds labels to these after creation and I am trying to ignore them. Is there an example of how to do this in .net? I am getting
    rancher2:index/namespace:Namespace: (update)
      [id=ua-dev]
      [urn=urn:pulumi:stg-k8s-c01::k8s-cluster-projects::rancher2:index/namespace:Namespace::ns]
      [provider=urn:pulumi:stg-k8s-c01::k8s-cluster-projects::pulumi:providers:rancher2::default_1_5_0::5ee76677-bc06-416a-a367-1be4dd7fa198]
    ~ labels: {
        - <http://cattle.io/creator|cattle.io/creator>        : "norman"
        - <http://field.cattle.io/projectId|field.cattle.io/projectId>: "id"
      }
    and I have tried all these but doesn't seem to work. I am probably providing the string incorrect but I am having a hard time finding an example.
    new CustomResourceOptions
    {
        IgnoreChanges =
        {
            {"labels.\"<http://cattle.io/creator|cattle.io/creator>\""}
        }
    }
    
    new CustomResourceOptions
    {
        IgnoreChanges =
        {
            {"<http://labels.cattle.io/creator|labels.cattle.io/creator>"}
        }
    }
    
    new CustomResourceOptions
    {
        IgnoreChanges =
        {
            {"labels[<http://cattle.io/creator|cattle.io/creator>]"}
        }
    }
    
    new CustomResourceOptions
    {
        IgnoreChanges =
        {
            {"labels[\"<http://cattle.io/creator|cattle.io/creator>\"]"}
        }
    }
  • p

    polite-motherboard-78438

    04/11/2020, 2:59 PM
    Hi all. I am trying to fix some differences between the Pulumi state and my K8s state, but I am having some troubles and would be nice to have some help. When I run
    pulumi preview
    , I get the following diff:
    +   ├─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                    letsencrypt-prod                create
     -   ├─ kubernetes:helm.sh:Chart                                    letsencrypt-prod                delete
     -   │  └─ kubernetes:<http://cert-manager.io:ClusterIssuer|cert-manager.io:ClusterIssuer>                 cert-maanger/letsencrypt-prod   delete
    The resource that Pulumi is trying to create is the same as the one it is trying to delete. (On K8s). I am not sure since when this happen, but It could be because the change the way the "lets-encrypt" resource is managed in Pulumi, from an Helm Chart to a Custom resource. Still If I run
    pulumi up
    it fails, saying with "error":
    resource cert-maanger/letsencrypt-prod was not successfully created by the Kubernetes API server : <http://clusterissuers.cert-manager.io|clusterissuers.cert-manager.io> "letsencrypt-prod" already exists. That´s normal, since Pulumi is trying to create a resource that already exists.
    So I am trying to converge the pulumi state with the K8s cluster state. First I tried to manually delete the "letsencrypt" resource by it´s urn like so:
    pulumi state delete urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2/:letsencrypt-prod|helm.sh/v2/:letsencrypt-prod>
    It gave an error: error:
    This resource can't be safely deleted because the following resources depend on it: cert-maanger/letsencrypt-prod" (urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod>)
    Ok. makes sense. Let´s try to delete de dependent resource first:
    pulumi state delete urn:pulumi:dev::brunopazdev::kubernetes:<http://helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod|helm.sh/v2:Chart$kubernetes:cert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod> --force -y
    Another error: "*error: No such resource "urn😛ulumi:dev::brunopazdev::kubernetes:helm.sh/v2:Chartert-manager.io/v1alpha2:ClusterIssuer::cert-maanger/letsencrypt-prod" exists in the current state*" So I have a resource that depends on a resource that doesnt exist?? Has anybody have an idea how to fix this? Do I have to edit the state manually to remove this resources and then maybe importing the existing one from the Cluster state? Thank you.
    g
    • 2
    • 5
  • s

    swift-oxygen-28374

    04/11/2020, 6:54 PM
    Hi Everyone, I'm new to Pulumi. Using a full-fledged programming language to define infrastructure as code is great! I'm doing a poc to get familiar with Pulumi. Below is a snippet that creates snapshot of an ebs volume and prints snapshot id. Got an error when trying to print snapshot id. Any pointers on how to change this?
    const snapshot = new aws.ebs.Snapshot("Unattached volume", {
                tags: {
                    Name: ebsVolume.tags["Name"],
                    Cleanup: "true",
                    Who: "satish",
                    When: "04102020"
                },
                volumeId: volumeId,
            });
    
            // const snapshotId = <http://snapshot.id|snapshot.id>.apply(s => `${s}`);
            const snapshotId = pulumi.interpolate `prefix${<http://snapshot.id|snapshot.id>}suffix`
    
            console.log("Created snapshot " + snapshotId + " for volume " + volumeId);
    Created snapshot Calling [toString] on an [Output<T>] is not supported.
        To get the value of an Output<T> as an Output<string> consider either:
        1: o.apply(v => `prefix${v}suffix`)
        2: pulumi.interpolate `prefix${v}suffix`
        See <https://pulumi.io/help/outputs> for more details.
    w
    • 2
    • 2
  • g

    gorgeous-elephant-23271

    04/11/2020, 8:38 PM
    Hi, how do I create a new stack for an existing project? When I do
    pulumi new
    I get
    Sorry, 'projectname' is not a valid project name. A project with this name already exists.
    , and when I do
    pulumi stack init
    I get
    error: no Pulumi project found in the current working directory
    s
    f
    • 3
    • 37
  • g

    gorgeous-elephant-23271

    04/11/2020, 8:39 PM
    I tried copying an existing
    pulumi.yaml
    file into this folder, but when I ran
    pulumi stack init
    it did nothing (though it created the stack on
    <http://app.pulumi.com|app.pulumi.com>
    )
  • g

    gorgeous-elephant-23271

    04/11/2020, 8:40 PM
    I'm sure this is possible since I've done it before
  • g

    gorgeous-elephant-23271

    04/11/2020, 8:40 PM
    pulumi
    v1.14.0
  • s

    sparse-state-34229

    04/12/2020, 7:37 AM
    in Python, how do I pass the string representation of a resource’s output properties to a method?
  • s

    sparse-state-34229

    04/12/2020, 7:37 AM
    like this: https://gist.github.com/ohlol/fedb70eaf121a5ed67402f615a7156fc
    b
    f
    • 3
    • 22
  • a

    acceptable-stone-35112

    04/12/2020, 8:35 AM
    Trying to figure out the correct approach to use a provider in my stack that exists in TF. 1. Create a new dynamic provider 2. Use RemoteStateReference inside dynamic provider to interact with TF Is that the recommended way? In my case TF provider is needed for smaller part of the stack, and basically it means that state will be external to Pulumi Cloud where rest of the stack state is managed.
  • s

    stale-minister-93676

    04/13/2020, 12:29 PM
    So I've created a
    const f = new vsphere.Folder(....)
    and now I'm trying to use it with `vsphere.getVirtualMachine({ name:
    ${f.path}/vm-name
    })` but I'm getting
    error fetching virtual machine: vm 'Calling [toString] on an [Output<T>] is not supported.
    Anyone know how to get the path as a string?
    f
    • 2
    • 8
  • w

    wonderful-dog-9045

    04/13/2020, 12:35 PM
    is there are any documentation about the pulumi yaml config files? Can I specify a difference context/cwd in those files?
    • 1
    • 1
  • f

    fast-summer-37905

    04/13/2020, 2:02 PM
    Hello guys! Simple question 🙋 I wanna use pulimi to adjust my existing GKE kunernets, it means, minimum, maximum and limits... Some one has any exemple or ideia for helping me to start?
    w
    • 2
    • 2
  • f

    fast-dinner-32080

    04/13/2020, 5:04 PM
    Is there a way to output a list of objects as a stack output or even a list of already serialized josn strings? I have a component that has a bunch of properties that are outputs which then I want to have the stack return each instance of that components output in a list.
    • 1
    • 1
  • s

    stale-minister-93676

    04/13/2020, 7:09 PM
    Are stack names supposed to be scoped to the project? IE app1 and app2 can each have a dev stack
    f
    c
    • 3
    • 8
  • c

    cool-egg-852

    04/13/2020, 8:32 PM
    Is there a way to get the project’s description?
    f
    • 2
    • 2
  • b

    brave-angle-33257

    04/13/2020, 9:13 PM
    can anyone help me with this
    Outputs
    situation?
    f
    h
    • 3
    • 22
  • o

    orange-address-79071

    04/13/2020, 9:58 PM
    New to pulumi, but have been using terraform. I have liked how terraform uses the same template file for both dev and prod workspaces. I have been trying to find a clear way pulumi does this with one code file that can be deployed to multiple AWS accounts. (dev, prod) Is there a clear explanation out there on how to do this with stacks and projects?
    b
    • 2
    • 2
  • c

    curved-zoo-38252

    04/14/2020, 1:14 AM
    I'm having trouble with the Github App - none of my PRs generate a comment from the pulumi app/bot, despite following the instructions in https://www.pulumi.com/docs/guides/continuous-delivery/github-actions/... I'm somewhat at a loss to figure out where to look for more info about what might be going wrong!
  • b

    better-rainbow-14549

    04/14/2020, 2:31 PM
    i'm getting this
    npm ERR! Unexpected end of JSON input while parsing near '...86668803","dependenci'
    ever since 1.14.1 - in the debug log it prints
    345 http fetch GET 200 <https://registry.npmjs.org/@pulumi%2fpulumi> 38ms (from cache)
    346 silly fetchPackageMetaData error for @pulumi/pulumi@^1.14.1 Unexpected end of JSON input while parsing near '...86668803","dependenci'
    b
    • 2
    • 24
  • w

    white-balloon-205

    04/14/2020, 4:19 PM
    Heads up for those who are interested - there's a good discussion about Pulumi right now on Hacker News: https://news.ycombinator.com/item?id=22866714
    😎 1
    👏🏼 1
    🎉 1
    l
    • 2
    • 1
  • s

    stale-minister-93676

    04/14/2020, 4:20 PM
    Is there a way to use a custom s3 server when using
    pulumi login s3://...
    ?
    w
    • 2
    • 2
  • e

    elegant-hydrogen-81987

    04/14/2020, 5:05 PM
    When converting terraform to pulumi, what is the best way of translating a terraform null resource (for local-exec) that depends on other resources?
    • 1
    • 2
  • s

    stale-minister-93676

    04/14/2020, 5:34 PM
    So we use GitOps for deploying our infrastructure. Is there a way to not require an external storage mechanism from the main project repo? Even if I choose a local login, it requires a state file get updated which doesn't really fit into this flow.
  • s

    stale-minister-93676

    04/14/2020, 5:36 PM
    Ideally I wouldn't have to store the state and could call
    pulumi refresh
    but that doesn't seem to be able to pull in the existing components for us (from kubernetes)
    f
    • 2
    • 1
  • s

    some-football-23966

    04/14/2020, 6:55 PM
    Hi I am newbie to pulumi, I would like to understand couple of things : 1. How secure is it to use pulumi in production with single user ? 2. pulumi doesn’t have 2fa enabled to enhance extra level of security, is it something in plan ? 3. What’s the best practice to maintain the pulumi code, can I maintain pulumi code in git repo and deploy it through jenkins ? 4. Is pulumi also best suited for reading infra details ? Let’s say I want to figure out the cost incurred by s3 resources on AWS account ?
    g
    b
    • 3
    • 58
Powered by Linen
Title
s

some-football-23966

04/14/2020, 6:55 PM
Hi I am newbie to pulumi, I would like to understand couple of things : 1. How secure is it to use pulumi in production with single user ? 2. pulumi doesn’t have 2fa enabled to enhance extra level of security, is it something in plan ? 3. What’s the best practice to maintain the pulumi code, can I maintain pulumi code in git repo and deploy it through jenkins ? 4. Is pulumi also best suited for reading infra details ? Let’s say I want to figure out the cost incurred by s3 resources on AWS account ?
g

green-morning-1318

04/14/2020, 7:02 PM
Hi 👋 (not a Pulumi employee, but I hope I’m able to help you out somewhat) 1. You can have organizations with multiple users: https://www.pulumi.com/docs/intro/console/accounts-and-organizations/organizations/ that way you can have multiple people update a stack and you have insight into who did what 2. I’ll leave that to the Pulumi team 🙂 3. Absolutely! It’s definitely a best practice to keep the Pulumi code in a version control system. I have my pulumi code in the same repo as the serverless apps that code deploys. In my case I use CircleCI, but you can see an example here: https://github.com/retgits/acme-serverless-payment (the Pulumi code is in the pulumi folder) 4. Pulumi allows you to search the data of all sorts of AWS resources, I’m not sure though if it can access the data needed to figure out cost (which in S3 case would be a combination of storage, which you could definitely find out, and egress traffic)
Hope that helps a bit 😄
s

some-football-23966

04/14/2020, 7:07 PM
Thanks @green-morning-1318 would multiple user work with community edition version ?
As I intend to use only opensource version as of now.
g

green-morning-1318

04/14/2020, 7:08 PM
I don’t think it is to be honest (https://www.pulumi.com/pricing/)
b

broad-dog-22463

04/14/2020, 7:10 PM
Hi @some-football-23966 I am not sure what you mean about 2fa? There is currently no remote execution model for Pulumi so it needs to be controlled by the user themselves. what usecase do you believe we need to cover here? Paul
s

some-football-23966

04/14/2020, 7:12 PM
hey @broad-dog-22463 considering that a user needs to first create account and use tokens to execute all the workload, I intend to figure if somehow my account or laptop gets unintended access through a user, the person might end up mess with my account
as UI has all the power to change my configuration and delete my projects, stacks etc.
b

broad-dog-22463

04/14/2020, 7:13 PM
ah I see what you mean - so the Pulumi SaaS only has the state - as long as you follow good practice, then it won't have access to your pulumi secrets or your code so no-one can actually delete your cloud resources via the Pulumi SaaS - they need the pulumi CLI to do that
you can indeed delete the stack itself - but this won't delete the resources - it will simply unmanage them
s

some-football-23966

04/14/2020, 7:15 PM
alright, so just because reasons I explained, that somehow person get access to the account, the person can setup his/her pulumi CLI with my token or credentials
so for ex, aws console provides 2fa/mfa to have double security in order to not compromise on UI to steal any credentials.
b

broad-dog-22463

04/14/2020, 7:17 PM
Pulumi doesn't store any credentials to your cloud cloud provider. YEs, you are correct that if someone gets access to your pulumi account then they can use your pulumi access token but that simply means they can store their cloud state in your pulumi account It 100% doesn't mean they can deploy to your cloud
We can certainly raise the issue of adding 2FA of course - if it makes our users feel more secure, then we can talk about that for the SaaS
s

some-football-23966

04/14/2020, 7:19 PM
Alright got it
Would be gr8 if you can consider that.
b

broad-dog-22463

04/14/2020, 7:20 PM
I will raise it with the team 🙂
s

some-football-23966

04/14/2020, 7:20 PM
Thanks. I would highly appreciate if you can route to best coding practices for pulumi in terms of creating folder structure / naming convention etc.
b

broad-dog-22463

04/14/2020, 7:21 PM
But please rest assured, Pulumi doesn't store any of our data that can compromise either your cloud crendtials or your cloud resources - you can ensure you store any configuration options as secrets 🙂 https://www.pulumi.com/docs/intro/concepts/programming-model/#secrets
s

some-football-23966

04/14/2020, 7:24 PM
The main thing which I liked about pulumi is I can write code like a developer and I don’t have to learn much of the new things like DSL etc. So if you can answer few of these questions as well, it will really help in taking the call : 1. in case pulumi is down, I won’t be able to use pulumi to manage my account, right ? what’s the SLA for pulumi to be up ? 2. as pulumi doesn’t store code, what’s the best practice to create readable folder strucuture for pulumi code base ? 3. Can I run pulumi code using normal python / node commands instead of pulumi up ? The usecase if where I just to read the configurations of cloud rather than deploying it ? Is it even possible. ? 4. In case I use s3 as state backend instead of pulumi.com, what would I lose ?
b

broad-dog-22463

04/14/2020, 7:33 PM
1. <finding that out for you now> 2. It all depends on what you are trying to achieve - we suggest it's software so it can be structured as you would structure your software. We have a reference example https://github.com/pulumi/examples/tree/master/aws-stackreference-architecture 3. There is, at this point in time, no SDK for Pulumi to be embedded in your application. It is under investigation that users want that issue - we have various issues open in Pulumi/pulumi repo for this 4. If you use the open source state backends then the primary thing you loose is concurrency / locking. This is provided by default by the SaaS. Other than that, you need to manage your own backups / versioning etc
s

some-football-23966

04/14/2020, 7:43 PM
Thanks @broad-dog-22463 point 3 is a bigger use case. I want to use pulumi more freely and openly like aws sdk or any third party sdk. Until or unless necessary I don’t want to run pulumi up or we can have pulumi up written in python code itself so that I don’t have to be dependent on CLI. There are lot of usecases which are just plain get calls for aws resources, like reading s3, ecs state, current cost attribution, reading current infrastructure and then duplicating it in same or different env etc.
b

broad-dog-22463

04/14/2020, 7:44 PM
so you can mock your cloud and not have to do any pulumi up and write your code and test it as normal
Maybe I don't understand the usecase for #3 as I've personally never had to use it on the large infrastructures that I worked on
BUt I understand that it may well be a deal breaker for you
s

some-football-23966

04/14/2020, 7:47 PM
Consider a developer developing an application with no restrictions. pulumi up seems to be the only way to run pulumi code, which in my consideration a limitation. It’s bit against the whole idea of having pulumi as framework which can understand regular programming language and code
b

broad-dog-22463

04/14/2020, 7:49 PM
but it's the same way as with other tools right? I mean kubectl commands, terraform commands, arm template deployments
It's a deployment centric tool (as at this time)
I understand that you would love to be able to drive it via an SDK so you can embed in your applications
we are just not there right now 😕
s

some-football-23966

04/14/2020, 7:50 PM
That’s what these guys haven’t solved. They are just deployment centric, while you have the whole power to solve all non-deployment use cases too.
world is moving in direction where every engineer is capable enough to do devops, and every engineer is able to write the code in most of the hot langauges. Pulumi provides that flexibility to write the code in language you love. other tools have certain learning curve which would take time
b

broad-dog-22463

04/14/2020, 7:51 PM
WRT to the SLA - this is what I was quoted from the SaaS team: '“The Pulumi service is operated with a high bar for availability. Financially-backed SLAs are available as part of our Team and Enterprise offerings for organizations that need tighter guarantees around service availability.”"
s

some-football-23966

04/14/2020, 7:52 PM
people using java/node/python already has best practices defined and can just utilise puluni within the stack as one of the super crazy library to solve for infra automatio
b

broad-dog-22463

04/14/2020, 7:52 PM
@some-football-23966 one thing that we do enabled is CI / CD workflows - we believed that was a higher priority to solve https://www.pulumi.com/docs/guides/continuous-delivery/
but we will be looking at SDK driven development at some point
s

some-football-23966

04/14/2020, 7:53 PM
cool. 🙂 I just feel IaaC is not just about deployment but about management as well 🙂
b

broad-dog-22463

04/14/2020, 7:54 PM
the workflow we provider 100% enables management as well 🙂
I was a user of Pulumi before I joined the team
s

some-football-23966

04/14/2020, 7:54 PM
Is it possible today to get s3 costing attribution using pulumi ?
b

broad-dog-22463

04/14/2020, 7:54 PM
and I also worked for HashiCorp before that so I do understand this space luckily 🙂
That is not possible
s

some-football-23966

04/14/2020, 7:55 PM
yeah I do understand you are way better in this than me. 🙂 Terraform and pulumi, I am inclined toward pulumi too
b

broad-dog-22463

04/14/2020, 7:55 PM
no not better at all
I am just lucky that I got to see some of the more common usecases is all
s

some-football-23966

04/14/2020, 7:56 PM
But one question why do you think that’s not possible ?
why s3 cost attribution isn’t possible with pulumi ?
b

broad-dog-22463

04/14/2020, 7:56 PM
we have currently got no interaction from Pulumi to the cost APIs directly
you can use a dynamic proider to do this and use the ASK SDK as part of your pulumi application
s

some-football-23966

04/14/2020, 7:57 PM
okk, if I talk about I want to read a Kafka cluster which wasn’t deployed by pulumi before can I read the infra and deploy duplicate version of it using pulumi ?
ASK or AWS ?
b

broad-dog-22463

04/14/2020, 7:57 PM
AWS*
Pulumi can import existing infrastructure that was deployed outside of Pulumi to be under Pulumi management
s

some-football-23966

04/14/2020, 7:58 PM
Got it. Any documentation of that would be helpful
b

broad-dog-22463

04/14/2020, 8:00 PM
There's even a video 🙂

https://www.youtube.com/watch?v=kX_3Wdft0Ms▾

https://www.pulumi.com/blog/adopting-existing-cloud-resources-into-pulumi/
s

some-football-23966

04/14/2020, 8:03 PM
Consider that I don’t have any existing IaC, in that case how is it possible ? In case infra is deployed using imperative approach using shell or manual steps ?
b

broad-dog-22463

04/14/2020, 8:07 PM
you would use the IDs that the Pulumi API expects and use those in the Pulumi code as part of the CustomResourceOptions
View count: 1