there isn't at a stack level, jsut at the resource level I'm afraid

protect:true

Related question: is there a way to determine if

destroy

is being called? For some stacks I'm ok with

up

making changes but want to prohibit

destroy

.

I am experiencing a weird issue. I was accidentally removed from my organization. After getting a new invitation I get an error when I try to accept it. Has anyone else experienced this?

Hi all! 🙂 I have a problem - I want to extract newly created AWS EKS cluster security group (a one that is created as a part of cluster creation) to use it when later creating launch template for worker nodes (I use custom AMI, so that's the only way to still use EKS managed node groups). I use Go. In my code, I create cluster

eksCluster := eks.NewCluster(...)

, and then try to refer to it's security group

securityGroup := eksCluster.VpcConfig.ToClusterVpcConfigOutput().ClusterSecurityGroupId().Elem()

. This results in

panic: runtime error: invalid memory address or nil pointer dereference

error when doing

pulumi up

. The problem seems to be that the

Elem()

function causes too early pointer dereference. I can't just use value returned by

ClusterSecurityGroupId()

because it returns

StringPtrOutput

. This is incompatible with the type I need to create launch template, as

LaunchTemplateArgs -> NetworkInterfaces -> SecurityGroups

is of

StringArray

type, so I need

StringOutput

. Can you help? Am I doing something wrong, or it's some kind of bug?

I want to make async calls after some resources are created (as there is no provider for what I want). I put the calls in a custom component, but I cannot figure out how to make them not run on

pulumi preview

?

Hey, just wondering what is the difference between

delete-replaced

and

replaced

?

Hello all -- I'm trying to bulk import gcp firewall resources using >> pulumi import -f Rules.json -d ... {          "type": "gcp:compute/firewall:Firewall",          "name": "allow-local",          "id": "7949084422313144519" } ... That results in error: gcp:compute:Firewall (allow-local): error: gcp:compute/firewall:Firewall resource 'allow-local' has a problem: ExactlyOne: "allow": one of

allow,deny

must be specified exporting the firewall rule with >>gcloud compute firewall-rules list --format=json produces a valid firewall resource. Using the cli with >>pulumi import gcp:compute/firewall:Firewall default projects/my-project/global/firewalls/allow-local produces the same error. This is true for all firewall rules. The vpc resource in the same import returns a valid preview. Thoughts?

Is the example for DSN Validation with Route 53 wrong? It shows iterating over the

exampleCertificate.domainValidationOptions

output in a way that doesn't look like it would work.

Might be an obvious question, but the "encryptedkey" that is stored in the stack file, is this safe to check in to git? I assume this still needs the encryption provider (in our case Azure Key Vault) to decrypt it?

@miniature-leather-70472 yes it is

@broad-dog-22463 thanks!

Are inter-stack dependencies supported across projects in a self-managed backend? If so, how? (more in thread)

Is it possible to keep a resource from a previous

pulumi up

? The problem we are facing is in Azure, and has to do with App Services, Deployment Slot, and deploy from ZIP. But the question is more generic I think. Example:

const app = new azure.appservice.AppService("app", { ... });

const blob = new azure.storage.Blob("blob", { ... });

const slotName = `slot-staging-${Date.now()}`;
const slot = new azure.appservice.Slot(slotName, {
    appSettings: {
      WEBSITE_RUN_FROM_PACKAGE: azure.storage.signedBlobReadUrl(storage, blob),
    }
    ...
  },
});

new azure.appservice.ActiveSlot("swapslot", {
  appServiceName: app.name,
  appServiceSlotName: slot.name, // needs to be unique to swap with every `pulumi up`
  resourceGroupName: resourceGroup.name,
});

After the first deployment, if the slot was swapped successfully, the ZIP running in production is the blob above mentioned. Now if we do

pulumi up

a second time, and the slot is again swapped successfully, the ZIP running in production is again the blob defined above. But now the problem is that we "lose" the previous blob (

n - 1

), so if for some reason we want to go back to the previous version, the ZIP is gone from the storage. We want to manage 2 blobs with a single blob declaration basically. So the question is: can I somehow get the blob from the previous

pulumi up

execution, thus keeping both the blob of the current deployment and the blob from the previous deployment?

Sometimes I wish I had a nice UI that reads the JSON of the state data and let me easily edit resources, specifically to delete things one at a time. Anyone ever feel like they would like a tool to edit the state JSON data visually? Anyone want to help me make a tiny Electron app to do this?

Hi folks, a contentious question: what language would be the best choice for a big-ish Pulumi project/set of projects? We started out with Go, until we've hit a roadblock of "no dynamic providers", not to mention the amount of memory the linker consumes with aws go-sdk. As far as I understand, it's pretty unlikely that dynamic providers support is going to be easy to add in a reasonable timeframe because of the way dynamic providers are implemented (closure serialization IIUC). Fortunately, we're still at a point where we can change languages and the choice boils down to Typescript or Python. At the end of the day, it's a question of SDK maturity and feature parity on the Pulumi side. Since Pulumi itself is in TS, am I right to assume that TS SDK is more mature and features /bugfixes end up in the TS SDK first? A good example would probably be the Automation API support that was first added to TS/Golang and only very recently to Python. Languages themselves compare to each other pretty equally (not to start a holy war 🙂), maybe with the exception of how easy it is to hire folks on the intersection of infrastructure and language experience. What do you think?

Is there a way to manage installed packages on a remote ubuntu machine? • I am able to provision an ubuntu VM with a community pulumi provider for proxmox • I'd like to top-up the VM instantiation with a few services (like a running docker daemon) I know this is not a typical use, any hints/ideas would be appreciated.

Hi guys, I’m trying to follow the EKS example to set up a kubernetes cluster on AWS, but I’m running into the error

Error: providerCredentialOpts and AWS_PROFILE must be set together

Must I configure a specific AWS profile and role for the

providerCredentialOpts

?

Hello, I am new to pulumi, I would like to know if there is an example of fullstack (where rest api, database and a web with a framework such as react, angular or laravel are implemented) I would be very grateful if I had it

Hey everyone, good evening! Could someone please provide me a link to the docs or just give me a tip on how can I interact with other AWS services from within a "magic lambda"? To be more specific, given the following code:

const MyBucket = new aws.s3.Bucket("MyBucket")

const api = new awsx.apigateway.API("hello-world", {
    routes: [{
        path: "/",
        method: "POST",
        eventHandler: async (event) => {
            return {
                statusCode: 200,
                body: "Hello, world!",
            };
        },
    }],
})

How could I create/upload a file to "MyBucket" in the "eventHandler" lambda function logic?

is there anything compared to terraform's chef provisioner in pulumi?

Did

<http://api.pulumi.com|api.pulumi.com>

fall off the internet for a few minutes? A deployment failed, but I can now reach the webui..

Hello there, Getting a weird error at preview since last pulumi packages update :

Diagnostics:
  pulumi:providers:eks (default):
    error: no resource plugin 'eks' found in the workspace or on your $PATH

I have no idea what that’s supposed to mean or what to do to get rid of it, never had this one in 2 years. Using typescript, cleaned up everything, started from a fresh built container, same problem.

"@pulumi/aws": "3.23.0",
    "@pulumi/awsx": "0.23.0",
    "@pulumi/eks": "0.21.0",
    "@pulumi/kubernetes": "2.7.6",
    "@pulumi/postgresql": "2.5.3",
    "@pulumi/pulumi": "2.17.2",
    "@pulumi/random": "3.0.1",

Anyone would know what to do here ?

Hello! How can I retrieve a queue URL after it's creation? An object of the type aws.sqs.Queue doesn't seem to have this attribute. Also, it seems I can't use the aws.sqs.getQueue method to get it.

I was trying to print(config.require_secret('password')), and I got <pulumi.output.Output object at 0x7f229dc2b5c0>, why's that? 'password' is not output of a stack that pulumi got to know only after deploying the stack, here 'password' is a string written in the config file, why can't it be read as a normal string as read other plain text item from the config file?

Hello everyone I am running kubernetes cluster with istio on top of it. I want to use pulumi to automate everything related to infrastructure. Everything is great, but I have a question regarding resources that is provided by istio (ex: VitualService, Gateway etc). How I should define these resources so that pulumi understands how to work with them. I've managed to do it with Go using

apiextensions.NewCustomResource

. Is it right way to do? Or is there better solution using go or other languages?

Is there any central place for unofficial/community driven pulumi ResourceManagers or Plugins. My guess is, that most people requiring to manage a resource which is not officially documented and managed by Pulumi (the Company) will just write a Dynamic Resource/Custom Resource and hack it in whatever language he needs it. e.g. I’m using TypeScript and It would take me a to long to implement a proper Plugin with Go so everyone could take advantage of my work. If there would be a central place for such stuff, some new things could grow out of it. I have the feeling there is quite some potential for something like this.

I am working locally. Right now pulumi saves all stack and project info in .pulumi installation directory. Is there a way I can save all info in my own selected folder or preferably in some NoSQL db.

Hi, team! I’m trying to batch import several AWS sagemaker resources using the

pulumi import -f <resource.json>

tool. One problem I ran into is how to get

id

s of the resources. I can import them using

pulumi import <type> <name>

without specifying ids. For example,

pulumi import aws:sagemaker/endpoint:Endpoint 'model-endpoint' 'mode'

works as expected. I tried not specifying ids in the json, but that caused the tool to panic. I took a look at the doc, but still couldn’t find an answer.