https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • w

    wide-jackal-86020

    05/07/2021, 1:00 PM
    The problem AWS account
    arn:aws:sts::228886564947:assumed-role/AmazonLightsailInstanceRole/i-04f5fe371a036054d
    seems to be an account that running the light sail, It's even not my account. I am running the deployment on a light sail instance. My understanding is instance role is of lower priority than the configuration in the
    .aws
    folder. What makes the project on the right side to choose the instance role?
  • w

    wide-jackal-86020

    05/07/2021, 1:03 PM
    Thank you Tenwit, please see my new post in the channel
  • c

    cuddly-pharmacist-11587

    05/07/2021, 2:20 PM
    Hi all - I'm still new to Pulumi, and probably getting over my head a bit. But, I'm looking for a way to use Pulumi to drive my setup of cloud based software such as FiveTran. My approach was to extend ResourceProvider and implement the create method, calling a REST API using the python "requests" library. However, when I do this, I get an exception:
    RuntimeWarning: coroutine 'invoke.<locals>.do_rpc' was never awaited
    Here's the question on stackoverflow, in case anyone has an answer or suggestion as to what I'm doing wrong here: https://stackoverflow.com/questions/67335936/how-do-you-write-a-pulumi-provider-that-makes-a-rest-api-request-in-pytyon
    r
    • 2
    • 5
  • c

    chilly-computer-89246

    05/07/2021, 8:05 PM
    Hey folks, I am interested in evaluating Pulumi for my organization, but have a question surrounding provider credentials. In my ideal workflow I would like to provision a very capable IAM role for Pulumi but prevent those credentials from being used/abused outside of the Pulumi plan/apply workflow. Does anyone know if there is a simple way to provide a remote-run/remote-execute environment for Pulumi? Or any way to shield/hide these powerful provider credentials? Thanks in advance! 🙏
    l
    s
    • 3
    • 3
  • m

    miniature-advantage-31279

    05/08/2021, 7:38 AM
    Hi guys, wondering how to get existing ALB in Pulumi
    <https://www.pulumi.com/docs/guides/crosswalk/aws/elb/>
    
    # what is the equivalent code for existing ALB?
    const alb = new awsx.lb.ApplicationLoadBalancer("web-traffic");
    • 1
    • 1
  • c

    clever-lawyer-94920

    05/09/2021, 11:08 AM
    Is there a way to enable
    ephemeral containers
    in a kubernetes cluster created using eks?
  • b

    boundless-byte-83231

    05/10/2021, 12:47 AM
    hello
  • b

    boundless-byte-83231

    05/10/2021, 12:48 AM
    Just wanted to check , when pulumi will start supporting Java ?
    l
    • 2
    • 2
  • g

    glamorous-tailor-34913

    05/10/2021, 4:53 AM
    hello. i'm not getting invitation emails, email verification mails from pulumi. when i click on the resend verification email button on my email address in pulumi, i never receive any email. how do i fix this?
    b
    • 2
    • 2
  • b

    busy-honey-73811

    05/10/2021, 12:29 PM
    I have a lot of
    dangling
    Pulumi resources in my (TypeScript) stacks, resources which are created but not used as input to any other resource and which are neither added to any output nor returned from the main inline function (using the automation api). Looking at many Pulumi examples this seems to be a common pattern. Think of something like this:
    function createBucket() {
       // Create AWS S3 Bucket but do neither output nor return it. It is also not used 
       // as input to any other resource.
       new Bucket("myBucket", {...});
    }
    However, rather often I observe that such resources are not created on first stack deployment resp. are delete on later stack updates. It looks like it depends on some “race condition” (timing issue) whether those resources are registered by the Pulumi runtime or not. Usually adding such
    dangling
    resources as dependency to another resource (using
    dependsOn
    ), or alternatively making it a stack output resp. returning it from the main inline function resolves that (racy) problem. Now I am wondering, is this expected behaviour when using Pulumi with TypeScript/NodeJs or is this a bug in Pulumi?
    c
    d
    w
    • 4
    • 12
  • b

    billowy-laptop-45963

    05/10/2021, 4:29 PM
    Is there a tool already that given a state file will generate the code for it?
    b
    • 2
    • 2
  • n

    nutritious-battery-42762

    05/10/2021, 4:37 PM
    Hey, how do i use an existing ecs cluster by cluster id?
    b
    • 2
    • 9
  • l

    little-cartoon-10569

    05/11/2021, 3:02 AM
    My heretofore fully-working project is now complaining that Error: The root stack resource was referenced before it was initialized. What sort of thing should I be looking for in diagnosing this?
    • 1
    • 2
  • b

    billowy-laptop-45963

    05/11/2021, 3:18 AM
    when using integration tests, how do I decode stack outputs that are secrets?
  • b

    billowy-laptop-45963

    05/11/2021, 3:27 AM
    nm I have to upgrade my testing library
  • i

    important-leather-51045

    05/11/2021, 4:08 AM
    Who can help me setting Azure pipeline with self-hosted Pulumi state in Azure blob ?
  • p

    proud-art-41399

    05/11/2021, 6:32 AM
    Hi, let's say I have a part of my infrastructure provisioned by Pulumi while the rest is not. Some services from the non-provisioned part need to access resources that are Pulumi-managed (e.g. they need to call Lambdas). What's the best / most aligned way how to reference those provisioned resources? What comes to my mind: • Name those Pulumi-provisioned resources explicitly (i.e. don't use auto-naming). • Use auto-naming but then store the names somewhere (e.g. SSM Parameter Store, but then I'd need to name the parameters' paths explicitly). • Maybe just stick to knowing which project/stack the resources are managed by and somehow ask for the outputs (but I don't know how to achieve this at the moment). Thanks for hints!
    b
    s
    • 3
    • 12
  • r

    ripe-room-94618

    05/11/2021, 8:24 AM
    Hello there - I am using aws-typescript. Doing first basic provisioning of EC2 instances, and the name of the instances is not getting set on creation? I would assume the resource name is used as the VM name? no other args to tap into to be able to set the EC2 instances name either as far as I can tell.
    p
    • 2
    • 3
  • b

    boundless-angle-56560

    05/11/2021, 1:12 PM
    Hi, had one question about AWS ECS. According to this article, it is possible on ECS to run a standalone task. But it seems that pulumi only supports attaching task to a service. Does anybody know if Pulumi can do that ?
    b
    • 2
    • 9
  • w

    worried-boots-97291

    05/11/2021, 1:37 PM
    message has been deleted
  • r

    red-football-97286

    05/11/2021, 3:06 PM
    Is yarn 2 supported?
    f
    • 2
    • 2
  • r

    ripe-knife-11053

    05/11/2021, 4:27 PM
    Hey all, is there a Pulumi module available somewhere for setting up all the required GCS resources to host your own state?
    b
    • 2
    • 16
  • m

    many-psychiatrist-74327

    05/11/2021, 5:39 PM
    👋 hello! qq: what’s the recommended approach of reading a secret from another project? context: my project
    infra
    exports a
    kubeconfig
    for a kubernetes cluster (and it’s a secret), and my project
    services
    reads it, creates a
    k8s.Provider
    and uses that to provision my services in the cluster. I cannot use
    StackReference.getOutputValue()
    because the output is a secret. If I use
    StackReference.getOutput()
    , then I have to do
    Output.apply()
    to transform it into a
    Output<k8s.Provider>
    . But the k8s resources only takes `k8s.Provider`s, not `Output<k8s.Provider>`s… so.. I guess one option is to put everything inside the
    apply()
    call.. but that’s undesirable. I’m wondering if there’s a cleaner way
    p
    • 2
    • 3
  • b

    broad-helmet-79436

    05/11/2021, 6:06 PM
    Hi there! I just got burned on something that was entirely my own fault, but I feel like Pulumi could have handled better. Long story short, in a single
    pulumi up
    I tried to both 1. rename a resource using
    aliases
    2. make a change to that same resource which caused it to be
    replace
    d This failed with
    pending_operations
    in the state file because I ended up with two different resources with the same alias at the same time. I guess the GCP and Kubernetes providers perform a
    replace
    by first creating the new resource and then deleting the old one? If so, I believe this will hit any resource which has any
    aliases
    defined, i.e., you don’t necessarily have to rename the resource at the same time as replacing it. I tried reproducing it in a local stack using the
    @pulumi/random
    provider, but I think that one replaces resources by deleting the old resource before creating the new one. For what it’s worth, I managed to make Pulumi show me this kind-of-strange diff:
    pulumi preview
    Previewing update (dev):
         Type                            Name                           Plan        Info
         pulumi:pulumi:Stack             pulumi-alias-replace-test-dev
     +-  ├─ random:index:RandomPassword  something_else                 replace     [diff: ~length]
     +-  └─ random:index:RandomPassword  pw                             replace
    
    Resources:
        +-1 to replace
        1 unchanged
    Here I’ve renamed the resource
    pw
    to
    something_else
    , added an alias, and at the same time changed the
    length
    of the RandomPassword which requires a
    replace
    operation. Does this ring a bell with anyone and/or is it worth a GitHub issue even though I haven’t been able to reproduce it (yet)?
    b
    • 2
    • 4
  • b

    billowy-laptop-45963

    05/11/2021, 6:58 PM
    I have a broken stack that's in between updates that I just want to destroy but it's stuck on trying to delete a vpc with resources. Is there a something like
    pulumi nuke
    which is a more forceful destroy? There are a lot of resources to delete by hand....
  • g

    gorgeous-minister-41131

    05/11/2021, 7:47 PM
    Had a general question about config/secrets. Is there any intention of supporting hashivault via direct secret lookup as opposed to the transit backend? We're using a combination of the transit (encrypted in the yaml) and a helper method to lookup things that might not necessarily be able to be encrypted in the YAML file (e.g. something from an existing K/V mount) without having to duplicate that secret into the YAML file. The secrets-as-local-configs is great and all, until you realize it just doesn't scale very well when a secret needs to be re-used multiple times across multiple stacks. Obviousliy there are a ton of ways to implement this.. For example, since we're using Python, I have a quick and dirty hvac implementation that does something like this:
    def get_kv2_secret(self, mount_point: str, path: str) -> pulumi.Output:
            """
            Retrieve a KV2 secret based on the given path.
    
            This method actually returns a Pulumi Output future representing a
            secret so that the actual value is obscured until apply time.
            """
    
            output_secret = pulumi.Output.secret(
                self.hvac_client.secrets.kv.v2.read_secret_version(
                    mount_point=mount_point, path=path
                )
            )
    
            return output_secret
    But it would be nice to know what pulumi's roadmap is for supporting placeholder config values which are just references to the "real" K/V path in vault (similar to above^).
  • e

    elegant-pager-5412

    05/12/2021, 2:44 PM
    I have an issue where Pulumi hangs when I attempt to run
    pulumi up
    . It prints the
    View Live: URL
    but then it hangs. Any idea why?
    c
    • 2
    • 1
  • e

    elegant-pager-5412

    05/12/2021, 2:48 PM
    Apparently it is not stuck, it is just unbearably slow. That’s a relatively small project. Is that how it is for everyone?
    s
    l
    • 3
    • 2
  • f

    fast-whale-9064

    05/12/2021, 2:58 PM
    Also having trouble with a hang during a preview. Was on a late 2.x version, now on 3.2.1. Running a trace indicates it's stuck in planning. It didn't complete, it was cancelled. I may try just letting it run, but clearly something is wrong. Any suggestions on diagnosing?
    c
    g
    • 3
    • 17
  • b

    bitter-island-28909

    05/12/2021, 3:46 PM
    Hey all, encountering a TypeScript error I’m not familiar with. I’m not experienced enough with TS to tell if this is a user error or a bug, but I’m pretty perplexed. I’m trying to set the
    defaultTags
    property on an
    aws.Provider
    , like so:
    new aws.Provider(`my-provider`, {
        ...
        defaultTags: {
            "foo": "bar"
        }
    });
    I’m getting a type error on
    defaultTags
    , stating that
    Object literal may only specify known properties, and '"foo"' does not exist in type 'Input<ProviderDefaultTags>'.
    A type option for
    Input<T>
    is
    T
    , and the signature of
    ProviderDefaultTags
    is
    {[key: string]: string}
    So using an arbitrary string such as “foo”:“bar” should work. What am I missing?
    r
    b
    • 3
    • 6
Powered by Linen
Title
b

bitter-island-28909

05/12/2021, 3:46 PM
Hey all, encountering a TypeScript error I’m not familiar with. I’m not experienced enough with TS to tell if this is a user error or a bug, but I’m pretty perplexed. I’m trying to set the
defaultTags
property on an
aws.Provider
, like so:
new aws.Provider(`my-provider`, {
    ...
    defaultTags: {
        "foo": "bar"
    }
});
I’m getting a type error on
defaultTags
, stating that
Object literal may only specify known properties, and '"foo"' does not exist in type 'Input<ProviderDefaultTags>'.
A type option for
Input<T>
is
T
, and the signature of
ProviderDefaultTags
is
{[key: string]: string}
So using an arbitrary string such as “foo”:“bar” should work. What am I missing?
r

rich-farmer-40546

05/12/2021, 3:46 PM
Remove that quotes on “foo”
b

bored-oyster-3147

05/12/2021, 3:47 PM
^, it's a JS object declaration
b

bitter-island-28909

05/12/2021, 3:49 PM
new aws.Provider(`my-provider`, {
    ...
    defaultTags: {
        foo: "bar"
    }
});
No, that’s not it: this returns a similar error:
Object literal may only specify known properties, and 'foo' does not exist in type 'Input<ProviderDefaultTags>'.
r

rich-farmer-40546

05/12/2021, 3:54 PM
This looks like what it’s expecting: https://www.pulumi.com/docs/reference/pkg/aws/provider/#providerdefaulttags
b

bored-oyster-3147

05/12/2021, 3:55 PM
oh it wants the tags property maybe? so:
defaultTags: {
   tags: {
       foo: "bar"
   },
}
👏 1
b

bitter-island-28909

05/12/2021, 4:01 PM
That was it. Thank you! This makes sense when reading the source code for the Provider DefaultTags type… it wasn’t clear that there was an additional layer of structure from the error message or the in-browser type hints.
👍 2
View count: 3