green-tailor-57362
06/22/2021, 12:31 PMgreen-tailor-57362
06/22/2021, 12:32 PMpurple-lawyer-35555
06/22/2021, 12:49 PMgreat-sunset-355
06/22/2021, 3:43 PMstr
of Output so I can use it as part of resource_name
in another resource?
I tried:
access_rds = ec2.SecurityGroupRule(
eb_env.id.apply(lambda x: f'awseb-{x}-to-db'),
)
But it still gave me <pulumi.output.Output object at 0x7f81213b3bb0>
instead of an actual valuesquare-dress-80180
06/22/2021, 5:37 PMpulumi cli
I can do this. I can see in the UI for my stack a list of events with “succeeded” or other status. Is there are pulumi
command that shows you equivalent of git log
and lists the status? Thanks for the help!full-dress-10026
06/22/2021, 5:50 PMpulumi -v=9 up --stack my-stack
But now that -v flag has no impact on the pulumi command output. I see pulumi -h still marks -v as the way to enable verbose logging though.full-dress-10026
06/22/2021, 6:06 PMAWS_SESSION_TOKEN
value before you can use Pulumi to create resources on your behalf."icy-jordan-58549
06/22/2021, 7:29 PMerror: check failed because malformed resource inputs: malformed RPC secret: missing value
victorious-megabyte-32350
06/22/2021, 8:38 PMconst roleES = new aws.iam.Role(`es-role-test`, {
name: `CognitoAccessForAmazonES`,
assumeRolePolicy: {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Principal: {
Service: '<http://es.amazonaws.com|es.amazonaws.com>',
},
Action: 'sts:AssumeRole',
Sid: '',
},
],
}
I wanna add the AmazonESCognitoAccess
incalculable-printer-98305
06/22/2021, 9:27 PMprehistoric-london-9917
06/23/2021, 1:06 AMdestroy
operation?
Context: Suppose I create a stack with this snippet of provider configuration:
config:
aws:assumeRole:
externalId: some/value
roleArn: arn:aws:iam::123456789012:role/my_deployment_role
This gets stored in the state file:
"type": "pulumi:providers:aws",
"inputs": {
"assumeRole": "{\"externalId\":\"some\/value\",\"roleArn\":\"arn:aws:iam::123456789012:role/my_deployment_role\"}",
Let’s say that role has a limited set of permissions that doesn’t allow removing resources.
At some point I want to destroy that stack. So I assume an administrator
role that can do anything and run pulumi destroy
.
The current behaviour is that Pulumi assumes the role stored in state (even if I’ve removed it from the stack configuration) and try to delete the stack’s resources, which fails.
I can work around this by removing the assumeRole
from the stack config, run pulumi up
, which removes the role assumption from the state file. Then I can run pulumi destroy
.
It would be nice if destroy
had a ignore_state_role
option so that admins can destroy resources regardless of the role assumed to create them.
Is there a reason for the current behaviour that I’m not thinking of? Should I raise a bug or feature request for this?
NB: If I rely on environment variables for AWS authentication (which are picked up by the underlying Go AWS SDK), I don’t have this problem at all. It’s only when I define the role assumption in the stack configuration.great-sunset-355
06/23/2021, 7:44 AMResourceName
? is there any restriction to it?bright-truck-37455
06/23/2021, 9:19 AM/azp/_work/_temp/0b544aa4-92cf-435d-8251-f13c7d45afb7/pulumi/pulumi login gs://***-pulumi-state
Logged in to ado-agent-7f5785674-jk6mj as root (gs://***-pulumi-state)
/azp/_work/_temp/0b544aa4-92cf-435d-8251-f13c7d45afb7/pulumi/pulumi stack select base -c
error: failed to load checkpoint: blob (key ".pulumi/stacks/base.json") (code=Unknown): Get "<https://storage.googleapis.com/***-pulumi-state/.pulumi/stacks/base.json>": oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"invalid_grant","error_description":"Invalid grant: account not found"}
##[error]Failed to select the stack 'base'.
I saw a similar thread for a case where developer was using Azure Blob Storage and it turned out that he had to set some additional env vars, is this the same case here?great-sunset-355
06/23/2021, 9:51 AMpulumi config set-all --path \
--secret passwords.pw1=Secret
How do I call this in the code? I cannot see to wrap my head around strange paths in the yaml file
cfg = pulumi.Config()
# Neither of these worked:
cfg.require_secret('passwords.pw1')
cfg.require_secret('["passwords"].["pw1"]') # does not work
boundless-angle-56560
06/23/2021, 2:05 PMagreeable-tomato-43927
06/23/2021, 2:50 PMconst bucketObject = new aws.s3.BucketObject("index.html", {
acl: "public-read",
contentType: "text/html",
bucket: bucket,
source: new pulumi.asset.FileAsset(pulumi.interpolate`${yarnBuild.path}/index.html`)
});
☝️this fails because FileAsset don't accept an output
const bucketObject = new aws.s3.BucketObject("index.html", {
acl: "public-read",
contentType: "text/html",
bucket: bucket,
source: pulumi.all([yarnBuild.path]).apply(([p]) => new pulumi.asset.FileAsset(`${p}/index.html`))
});
☝️this fails because p is undefined...bumpy-summer-9075
06/23/2021, 8:20 PMthis.registerOutputs
(https://www.pulumi.com/docs/intro/concepts/resources/#registering-component-outputs)? Everything seems to work fine without it, and I don't see any immediate benefit.bumpy-summer-9075
06/23/2021, 10:45 PMdependsOn
needed here?
export class CertManager extends pulumi.ComponentResource {
constructor(name: string, {}: CertManagerArgs, opts?: pulumi.ComponentResourceOptions) {
super('foo::bar::CertManager', name, {}, opts);
const certManagerNamespace = new k8s.core.v1.Namespace(
'cert-manager',
{metadata: {name: 'cert-manager'}},
{parent: this},
);
const helmChart = new k8s.helm.v3.Chart(
'cert-manager',
{
namespace: certManagerNamespace.metadata.name, // I thought this would create a dependency between the two resources
// ...
},
{parent: this, dependsOn: [certManagerNamespace]}, // Why is this needed?
);
}
}
steep-toddler-94095
06/23/2021, 10:49 PM--help
isn't being helpfulstale-photographer-81807
06/24/2021, 2:04 AM<http://awsx.lb|awsx.lb>
.
I am trying to deploy an ECS/Fargate service with an AppLb accesible only in the private subnets. It works just fine with external: true
but if I change it to false
the provisioning fails with:
aws:lb:LoadBalancer (alb):
error: 1 error occurred:
* error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified
status code: 400, request id: 4a7dd444-54b3-4952-8aa2-e26200f5fdef
I have tried injecting the subnet
to the LoadBalancer and the Listener explicitely with no success. Assumed external
handled that just fine with the default vpc.
Here is the code:
const cluster = new awsx.ecs.Cluster("cluster");
const alb = new awsx.lb.ApplicationLoadBalancer("alb", { external: false });
const web = alb.createListener("web", { port: 80 });
const img = awsx.ecs.Image.fromPath("node-web", "../app");
const appService = new awsx.ecs.FargateService("ecs-fargate", {
cluster,
taskDefinitionArgs: {
container: {
environment: [{"name": "foo", "value": "bar"}],
image: img,
cpu: 102 /*10% of 1024*/,
memory: 50 /*MB*/,
portMappings: [web],
},
},
desiredCount: 1,
});
red-football-97286
06/24/2021, 10:01 AMvpc, err *:=* ec2.GetVpc(ctx, "DefaultVPC", pulumi.IDInput(vpc*-123456*))
bright-dawn-60437
06/24/2021, 7:53 PM[2021-06-24 19:00:35,818: WARNING/ForkPoolWorker-1] + pulumi:pulumi:Stack notebook creating error: python inline source runtime error:
[2021-06-24 19:00:35,818: WARNING/ForkPoolWorker-1] + pulumi:pulumi:Stack notebook creating error: an unhandled error occurred: python inline source runtime error:
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] + pulumi:pulumi:Stack notebook **creating failed** 2 errors
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] Diagnostics:
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] pulumi:pulumi:Stack (notebook):
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] error: python inline source runtime error:
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] Traceback (most recent call last):
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] File "/usr/local/lib/python3.7/site-packages/pulumi/automation/_server.py", line 65, in Run
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] loop.run_until_complete(run_in_stack(self.program))
[2021-06-24 19:00:36,677: WARNING/ForkPoolWorker-1] File "/usr/local/lib/python3.7/asyncio/base_events.py", line 587, in run_until_complete
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] return future.result()
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] concurrent.futures._base.CancelledError
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] error: an unhandled error occurred: python inline source runtime error:
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] Traceback (most recent call last):
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] File "/usr/local/lib/python3.7/site-packages/pulumi/automation/_server.py", line 65, in Run
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] loop.run_until_complete(run_in_stack(self.program))
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] File "/usr/local/lib/python3.7/asyncio/base_events.py", line 587, in run_until_complete
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] return future.result()
[2021-06-24 19:00:36,678: WARNING/ForkPoolWorker-1] concurrent.futures._base.CancelledError
Any pointers?bright-dawn-60437
06/24/2021, 8:03 PMproud-pizza-80589
06/25/2021, 5:15 AMbright-truck-37455
06/25/2021, 10:36 AMbetter-shampoo-48884
06/25/2021, 12:42 PMnew k8s.core.yaml("my-string",{..})
needs now to be `new k8s.core.yaml(${region}-my-string
,{..)`
There are ~180 resources created in my stack so far, and each of them needs a new name. Ideas?ambitious-father-68746
06/25/2021, 1:39 PMfull-artist-27215
06/25/2021, 1:57 PM--message
value is too long, it's truncated in the Pulumi webapp, and there doesn't appear to be any way to see the full value. Is there anything I'm missing? Thanks!orange-byte-86458
06/25/2021, 9:57 PM@pulumi/kubernetes
that behaves more like kubectl apply -f
? I found ConfigFile/ConfigGroup
, but it doesn’t play well with existing objects in the cluster. While it may be doing things the right pulumi-way, I can’t quite marry it with our existing infra (e.g. import
doesn’t work). We’re currently using kubectl apply
to rollout app updates and rely on its forgiving behavior with regard to existing objects. I was wondering if it’s possible to achieve something similar with Pulumi. In Terraform we used a third-party provider which gave us the kubectl_manifest
resource. It would simply store the last applied configuration as the state and re-trigger kubectl apply whenever manifest (supplied yaml) changes.alert-cartoon-12389
06/25/2021, 10:05 PM