Hi! I am playing with

random.RandomPassword

and I'm wondering why it's

result

output is not marked as secret and I have to do:

const password = new random.RandomPassword('myPassword', {...}, { additionalSecretOutputs: ['result'] })

Shouldn't it be marked as sensitive by default?

Hello, My stack is really simple with a single component :

export const loadBalancer = new lb.ApplicationLoadBalancer('alb');

No param is given so it defaults to default vpc, which as subnets in two availability zones, and still I see :

error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified

Any idea on what is happening ? Thx

Hello everyone! I have a general question, does Pulumi have a way to apply tags to all resources in a stack?

Is there a concept of a

local

stack? What I mean is, before pushing to the

development

branch where my github actions run

pulumi up

I want to test out if everything works one step before, where a stack gets created automatically, resources are created in the cloud, things get deployed, and when no errors are returned by pulumi and I am satisfied with my deployment, I would then merge the branch to the

development

branch and the

local

resources and the stack are destroyed? Sometimes when I make some changes,

pulumi preview

doesn't return any errors, because I have defined everything correctly, but in reality my setup i.e port mapping to my ECS instance has not been set up properly, so I want to go back, modify my config and try again. Is that something possible? I have a feeling that's what the automation API is capable of.

Is there a way to gather timings of different resources. I have something which is taking some time during preview and wondered if there is an easy way to track it down

Hey everyone, is there a way to access the current stack name in code? I'm trying to work around SQS FIFO queue name issue (#967). I'm happy to provide my own name, but I'd like it to be unique inside the stack

is there a way to force pulumi destroy to delete s3 bucket objects?

error: deleting urn:pulumi:dev::crytic::aws:s3/bucket:Bucket::my-bucket: 1 error occurred:
    	* error deleting S3 Bucket (my-bucket-467da8e): BucketNotEmpty: The bucket you tried to delete is not empty

I'm currently deleting an RDS instance. The instance is gone, but the optiongroup won't delete, because it's referred to by all the auto-backups that RDS has made. It'll timeout soon and I'll have to go through the manually-delete/export stack/update stack/import stack rigmarole to get it sorted. Is there an alternative? Maybe something like: * Pulumi could discover unmanaged resources that would prevent a deletion (e.g. BucketObjects, backups, etc.), * mark some types of resources as "can be blocked on deletion" and given them a shorter timeout, a more-specific failed-to-delete error message and don't mark them as deletion-in-progress? * A

pulumi undelete

command that marks the resources as not-deleted instead of deletion-in-progress (so that I can go delete the unmanaged resources then run

pulumi up

again, cleanly).

Is there any way to not store some data in the state? I've found that when deploying cert-manager helm chart using Pulumi the state file grows from around 200Kb, to 8Mb, due to the amount of CRD's in the chart. Is there anyway to get these deployed without inflating the state and making everything slow

are there any plans for a rook+ceph provider?

Doc improvement suggestion: the Pulumi type could be added to all resource doc pages. It's used in a few things like

pulumi import

and stack transformations, but to find a type I (think I) have to open node_modules/@pulumi/<provider>/<somedir>/<resource>.js and look down the bottom of the file.

hey guys, my team is trying to migrate from heroku to aws ecs. On heroku we used to have 'rollback' features. Is there any way to do similar thing in pulumi?

I'm working with

pulumi import

. I've attempted to import just a few SNS topic policies (I'd successfully imported the topics already). I'm using a json file, and I've set a nameTable with the conveniently-but-confusingly named this and provider properties: I chose this because the generated code was to go in the constructor of a ComponentResources, and the parent of the topics would be

this

. Short cut! Importing worked but no code was generated. The state was updated and looks like I want it to. The parent and provider properties of the new resources have the correct values (values from the nameTable properties). This error was output:

error: no name for provider urn😛ulumi:MyStack::MyProject::Name:aws:MyClass:myId

What might have gone wrong?

i have to say, i’m not very familiar with devops tooling (i’ve been meaning to look into terraform) and I decided to use pulumi and it’s amazing, big fan. It saved me and my team so much time.

I really like the graph projection, both in the ui and the terminal. But I haven’t yet found documentation on how to easily create “parent aggregators”, something like a dummy component. Is there such a default component? So far I’ve been doing this (python), but I have a feeling it is not best practice:

from pulumi.resource import ComponentResource

class AggregatorComponent(ComponentResource):
    def __init__(self, *args, **kwargs) -> None:
        super(AggregatorComponent, self).__init__(t="aggregator", *args, **kwargs)

and using it like so

project_aggregator = AggregatorComponent(name=project_id)
opts = ResourceOptions(parent=dataset_aggregator)
DemographyDataset(opts=opts)
FunctionsDataset(opts=opts)
...

Is there a better way to do this than my homemade

AggregatorComponent

?

Is there a way to create a non-secret output from a secret output?

How does one use async block inside a ComponentResource? I know the pattern of encapsulating my regular pulumi TS code in a big async block. But now I have a ComponentResource class that does some async gets on resources. Do I have to use .then chaining?

export class CustomComponent extends pulumi.ComponentResource {
  constructor(name, args, opts) {
    super('pkg:CustomComponent', name, {}, opts)
    
    const computeDefaultServiceAccount = await gcp.compute.getDefaultServiceAccount({project: projectId});
    gcp.projects.IAMBinding('blah', { role: '', project: projectId, members: [`serviceAcccount:${computeDefaultServiceAccount.email}`]}
  }
}

Hi! I try to run pulumi import aws:eks/cluster:Cluster <name> <id> and I receive this error

error: aws:eks/cluster:Cluster resource 'resource' has a problem: Computed attribute cannot be set

How do I access the auto named resource inside the resource? I need to basically access

self.name

but I want the generated name. I am using python.

Hey folks! 👋 Is there a way to detect when a given resource output changes (and only when it changes), to have some side effect in your script? I’d like to send an email to user when his/her AWS account password is created or changed, but not every time I update my stack. Is there some event to hook into?

Hi everyone, I've been looking for a while around that issue, and would happily get pointers if I've missed the obvious. I have a running swarm in azure using pulumi/python in both UAT and production environments. I've been asked to add a tag to all resources, I thought "too easy, just add the tag and be done with it". Except:

Type                                   Name       Status                  Info

pulumi:pulumi:Stack                    XXX-uat    **failed**              1 error

~   ├─ azure:core:ResourceGroup            rg         updated                 [diff: ~tags]

~   ├─ azure:storage:Account               storage    updated                 [diff: ~tags]

~   ├─ azure:containerservice:Registry     dockerhub  updated                 [diff: ~tags]

~   ├─ azure:network:VirtualNetwork        vnet       **updating failed**     [diff: ~tags]; 1 error

~   ├─ azure:network:NetworkSecurityGroup  nsg        updated                 [diff: ~tags]

~   └─ azure:network:PublicIp              public-ip  updated                 [diff: ~tags]

Diagnostics:

pulumi:pulumi:Stack (XXX-uat):

error: update failed

azure:network:VirtualNetwork (vnet):

error: 1 error occurred:

* updating urn:pulumi:uat::XXX::azure:network/virtualNetwork:VirtualNetwork::vnet: Error Creating/Updating Virtual Network "vnetXXXXXXX" (Resource Group "rgdXXXXXXX"): network.VirtualNetworksClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InUseSubnetCannotBeDeleted" Message="Subnet subnetXXXXXXX is in use by /subscriptions/xxx/resourceGroups/rgdXXXXXXX/providers/Microsoft.Network/networkInterfaces/|providers|Microsoft.Compute|virtualMachineScaleSets|ss-managerXXXXXXX|virtualMachines|0|networkInterfaces|networkprofile/ipConfigurations/IPConfiguration and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See <http://aka.ms/deletesubnet|aka.ms/deletesubnet>." Details=[]

I mean it's clearly a diff update and it requires to delete stuff. As much as I don't mind rebuilding our UAT environment, I can't delete anything off of our production environment. Is there anything I'm missing here?

I'm trying to integrate Datadog with Fargate via the AWS FireLens integration. I am receiving this error when running pulumi up: "ClientException: When a firelensConfiguration object is specified, at least one container has to be configured with the awsfirelens log driver." I believe I have specified all required parameters but it's tough for me to debug further. Is there a way to get Pulumi to print out the requests it is making to AWS so I can see where my mismatch is?

Ah, I've found it with

--logtostderr -v=9

. It appears that Pulumi is ignoring my

logConfiguration

block in my container's spec.

Oh, this has been reported before: https://github.com/pulumi/pulumi-awsx/issues/552. The workaround in that issue does appear to work. I've +1'ed and followed that issue.

Is there a good way to read in a values.yaml override file other than just using a language library like

js-yaml

? Trying to install the Linkerd Helm chart using their HA values and I don't want to copy that whole thing into JS, would rather just read it in and then selectively set some more things.

Hey Pulumi, is your https://github.com/apps/pulumi github bot opensourced somewhere? I can’t find it

I’m wondering if changing a resource’s parent forces that resource to be recreated? I guess not, as long as you don’t put the name of the parent explicitly in the resource’s name… 🤔 I’m asking because I’m considering grouping users by the team they belong to, which would be helpful to visualize them in the pulumi stack. However, I don’t want a user moving to a different team to require deleting and recreating that user. Could anyone please confirm that such a user would just have its parent modified, without itself being recreated completely?

Morning all! Has anyone seen this error during the pulumi preview?

panic: interface conversion: interface {} is string, not bool
    goroutine 340 [running]
...

I can paste additional lines from the stacktrace if interested.

Does anyone know if issue https://github.com/pulumi/pulumi/issues/5705 has resurfaced? I'm getting the same error message when I run mocha unit tests:

Error: Running program 'foo' failed with an unhandled exception:

Error: Unable to deserialize resource urn😛ulumi:dev::foo::aws:iam/role:Role::foo, no module is registered for iam/role.

It's working fine from my programs, so I'm not sure if I've got a problem with dependencies, maybe old versions of something laying around somewhere...