Marking fields (outputs) of custom components as secret when creating own `ComponentResource`s…

what is the consensus of storing the pulumi.stack.yml containing secrets (encrypted) in github?

How can I execute

pulumi stack select

in interactive mode from nodejs? Using

childProcess.execSync("pulumi stack select", { stdio: "inherit" } )

doesn't work, because somehow pulumi automatically goes into non-interactive mode.

👋 I’m here! What’d I miss?

Hello people, I am new to pulumi. I have used terraform a bunch but using something like pulumi right inside my python application is amazing.

I wanted to know if there is a way to do

pulumi up

as a function call inside python? For context, I am creating some infrastructure on the fly for a data pipeline inside airflow which is a written in python.

Is there a way to get a region abbreviation? I'm looking for the schema 2: us-east-1 => use1

hrm somehow i got to a state where an aws policy was created, attempted to update/rename it via the Name property and it was deleted (presumably has be delete-then-create).. and now i have no policy (lab account so nothing else in this account at the current time) however pulumi still thinks it should exist

Is there a good way to refactor into multiple stacks/projects? How to move current state over if e.g. refactoring a module into a separate project/stack?

Hi all, I have used pulumi a fair amount in JS. But I have recently started using it in golang. In the golang implementation how do I use outputs, e.g the IP address of a network interface as an input for another object? So far I have been running an Apply on the output, then exporting using

ctx.Export

and finally to use it doing

ctx.GetConfig

. This just seems like jumping through hoops though so surely there is a better way I don't know about? Cheers

Hi, does Pulumi have support for ECS Scheduled Tasks (https://docs.aws.amazon.com/AmazonECS/latest/developerguide/scheduled_tasks.html)? I'm struggling to find docs/examples for it.

Hey, so we have decided to put our fully client side rendered SPA inside docker to have neat way to store artifacts (source maps) and keep history in

AWS.ECR

. However our current way of deploying is the generic copy assets to S3 and would like to keep that. What is the current best practice in this area. Does pulumi have support for reading a docker image or mounting a container, and access files? Or can we call or is there a way to call docker commands from pulimi, like

docker cp

to copy files over to the host (the CI) and then just go through the general Pulimi route of moving assets over? Granted that still needs to mount/create a container out of the image.

I guess this is the way

const container = new docker.Container("frontend", {
    image: ???,
});

But https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/docker/#Container doesn’t indicate anything we can do.

I've created a VPC with

awsx.ec2.Vpc

, how can I create a

aws.elasticache.SubnetGroup

based on the subnets in that VPC? I've tried some different things, code in thread:

Hey there, is it possible to save the pulumi state inside gitlab, to use gitlab as the pulumi state backend ?

I’m having trouble with stack references, but I can’t understand what I’m doing wrong. The VPC is pre-existing, and the shared-infra stack `pulumi up`s just fine `catmeme/shared-infra/develop`:

...

const parameterVpcId = config.require("parameterVpcId");
export const privateSubnetIds: [] = config.requireObject("privateSubnetIds");
export const publicSubnetIds: [] = config.requireObject("publicSubnetIds");

export const vpcId: pulumi.Output<string> = pulumi.output(aws.ssm.getParameter({
  name: parameterVpcId,
})).value;

const vpc = awsx.ec2.Vpc.fromExistingIds(`${appName}-local-vpc`, {
  vpcId,
  privateSubnetIds,
  publicSubnetIds,
});

...

`catmeme/application/develop-test`:

...

const stackDevelop = new pulumi.StackReference("catmeme/shared-infra-develop/develop");

const vpc = awsx.ec2.Vpc.fromExistingIds("bvt", {
  vpcId: stackDevelop.getOutput("vpcId"),
  // @ts-ignore
  privateSubnetIds: stackDevelop.getOutput("privateSubnetIds") as pulumi.Output<string[]>,
  // @ts-ignore
  publicSubnetIds: stackDevelop.getOutput("publicSubnetIds") as pulumi.Output<string[]>,
});

...

I get an error:

error: Preview failed: resource 'vpc-03489fb5e3c04080d' does not exist

But the VPC with that ID does exist. For all intents and purposes, shared-infra declared the VPC the same way and there isn’t a problem. What am I missing?

Is it possible to have some shared configuration that applies to all stacks?

StackReference is one way

How can I get an existing ApplicationLoadBalancer?

// has missing properties error when I try to use it
const alb = pulumi.output(<http://aws.lb|aws.lb>.getLoadBalancer({
  // @ts-ignore
  arn: stackSandbox.getOutput("albArn")
}));

// declares a new ALB
const alb = new <http://awsx.lb|awsx.lb>.ApplicationLoadBalancer("test-default-lb", {
  // @ts-ignore
  arn: stackSandbox.getOutput("albArn"),
  subnets: stackSandbox.getOutput("publicSubnetIds").apply(v => v),
  vpc
});

Using

@pulumi/kubernetes/helm/v2

, how do I add another repo? Using helm I would run

helm repo add jetstack <https://charts.jetstack.io>

for example

When I run 

pulumi up

 I get this error:

Exception: invocation of aws:iam/getPolicyDocument:getPolicyDocument returned an error: grpc: error while marshaling: proto: repeated field Values has nil element

This is the code from a 

policy_document

that is causing the error:

"resources": [ds_key.arn.apply(lambda arn: f'{arn}')]

I've tried adding the 

depends_on

 option to the 

policy_document

 resource, but it didn't help.

opts=pulumi.ResourceOptions(depends_on=[ds_key])

This is one of several places in my pulumi code where I need to access the

arn

of another resource to create a

policy_document

. I used the

apply

function as shown in this code for the key, and added the

depends_on

option, but I haven't been able to get any of them to work. I've resorted to "build" functions that create

arns

from resource names - a hack I'd like to get rid of and not something that works in the case of keys. Any instructions/suggestions or sample python code you can share would be much appreciated - thanks!

Hi! can complex types be used int Pulumi.<stack>.yml? I’d like to assign some specific tags for each stack — eg:

config:
  aws:region: us-east-2
  tsdb:tags:
    Name: tsdb-dev
    Foo: bar
  tsdb:instanceSize: t2.micro

I’ve changed the names of my github repositories, and they aren’t reflected in the pulumi app. I’ve tried renaming via

pulumi stack rename organization/new-project-name/stack

but the proj-group-name in the pulumi app still shows the old name. Is this solveable?

Trying to reference nested configuration objects directly, and not having much luck. I'm using C#. For example, given the following configuration:

config:
  proj:data:
    nonProductionStart: 10.1.0.0
    productionStart: 10.2.0.0
    stacks:
    - name: Sandbox
      peerConnectionName: peerConnectionId
      stackName: org/Sandbox/mono

I can indeed follow the docs and get a JsonElement first, then get the sub-element as a string using something like

var data = Configuration.GetObject<JsonElement>("data");
var stacksAsString = data.GetProperty("stacks");

But what I really am trying to do is something like:

var stacks = Configuration.GetObject<List<StackReferenceInfo>>("data.stacks");

But, this does not appear to work. Is there no way to achieve this without jumping through the JsonElement hoop? I have reviewed https://www.pulumi.com/docs/intro/concepts/config/#structured-configuration and it shows the JsonElement method - perhaps that's the only way?

If I just want to group a bunch of related resources together within a stack, so they show up thusly in the resource hierarchy, is it best practice to form them into a component? Or is there a simpler way of doing that?

hiya, I'm new to Pulumi. Currently getting a high-level overview rather than deep in the details. I like the idea of using a familiar PL to do the declarative infrastructure! I'm curious if each provider for Pulumi needs a "binding" for each language supported? For example, I came across the following provider: https://github.com/pulumi/pulumi-vault/tree/master/sdk It has subdirs for dotnet, go, nodejs, and python. There seem to be a lot of providers so am wondering if that's a barrier to adoption because of the effort required to add (and more importantly maintain) the PL-specific SDK for each provider? Some other PLs I'm thinking of would be: JVM ones (Java, Scala, Kotlin, Clojure, ...), FP ones (Haskell, OCaml, ...), other popular scripting languages (Ruby, Perl, Bash?, ...). Okay, not Bash 😉 .. or Perl.

On a similar line of thought, I'm wondering if say someone releases a great open-source Pulumi library (e.g. for setting up a production-ready k8s cluster with all the awesome sauce). They write this library in TypeScript. Can I reuse it from Go or do I need a similar library that's written in Go?

Given the above, what's the most popular language for community libraries for Pulumi? I'm inclined towards TypeScript (for type-safety) or Go as it's big in the space. However, the Go bindings look a little awkward (maybe any Go would look that way to me as I'm not that familiar with it). I like the look of the F# bindings as I'm a bit of an FP guy, however, it'd be a bit unusual to reach for .NET in my projects.

Sorry for reasking but #aws feels pretty dead. I'm trying to replicate these steps outlined here: https://github.com/kubernetes-sigs/external-dns/blob/master/docs/tutorials/aws.md#iam-policy but I get the following error:

time="2020-05-28T13:10:26Z" level=info msg="Assuming role: arn:aws:iam::503405380068:role/k8s-pulumi-instanceRole-role-9e5a01b"
time="2020-05-28T13:12:30Z" level=error msg="AccessDenied: User: arn:aws:sts::503405380068:assumed-role/k8s-pulumi-instanceRole-role-9e5a01b/i-0dcb94de93da90dae is not authorized to perform: sts:AssumeRole on resource: arn:aws:iam::503405380068:role/k8s-pulumi-instanceRole-role-9e5a01b\n\tstatus code: 403, request id: 33ba5c26-7b45-4234-a762-b2f1ac4d8a42"

I've put the relevant code here in a gist if you want to check it out: https://gist.github.com/benjick/7c096f5634b34f022adf81469d440d4a Cheers!