Hi there! I just got burned on something that was entirely my own fault, but I feel like Pulumi could have handled better. Long story short, in a single

pulumi up

I tried to both 1. rename a resource using

aliases

2. make a change to that same resource which caused it to be

replace

d This failed with

pending_operations

in the state file because I ended up with two different resources with the same alias at the same time. I guess the GCP and Kubernetes providers perform a

replace

by first creating the new resource and then deleting the old one? If so, I believe this will hit any resource which has any

aliases

defined, i.e., you don’t necessarily have to rename the resource at the same time as replacing it. I tried reproducing it in a local stack using the

@pulumi/random

provider, but I think that one replaces resources by deleting the old resource before creating the new one. For what it’s worth, I managed to make Pulumi show me this kind-of-strange diff:

pulumi preview
Previewing update (dev):
     Type                            Name                           Plan        Info
     pulumi:pulumi:Stack             pulumi-alias-replace-test-dev
 +-  ├─ random:index:RandomPassword  something_else                 replace     [diff: ~length]
 +-  └─ random:index:RandomPassword  pw                             replace

Resources:
    +-1 to replace
    1 unchanged

Here I’ve renamed the resource

pw

to

something_else

, added an alias, and at the same time changed the

length

of the RandomPassword which requires a

replace

operation. Does this ring a bell with anyone and/or is it worth a GitHub issue even though I haven’t been able to reproduce it (yet)?

I have a broken stack that's in between updates that I just want to destroy but it's stuck on trying to delete a vpc with resources. Is there a something like

pulumi nuke

which is a more forceful destroy? There are a lot of resources to delete by hand....

Had a general question about config/secrets. Is there any intention of supporting hashivault via direct secret lookup as opposed to the transit backend? We're using a combination of the transit (encrypted in the yaml) and a helper method to lookup things that might not necessarily be able to be encrypted in the YAML file (e.g. something from an existing K/V mount) without having to duplicate that secret into the YAML file. The secrets-as-local-configs is great and all, until you realize it just doesn't scale very well when a secret needs to be re-used multiple times across multiple stacks. Obviousliy there are a ton of ways to implement this.. For example, since we're using Python, I have a quick and dirty hvac implementation that does something like this:

def get_kv2_secret(self, mount_point: str, path: str) -> pulumi.Output:
        """
        Retrieve a KV2 secret based on the given path.

        This method actually returns a Pulumi Output future representing a
        secret so that the actual value is obscured until apply time.
        """

        output_secret = pulumi.Output.secret(
            self.hvac_client.secrets.kv.v2.read_secret_version(
                mount_point=mount_point, path=path
            )
        )

        return output_secret

But it would be nice to know what pulumi's roadmap is for supporting placeholder config values which are just references to the "real" K/V path in vault (similar to above^).

I have an issue where Pulumi hangs when I attempt to run

pulumi up

. It prints the

View Live: URL

but then it hangs. Any idea why?

Apparently it is not stuck, it is just unbearably slow. That’s a relatively small project. Is that how it is for everyone?

Also having trouble with a hang during a preview. Was on a late 2.x version, now on 3.2.1. Running a trace indicates it's stuck in planning. It didn't complete, it was cancelled. I may try just letting it run, but clearly something is wrong. Any suggestions on diagnosing?

Hey all, encountering a TypeScript error I’m not familiar with. I’m not experienced enough with TS to tell if this is a user error or a bug, but I’m pretty perplexed. I’m trying to set the

defaultTags

property on an

aws.Provider

, like so:

new aws.Provider(`my-provider`, {
    ...
    defaultTags: {
        "foo": "bar"
    }
});

I’m getting a type error on

defaultTags

, stating that

Object literal may only specify known properties, and '"foo"' does not exist in type 'Input<ProviderDefaultTags>'.

A type option for

Input<T>

is

T

, and the signature of

ProviderDefaultTags

is

{[key: string]: string}

So using an arbitrary string such as “foo”:“bar” should work. What am I missing?

@gifted-student-18589 this is so cool! 🙌🏽 https://twitter.com/doitadrian/status/1392413050528014337

What’s the best way to create “presets” in Pulumi in Python? For example, I want to create GCP projects with certain defaults (e.g. don’t create the default network), but I still want to allow end users to override those defaults and at the same time dont’ want to maintain a ton of boilerplate if I don’t have to.

Hi need help understanding how pulumi terraform bridge works all of our resource provisioning in aws is currently done via terraform i came across this git repo https://github.com/pulumi/pulumi-terraform-bridge is it possible to use our existing terraform scripts and deploy using pulumi ?

Is there a reason why some resources are allowed to have a colon in their Pulumi name, whereas others aren't? e.g.

Project

from `@pulumi/gcp/organizations`:

new Project('project:dev', { ...config })

is invalid, whereas

IAMBinding

from `@pulumi/gcp/projects`:

new IAMBinding('iam:my-role', { ...config })

is valid

is anyone else having the issue where

pulumi preview --diff

does not actually show the diff but only within arrays, e.g.

~ spec: {
          ~ template: {
              ~ spec: {
                  ~ containers: [
                      ~ [0]: {
                             // there should be something here but it's empty!!
                            }
                    ]
                }
            }
        }

Does Pulumi State Delete delete the resource in the cloud provider as well as from the stack? Manually deleted a parent resource hoping to create a replacement but left with lots of errors and issues so looking at deleting the child resources.

What’s a recommended recourse for manual deletion of parent resource from cloud provider? I manually deleted a resource and removed it from the code, but it has children resources that need to be deleted as well. When I try to run Pulumi up it tried to delete the children but fails saying the resource refers to a missing parents. Is there an easy workaround for this? Should I manually edit the stack and replace the parent resource with the stack as the parent? The end result I would like is to completely delete the resource and children from the cloud provider and stack.

I’m trying to create a test and getting the error “PromiseRejectionHandledWarning: Promise rejection was handled asynchronously”

import { Vpc } from '@pulumi/awsx/ec2';
import { describe, it } from 'mocha';

describe('Network', () => {
  const myvpc: Vpc = new Vpc('test', {
    cidrBlock: '10.0.0.0/16',
  });

  it('should use correct cidr address', (done) => {
    myvpc.vpc.cidrBlock.apply(vpc => {
      done();
    });
  });
});

full error is

Network
(node:84386) PromiseRejectionHandledWarning: Promise rejection was handled asynchronously (rejection id: 3)
(Use `node --trace-warnings ...` to show where the warning was created)
(node:84386) PromiseRejectionHandledWarning: Promise rejection was handled asynchronously (rejection id: 4)

Does anybody know what is happening here?

Hi, Is there a way to separate environment using different sub-folder keep the main file in the root folder and the for example project structure:

└── project
    ├── __main__.py
    ├── Pulumi.yaml
    └── environments
        └──PROD
            ├── Pulumi.prod1.yaml
            ├── Pulumi.prod2.yaml
        └──STG
            ├── Pulumi.stg1.yaml
            ├── Pulumi.stg2.yaml

Is there an easy way using Crosswalk with ECS to specify a container port that is different to the load balancer port of 80?

Hello Everyone! Is there any way to get a resource value from a chart? For instance, I'm using a Cilium chart, and I need to make some PSPs for Hubble UI. I don't want to hardcode the service account name, so I want to somehow take it from the chart I'm using in the code. Thanks!

I’m using

aws.cloudwatch.MetricAlarm

to create a resource and I keep getting

Type 'string' is not assignable to type 'Input<number>'.

for many of the inputs. Note, this is just the example listed on https://www.pulumi.com/docs/reference/pkg/aws/cloudwatch/metricalarm/

Does using

pulumi config set

do anything aside from updating the yaml file? Is it safe to update the yaml directly? (I've been assuming it is safe)

What's the difference between a

ComponentResource

and a function wrapping a group of resources? Why would you reach for one over the other?

So I'm trying to implement a dynamic resource provider to create an AWS resource with the

aws-sdk

because I want to use a feature that isn't available in the terraform/pulumi resources yet. I'm using explicitly created providers to assume roles to manage resources in multiple AWS accounts, but I can't figure out how to make sure my component resource is using credentials for the correct AWS account. I found this: https://www.pulumi.com/blog/dynamic-providers/#provider-credentials But I don't actually understand what that means in terms of, like, how to actually instantiate the AWS sdk resources with the correct credentials. Does anyone have an example of what this looks like in practice?

I tried passing

{ provider: myProvider }

as the

CustomResourceOptions

but that doesn't seem to do it.

Is there a way to get the Pulumi version in Typescript?

question about component resources and registering new outputs... is there special syntax for accessing those outputs later? I have code like this to register the output:

self.register_outputs({
    "endpoint":
    pulumi.Output.concat(
        "redis://",
        self.cluster.cache_nodes[0].address,
        ":",
        str(self.cluster.cache_nodes[0].port)
    )
})

but when I go to use it like this:

cache.endpoint

I end up with the following:

AttributeError: 'Cache' object has no attribute 'endpoint'

(this is all Python, BTW). Thanks in advance 🙇

Bit of a related question about patterns for managing `pulumi.Output`s... several AWS resources, to use an example, are configured by passing a JSON object as a string. Many times, the values in that JSON object are outputs from other resources. Often, you can do this pretty simply, like so:

role.arn.apply(lambda arn: json.dumps({"foo": arn}))

When you have multiple things that need to be interpolated, things get a little more complicated:

pulumi.Output.all(
   foo.arn,
   bar.arn,
   baz.arn
).apply(
    lambda args: json.dumps({
        "foo": args[0],
        "bar": args[1],
        "baz": args[2]
    })
)

While that's awkward, it's doable when you have all the `pulumi.Output`s that you need readily at hand. I'm using `ComponentResource`s to model my domain. In general, I'd like to be able to pass a dictionary of values into my

ComponentResource

, and then have it merge that with another dictionary of default values within the

ComponentResource

itself. Then, this merged dictionary would need to be converted into a JSON string to pass to the low-level Resource.

env = {
   "foo": "my_foo",
   "message": "hello world"
}

pulumi.Output.all(
   foo.arn,
   bar.arn,
   baz.arn
).apply(
    lambda args: json.dumps({
        "foo": args[0],
        "bar": args[1],
        "baz": args[2],
        **env
    })
)

If that inner "default values" dictionary is the one that contains the

pulumi.Output

values, then I can control things with

pulumi.Output.all

, as shown above. If I've got

pulumi.Output

values in that dictionary that I'm merging in, though, it's not clear how I can generically manage things. I'm curious if others have run into similar situations, or if people have some patterns for managing such data (generic, if possible; Python-specific works too). Thanks in advance.

Anyone know off-hand if a resource transformation, say with a kubernetes resource, can use a Promise/Output when assigning something to the map value, or does it have to run in a callback?

Also is there a way to preserve comments in the YAML config files with

pulumi config

or

pulumi update

etc?

It's kind of annoying having to move sections of markup into another file or not being able to temporarily turn off a config etc without pulumi coming through and wiping it away. I like the automatic format/cleanup but removing comments seems no bueno... not sure if it's easy to even implement that.

https://github.com/pulumi/pulumi/issues/5235#issuecomment-822354844 seems to be this issue