https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    brash-airline-37413

    05/15/2021, 10:24 PM
    Anybody able to take a quick look at this? https://github.com/pulumi/pulumi/issues/7043
  • c

    chilly-night-36370

    05/16/2021, 11:10 AM
    I'm busy upgrading from the
    azure-nextgen
    to
    azure-native
    and it wants to re-create the resource group. Is there a way I can force pulumi to think those are the same resource groups?
    b
    • 2
    • 1
  • c

    clever-lawyer-94920

    05/16/2021, 5:46 PM
    #tf2pulumi I am getting error when trying to convert terraform to Pulumi. https://github.com/pulumi/tf2pulumi/issues/235
    b
    • 2
    • 1
  • c

    clever-lawyer-94920

    05/16/2021, 7:06 PM
    Is there a way to use https://registry.terraform.io/modules/terraform-aws-modules/eks/aws with Pulumi?
    b
    s
    • 3
    • 8
  • p

    proud-spoon-58287

    05/17/2021, 10:45 AM
    Hi all, I am having the following error:
    aws:lambda:Function (data-feed-property-data-fetcher):
        error: 1 error occurred:
            * error creating Lambda Function (1): InvalidParameterValueException: The provided execution role does not have permissions to call SendMessage on SQS
        {
          RespMetadata: {
            StatusCode: 400,
            RequestID: "1ca54399-576d-40bc-829a-c2c31790fd72"
          },
          Message_: "The provided execution role does not have permissions to call SendMessage on SQS",
          Type: "User"
        }
    as per AWS docs, I have attached the following policy:
    arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole'
    but I got the same error. I am using the latest version of pulumi and aws in node.
    g
    • 2
    • 21
  • c

    creamy-ice-56481

    05/17/2021, 1:21 PM
    Hi. I'm trying to create an Azure FrontDoor in C# but there doesn't appear to be any way to create e.g. Health Probe Settings and pass those into the Backend Pool. I've tried instantiating the Health Probes prior to calling the create for the FrontDoor but this doesn't create a reference in Pulumi. I get this error: 'FrontdoorEntityV2.BackendPools[0].Properties.HealthProbeSettings.Id' is required but it was not set; The same problem occurs for Load balancing and the backend pools & frontend endpoints in the routing rules. Am I missing a step somewhere, or is this just not possible? The demo code shows the ID as a string making reference to the resources but these don't exist yet so how do I populate that string with e.g. the front door Id?
    Id = "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/frontDoors/frontDoor1/frontendEndpoints/frontendEndpoint1",
  • b

    bumpy-autumn-37588

    05/17/2021, 3:43 PM
    Hello All! I'm somewhat new to Pulumi, so plz bear with me on a possible dumb question. I am trying to create an Identity Platform provider on Google Cloud. I want to only use Email/Password as the Identity Provider. In the documentation (and corresponding code), it states a list of accepted providers. There is no option for Email/password, like in the UI on GCP (see image). Am I missing something or is it not possible with Pulumi?
  • p

    purple-train-14007

    05/17/2021, 4:44 PM
    Not sure I asked this already but is POSH on the roadmap for lang support?
    b
    • 2
    • 1
  • e

    enough-truck-34175

    05/17/2021, 6:52 PM
    Is it possible to achieve
    dependsOn
    behavior for Functions? For example, I would like
    listManagedClusterAdminCrdenetials
    (Doc) to wait for the managed cluster to be created.
    b
    • 2
    • 18
  • f

    full-dress-10026

    05/17/2021, 7:08 PM
    I am writing an aws.lambda.CallbackFunction that must be passed some output values from resources created in order to make calls to the aws api. These parameters are passed in as `pulumi.Input`s. What is the canonical way to unwrap these values from their Input implementation?
    pulumi.output(queueUrl).get()
    ? More context in thread.
    b
    • 2
    • 22
  • f

    full-artist-27215

    05/17/2021, 7:44 PM
    If you're logged into Pulumi locally (
    pulumi login --local
    ), what would be the value to use for
    organization
    in a fully-qualified StackReference?
    b
    • 2
    • 2
  • c

    curved-cartoon-90054

    05/17/2021, 7:53 PM
    Hi Looking for help on how to use terraform provider with pulumi i need some help understanding https://github.com/pulumi/pulumi-tf-provider-boilerplate
    b
    • 2
    • 1
  • m

    many-psychiatrist-74327

    05/17/2021, 8:49 PM
    👋 hello! I have a question about auth. I have a Pulumi project which creates a bunch of resources in GCP using a service account. Among those, it creates a kubernetes cluster. Then, I want to create k8s resources, but I’m getting a lot of permission errors because pulumi is trying to use the user configured under
    gcloud
    in the current machine (which makes sense, because I believe the kubeconfig for the clusters defers to the
    gcloud
    command for auth). Is there a way to explicitly tell pulumi to use the same service account it used for creating the GCP resources? I tried setting
    GOOGLE_CREDENTIALS
    but the behavior didn’t change. Thanks
  • a

    ambitious-father-68746

    05/17/2021, 9:46 PM
    Hi, I'm trying to set up Aiven SAML authentication with Azure AD, both products supported by official Pulumi providers. The problem I'm facing is that I first need to create the aiven.AccountAuthentication resource, then create the azuread.AzureAdApp resource based on the previous step, then I need to modify the first resource with information I got from the second. Pulumi will complain if I try to mess with the same resource twice. Any ideas?
    l
    • 2
    • 3
  • h

    hundreds-traffic-617

    05/17/2021, 11:00 PM
    Does anyone know if Pulumi supports triggering step functions in event bridge? Looks like they have a bunch of targets hard coded in their
    aws.cloudwatch.EventTarget
    type like
    sqsTarget
    , but nothing explicitly mentioning step functions
    • 1
    • 1
  • r

    red-football-97286

    05/18/2021, 10:45 AM
    Has anyone managed to build a pulumi project with a template hosted in AWS CodeCommit?
    pulumi new <https://git-codecommit>
    gives me an
    error: authentication required
    .
    b
    • 2
    • 2
  • b

    bland-army-56447

    05/18/2021, 11:14 AM
    Can I somewhere find more docs or examples on how to wrap/bridge a TF provider for Pulumi? https://github.com/pulumi/pulumi-terraform-bridge and https://github.com/pulumi/pulumi-tf-provider-boilerplate still leave me confused about what I actually have to do to wrap an existing provider 😅
  • g

    gifted-island-55702

    05/18/2021, 12:24 PM
    Hi! I wanted to play with writing my first native Pulumi provider but I got blocked with this issue: https://github.com/pulumi/pulumi-provider-boilerplate/issues/4 Any pointers what I should check etc? I checked and node_modules/@pulumi/pulumi directory does exist and there were no errors when I run
    npm install
  • g

    gifted-island-55702

    05/18/2021, 12:28 PM
    Also some time ago when I was going through the boilerplate code I had a few questions. Is there any chance to get any answers? https://pulumi-community.slack.com/archives/C84L4E3N1/p1619768167173400
  • w

    wet-noon-14291

    05/18/2021, 1:16 PM
    When using the github provider you need to provide a personal access token (PAT), is there an easy way to create a PAT that isn't connected to a "real" user? Ideally, I as an admin, would like to create a token that I can use with pulumi that isn't connected to me or anyone else, but I still want to control what that token can be used for. I can of course create a "dummy" user, but that feels strange and I don't think I'm the only one that would like to have this. I know pulumi can't fix it if the issue if github doesn't support it, I'm just wondering if I've missed something and that it is already possible to create a PAT that isn't attached to a user.
    b
    b
    q
    • 4
    • 9
  • e

    echoing-angle-67526

    05/18/2021, 1:58 PM
    Hi, I have common configurations for a program that I want to share across my stacks. I don't want to repeat the same configurations so what we're thinking of doing is creating a common config file that our pulumi program reads in first which can be overridden by values in the pulumi.[stack].yaml file. I would like to have these common configs show up configuration entries in the pulumi console but the pulumi.Config api doesn't have any methods to do set/create configs. I believe the automation api has a way to do this but i'm not sure if this would be the right approach. any suggestions?
    b
    g
    • 3
    • 30
  • g

    gorgeous-country-43026

    05/18/2021, 2:09 PM
    Disclaimer: I'm not experienced with Pulumi. I have a problem setting up a Kubernetes
    Service
    for a
    Statefulset
    - postgresql to be more specific.
    Statefulset
    is created and pods appear as expected and based from logs etc everything is just fine including volume bindings etc. This is also true from Pulumi side when running
    pulumi up
    to an empty cluster.
    Service
    creation hangs up however and it finally gives up with the following error:
    kubernetes:core/v1:Service (postgres):
        error: 2 errors occurred:
            * the Kubernetes API server reported that "default/postgres" failed to fully initialize or become live: 'postgres' timed out waiting to be Ready
            * Service does not target any Pods. Selected Pods may not be ready, or field '.spec.selector' may not match labels on any Pods
    I am however absolutely certain that yes, there are specified nodes available and also that those pods are indeed running. I've been banging my head against the wall with this problem for some time now and would appreciate ideas. As an interesting detail if running
    pulumi up
    again also the
    Statefulset
    update seems to hang. I'll provide code snippets regarding this issue to a thread under this message.
    • 1
    • 10
  • f

    full-artist-27215

    05/18/2021, 3:07 PM
    Stylistic question (that is maybe actually a Python question, but perhaps is more broadly applicable): when creating resources like IAM policy attachments, I like to create a descriptive name for the resource (the logical Pulumi resource, not the concrete AWS resource) like
    "grant-<ROLE_NAME>-permissions-on-X"
    . Resources don't expose their logical name directly, but do expose them (at least in Python) with a "private" property
    _name
    . The information seems to always be available (since Resource names are strings, and not
    pulumi.Output[str]
    , so it seems "safe" from that perspective, at least). Will I be sent to Programmer Jail for doing this? Is there any thought to formally exposing the logical resource name as an officially blessed read-only property that we can use to generate additional names (or is there already a way to do this that I've missed)? Thanks 🙇
  • g

    gorgeous-window-12350

    05/18/2021, 5:37 PM
    I have a staging and production stack managing infrastructure in the same AWS account, but I only want a single elastic container registry resource between both stacks. I can’t simply remove the ECR resource from the staging stack because a bunch of other staging resources reference it. I also tried forcing staging to use the same ECR repo name as production, but that complained that the resource already existed when I ran
    pulumi up
    . Any guidance here?
    b
    • 2
    • 8
  • f

    full-artist-27215

    05/18/2021, 5:49 PM
    I'm trying to build a container image using
    pulumi_docker.Image
    , passing
    "DOCKER_BUILDKIT": "1"
    in the
    pulumi_docker.DockerBuild
    env
    argument, as documented (https://www.pulumi.com/docs/reference/pkg/docker/image/#dockerbuild) to enable BuildKit support, but my image builds are failing with errors like
    error: the --mount option requires BuildKit. Refer to <https://docs.docker.com/go/buildkit/> to learn how to build images with BuildKit enabled
    which suggests that BuildKit somehow isn't being used. Has anyone else been successful with a BuildKit-enabled image build?
  • b

    broad-eve-12764

    05/18/2021, 6:31 PM
    Hi all! I'm using
    docker.RegistryImage
    to have a bit more control over the docker build, following @faint-table-42725’s example in #132, but I'm not getting any logs from docker now, just:
    docker:index:RegistryImage  registry-image-for-deps  creating...
    Do I need to configure logging explicitly for
    RegistryImage
    ?
    f
    • 2
    • 4
  • m

    mysterious-lighter-33699

    05/18/2021, 6:48 PM
    Hey folks, hope this is the right avenue for reporting what I think is a bug: In our eks node group settings, we had
    ignore_changes=["scaling_config.desired_size"]
    (this is in python). Unfortunately, this is not the string you can use to ignore changes to the desired_size setting. You have to use ``ignore_changes=["scalingConfig.desiredSize"]`` instead. Which we learned when our node groups all got sized to one node each after applying an unrelated update.
    b
    • 2
    • 9
  • b

    broad-eve-12764

    05/18/2021, 7:27 PM
    Running into a really weird issue where my multi-layer build caches correctly when I run
    pulumi up
    locally, but re-builds each layer with no caching when run in GitHub Actions. Excerpt from Pulumi `index.ts`:
    const image = repo.buildAndPushImage({
      target: 'app',
      cacheFrom: { stages: ['deps', 'files', 'app'] },
      context: '../',
    })
    Dockerfile is essentially:
    FROM external.image as deps
    # install dependencies
    
    FROM deps as files
    # copy in some files, precompile assets
    
    FROM files as app
    # copy in other files, build app
    When run locally, it builds each layer and uploads to the repo. When I run it in GitHub Actions, it does this: • builds
    deps
    • builds
    deps
    again as part of building
    files
    • builds
    files
    • builds
    deps
    again as part of building
    app
    • builds
    files
    again as part of building
    app
    • builds
    app
    Not sure why caching is failing to work only in CI. Any thoughts?
    b
    q
    • 3
    • 16
  • s

    shy-author-33795

    05/18/2021, 8:02 PM
    I am also having and issue where I am able to build docker images locally with
    pulumi up
    but fails to build on Buildkite. To tell you more about what I have going on... I have the following `ComponentResource`:
    class ECRRepo(ComponentResource):        
        ComponentResource.__init__(
        self, "awsx:ecr:ECRRepo", name, {
        "name": name,
        "docker_build_dir": docker_build_dir,
        "docker_image": docker_image,
        "extra_protected_tags": extra_protected_tags,
        "image_tag_mutability": image_tag_mutability,
        "max_images": max_images,
        "scan_on_push": scan_on_push,
        "tags": tags
        }, opts)
    Here's how I grab registry information:
    class ECRRepo(ComponentResource):
        @staticmethod
        def get_registry_info(rid):
            creds = ecr.get_credentials(registry_id=rid)
            decoded = base64.b64decode(creds.authorization_token).decode()
            parts = decoded.split(':')
            if len(parts) != 2:
                raise Exception("Invalid credentials")
            return ImageRegistry(creds.proxy_endpoint, parts[0], parts[1])
    Here's how I'm creating a repo:
    def _create(self):
            repo = ecr.Repository(
                resource_name = self.name,
                image_scanning_configuration = ecr.RepositoryImageScanningConfigurationArgs(
                    scan_on_push = self.scan_on_push,
                ),
                name = self.name,
                image_tag_mutability = self.image_tag_mutability,
                tags = self.tags,
                opts = ResourceOptions(parent=self)
            )
    Here's how I'm building the image:
    custom_image = "{image}".format(image=self.docker_image)
    directory = "{dir}".format(dir=self.docker_build_dir)
    
    Image(
        self.name,
        image_name=pulumi.Output.concat(repo.repository_url, ":v1.0.0"),
        build=f'{directory}/{custom_image}',            
        registry=repo.registry_id.apply(ECRRepo.get_registry_info),
            opts = ResourceOptions(parent=repo)
    )
    b
    • 2
    • 6
  • m

    many-psychiatrist-74327

    05/18/2021, 8:20 PM
    👋 any ideas on how to debug an error like this one?
    panic: fatal: An assertion has failed
    
    goroutine 181 [running]:
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)>
    	/Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/failfast.go:23
    <http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assert(...)>
    	/Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/assert.go:26
    <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.NewDeleteReplacementStep|github.com/pulumi/pulumi/pkg/v2/resource/deploy.NewDeleteReplacementStep>(0xc000167720, 0xc001560fc0, 0xc0026ff201, 0x4d, 0xc0026ee780)
    	/Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step.go:294 +0x1df
    <http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepGenerator).generateStepsFromDiff(0xc00191ed80|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepGenerator).generateStepsFromDiff(0xc00191ed80>, 0x7f192ec86318, 0xc002717c20, 0xc0009bf220, 0x46, 0xc001560a20, 0xc002724360, 0xc00160de90, 0xc001540450, 0xc0027dfc80, ...)
    • 1
    • 1
Powered by Linen
Title
m

many-psychiatrist-74327

05/18/2021, 8:20 PM
👋 any ideas on how to debug an error like this one?
panic: fatal: An assertion has failed

goroutine 181 [running]:
<http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.failfast(...)>
	/Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/failfast.go:23
<http://github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v2/go/common/util/contract.Assert(...)>
	/Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/assert.go:26
<http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.NewDeleteReplacementStep|github.com/pulumi/pulumi/pkg/v2/resource/deploy.NewDeleteReplacementStep>(0xc000167720, 0xc001560fc0, 0xc0026ff201, 0x4d, 0xc0026ee780)
	/Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step.go:294 +0x1df
<http://github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepGenerator).generateStepsFromDiff(0xc00191ed80|github.com/pulumi/pulumi/pkg/v2/resource/deploy.(*stepGenerator).generateStepsFromDiff(0xc00191ed80>, 0x7f192ec86318, 0xc002717c20, 0xc0009bf220, 0x46, 0xc001560a20, 0xc002724360, 0xc00160de90, 0xc001540450, 0xc0027dfc80, ...)
i think refreshing the state worked..
View count: 2