pulumi-community #general

bitter-alligator-63874

09/12/2020, 4:21 PM

If I deploy an Azure resource with a base name, and the actual full name is picked by Pulumi (with a suffix), how do I later use the GetXXX function to get the resource? The Get function requires the full name. How do I get that name so I can pass it to the function? I figure there is some helper function I can use to transform the base name into the full name.

victorious-xylophone-55816

09/12/2020, 5:41 PM

I have a (probably) basic question, because I don't understand networking concepts very well: If I have multiple ECS/Fargate services, and I want to add HTTPS to some of them, what's the most efficient way of doing this? Currently, I've achieved it for one service like this (where I had created the Route53 hosted zone/domain by hand already):

Copy code

aws.acm.Certificate() -> aws.route53.getZone() -> aws.route53.Record() -> aws.acm.CertificateValidation() ->  awsx.lb.NetworkLoadBalancer({ certificateArn: certCertificate.arn })

But feels like I probably shouldn't repeat this for every service, creating

CertificateValidation

and new

NetworkLoadBalancer

. What's the best way to do this? Or could I use something like Caddy for automatic HTTPS without all the other steps? (not sure how it works) Grateful for any input 🙏

damp-table-85095

09/12/2020, 8:50 PM

What is the recommended approach for splitting deployment scripts into multiple files? Say I am using typesafe, do I just dump one part of my script into step1.ts and "import" it? I am afraid that "unused" imports will get stripped. What is the preferred approach here?

creamy-vr-86450

09/13/2020, 12:58 AM

Are there any examples of using

github.Team

from

@pulumi/github

? A regular account’s

PAT

doesn’t work nor does there seem to be a way to authorize as an organization. This is the error I get:

This resource can only be used in the context of an organization

damp-table-85095

09/13/2020, 1:21 AM

I figured out how to build and push a Docker image from pulumi, but how do I make the pushed image private? Currently it's making the image public.

damp-table-85095

09/13/2020, 3:01 AM

Guys, how is pulumi.interpolate meant to work? I am invoking:

Copy code

const startupScript = pulumi.interpolate`
#!/usr/bin/env sh

echo ${something}`;

Where

something

is defined as:

Copy code

const something = config.requireSecret("mySecret");

But this fails with

Calling [toString] on an [Output<T>] is not supported.

damp-table-85095

09/13/2020, 3:09 AM

Hmm, the

metadataStartupScript

parameter expects types

string | Promise<string> | pulumi.OutputInstance<string> | undefined

and interpolate returns

pulumi.Output<string>

. Is that a problem?

best-france-51653

09/14/2020, 10:16 AM

Hello All, anyone know if this possible to create network policy, like that using pulumi? apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: disable-link-local-network namespace: default spec: selector: all() egress: - action: Deny protocol: TCP destination: nets: - 169.254.169.254/32 ... and when I try to create itm there is no Action field for NetworkPolicyEgressRuleArgs Spec: netv1.NetworkPolicySpecArgs{ Egress: netv1.NetworkPolicyEgressRuleArray{ netv1.NetworkPolicyEgressRuleArgs{ Action: pulumi.String("Deny"), Protocol: pulumi.String("TCP"), Destination: pulumi.StringArrayMap{ #golang #pulumi #egress

incalculable-dream-27508

09/14/2020, 11:52 AM

Apparently there's something called

promise

that's related to outputs, but I wasn't yet able to find documentation regarding this, any links?

incalculable-dream-27508

09/14/2020, 11:53 AM

Oh, apparently it's a javascript thing? Is there a way to use with python an output that hasn't been created yet? Namely, a security group with IPs of machines that will be created in same run, but weren't created yet since security groups are created before the machines are?

incalculable-dream-27508

09/14/2020, 11:59 AM

Apparently the answer is `async`/`await` from

asyncio

(or maybe

aiostream

)

incalculable-portugal-13011

09/14/2020, 9:43 PM

is there a way to prevent pulumi from appending the random string to the end of each resource name?

worried-city-86458

09/14/2020, 10:00 PM

Similarly, is there a nice way to always inject a prefix for each resource name? I'm always specifying at least the environment name everywhere since it often ends up in external resource names for say aws and it makes them easier to categorize...

many-psychiatrist-74327

09/15/2020, 1:08 AM

👋 I’m following the “Organizing Projects and Stacks” inter-stack dependencies example to modularize my Pulumi resources. I’m basically doing exactly this:

Copy code

const env = pulumi.getStack();
const infra = new pulumi.StackReference(`acmecorp/infra/${env}`);
const provider = new k8s.Provider("k8s", { kubeconfig: infra.getOutput("kubeConfig") });
const service = new k8s.core.v1.Service(..., { provider: provider });

But I’m seeing an error on line 3 whenever I do `pulumi preview`:

Copy code

Diagnostics:
  pulumi:pulumi:Stack (services-dev):
    panic: interface conversion: interface {} is resource.PropertyMap, not string
    goroutine 27 [running]:
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/resource.PropertyValue.StringValue(...)|github.com/pulumi/pulumi/sdk/v2/go/common/resource.PropertyValue.StringValue(...)>
    	/home/travis/gopath/pkg/mod/github.com/pulumi/pulumi/sdk/v2@v2.9.3-0.20200902150941-d583bcb9153e/go/common/resource/properties.go:362
    <http://github.com/pulumi/pulumi-kubernetes/provider/v2/pkg/provider.parseKubeconfigPropertyValue(0x289d6c0|github.com/pulumi/pulumi-kubernetes/provider/v2/pkg/provider.parseKubeconfigPropertyValue(0x289d6c0>, 0xc000436630, 0x29b6e3e, 0xa, 0xc0003b7a68)
...truncated...

The stacktrace doesn’t trace back to line 3, but if I comment out line 3, the error goes away. It also makes sense because the other stack’s

kubeConfig

output is a String. Now, even though

preview

and

up

throw that error, I can still apply the update and it actually works properly. But of course I’d rather not have random errors show up whenever I run pulumi. Is there a way to avoid this error? Thanks!

victorious-xylophone-55816

09/15/2020, 1:31 AM

If I already have most of the configuration values needed for Pulumi stacks in

.staging.env

.production.env

files, is there anything wrong with loading them using

dotenv

or something instead of duplicating those values in my

Pulumi.staging.yaml

etc files?

victorious-xylophone-55816

09/15/2020, 1:37 AM

Copy code

type StackEnvironment = "staging" | "production"
const stack = pulumi.getStack() as StackEnvironment

loadDotenv({
  path: path.join(__dirname, `../.${stack}.env`)
})

ancient-dentist-35597

09/15/2020, 7:39 AM

Hello 👋 I'm wondering if there's a way to suppress deletes on

pulumi up

. We have a pulumi stack that deploys an app service on azure, however recently I've found that on update it removes some

appSettings

that we enter manually through Azure. we had the stack working fine and the settings weren’t being deleted for about 6 months with multiple pushes a day, then suddenly it started removing the settings (within the last week or so). I've even set the specific version of pulumi in the github actions that we originally used and it's still happening. So is there any way to make sure that pulumi doesn't delete settings? Thanks! 🙏

steep-angle-29984

09/15/2020, 10:41 AM

Has anyone written a dynamic ResourceProvider for executing an ansible playbook which does more than just calling the ansible-playbook command? I'm thinking of inventory generation and advanced diff handling by not only checking input differences but also checking differences to the live system.

🧐 1

victorious-xylophone-55816

09/15/2020, 2:12 PM

Is there a trick to getting Pulumi to be idempotent? I have an existing Route53 domain, but code that tries to create and attach the domain to stuff. When running it, I get:

Copy code

aws:route53:Record (certificate-record):
    error: [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='_d7342dc96b265c66ab8427198a513284.xxxx.com.', type='CNAME'] but it already exists]

Similarly, trying to put this

if/else

in a custom

ComponentResource

for ACM certificates, makes it attempt to delete the certificate instead of not doing anything:

Copy code

const existingCertificate = pulumi.output( aws.acm.getCertificate({ domain: parentDomain }, { async: true }) )

if (existingCertificate) {
  this.arn = existingCertificate.arn
} else {
  const certificate = new aws.acm.Certificate(
  // rest of code

Is there a way to properly guarding all of your resources with "Try to look this up already and don't create it if it exists, just return the identifier"?

incalculable-dream-27508

09/15/2020, 4:51 PM

I don't know how specific to python this question is, but here goes: I'm creating several nodes belonging to two classes of machines on separate OpenStack clusters (currently two machines each on two clusters) with

Copy code

REGIONS = {
    'ams': openstack.Provider("ams", cloud="cnos_ams"),
    'lati': openstack.Provider("lati", cloud="cnos_lati")
}

and then for each of the two categories of machines creating them, and putting the objects in dictionaries like:

Copy code

INSTANCES_API = {
    # pylint: disable=line-too-long
    f'webadm-{i + 1}.otp.{dc}.local': openstack.compute.Instance(
        f'webadm-{i + 1}.otp.{dc}.local',
        flavor_name=FLAVOR_DB,
...
        security_groups=SECGROUPS_API,
        __opts__=pulumi.ResourceOptions(provider=REGIONS[dc]))
    for i in range(COUNT_API) for dc in REGIONS
}

and similar with

INSTANCES_LEAF

and then for convenience also create a new dictionary with all of them

Copy code

INSTANCES = {**INSTANCES_API, **INSTANCES_LEAF}

Then I'm trying to get information about the machines, ideally a dictionary of

"hostname": "access_ip_v4"

to be able to use that later to generate names (since unique are required) and contents of security groups. But so far all my attempts at that have failed. My two most recent attempts are:

Copy code

for srv in INSTANCES:
    exported[INSTANCES[srv].name.apply] = INSTANCES[srv].access_ip_v4.apply

and

Copy code

for srv in INSTANCES:
    exported.update(
        pulumi.Output.all(INSTANCES[srv].name,
                          INSTANCES[srv].access_ip_v4).apply(
                              lambda args: json.dumps([{
                                  args[0]: args[1]
                              }])))

pulumi preview error

cold-car-67614

09/15/2020, 5:24 PM

Hello, I filed a github issue here: https://github.com/pulumi/pulumi/issues/5366 Has anyone else gotten exceptions thrown that generally lack context on where the issue could be coming from?

incalculable-dream-27508

09/15/2020, 5:25 PM

@cold-car-67614 yeah, check my message just above yours ;)

incalculable-dream-27508

09/15/2020, 5:25 PM

Ah, no, it does say. At some points in my experimentation in didn't.

astonishing-quill-88807

09/15/2020, 5:26 PM

I have definitely seen that being the case and have posted some questions in the Python channel. I ultimately ended up figuring things out, but yeah, the stack traces are often unhelpful.

cold-car-67614

09/15/2020, 5:28 PM

I've definitely seen it before, but generally I'll just revert whatever changes I had made and slowly add stuff back to figure out where it came from. In this case though all I did was upgrade Pulumi/plugins and I'm getting this exception.

cold-car-67614

09/15/2020, 5:29 PM

Going to have upgrade trauma after this 😞

loud-egg-62954

09/15/2020, 5:57 PM

Hey folks--I'm getting an API disabled error and I can't really determine the cause. I think pulumi might be pointed at the wrong GCP project

loud-egg-62954

09/15/2020, 5:57 PM

I updated the GCP project in the gcloud CLI--does it not pick it up from there?

loud-egg-62954

09/15/2020, 5:59 PM

Ah, never mind. I was looking for pulumi config set gcp:project

loud-egg-62954

09/15/2020, 5:59 PM

Awesome work folks, loving it