I0405 16:06:29.686814 70169 eventsink.go:59] AWS Auth provider used: “EnvProvider” I0405 16:06:29.686888 70169 eventsink.go:62] eventSink::Debug(<{%reset%}>AWS Auth provider used: “EnvProvider”<{%reset%}>) I0405 16:06:29.690785 70169 eventsink.go:59] Trying to get account information via iam:GetUser I0405 16:06:29.690801 70169 eventsink.go:62] eventSink::Debug(<{%reset%}>Trying to get account information via iam:GetUser<{%reset%}>) is where it gets stuck if I don’t skip the checks

How do you do something only when a resource is actually created or destroyed. Like say i'm generating a value and storing it in a db every time an ec2 is created. But i only want to actually store the value if pulumi is actively creating the resource (or dropping it if the resource is being destroyed) Seems like the only place i can do something like that is a dynamic provider, but that also just seems really heavy handed and like i'm missing some sort of ".on('create')" event or something

hi - trying to find an example of using automation API with s3 storage backend

Hi folks - I'm trying to configure my container-based CI system (Bitbucket pipelines) to deploy my Python3.9-based pulumi project (we're hoping to go to 3.10 soon) I'm using the

pulumi/pulumi-python:latest

image, but

pulumi preview

is throwing errors as that image uses Python 3.7. What's the best way to resolve this?

Can I use

upsert

for the pulumi github action with the

awskms

secret provider? I see there's an option to add

PULUMI_CONFIG_PASSPHRASE

as env var, but I don't see an env var for the secret-provider

is there a way of introducing and consuming stack-agnostic config secrets within or even across projects?

I would probably rely on an external secret store which I access "normally" for generic shared secrets.. i.e. vault or keyvault or stuff like that which is accessed programmatically and separately within the pulumi code.. i.e. mySecretVault = (connection to external secret), pulumiConfigNeedingSecret = mySecretVault.getCommonSecret("thing")

Say I want to create a re-usable Pulumi (TS) component that generates a Kubernetes

Deployment

,

Secret

, and

Service

What’s the best way of allowing alterations to them?

If I just generate & return the

Deployment

, if I want to make any amendments to the

spec.template.imagePullSecrets

, I have do something like

(((deployment.spec as appsv1.DeploymentSpec).template as corev1.PodTemplateSpec).spec as corev1.PodSpec).imagePullSecrets = []

Hey all, I have a client who wants to build in Equinix Metal now but pivot it all quickly to Azure when the local Azure DC is (eventually) built. Are there any specific guidelines/best practices/docs for quickly pivoting between cloud providers using Pulumi and CrossGuard, particularly EM to Azure? I'm lining up Kubes as the best option but any input is appreciated.

When using

pulumi state delete

is there a way to pass in multiple resources to delete from the state? Doing it one at a time is pretty slow.

Hello everyone! I was wondering, is there any way to initialize and use a Pulumi client from within my code? Meaning that instead of running

pulumi up

using the CLI, I'll have something like the following (python): main.py

from pulumi import client
from pulumi_aws import s3

# Initialize the Pulumi client
pulumi_client = PulumiClient()

# Provision a S3 bucket
web_bucket = s3.Bucket('s3-example-bucket')

pulumi_client.up()
pulumi_client.destroy()

Now instead of running

pulumi up

followed by a

pulumi destroy

, running this piece of code can be done by running:

python main.py

This is a very raw example, so please tell me if there's anything else you'd like me to elaborate on. Thanks in advance! :)

Hi! I have a question about Pulumi dynamic providers. I would like to manage some entities in my system (e.g. user accounts) via that system's REST API. I created a sample Pulumi program with dynamic provider implementation: https://gitlab.com/-/snippets/2101279 But I have some issues, for example: • my pulumi preview continuously shows some differences to the outputs (https://gitlab.com/-/snippets/2101279#LC1) - but in the diff there are no properties changed • I cannot see userId and password outputs (specified as outputs of my dynamic resource) to be included in the outputs (https://gitlab.com/-/snippets/2101279#LC20) • I am not sure how I should declare that the User.password output property is a secret - shall I use additionalSecretOutputs in the provider opts to the User super constructor call (at https://gitlab.com/-/snippets/2101279#LC124)?

Hi 👋! I need some help with Pulumi and GitHub actions. So far it's been working fine until recently I've been getting this error:

Run pulumi/actions@v2
  with:
    command: preview
    stack-name: ***
    work-dir: ./
    comment-on-pr: false
    parallel: 2147483647
    target-dependents: false
    refresh: false
    upsert: false
  env:
    NODE_ENV: production
    PULUMI_ACCESS_TOKEN: ***
    PULUMI_STACK_NAME: ***
    npm_config_yes: true
pulumi preview on ***
  Error: ENOENT: no such file or directory, open '/tmp/automation-logs-preview-WtufVl/eventlog.txt'

I looked around in the respective repos for any similar issues reported by the community but I couldn't find it. It looks like the Pulumi bot reports a success after this error.. so that's strange.

Hi everyone.

I was running through the getting started tutorial and decided to change it a bit to add an image into the html:

"use strict";
const fs = require("fs");
const pulumi = require("@pulumi/pulumi");
const aws = require("@pulumi/aws");
const awsx = require("@pulumi/awsx");
const htmlTemplate = `<!DOCTYPE html>
<html lang="en">
	<head></head>
	<body>
		<h1>Hi from Pulumi!</h1>
		<img src="{object}"></img>
	</body>
</html>`

// Create an AWS resource (S3 Bucket)
const bucket = new aws.s3.Bucket("my-bucket", {
    website: {
        indexDocument: "index.html"
    }
});
const imgObject = new aws.s3.BucketObject("roo.jpg", {
    bucket,
    source: new pulumi.asset.FileAsset("roo.jpg"),
    acl: "public-read",
    contentType: "image/jpeg"
})

const imgUrl = pulumi.interpolate`http://${bucket.bucketEndpoint}/roo.jpg`
const html = htmlTemplate.replace("{object}", imgUrl)
fs.writeFileSync("index.html", html)

const indexObject = new aws.s3.BucketObject("index.html", {
    bucket,
    source: new pulumi.asset.FileAsset("index.html"),
    acl: "public-read",
    contentType: "text/html"
})
// Export the name of the bucket
exports.bucketName = bucket.id;
exports.bucketEndpoint = pulumi.interpolate`http://${bucket.websiteEndpoint}`;

This produces the following html:

<!DOCTYPE html>
<html lang="en">
	<head></head>
	<body>
		<h1>Hi from Pulumi!</h1>
		<img src="Calling [toString] on an [Output<T>] is not supported.

To get the value of an Output<T> as an Output<string> consider either:
1: o.apply(v => `prefix${v}suffix`)
2: pulumi.interpolate `prefix${v}suffix`

See <https://pulumi.io/help/outputs> for more details.
This function may throw in a future version of @pulumi/pulumi."></img>
	</body>
</html>

Why is the interpolate for the bucket endpoint not working?

I changed bucketEndpoint to websiteEndpoint with no change on the output.

Exporting

pulumi.interpolate`http://${bucket.websiteEndpoint}/roo.jpg`

produces the correct result.

But the html is not correct.

So I got the image src working by using relative addressing which is a workaround. The interpolate still does not work and I don't really understand why. I suspect it is an async issue with promises.

Let me know if I should redirect this to another channel but I have a quick eks node group question. In typescript, when defining an eks.NodeGroup, I need to define the following but not quite sure where it goes.

kubeletExtraConfig:
      kubeReserved:
        memory: "64Mi"
      kubeReservedCgroup: "/kube-reserved"
      systemReserved:
        memory: "13Mi"
      evictionHard:
        memory.available:  "25Mi"
      featureGates:
        DynamicKubeletConfig: true

I do have this context for the "kubeletExtraArgs"

No value exists in scope for the shorthand property 'kubeletExtraArgs'. Either declare one or provide an initializer.ts(18004)

Is there a way to prevent accidental deletion of resources created by Pulumi? Also, what happens if the metadata is lost? for example, say I store my Pulumi state at Google Cloud Storage and the storage bucket gets deleted - what happens to the resources created?

If I store password using

PULUMI_CONFIG_PASSPHRASE_FILE

, how safe would be so store ciphertext publicly? Didn't look at code/docs, which encryption does it use? This question also applys if i store it with KMS (gcp/aws)?

Hmm, changing a property on an imported

Pulumi.AzureNative.Web.WebApp

is causing

pulumi preview

to seemingly hang indefinitely. It prints the resource and shows there's a diff, but then never finishes.

-v=9

shows a ton of

Registering resource monitor end

at the end of the logs which sounds like it's doing everything it needs to, but just never finishing up the preview. Any ideas on what to do?

Scratch that, entirely my fault. Had some async tasks not completing.