pulumi-community #general

Docs

Join the conversation Join Slack

general

little-cartoon-10569

01/18/2021, 10:08 PM

Is there a command-line way to decrypt a RandomPassword or other encrypted value?

full-dress-10026

01/19/2021, 1:34 AM

Switching from

cCluster.cluster.apply(cluster => {...

services = pulumi.all([cCluster.cluster, taskDefs]).apply(([cluster, taskDefs]) => {

causes the Pulumi preview diff to think it needs to delete many resources. The key change is the switch to

pulumi.all

. Once running the

up

, it does not actually delete the resources it thought it needed to. Is there some way to get the Pulumi diff to operate correctly with

pulumi.all

? This issue makes the preview unusable.

ripe-holiday-8134

01/19/2021, 7:44 AM

Hi, running the next simple import GCP firewall rule command:

pulumi import gcp:compute/firewall:Firewall default projects/my-test-project/global/firewalls/my-firwall-rule

and getting the next error: `error: gcp:compute/firewall:Firewall resource 'my-firwall-rule' has a problem: "deny": one of

allow,deny

must be specified` `error: gcp:compute/firewall:Firewall resource 'my-firwall-rule' has a problem: "allow": one of

allow,deny

must be specified` https://www.pulumi.com/docs/reference/pkg/gcp/compute/firewall/#import someone knows what is missing?

famous-twilight-87777

01/19/2021, 4:24 PM

Hi, I've got an issue with using a key assigned to a service account in gcp - I can create the service account, assign roles and create the key and then write the private key (which is required in my usecase) to a local file, then in a separate invocation of a different stack, read and use the private key. However trying to combine these two steps fails as the private key is an Output<string> and I cannot pass it into some further typescript where I need to template it into a file

famous-twilight-87777

01/19/2021, 4:25 PM

so I can do this:

famous-twilight-87777

01/19/2021, 4:25 PM

service_account_key.privateKey.apply(k => writeFileSync("/tmp/test.json", Buffer.from(k,'base64').toString()));

famous-twilight-87777

01/19/2021, 4:26 PM

but I cannot access the string ^ 'k' directly - quite frustrating and I know it's something associated with the async model that I'm not groking

proud-hair-78501

01/20/2021, 8:47 AM

I’m working on quite a large Pulumi infra, and trying to work out the best way to divide up the code into multiple files. I assume using pulumi.ComponentResource is the best idea here and trying to roughly divide them up into components?

proud-hair-78501

01/20/2021, 8:54 AM

My only issue so far with that, has been trying to get a provider inside one of these components

proud-hair-78501

01/20/2021, 8:54 AM

I pass it into the opts using providers: { kubernetes: theProvider } and then inside the component use this.getProvider(‘kubernetes’) but it just gives me undefined 😞

gifted-lifeguard-15584

01/20/2021, 10:26 AM

Hi, It might sound like a dumb question, but I'm using Pulumi with python and the aws provider and when a go to the aws console, I can see that most resources names are empty (vpc, subnet, instance, ...). Is is normal ? Is there a way for me to tell Pulumi to set the name field on these resources ?

incalculable-engineer-92975

01/20/2021, 2:17 PM

is it possible to install both pulumi 2.x and pulumi 1.x cli's at the same time?

incalculable-engineer-92975

01/20/2021, 2:18 PM

we have a bunch of 1.x apps that we're going to start upgrading to 2.x

bumpy-laptop-30846

01/20/2021, 4:46 PM

Hi, I have my aws cli configured and want to create a project with

pulumi new aws-typescript

. The pulumi requests that I login to the console. Is it normal? I follow this guide

proud-hair-78501

01/20/2021, 6:35 PM

Is there a nice way of waiting for an abritrary k8s resource to appear?

proud-hair-78501

01/20/2021, 6:36 PM

It’s created by an operator that I deploy as part of the Pulumi, so there’s no immediate way springing to mind other than some polling style thing in an apply?

rough-optician-63632

01/20/2021, 6:51 PM

Hi! I am trying to create an ECS Task Definition’s

ContainerDefinition

string using a lookup value as part of my string in TypeScript.

const ecr = pulumi.output(
   aws.ecr.getRepository(
    {
     name: `${environmentName}/${repositoryName}`,
    },
    { async: true }
   )
  )

const containerDefinitions = JSON.stringify([
   {
    name: this.FormattedName,
    image: pulumi.interpolate`${ecr.repositoryUrl}:${imageVersion}`,
    portMappings: portMappings,
    environment: environmentVariables
   },
  ])

The containerDefinition variable later goes on to be used in the args of a

new aws.ecs.TaskDefinition(name, args)

. When I console.log that container definition I get the following value for image:

[{… "image":"Calling [toJSON] on an [Output<T>] is not supported.\n\nTo get the value of an Output as a JSON value or JSON string consider either:\n  1: o.apply(v => v.toJSON())\n  2: o.apply(v => JSON.stringify(v))\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi." …}]

I started without the interpolate and I got a similar error (for toString instead of toJSON) suggesting I add the interpolate. Appending

.apply((x) => JSON.stringify(x))

as it suggests to that interpolate results in the same error. I'm sure I'm misusing something here. Can anyone help point out what I’m doing wrong please?

elegant-island-39916

01/21/2021, 10:30 AM

hi, how do people get around

pulumi up

on k8s when their images target

:latest

? no changes will be required after the first update, but i would like k8s to pull down the new image

elegant-island-39916

01/21/2021, 11:33 AM

ive got a troublesome helm chart

aws-load-balancer-controller

that generates a new secret each time

pulumi up

is run, is there any way to get pulumi to

ignore_changes

of the generated outputs of the helm chart plan?

glamorous-helmet-50600

01/21/2021, 1:50 PM

Hi there 👋 I'm new to pulumi so forgive me if this is a dumb question but I'm not sure to which extent I should use pulumi, is it meant to just build the infrastructure resources or should it also handle the deployment of build artifacts too?

big-potato-91793

01/21/2021, 1:52 PM

getting this error this morning

✔ pulumi stack ls                                                                                                                                                                                       
error: error listing stacks: could not list bucket: blob (code=Unknown): RequestError: send request failed
caused by: Get "<https://s3.amazonaws.com/stack.json>": x509: failed to load system roots and no roots provided; SecTrustSettingsCopyCertificates error: -2070

any idea?

glamorous-helmet-50600

01/21/2021, 2:06 PM

Anyone having issues with the Azure provider? Looks like updating the AppSettings of an AppService doesn't work. I get :

panic: interface conversion: interface {} is nil, not map[string]interface {}

Even though the preview correctly detects what changes needed to be applied.

early-egg-62309

01/21/2021, 2:53 PM

Hi All, I'm getting an error which is stopping me from using pulumi to do anything useful. I have imported a new Azure stack into pulumi from an existing resource group, then created a csharp project and tried

pulumi preview

, but pulumi thinks the resources need to be replaced & stops with an error that the resources are protected. Surely if nothing has changed, then there is no need to replace? If I try to unprotect in the csharp project, then I still receive an error from

pulumi preview

, because the resource is still protected in the stack from the import. How do I unprotect the imported resource? Also, because the preview fails abruptly, I cannot see the replacement steps which pulumi thinks are needed, it seems to be null?

PS> pulumi preview --show-replacement-steps -v 3
Previewing update (bot)

View Live: <https://app.pulumi.com/wilsoncg/bot/bot/previews/c75fe0fb-9b27-4d6a-a068-4a7e53a694e0>

     Type                                                             Name                                  Plan        Info
     pulumi:pulumi:Stack                                              bot-bot                                           1 error
 +-  └─ azure-nextgen:alertsmanagement/latest:SmartDetectorAlertRule  Failure Anomalies - RachaelBot4wwyzn  replace     1 error

Diagnostics:
  azure-nextgen:alertsmanagement/latest:SmartDetectorAlertRule (Failure Anomalies - RachaelBot4wwyzn):
    error: Preview failed: refusing to delete protected resource 'urn:pulumi:bot::bot::azure-nextgen:alertsmanagement/latest:SmartDetectorAlertRule::Failure Anomalies - RachaelBot4wwyzn'

  pulumi:pulumi:Stack (bot-bot):
    error: preview failed

big-potato-91793

01/21/2021, 3:17 PM

I enter this bug for pulumi 2.18 https://github.com/pulumi/pulumi/issues/6163

broad-dog-22463

01/21/2021, 3:24 PM

Hi @big-potato-91793, does this work for you with Pulumi v2.17.2 ?

big-potato-91793

01/21/2021, 3:24 PM

yep

big-potato-91793

01/21/2021, 3:25 PM

I’m trying to downgrade but I ask someone on my team and he was able with v2.17.2

broad-dog-22463

01/21/2021, 3:28 PM

Please an you try it - the error to me suggests there is an issue on your local machine - alternatively, please can you tell me if the person on your team can try with 2.18.0 ?

big-potato-91793

01/21/2021, 3:29 PM

i’m still getting the error. Will try to ask them to used the new version and see if the problem is just with me

miniature-leather-70472

01/21/2021, 4:00 PM

I'm trying to set a value for the "IgnoreChanges" list based on the value of a property of the resource. This is an AKS cluster, and due to the way the Terraform provider works I need to Ignore Changes to the defaultNodePool.NodeCount value if defaultNodePool.autoscaler is set to true, but not if it is set to false. I'm struggling to do this due to IgnoreChanges expecting a List<string> and any operation I do to check the autoscaler resulting in an InputList<string>. I can get it to work if I wrap the whole AKS cluster creation in an apply, but that then causes me issues later when I want to set the parent of some other resources to be that AKS resources, as now this is an Output<KubernetesCluster> rather than just a Kubernetes cluster. Any better way to do this?

Title

miniature-leather-70472

01/21/2021, 4:00 PM

View count: 1