pulumi-community #general

Channels

general

clean-dentist-2515

11/14/2020, 11:10 PM

I have a problem doing a volume attachment on DigitalOcean... the droplet output

id

str

type: https://www.pulumi.com/docs/reference/pkg/digitalocean/droplet/#id_python but the

droplet_id

input for the volume attachment is `int`: https://www.pulumi.com/docs/reference/pkg/digitalocean/volumeattachment/#droplet_id_python

pulumi up

fails with:

VolumeAttachment resource 'pgb-dokku-db-vol-attachment' has a problem: Attribute must be a whole number, got 216866671

if I try to cast the output id as

int(droplet.id)

(in python) I get:

TypeError: int() argument must be a string, a bytes-like object or a number, not 'Output'

is there a workaround?

clean-dentist-2515

11/14/2020, 11:12 PM

DigitalOcean API docs give return type of created droplet id as `int`: https://developers.digitalocean.com/documentation/v2/#droplets

broad-dog-22463

11/14/2020, 11:12 PM

For this you will need to run an apply - this allows you to control the cast when the promise resolves In JavaScript I would do this as .id.apply(id => parseInt(id))

clean-dentist-2515

11/14/2020, 11:13 PM

is it a bug? seems like the droplet resource has wrong return type

clean-dentist-2515

11/14/2020, 11:13 PM

but thanks, I was looking for something like apply

broad-dog-22463

11/14/2020, 11:14 PM

It’s kinda a bug kinda not - it’s what comes back from the generated code upstream :/

broad-dog-22463

11/14/2020, 11:14 PM

You are correct that it’s not a great experience here

clean-dentist-2515

11/14/2020, 11:16 PM

ok, found the apply docs now https://www.pulumi.com/docs/intro/concepts/programming-model/#apply

elegant-window-55250

11/14/2020, 11:21 PM

Hello 👋 I use Pulumi for all infrastructure, including K8S. I am seeing a pattern with our current configuration where canary releases are filling up our git history (the way it works; we release, that also triggers a commit in our infrastructure repository to update the version). What I’d like to do instead of commiting each time is just update that specific piece of infrastructure, without needing the whole infra repository. Like we do with kubectl – just patch it. Is there anything like that available within Pulumi, or do I have to find something outside of Pulumi for those cases?

chilly-hairdresser-56259

11/14/2020, 11:56 PM

Is there a general way within the pulumi UI to see stack differences?

wonderful-manchester-62734

11/15/2020, 8:41 AM

Hi all, I am new to pulumi. I am using it to deploy an AWS stack. Has anyone experience that when you create an s3 object and use it for lambda function, in the first try to create the lambda function, it complains that object does not exists. The next time I run "pulumi up" it is fine.

wonderful-manchester-62734

11/15/2020, 8:41 AM

"Error occurred while GetObject. S3 Error Code: NoSuchKey. S3 Error Message: The specified key does not exist."

bored-intern-60856

11/15/2020, 3:35 PM

Hey guys, We're using Pulumi pretty extensively in our company. Regarding configuration:

bored-intern-60856

11/15/2020, 3:36 PM

Where do you keep your initial configuration? Is your secret manager/vault the only thing that's defined and handled locally?

bored-intern-60856

11/15/2020, 3:38 PM

Or your CI/CD also creates/starts the vault, with some sort of a funny circular approach (the CI/CD uses secrets from the vault which is created/updated/destroyed by the CI/CD)

elegant-dress-88912

11/16/2020, 12:39 PM

Hi, sometimes pulumi fails to update managed instance group in GCP, it fails on deleting old instance template while replacing it with

is already being used by

message.

able-crayon-21563

11/16/2020, 5:17 PM

Hello, I am having trouble adding a user from my github-backed organization. The problem may have started when we enabled SSO in github. The error is:

User is not a member of Pulumi organization’s backing identity provider.

The user appears in the list, I click +, get above message. Any ideas? Thanks.

fast-dinner-32080

11/16/2020, 5:44 PM

@broad-dog-22463 Do you know when the latest Rancher2 provider will be released? There was a bunch of fixes in the v1.10.6 release that we would like to start using.

broad-dog-22463

11/16/2020, 5:44 PM

today

broad-dog-22463

11/16/2020, 5:44 PM

The PR is open for the update already

fast-dinner-32080

11/16/2020, 5:45 PM

Ah perfect! I should have looked there first 😄

elegant-carpet-8859

11/16/2020, 7:45 PM

Hey all, I'm having a really weird issue with a Helm chart. The chart creates a secret that is a TLS root certificate. Every time I

pulumi up

pulumi wants to replace this secret because the contents have changed. The confounding thing is that the strings are exactly the same when I go look in the details of the run. I'm guessing something is happening with string encoding here maybe? I gotta figure this out because the minimum that happens when this reruns is our gateway is unavailable for a couple of seconds, and the worst that happens is all the TLS certs go bad. I can't find a way to make Pulumi ignore changes in this specific resource being made by a helm chart, since it's not a prop I'm passing in. Any help appreciated!

quiet-wolf-18467

11/16/2020, 9:55 PM

I was joined by @broad-dog-22463 and @billowy-army-68599 today as they introduced me to the new automation API that can produce binaries with Pulumi logic embedded. Very cool and worth a watch, even if I do say so myself 😀

https://youtu.be/GbLMQslgtGY▾

😛artypus-8bit: 5

wonderful-manchester-62734

11/16/2020, 10:56 PM

Hi all, I am new to pulumi. I am using it to deploy an AWS stack. The stack consists of over 300 services. I often get the no integration error when updating my stack "* Error creating API Gateway Deployment: BadRequestException: No integration defined for method". If I only created a few services, it would work and sometimes I have to run "pulumi up" a couple of times. Has anyone experienced this issues. Here is the function that I wrote to create my API s.

wonderful-manchester-62734

11/16/2020, 10:56 PM

def deploy_api(self, api, root_apigateway, service, bucket, package_s3_key, package_s3):
        #'api': {'name': 'get_dm_node', 'handler': 'lambda_get_dm_node', 'method': 'POST', 'path':'dmnode/get'}
        api_name =  f'{service["name"]}-{api["name"]}'
        print(f'Deploying {api_name}')
        __api_resource, __last_api_resource = None, None
        path_suffix = ""
        for i, path_part in enumerate(api["path"].split('/')):
            path_suffix = path_suffix + "-" + path_part 
            __api_resource = self.RESOURCES.get(path_suffix, None)
            if i == 0:
                parent_id =  root_apigateway.root_resource_id
            else:
                parent_id =  __last_api_resource.id
            #print(i, path_suffix, __last_api_resource)        
            if __api_resource is None:         
                #Create a new resource.
                __api_resource = apigateway.Resource(path_suffix,
                            rest_api=root_apigateway,
                            parent_id=parent_id,
                            path_part=path_part)
                self.RESOURCES[path_suffix] = __api_resource
            __last_api_resource = __api_resource
        print(f'Resoruce {__api_resource.id} created')
        __vpc_config = lambda_.FunctionVpcConfigArgs(
                                security_group_ids=self.LAMBDA_SECURITY_GROUP_IDS,
                                subnet_ids=self.LAMBDA_SUBNET_IDS)    
        __fn = lambda_.Function(
            api_name,
            s3_bucket=bucket.id,
            s3_key=package_s3_key,
            handler=api["handler"],
            runtime="python3.7",
            role=iam.lambda_role.arn,
            timeout=self.LAMBDA_DEFAULT_TIMEOUT,
            vpc_config=__vpc_config,
            __opts__=ResourceOptions(depends_on=[package_s3])
        )
        print(f'Function {__fn.id} created')
        __proxy_root_met = apigateway.Method(
            api_name,
            rest_api=root_apigateway,
            resource_id=__api_resource.id,
            http_method='ANY',
            authorization='NONE',
            __opts__=ResourceOptions(depends_on=[__api_resource])
        )    
        print(f'Method {__proxy_root_met.id} created')
        __root_int = apigateway.Integration(
            api_name,
            rest_api=root_apigateway,
            resource_id=__proxy_root_met.resource_id,
            http_method=__proxy_root_met.http_method,
            integration_http_method='POST',
            type='AWS_PROXY',
            uri=__fn.invoke_arn,
            __opts__=ResourceOptions(depends_on=[__proxy_root_met, __fn])
        )
        print(f'Integration {__root_int.id} created')
        __dep = apigateway.Deployment(
            f'{api_name}-deploy',
            rest_api=root_apigateway,
            stage_name="mlhere-dev",
            __opts__=ResourceOptions(depends_on=[__root_int])
        )
        print(f'Deployment {__dep.id} created')
        __perm = lambda_.Permission(
            api_name,
            statement_id="AllowAPIGatewayInvoke",
            action="lambda:InvokeFunction",
            function=__fn,
            principal="<http://apigateway.amazonaws.com|apigateway.amazonaws.com>",
            source_arn=__dep.execution_arn.apply(lambda x:f"{x}/*/*")
        )

many-spring-73557

11/17/2020, 12:56 AM

Is there a way for each stack to have its own backend, so the stack states are completely independent of one another? I’m using a GCP backend. I removed the

backend: url:

setting from

Pulumi.yaml

figuring I could override it on a per-stack level. But that doesn’t quite map with my mental of pulumi, which is that you

pulumi login <gs://my-state-bucket>

and that’s where it stores the state. So to keep things separate, I would need to

pulumi login

to the corresponding GS bucket before running any other commands - is that correct?

little-cartoon-10569

11/17/2020, 3:28 AM

I've got a bit of a mono-repo going on. I run Pulumi from a subdirectory of the mono-repo, containing Pulumi.yaml, index.ts etc. The root contains tsconfig.json, package.json etc. For the last couple of hours, having made (afaict) no changes, I've been getting ENOENT: no such file or directory on _<project___dir/package,json>_ while building my lambdas. Why has it started looking in my project directory for that file? It's in my root directory! I feel I've solved this before, but I can't remember how or when..

rhythmic-napkin-82334

11/17/2020, 7:57 AM

Hey all, we are finally setting up pulumi CI pipeline using GitLab CI/CD 🙂 Are there any must-reads or good up-to-date articles besides the following links, that we should be aware of? • https://www.pulumi.com/docs/intro/console/extensions/ci-cd-integration-assistant/ • https://www.pulumi.com/blog/tag/ci/cd/ • https://www.pulumi.com/docs/guides/continuous-delivery/gitlab-app/

limited-rainbow-51650

11/17/2020, 9:35 AM

Similar question I have as with a lot of other SaaS software: why should security via SAML be an enterprise feature, not even available in Team Pro subscription? https://www.pulumi.com/pricing/

👍 2

rhythmic-napkin-82334

11/17/2020, 10:00 AM

Another question: How to properly perform

pulumi destroy

via CI/CD (GitLab CI/CD in particular)?

👀 1

Title

rhythmic-napkin-82334

11/17/2020, 10:00 AM

Another question: How to properly perform

pulumi destroy

via CI/CD (GitLab CI/CD in particular)?

👀 1

clever-sunset-76585

11/23/2020, 4:47 PM

Sorry for the late reply, but did you find what you were looking for? Also I didn’t understand your question…

Oops. Please disregard. I see that this was prior to our discussion later in this channel :)

View count: 1