breezy-apartment-46543
03/12/2021, 7:54 PMworried-knife-31967
03/12/2021, 8:23 PMworried-knife-31967
03/12/2021, 8:24 PMclever-plumber-29709
03/12/2021, 8:40 PMpulumi.stack.yml
config:
proj:data:
services:
foo: bar
priv:
secure: AAABAB+T(...)sEmx8=
__main__.py
import pulumi
conf = pulumi_config.require_object("data")
This conf, is a dict, but pulumi correctly recognizes that inside there is a secret. if i print it shows:
{'foo': 'bar', 'priv': '[secret]'}
So i want to iterate over this dic, and do something on the secrets, but i'm not sure how to know. python thinks it is a str.
print(conf["services"]["priv"])
print(type(conf["services"]["priv"]))
[secret]
<class 'str'>
better-shampoo-48884
03/13/2021, 8:49 AMbetter-shampoo-48884
03/14/2021, 8:56 AMpulumi destroy
in such a way that I destroy all the resources in the stack that are not protected (or for which protected is not dependent on)? As it stands now I've got 19 resources, of which there are 2 protected - the resource group itself and an azure KeyVault (such a pain to pingpong it up and down). I can't do pulumi destroy because it would delete the protected resources which is not permitted. I do not feel like finding and exporting the URNs of the remaining 17 resources and chaining a --target "urn". Any other way that anyone has figured out?better-shampoo-48884
03/14/2021, 2:16 PMpulumiĀ newĀ azure-typescriptĀ --secrets-providerĀ <azurekeyvault://n00531.vault.azure.net/keys/pulumi-secrets>Ā --logflowĀ --logtostderrĀ --verboseĀ 9
Results in a typical flow, and I have created the key "pulumi-secrets", and the KeyVault was created by a stack (with local secrets and backend), but trying to set up a new stack like the command above results in this:
created stack 'sdfsf'
Sorry, could not create stack 'sdfsf': secrets (code=Unknown): azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to https://(myvaultname).<http://vault.azure.net/keys/pulumi-secrets//encrypt?api-version=7.0|vault.azure.net/keys/pulumi-secrets//encrypt?api-version=7.0>: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Get "<http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net>": dial tcp 169.254.169.254:80: connectex: A socket operation was attempted to an unreachable network.'
I'm actually fairly curious as to where that IP for the refresh token is coming from.. I've had no such problems running pulumi up
just by being logged in by virtue of az cli..
(Edit: resolved - I did the hard work of doing everything except reading the last line of https://www.pulumi.com/docs/intro/concepts/secrets/#azure-key-vault where it tells me that if I want to use az cli auth with keyvault secrets I need to set AZURE_KEYVAULT_AUTH_VIA_CLI
to true
.)gray-nail-14734
03/14/2021, 4:00 PMAzure-Native
and trying to create an AKS cluster. All is good, until I try to set up my PodIdentityProfile
. In the AZ CLI, PodIdentity is set up in a separate step, and the Pulumi Azure-Native resource seems to follow the same paradigm. However, I can't seem to figure out how to set up my UserAssignedIdentity
after my ManagedCluster
is created. I've tried GetManagedCluster
, but the profile is an ImmutableArray
. I've tried creating a new resource (using the same name and resource group) but get a conflict.
Is there a recommended way to perform updates on existing resources? I'm looking through the Pulumi docs and don't really see this. I see how to create and destroy, but update isn't called out in many places.
BTW, I'm using C# in my scripts.
Thank you in advance for any guidance here!clever-cartoon-41433
03/14/2021, 5:16 PMbetter-shampoo-48884
03/14/2021, 5:20 PM--logflow --tracing=file:./tracefile --verbose 9
to the end of the command, then you can look through the tracefile with PULUMI_DEBUG_COMMANDS=1 pulumi view-trace ./tracefile
to see where it might be hangingbetter-shampoo-48884
03/14/2021, 5:21 PMclever-cartoon-41433
03/14/2021, 5:21 PMbetter-shampoo-48884
03/14/2021, 5:23 PM--logtostderr
to get more logs in the console.clever-cartoon-41433
03/14/2021, 5:23 PMclever-cartoon-41433
03/14/2021, 5:23 PMbetter-shampoo-48884
03/14/2021, 5:24 PMbetter-shampoo-48884
03/14/2021, 5:25 PMbetter-shampoo-48884
03/14/2021, 5:26 PMbetter-shampoo-48884
03/14/2021, 5:56 PMpulumi stack export
as well for safety, so that was good..better-shampoo-48884
03/14/2021, 5:57 PMbetter-shampoo-48884
03/14/2021, 5:57 PMbetter-shampoo-48884
03/14/2021, 6:10 PM.pulumi\stacks
directory ;))clever-cartoon-41433
03/14/2021, 6:42 PMwet-noon-14291
03/14/2021, 10:09 PMdestroy
doesn't seem to delete the stack, just the resources so I still see the empty stack in the UI.straight-cartoon-24485
03/15/2021, 2:21 AMpulumi refresh
ing, but the same error pops up(!))
$ pulumi up -fy
[...]
kubernetes:<http://helm.sh/v3:Chart|helm.sh/v3:Chart> (in):
error: resource complete event returned an error: failed to verify snapshot: child resource urn:pulumi:omega::haze::kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:<http://helm.sh/v3:Chart::mesh-viz|helm.sh/v3:Chart::mesh-viz> refers to missing parent urn:pulumi:omega::haze::kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace::linkerd-viz
so it claims mesh-viz
chart URN exists, yet it doesn't...
$ pulumi state delete urn:pulumi:omega::haze::kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:core/v1:Namespace$kubernetes:<http://helm.sh/v3:Chart::mesh-viz|helm.sh/v3:Chart::mesh-viz>
warning: This command will edit your stack's state directly. Confirm? Yes
error: No such resource "urn:pulumi:omega::haze::kubernetes:core/v1:Namespace:core/v1:Namespace:core/v1:Namespace:core/v1:Namespace:<http://helm.sh/v3:Chart::mesh-viz|helm.sh/v3:Chart::mesh-viz>" exists in the current state
Not able to escape this race conditions. I also can't delete the inexistent parent either šeager-lion-7694
03/15/2021, 5:24 AM--target
option of pulumi destroy
?big-apartment-95438
03/15/2021, 3:19 PMworried-knife-31967
03/15/2021, 3:57 PMworried-knife-31967
03/15/2021, 5:58 PMinit
a new stack in that solution I'm deploying?purple-salesclerk-87141
03/15/2021, 6:12 PMnew pulumi.Config("aws").require("aws-key")
This is how I'm building my image now.
image: awsx.ecs.Image.fromDockerBuild(stackName, {
context: './..',
dockerfile: './app/Dockerfile',
args: {
'APP_ENV': environment
}
}),
purple-salesclerk-87141
03/15/2021, 6:12 PMnew pulumi.Config("aws").require("aws-key")
This is how I'm building my image now.
image: awsx.ecs.Image.fromDockerBuild(stackName, {
context: './..',
dockerfile: './app/Dockerfile',
args: {
'APP_ENV': environment
}
}),
faint-table-42725
03/15/2021, 7:10 PMaws.config.<var>
(where aws
is import * as aws from "@pulumi/aws"
)purple-salesclerk-87141
03/16/2021, 1:00 AMbusy-magazine-48939
03/16/2021, 6:29 AM## .github/pr.yml
- name: Preview pulumi infra
uses: <docker://pulumi/actions>
with:
args: preview
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}
PULUMI_CI: pr
PULUMI_ROOT: pulumi
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
image: awsx.ecs.Image.fromDockerBuild(stackName, {
context: './..',
dockerfile: './app/Dockerfile',
args: {
'APP_ENV': environment
},
environment: {
'AWS_REGION': (process.env['AWS_REGION'] as string) || aws.config.region,
'AWS_ACCESS_KEY_ID': (process.env['AWS_ACCESS_KEY_ID'] as string) || aws.config.accessKey,
'AWS_SECRET_ACCESS_KEY': (process.env['AWS_SECRET_ACCESS_KEY'] as string) || aws.config.secretKey,
}
})
purple-salesclerk-87141
03/16/2021, 9:04 AM