Anybody able to take a quick look at this? https://github.com/pulumi/pulumi/issues/7043

I'm busy upgrading from the

azure-nextgen

to

azure-native

and it wants to re-create the resource group. Is there a way I can force pulumi to think those are the same resource groups?

#tf2pulumi I am getting error when trying to convert terraform to Pulumi. https://github.com/pulumi/tf2pulumi/issues/235

Is there a way to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws with Pulumi?

Hi all, I am having the following error:

aws:lambda:Function (data-feed-property-data-fetcher):
    error: 1 error occurred:
        * error creating Lambda Function (1): InvalidParameterValueException: The provided execution role does not have permissions to call SendMessage on SQS
    {
      RespMetadata: {
        StatusCode: 400,
        RequestID: "1ca54399-576d-40bc-829a-c2c31790fd72"
      },
      Message_: "The provided execution role does not have permissions to call SendMessage on SQS",
      Type: "User"
    }

as per AWS docs, I have attached the following policy:

arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole'

but I got the same error. I am using the latest version of pulumi and aws in node.

Hi. I'm trying to create an Azure FrontDoor in C# but there doesn't appear to be any way to create e.g. Health Probe Settings and pass those into the Backend Pool. I've tried instantiating the Health Probes prior to calling the create for the FrontDoor but this doesn't create a reference in Pulumi. I get this error: 'FrontdoorEntityV2.BackendPools[0].Properties.HealthProbeSettings.Id' is required but it was not set; The same problem occurs for Load balancing and the backend pools & frontend endpoints in the routing rules. Am I missing a step somewhere, or is this just not possible? The demo code shows the ID as a string making reference to the resources but these don't exist yet so how do I populate that string with e.g. the front door Id?

Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontDoors/frontDoor1/frontendEndpoints/frontendEndpoint1",

Hello All! I'm somewhat new to Pulumi, so plz bear with me on a possible dumb question. I am trying to create an Identity Platform provider on Google Cloud. I want to only use Email/Password as the Identity Provider. In the documentation (and corresponding code), it states a list of accepted providers. There is no option for Email/password, like in the UI on GCP (see image). Am I missing something or is it not possible with Pulumi?

Not sure I asked this already but is POSH on the roadmap for lang support?

Is it possible to achieve

dependsOn

behavior for Functions? For example, I would like

listManagedClusterAdminCrdenetials

(Doc) to wait for the managed cluster to be created.

I am writing an aws.lambda.CallbackFunction that must be passed some output values from resources created in order to make calls to the aws api. These parameters are passed in as `pulumi.Input`s. What is the canonical way to unwrap these values from their Input implementation?

pulumi.output(queueUrl).get()

? More context in thread.

If you're logged into Pulumi locally (

pulumi login --local

), what would be the value to use for

organization

in a fully-qualified StackReference?

Hi Looking for help on how to use terraform provider with pulumi i need some help understanding https://github.com/pulumi/pulumi-tf-provider-boilerplate

👋 hello! I have a question about auth. I have a Pulumi project which creates a bunch of resources in GCP using a service account. Among those, it creates a kubernetes cluster. Then, I want to create k8s resources, but I’m getting a lot of permission errors because pulumi is trying to use the user configured under

gcloud

in the current machine (which makes sense, because I believe the kubeconfig for the clusters defers to the

gcloud

command for auth). Is there a way to explicitly tell pulumi to use the same service account it used for creating the GCP resources? I tried setting

GOOGLE_CREDENTIALS

but the behavior didn’t change. Thanks

Hi, I'm trying to set up Aiven SAML authentication with Azure AD, both products supported by official Pulumi providers. The problem I'm facing is that I first need to create the aiven.AccountAuthentication resource, then create the azuread.AzureAdApp resource based on the previous step, then I need to modify the first resource with information I got from the second. Pulumi will complain if I try to mess with the same resource twice. Any ideas?

Does anyone know if Pulumi supports triggering step functions in event bridge? Looks like they have a bunch of targets hard coded in their

aws.cloudwatch.EventTarget

type like

sqsTarget

, but nothing explicitly mentioning step functions

Has anyone managed to build a pulumi project with a template hosted in AWS CodeCommit?

pulumi new <https://git-codecommit>

gives me an

error: authentication required

.

Can I somewhere find more docs or examples on how to wrap/bridge a TF provider for Pulumi? https://github.com/pulumi/pulumi-terraform-bridge and https://github.com/pulumi/pulumi-tf-provider-boilerplate still leave me confused about what I actually have to do to wrap an existing provider 😅

Hi! I wanted to play with writing my first native Pulumi provider but I got blocked with this issue: https://github.com/pulumi/pulumi-provider-boilerplate/issues/4 Any pointers what I should check etc? I checked and node_modules/@pulumi/pulumi directory does exist and there were no errors when I run

npm install

Also some time ago when I was going through the boilerplate code I had a few questions. Is there any chance to get any answers? https://pulumi-community.slack.com/archives/C84L4E3N1/p1619768167173400

When using the github provider you need to provide a personal access token (PAT), is there an easy way to create a PAT that isn't connected to a "real" user? Ideally, I as an admin, would like to create a token that I can use with pulumi that isn't connected to me or anyone else, but I still want to control what that token can be used for. I can of course create a "dummy" user, but that feels strange and I don't think I'm the only one that would like to have this. I know pulumi can't fix it if the issue if github doesn't support it, I'm just wondering if I've missed something and that it is already possible to create a PAT that isn't attached to a user.

Hi, I have common configurations for a program that I want to share across my stacks. I don't want to repeat the same configurations so what we're thinking of doing is creating a common config file that our pulumi program reads in first which can be overridden by values in the pulumi.[stack].yaml file. I would like to have these common configs show up configuration entries in the pulumi console but the pulumi.Config api doesn't have any methods to do set/create configs. I believe the automation api has a way to do this but i'm not sure if this would be the right approach. any suggestions?

Disclaimer: I'm not experienced with Pulumi. I have a problem setting up a Kubernetes

Service

for a

Statefulset

- postgresql to be more specific.

Statefulset

is created and pods appear as expected and based from logs etc everything is just fine including volume bindings etc. This is also true from Pulumi side when running

pulumi up

to an empty cluster.

Service

creation hangs up however and it finally gives up with the following error:

kubernetes:core/v1:Service (postgres):
    error: 2 errors occurred:
        * the Kubernetes API server reported that "default/postgres" failed to fully initialize or become live: 'postgres' timed out waiting to be Ready
        * Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods

I am however absolutely certain that yes, there are specified nodes available and also that those pods are indeed running. I've been banging my head against the wall with this problem for some time now and would appreciate ideas. As an interesting detail if running

pulumi up

again also the

Statefulset

update seems to hang. I'll provide code snippets regarding this issue to a thread under this message.

Stylistic question (that is maybe actually a Python question, but perhaps is more broadly applicable): when creating resources like IAM policy attachments, I like to create a descriptive name for the resource (the logical Pulumi resource, not the concrete AWS resource) like

"grant-<ROLE_NAME>-permissions-on-X"

. Resources don't expose their logical name directly, but do expose them (at least in Python) with a "private" property

_name

. The information seems to always be available (since Resource names are strings, and not

pulumi.Output[str]

, so it seems "safe" from that perspective, at least). Will I be sent to Programmer Jail for doing this? Is there any thought to formally exposing the logical resource name as an officially blessed read-only property that we can use to generate additional names (or is there already a way to do this that I've missed)? Thanks 🙇

I have a staging and production stack managing infrastructure in the same AWS account, but I only want a single elastic container registry resource between both stacks. I can’t simply remove the ECR resource from the staging stack because a bunch of other staging resources reference it. I also tried forcing staging to use the same ECR repo name as production, but that complained that the resource already existed when I ran

pulumi up

. Any guidance here?

I'm trying to build a container image using

pulumi_docker.Image

, passing

"DOCKER_BUILDKIT": "1"

in the

pulumi_docker.DockerBuild

env

argument, as documented (https://www.pulumi.com/docs/reference/pkg/docker/image/#dockerbuild) to enable BuildKit support, but my image builds are failing with errors like

error: the --mount option requires BuildKit. Refer to <https://docs.docker.com/go/buildkit/> to learn how to build images with BuildKit enabled

which suggests that BuildKit somehow isn't being used. Has anyone else been successful with a BuildKit-enabled image build?

Hi all! I'm using

docker.RegistryImage

to have a bit more control over the docker build, following @faint-table-42725’s example in #132, but I'm not getting any logs from docker now, just:

docker:index:RegistryImage  registry-image-for-deps  creating...

Do I need to configure logging explicitly for

RegistryImage

?

Hey folks, hope this is the right avenue for reporting what I think is a bug: In our eks node group settings, we had

ignore_changes=["scaling_config.desired_size"]

(this is in python). Unfortunately, this is not the string you can use to ignore changes to the desired_size setting. You have to use ``ignore_changes=["scalingConfig.desiredSize"]`` instead. Which we learned when our node groups all got sized to one node each after applying an unrelated update.

Running into a really weird issue where my multi-layer build caches correctly when I run

pulumi up

locally, but re-builds each layer with no caching when run in GitHub Actions. Excerpt from Pulumi `index.ts`:

const image = repo.buildAndPushImage({
  target: 'app',
  cacheFrom: { stages: ['deps', 'files', 'app'] },
  context: '../',
})

Dockerfile is essentially:

FROM external.image as deps
# install dependencies

FROM deps as files
# copy in some files, precompile assets

FROM files as app
# copy in other files, build app

When run locally, it builds each layer and uploads to the repo. When I run it in GitHub Actions, it does this: • builds

deps

• builds

deps

again as part of building

files

• builds

files

• builds

deps

again as part of building

app

• builds

files

again as part of building

app

• builds

app

Not sure why caching is failing to work only in CI. Any thoughts?

I am also having and issue where I am able to build docker images locally with

pulumi up

but fails to build on Buildkite. To tell you more about what I have going on... I have the following `ComponentResource`:

class ECRRepo(ComponentResource):        
    ComponentResource.__init__(
    self, "awsx:ecr:ECRRepo", name, {
    "name": name,
    "docker_build_dir": docker_build_dir,
    "docker_image": docker_image,
    "extra_protected_tags": extra_protected_tags,
    "image_tag_mutability": image_tag_mutability,
    "max_images": max_images,
    "scan_on_push": scan_on_push,
    "tags": tags
    }, opts)

Here's how I grab registry information:

class ECRRepo(ComponentResource):
    @staticmethod
    def get_registry_info(rid):
        creds = ecr.get_credentials(registry_id=rid)
        decoded = base64.b64decode(creds.authorization_token).decode()
        parts = decoded.split(':')
        if len(parts) != 2:
            raise Exception("Invalid credentials")
        return ImageRegistry(creds.proxy_endpoint, parts[0], parts[1])

Here's how I'm creating a repo:

def _create(self):
        repo = ecr.Repository(
            resource_name = self.name,
            image_scanning_configuration = ecr.RepositoryImageScanningConfigurationArgs(
                scan_on_push = self.scan_on_push,
            ),
            name = self.name,
            image_tag_mutability = self.image_tag_mutability,
            tags = self.tags,
            opts = ResourceOptions(parent=self)
        )

Here's how I'm building the image:

custom_image = "{image}".format(image=self.docker_image)
directory = "{dir}".format(dir=self.docker_build_dir)

Image(
    self.name,
    image_name=pulumi.Output.concat(repo.repository_url, ":v1.0.0"),
    build=f'{directory}/{custom_image}',            
    registry=repo.registry_id.apply(ECRRepo.get_registry_info),
        opts = ResourceOptions(parent=repo)
)