pulumi-community #general

broad-dog-22463

11/16/2020, 5:44 PM

The PR is open for the update already

fast-dinner-32080

11/16/2020, 5:45 PM

Ah perfect! I should have looked there first 😄

elegant-carpet-8859

11/16/2020, 7:45 PM

Hey all, I'm having a really weird issue with a Helm chart. The chart creates a secret that is a TLS root certificate. Every time I

pulumi up

pulumi wants to replace this secret because the contents have changed. The confounding thing is that the strings are exactly the same when I go look in the details of the run. I'm guessing something is happening with string encoding here maybe? I gotta figure this out because the minimum that happens when this reruns is our gateway is unavailable for a couple of seconds, and the worst that happens is all the TLS certs go bad. I can't find a way to make Pulumi ignore changes in this specific resource being made by a helm chart, since it's not a prop I'm passing in. Any help appreciated!

quiet-wolf-18467

11/16/2020, 9:55 PM

I was joined by @broad-dog-22463 and @billowy-army-68599 today as they introduced me to the new automation API that can produce binaries with Pulumi logic embedded. Very cool and worth a watch, even if I do say so myself 😀

https://youtu.be/GbLMQslgtGY▾

partypus 8bit 5

wonderful-manchester-62734

11/16/2020, 10:56 PM

Hi all, I am new to pulumi. I am using it to deploy an AWS stack. The stack consists of over 300 services. I often get the no integration error when updating my stack "* Error creating API Gateway Deployment: BadRequestException: No integration defined for method". If I only created a few services, it would work and sometimes I have to run "pulumi up" a couple of times. Has anyone experienced this issues. Here is the function that I wrote to create my API s.

wonderful-manchester-62734

11/16/2020, 10:56 PM

Copy code

def deploy_api(self, api, root_apigateway, service, bucket, package_s3_key, package_s3):
        #'api': {'name': 'get_dm_node', 'handler': 'lambda_get_dm_node', 'method': 'POST', 'path':'dmnode/get'}
        api_name =  f'{service["name"]}-{api["name"]}'
        print(f'Deploying {api_name}')
        __api_resource, __last_api_resource = None, None
        path_suffix = ""
        for i, path_part in enumerate(api["path"].split('/')):
            path_suffix = path_suffix + "-" + path_part 
            __api_resource = self.RESOURCES.get(path_suffix, None)
            if i == 0:
                parent_id =  root_apigateway.root_resource_id
            else:
                parent_id =  __last_api_resource.id
            #print(i, path_suffix, __last_api_resource)        
            if __api_resource is None:         
                #Create a new resource.
                __api_resource = apigateway.Resource(path_suffix,
                            rest_api=root_apigateway,
                            parent_id=parent_id,
                            path_part=path_part)
                self.RESOURCES[path_suffix] = __api_resource
            __last_api_resource = __api_resource
        print(f'Resoruce {__api_resource.id} created')
        __vpc_config = lambda_.FunctionVpcConfigArgs(
                                security_group_ids=self.LAMBDA_SECURITY_GROUP_IDS,
                                subnet_ids=self.LAMBDA_SUBNET_IDS)    
        __fn = lambda_.Function(
            api_name,
            s3_bucket=bucket.id,
            s3_key=package_s3_key,
            handler=api["handler"],
            runtime="python3.7",
            role=iam.lambda_role.arn,
            timeout=self.LAMBDA_DEFAULT_TIMEOUT,
            vpc_config=__vpc_config,
            __opts__=ResourceOptions(depends_on=[package_s3])
        )
        print(f'Function {__fn.id} created')
        __proxy_root_met = apigateway.Method(
            api_name,
            rest_api=root_apigateway,
            resource_id=__api_resource.id,
            http_method='ANY',
            authorization='NONE',
            __opts__=ResourceOptions(depends_on=[__api_resource])
        )    
        print(f'Method {__proxy_root_met.id} created')
        __root_int = apigateway.Integration(
            api_name,
            rest_api=root_apigateway,
            resource_id=__proxy_root_met.resource_id,
            http_method=__proxy_root_met.http_method,
            integration_http_method='POST',
            type='AWS_PROXY',
            uri=__fn.invoke_arn,
            __opts__=ResourceOptions(depends_on=[__proxy_root_met, __fn])
        )
        print(f'Integration {__root_int.id} created')
        __dep = apigateway.Deployment(
            f'{api_name}-deploy',
            rest_api=root_apigateway,
            stage_name="mlhere-dev",
            __opts__=ResourceOptions(depends_on=[__root_int])
        )
        print(f'Deployment {__dep.id} created')
        __perm = lambda_.Permission(
            api_name,
            statement_id="AllowAPIGatewayInvoke",
            action="lambda:InvokeFunction",
            function=__fn,
            principal="<http://apigateway.amazonaws.com|apigateway.amazonaws.com>",
            source_arn=__dep.execution_arn.apply(lambda x:f"{x}/*/*")
        )

many-spring-73557

11/17/2020, 12:56 AM

Is there a way for each stack to have its own backend, so the stack states are completely independent of one another? I’m using a GCP backend. I removed the

backend: url:

setting from

Pulumi.yaml

figuring I could override it on a per-stack level. But that doesn’t quite map with my mental of pulumi, which is that you

pulumi login <gs://my-state-bucket>

and that’s where it stores the state. So to keep things separate, I would need to

pulumi login

to the corresponding GS bucket before running any other commands - is that correct?

little-cartoon-10569

11/17/2020, 3:28 AM

I've got a bit of a mono-repo going on. I run Pulumi from a subdirectory of the mono-repo, containing Pulumi.yaml, index.ts etc. The root contains tsconfig.json, package.json etc. For the last couple of hours, having made (afaict) no changes, I've been getting ENOENT: no such file or directory on _<project___dir/package,json>_ while building my lambdas. Why has it started looking in my project directory for that file? It's in my root directory! I feel I've solved this before, but I can't remember how or when..

rhythmic-napkin-82334

11/17/2020, 7:57 AM

Hey all, we are finally setting up pulumi CI pipeline using GitLab CI/CD 🙂 Are there any must-reads or good up-to-date articles besides the following links, that we should be aware of? • https://www.pulumi.com/docs/intro/console/extensions/ci-cd-integration-assistant/ • https://www.pulumi.com/blog/tag/ci/cd/ • https://www.pulumi.com/docs/guides/continuous-delivery/gitlab-app/

limited-rainbow-51650

11/17/2020, 9:35 AM

Similar question I have as with a lot of other SaaS software: why should security via SAML be an enterprise feature, not even available in Team Pro subscription? https://www.pulumi.com/pricing/

👍 2

rhythmic-napkin-82334

11/17/2020, 10:00 AM

Another question: How to properly perform

pulumi destroy

via CI/CD (GitLab CI/CD in particular)?

👀 1

miniature-leather-70472

11/17/2020, 11:21 AM

Any idea when the next Pulumi core release is planned for? Waiting on this change to fix Kubernetes deployment https://github.com/pulumi/pulumi/pull/5760

agreeable-ram-97887

11/17/2020, 11:43 AM

Hello, short question here: Is it possible to run

pulumi preview

without actually comparing against the current stack? I am trying to test if the pulumi code compiles without error in a CICD script, and at this point don't actually care about the changes it may or may not cause

👍 1

agreeable-ram-97887

11/17/2020, 12:19 PM

One more CICD-related question: When getting the output of pulumi preview in a GitLab merge request, it seems that they get truncated (see the screenshot below). Is there a way to show the full output regardless of length?

high-morning-17948

11/17/2020, 2:38 PM

Has anyone deployed a nextjs app with AWS?

rhythmic-napkin-82334

11/17/2020, 4:07 PM

We are still exploring CI/CD and have not find a way yet to print the output of

pulumi up

to the merge request overview on GitLab. The ressource changes from the

pulumi preview

show up properly (see image) but no output from

pulumi up

is added afterwards.. It would be good to get the output, since there are cases in which

pulumi up

throws some errors that are important to be notified of... Does anyone know a trick?

hundreds-musician-51496

11/17/2020, 4:53 PM

Is there a way to create a resource, but not delete it? AWS CloudFront's "Lambda@Edge" functions can be created, but AWS takes care of deleting them (and gives an error if pulumi tries to delete them instead). So is there some way to create these functions, but delete them?

fierce-engine-31599

11/17/2020, 4:57 PM

Hey! Does anyone know how to import an existing kubernetes resource? I tried UID, name, and self link but nothing works...

future-nail-59564

11/17/2020, 5:27 PM

hey folks! 👋 I’m looking into Pulumi to automate the creation of our users in AWS, but the question I have is not AWS-specific: What would be a best practice to output the temporary generated passwords out of pulumi? Would you say it’s ok to output them as plain text, assuming they’re only temporary and will need to be changed by user upon first login anyway? As we’re running Pulumi as part of an automated pipeline (using Codefresh), I guess I would still be a little uncomfortable to have those passwords leaking into the pipeline logs. Though we still need to retrieve those passwords somehow… 🤔

👀 2

agreeable-ram-97887

11/17/2020, 6:22 PM

For those using pulumi within a CICD pipeline to provision an amazon EKS cluster, how do you communicate with the cluster after its creation (e.g. via kubectl) when the awscli is configured to use your personal AWS credentials?

wooden-account-17701

11/17/2020, 6:34 PM

Hi, I use GCP provider with Python. Its possible to store the output public IP addresses of the machines I created with GCE in a array? Thanks

hundreds-musician-51496

11/18/2020, 1:16 AM

I want to use

pulumi state delete

to remove a resource that is "pending delete". However, the URN refers to two resources. When I run

pulumi state delete

I get the following prompt:

Copy code

Multiple resources with the given URN exist, please select the one to edit:  [Use arrows to move, enter to select, type to filter]
> "handle-request-ap-1782-resources-resources-ci-901d9e4"
  "handle-request-ap-1782-resources-resources-ci-b67bf05" (Pending Deletion)

Is there any way to select the second one non-interactively? I want to do this on my CI server.

wet-soccer-72485

11/18/2020, 5:31 PM

Is there a way to define a default

orgName

so that I can use the shorthand for referring to a stack? So instead of having to write

pulumi stack select myorg/mystack

I can just define

myorg

as the default, and just do

pulumi stack select mystack

faint-australia-78690

11/18/2020, 6:15 PM

If I want to create an IAM policy with Pulumi that grants full access to resources that Pulumi manages, is there a way to just get all Pulumi-managed resources for the stack in one go?

wonderful-manchester-62734

11/19/2020, 6:51 AM

Pulumi is suddenly very slow, an update took 1.5 hours. Any idea?

rhythmic-napkin-82334

11/19/2020, 7:24 AM

Dear community, how do you

pulumi destroy

via GitLab CI? Is it even possible? Cheers Robin

brash-psychiatrist-86349

11/19/2020, 8:53 AM

The name of the resources are generated in this form:

test-api-c0163d9

test-lambda-6e02bf9

How this hash is generated and how can I choose a string to replace it?

dazzling-sundown-39670

11/19/2020, 2:30 PM

Is there some way to get a pulumi output set as an github action output when using the Pulumi Github Actions?

steep-angle-29984

11/19/2020, 3:05 PM

I got

Duplicate resource URN

error, but URN is unique. The URN is very long(->307), can that be the cause of the error?

dazzling-sundown-39670

11/19/2020, 4:00 PM

How can I mock configuration?

Error: Missing required configuration variable 'project:domain'

running in NodeJS