pulumi-community #general

victorious-car-86108

11/04/2020, 2:01 PM

👋 Hey, I'm following the tutorial for "Configuring AWS API Gateway Custom Domains and SSL using Route53 and ACM" but am receiving the following error after a timeout:

Error describing created certificate: Expected certificate to be issued but was in state PENDING_VALIDATION

. I've downgraded to Pulumi 2.11.2 with no success. A few issues I've stumbled across: Terraform, interface {} is string, not int, deletion of ACM Certificate. - Any one got any ideas on how to get this running? 👀

big-account-56668

11/04/2020, 2:53 PM

I'm continuously failing to remove bucket life-cycle rules with the following stack trace. The log does unfortunately not provide more useful information even with very verbose output.

Copy code

7604 step_executor.go:321] StepExecutor worker(23): step update on urn:pulumi:x::x.cloud::aws:s3/bucket:Bucket::storage-stage failed with an error: transport is closing
7604 step_executor.go:321] StepExecutor worker(23): step update on urn:pulumi:x::x.cloud::aws:s3/bucket:Bucket::storage-stage failed, signalling cancellation

Any ideas? I see other have seen a similar errors

transport is closing

often indicating an underlying root cause.

Untitled

hallowed-cat-56281

11/04/2020, 5:51 PM

Hi there, I am currently testing Pulumi (on GCP) and I want to create users (IAM Members) using the go SDK. This is what I do:

Copy code

name := fmt.Sprintf("member-%s", member.Username)
	args := serviceaccount.IAMMemberArgs{
		Role:   pulumi.String(member.Role),
		Member: pulumi.String(fmt.Sprintf("user:%s", member.EmailAddress)),
	}

	_, err := serviceaccount.NewIAMMember(ctx, name, &args)
	if err != nil {
		return err
	}

	return nil

I get the following error:`missing required argument 'ServiceAccountId'` However, I do fully understand why it’s asking me a ServiceAccountID (and which one) at this point as I was creating IAM Members as follow with Terraform without any issues:

Copy code

resource "google_project_iam_member" "users" {
  role    = "roles/viewer"
  member  = "user:<EMAIL_ADDRESS>"
}

So I understand that it’s expecting a fully qualified ServiceAccountID but don’t get why and which one, any ideas?

hundreds-musician-51496

11/04/2020, 7:33 PM

It is really hard to find the

@pulumi\@pulumi

documentation for typescript on the website. The URL is https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/pulumi/ but the package does not show up in the sidebar under "API":

wet-noon-14291

11/04/2020, 11:05 PM

We are using kafka, the confluent cloud service, and I would like to configure what I need using pulumi. Any pointers on what I need to do to authenticate? Do I need to get all the certificates in place or is it possible with a username/password or API key somehow? I would like to setup topics basically.

prehistoric-shoe-5168

11/04/2020, 11:13 PM

Hi Friends - having a great time with Pulumi thus far. I have a general question and a request for chat (RFC 😛)

prehistoric-shoe-5168

11/04/2020, 11:14 PM

I come from Terraform, where I’ve mostly seen people manage up to the OS level with TF and then use a configuration management tool (e.g. Salt or Ansible) to build from there. Is this the same pattern I should expect to see with Pulumi?

prehistoric-shoe-5168

11/05/2020, 12:14 AM

The second - the RFC - is a little more involved. I’ve been enjoying working with some folks who do mostly JAMstack development (so they really like being abstracted away from infrastructure and backend services)

prehistoric-shoe-5168

11/05/2020, 12:16 AM

I’ve shown them https://github.com/pulumi/examples and they get excited, except that in many cases these (mostly frontend) devs are unable to do much more than setup a GCP or AWS account without grinding to a halt. so i’ve been doing some PoC work on wrapping pulumi initialization and a “catalogue” UI of these examples. was wondering the following:

broad-dog-22463

11/05/2020, 12:16 AM

waves to @User and owes him an email response

🙌 1

prehistoric-shoe-5168

11/05/2020, 12:17 AM

• is this unique and worth expanding upon? • is this something that’s already on the pulumi roadmap? is it complementary?

prehistoric-shoe-5168

11/05/2020, 12:17 AM

i have no desire to build something if it’s not useful or someone else will do it (cough cough) better than i will 🙂

broad-dog-22463

11/05/2020, 12:18 AM

You can drop some time in my calendar and we can discuss this

tall-needle-56640

11/05/2020, 2:34 AM

I want my pipeline to create my stack, but I also want to have a config file already populated and committed. The problem I'm running into (using the cloud backend) is that we would like to have different passphrases for local and prod environments. This is a problem because the stack file gets an

encryptionsalt

making that config inaccessible, because the passphrases are different. How can I get around this?

nutritious-shampoo-16116

11/05/2020, 9:42 AM

hello people, how can I upgrade a provider plugin version?

nutritious-shampoo-16116

11/05/2020, 9:47 AM

the only way I found till now is exporting a stack state, changing it manually and importing that

ripe-xylophone-26538

11/05/2020, 10:23 AM

How fast are feature updates of AWS built into Pulumi? I need the new AWS-MQ RabbitMQ feature.

hallowed-cat-56281

11/05/2020, 1:10 PM

Hi there, I have a general question (GCP): • I have a Cloud Run service and this service is using a Docker image from GCR • The image is built from a Cloud Build trigger (also created via Pulumi) • Correct me if I am wrong but there is no way to actually trigger the Cloud Build pipeline after creation (only manually) I am trying to find what is the best way to: 1. Create the Cloud Build Trigger (if doesn’t exist) 2. Create the Cloud Run service w/ a dummy image (e.g.

<http://gcr.io/cloudrun/hello|gcr.io/cloudrun/hello>

) if the service doesn’t exist, or the actual GCR image otherwise). 3. Trigger the pipeline manually so that the GCR image is generated. 4. When running

pulumi up

later on, I obviously don’t want to override the last revision of the service with the dummy image if the service is already created and using the proper image. The solutions I was thiking of are the following: 1. Checking if the service already exists with

GetService

-> the issue is that it’s requiring an ID, so I can’t get the service until it’s created. 2. Using an input variable to differentiate the first time I run `pulumi up`` from the later “updates” -> I used this solution with Terraform but I find it a bit dangerous and error-prone. Any idea what the best way to do something like this would be? Thanks

nutritious-shampoo-16116

11/05/2020, 2:21 PM

why StackReference doesn't work with pulumi.runtime.Mocks? It seems it's totally ignored and this leads to failure when trying to resolve the promises

nutritious-shampoo-16116

11/05/2020, 3:34 PM

StackReference.outputs is always None and I can't make it returning the mocked state of my reference

mammoth-caravan-51104

11/05/2020, 7:31 PM

is there a way to convert Output to a promise to be able to easily use await/async? i think it must the most asked questions, because i'm literally confused about it every time i try to write something in pulumi

red-area-47037

11/05/2020, 7:32 PM

How can I best handle dependencies in Pulumi? I am currently using Pulumi to spin up a Kubernetes cluster and install among other components cert-manager (via

Helm

) and to ClusterIssuer CRs for LetsEncrypt (via

k8s.yaml.ConfigFile

Copy code

const certmanagerChart = new k8s.helm.v3.Chart(
  'cert-manager',
  {
    chart: 'cert-manager',
    version: 'v1.0.3',
    namespace: 'cert-manager',
    fetchOpts: {
      repo: '<https://charts.jetstack.io>'
    },
    values: {
      installCRDs: true
    }
  },
  {
    provider: cluster.provider,
    dependsOn: [contourChart]
  }
)

const certManagerClusterIssuerLetsEncrypt = new k8s.yaml.ConfigFile(
  'cert-manager-clusterissuer-letsencrypt',
  {
    file: './templates/cert-manager-clusterissuer-letsencrypt.yaml'
  },
  {
    provider: cluster.provider,
    dependsOn: [certmanagerChart]
  }
)

In more then 50% of the cases the first

pulumi up

run fails, as the cert-manager-webhook is not available:

Copy code

kubernetes:<http://cert-manager.io/v1:ClusterIssuer|cert-manager.io/v1:ClusterIssuer> (cert-manager/letsencrypt-staging):
    error: resource cert-manager/letsencrypt-staging was not successfully created by the Kubernetes API server : Internal error occurred: failed calling webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>": Post <https://cert-manager-webhook.cert-manager.svc:443/mutate?timeout=10s>: no endpoints available for service "cert-manager-webhook"

Running

pulumi up

will successfully install the ClusterIssuers as expected. I think there should be a better way, or?

tall-needle-56640

11/05/2020, 10:10 PM

I'm getting an error when trying to create a new stack in Azure Pipelines. Here's my error:

/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi stack select poc

error: failed to load checkpoint: blob (key ".pulumi/stacks/poc.json") (code=Unknown): -> github.com/Azure/azure-pipeline-go/pipeline.NewError, /Users/runner/go/pkg/mod/github.com/!azure/azure-pipeline-go@v0.2.2/pipeline/error.go:154

HTTP request failed

Get "https://***.blob.core.windows.net/state/.pulumi/stacks/poc.json?timeout=61 ": dial tcp: lookup OaIuuJpkrLyaAqo6veQ9HtuX6gabZQsrkUil9FoTycAUzL on 127.0.0.5353 server misbehaving

##[debug]Exit code 255 received from tool '/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi'

##[debug]STDIO streams have closed for tool '/home/vsts/work/_temp/4f54c711-c247-495c-9b57-18634e506f91/pulumi/pulumi'

Obviously, the stack is not there because the storage account was just created. But the Pulumi task should create it (since

createStack

is set to

true

). Here's my pipeline

Copy code

steps:
  - task: AzureCLI@2
    inputs:
      azureSubscription: $(azureServiceConnection)
      scriptType: 'pscore'
      scriptLocation: 'inlineScript'
      inlineScript: |
        az group create --location westus --name $(resourceGroupName)
        az storage account create --name $(storageName) --resource-group $(resourceGroupName) --location westus --sku Standard_LRS
        az storage container create --name $(containerName)

  - task: AzurePowerShell@5
    inputs:
      azureSubscription: $(azureServiceConnection)
      ScriptType: 'InlineScript'
      Inline: |
        $key=(Get-AzStorageAccountKey -ResourceGroupName $(resourceGroupName) -Name $(storageName)).Value[0]
        
        Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_ACCOUNT]$key"
        Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_KEY]$key"
      azurePowerShellVersion: 'LatestVersion'
      pwsh: true
  
  - task: Pulumi@1
    displayName: 'Preview Infrastructure Changes'
    inputs:
      azureSubscription: '$(azureServiceConnection)'
      command: 'preview'
      loginArgs: 'azblob://$(containerName)'
      args: '--diff --refresh --non-interactive --logtostderr'
      stack: '$(stackName)'
      createStack: true

  - task: Pulumi@1
    displayName: 'Deploy Infrastructure Changes'
    inputs:
      azureSubscription: $(azureServiceConnection)
      command: 'up'
      loginArgs: 'azblob://$(containerName)'
      args: '--yes --diff --refresh --non-interactive --skip-preview'
      stack: $(stackName)

shy-football-10348

11/06/2020, 3:07 AM

Could someone help me understand what has gone wrong with my stack setup

shy-football-10348

11/06/2020, 3:07 AM

Copy code

jupyterhub-ecs-infra > pulumi up
Enter your passphrase to unlock config/secrets
    (set PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE to remember):
Previewing update (jupyterhub-ecs-infra):
     Type                             Name                                       Plan       Info
 +   pulumi:pulumi:Stack              jupyterhub-ecs-infra-jupyterhub-ecs-infra  create     2 errors
     └─ pulumi:pulumi:StackReference  notebook-ecs-infra                                    1 error

Diagnostics:
  pulumi:pulumi:StackReference (notebook-ecs-infra):
    error: Preview failed: decrypting secret value: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase

  pulumi:pulumi:Stack (jupyterhub-ecs-infra-jupyterhub-ecs-infra):
    error: preview failed
    error: Program failed with an unhandled exception:

shy-football-10348

11/06/2020, 3:08 AM

it looks like the stack

notebook-ecs-infra

is being referenced when i am clearly on the stack

jupyterhub-ecs-infra

when you run

pulumi stack ls

shy-football-10348

11/06/2020, 3:08 AM

additionally, i am getting a ‘failed to decrypt’ error after i have entered the correct passphrase for the

jupyterhub-ecs-infra

stack

shy-football-10348

11/06/2020, 3:10 AM

there’s other issues as well but i feel like this is a good place to start

shy-football-10348

11/06/2020, 3:10 AM

if you run pulumi stack ls, notebook-ecs-infra doesn’t even show up

shy-football-10348

11/06/2020, 3:16 AM

happy to provide any additional stuff. Thanks in advance!