damp-elephant-82829
06/23/2020, 9:56 AMpulumi plugin install resource gcp v3.10.1
damp-elephant-82829
06/23/2020, 9:58 AMdamp-elephant-82829
06/23/2020, 9:58 AMstocky-lion-56153
06/23/2020, 10:02 AMpip install pulumi_gcp
( _ instead of - )stocky-lion-56153
06/23/2020, 10:02 AMdamp-elephant-82829
06/23/2020, 10:06 AMaloof-laptop-31826
06/23/2020, 12:22 PMbillowy-army-68599
TF_LOG=TRACE pulumi up --logtostderr -v=9 2> out.txt
- please scrub and then DM me the logs as they may contain sensitive informationaloof-laptop-31826
06/23/2020, 12:36 PMaloof-laptop-31826
06/23/2020, 12:37 PMbillowy-army-68599
aloof-laptop-31826
06/23/2020, 12:59 PMbillowy-army-68599
square-rose-64819
06/23/2020, 1:55 PMsquare-rose-64819
06/23/2020, 1:56 PMflat-australia-79845
06/23/2020, 2:48 PMconfig: gcp:region
and gcp:project
values from the configuration file?acoustic-leather-68121
06/23/2020, 2:58 PMcalm-pizza-15027
06/23/2020, 6:37 PMcalm-pizza-15027
06/23/2020, 6:44 PMconst myappV1 = new gcp.appengine.FlexibleAppVersion("myappV1", {
versionId: "v1",
project: gaeApi.project,
service: "default",
runtime: "java",
servingStatus: "STOPPED",
deployment: {
zip: {
sourceUrl: pulumi.interpolate`<https://storage.googleapis.com/${bucket.name}/${war.name}>`,
},
},
livenessCheck: {
path: "/v2b/recommendations/liveness_check",
timeout: "4s",
checkInterval: "30s",
failureThreshold: 4,
successThreshold: 2,
},
readinessCheck: {
path: "/v2b/recommendations/readiness_check",
timeout: "5s",
checkInterval: "8s",
failureThreshold: 3,
successThreshold: 2,
appStartTimeout: "300s",
},
handlers: [],
automaticScaling: {
maxTotalInstances: 1,
coolDownPeriod: "120s",
cpuUtilization: {
targetUtilization: 0.5,
},
},
noopOnDestroy: true,
});
sticky-kitchen-61063
06/23/2020, 6:58 PMimport { config } from "./config";
and const config = new pulumi.Config();
fairly often. The first seems to be for passing module outputs, and the second is for the stack config. Is there a best practice for how people combine those two? Obviously I could just rename one something else, but I'm curious as to common patterns that other users have found. Should I be loading pulumi.Config()
in my config.ts and combining other modules outputs into a merged config object?stocky-lion-56153
06/23/2020, 8:23 PMstocky-lion-56153
06/23/2020, 8:25 PMname: Provision and deploy
on: [push]
jobs:
deployment:
runs-on: ubuntu-latest
name: Deploy
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 1
- name: Make temp session on AWS
id: aws-session
uses: <docker://mowat27/aws-session-action>
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_ASSUME_ROLE_ARN: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
AWS_DEFAULT_REGION: eu-west-1
- uses: <docker://pulumi/actions>
with:
args: up --yes
env:
AWS_ACCESS_KEY_ID: ${{ steps.aws-session.outputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ steps.aws-session.outputs.AWS_SECRET_ACCESS_KEY }}
AWS_SESSION_TOKEN: ${{ steps.aws-session.outputs.AWS_SESSION_TOKEN }}
AWS_REGION: eu-west-1
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_CI: up
stocky-lion-56153
06/23/2020, 8:25 PMstocky-lion-56153
06/23/2020, 8:26 PMmysterious-pilot-36551
06/23/2020, 8:35 PMrequire
is great if your configuration is small, but my configuration has multiple elements that can be nested two or three times. Just curious if there is something provided by the Pulumi library before I go off and write my own.few-pillow-1133
06/24/2020, 6:47 AMconfig looks like so
config:
aws:profile: ...
aws:region: eu-west-1
aws:sharedCredentialsFile: ...
aws:skipCredentialsValidation: "true"
aws:skipRequestingAccountId: "true"
clt-resource-base:data:
networks:
virtual_private_cloud:
name: mmawseuclientdevVPC
imp_res: true
id: ....
owner_id: ...
cidr_block: ...
enable_dns_support: true
enable_dns_hostnames: true
tags:
- ...
and the actual code
import pulumi
import pulumi_aws as aws
from pulumi import ResourceOptions
config = pulumi.Config()
config_data = config.require_object("data")
print (f'{config_data}')
mmawseuclientdev_vpc_config = config_data['networks']['virtual_private_cloud']
mmawseuclientdev_vpc_res_imp = ResourceOptions(import_=mmawseuclientdev_vpc_config['id']) if mmawseuclientdev_vpc_config['imp_res'] else None
mmawseuclientdev_vpc = aws.ec2.Vpc(
mmawseuclientdev_vpc_config['name'],
cidr_block=mmawseuclientdev_vpc_config['cidr_block'],
enable_dns_support=mmawseuclientdev_vpc_config['enable_dns_support'],
enable_dns_hostnames=mmawseuclientdev_vpc_config['enable_dns_hostnames'],
tags=mmawseuclientdev_vpc_config['tags'],
opts=mmawseuclientdev_vpc_res_imp
)
bitter-australia-87528
06/24/2020, 7:03 AMpolite-night-3633
06/24/2020, 8:54 AM===
rename a pulumi project ===
rhythmic-finland-36256
06/24/2020, 9:33 AMRandomPassword
resource, assigned it to a service principal for an ACR but forgot to set additionalSecretOutputs
in the first place. Performing this change afterwards doesn’t have an effect on the output (and thus also not on the pulumi state). Is there a way to trigger this without modifying the resource? (I’m aware that if the password was unencrypted once, it needs to be changed, too). Just wondering if this is intended, that adding the additionalSecretOutputs
doesn’t affect the state…nice-football-42636
06/24/2020, 12:02 PMCLI
itself, the authorization to pulumi service & to azure is targeted for the project.
But we want to be absolutely sure, that nobody can touch the production except our deployment pipelines. But we find having 6 different projects in codebase quite ugly to accomplish only that one thing.
Am I missing something? Can we achieve the restriction for given stack in some other way? Through some special environment variable or something?