Has anyone used Pulumi to install the main Dapr control plane services in a Kubernetes cluster? The standard Dapr installation instructions advise use of a manual Dapr CLI command that will upgrade a freshly created Kubernetes cluster to host the Dapr framework. https://docs.dapr.io/operations/hosting/kubernetes/kubernetes-deploy/ I am wondering if my Pulumi automation program will have to shell out to a command prompt after creating a Kubernetes cluster via Pulumi to then run the Dapr install? Although I am no Kubernetes expert I assume the Dapr CLI install command will have to invoke the standard API server in the Kubernetes control plane in order to insert the extra Dapr pieces. If this is so then it should in theory be possible to automate this via Pulumi. The Dapr/Kubernetes install instructions also mention an "advanced" alternative to install via Helm charts, so maybe I could eyeball these Heml charts and create Pulumi equivalents. Edit: Since posting I have been digging into the Dapr Go code for the CLI Dapr install into Kubernetes, I think it just converts the CLI install command into a Helm chart. func daprChart() here at https://github.com/dapr/cli/blob/master/pkg/kubernetes/kubernetes.go

Any ideas on this: https://stackoverflow.com/questions/68274170/object-of-type-output-is-not-json-serializable

Does

crd2pulumi

still output installable CRD definitions? I noticed this in the docs, which is what I'm after:

new certificates.certmanager.CertificateDefinition("certificate");

but I'm not seeing anything like that after trying crd2pulumi on the certmanager yaml myself. I do get strongly typed access to the CRDs after they're created, but I have to build out the resource definitions myself to install them in the cluster..

I use Pulumi's

RandomPassword

to generate a password, and then I use bcrypt to store the hash in my nginx configuration. Like so:

this.basicAuthPassword = new RandomPassword('basic-auth-password', {
  length: 40,
  special: false,
});

const passwordHash = this.basicAuthPassword.result.apply((password) => {
  return hashSync(password);
});

unfortunately the hash generated changes every time because bcrypt generates a random hash. How can I deal with this with pulumi?

Hi there, I am trying to create a StackReference using a different Provider than the "default" one. In python:

provider = aws.Provider(
            resource_name="foo",
            region="eu-central-1",
            profile="foo"
        )
        stack = pulumi.StackReference(
            name="foo",
            stack_name="foo",
            opts=pulumi.ResourceOptions(provider=provider),
        )

Unfortunately I'm getting an error:

pulumi:pulumi:StackReference (foo):
    error: Preview failed: unrecognized resource type (Read): pulumi:pulumi:StackReference

Ideas? Is setting a provider for StackReference a feature in the first place?

Hi all! Is this really a bug or am I missing something obvious: https://github.com/pulumi/pulumi-opsgenie/issues/17 ?

Our customer engineering team is hosting an "Ask the Expert session" today at noon pacific - we hope you can join us https://www.bigmarker.com/pulumi/Ask-the-Expert-NA-87841047049658f7e81b428f

is there a way to destroy a single resource with pulumi inline? I'd love to be able to call a .delete() method to delete a temporary resourced after it's no longer needed

Hey, all! I’m using

awsx.ec2.Vpc

to create a VPC for my EKS cluster. I need to make a slight change to the way NAT Gateway IPs are provisioned. Specifically, I want to create them separately so that I can detach them and preserve across VPC re-creations/configuration changes. There’s no such customization in the AWSX’s Vpc, and I’m wondering if my only option is to re-create everything using RAW resources or maybe there’s a shortcut? Like maybe there’s a way to transform AWSX resources before they make it into the state or smth.. Thanks for any help!

Hi, I recently updated to the latest pulumi version (3.6.1, using python) and now the diff view is not showing the whole truth:

~ pulumi-python:dynamic:Resource: (update)
            config      : {
                data: "test"
                name: "admin"
            }

It's showing that the resource needs updates, but it is not showing what is going to be updated. For comparison, when running the same code with 3.5.1:

~ pulumi-python:dynamic:Resource: (update)
          ~ config      : {
              ~ data: "test" => "newstuff"
                name: "admin"
            }

Is this some kind of bug, or am I not aware of any changes and this is completely normal?

Hi all, Trying to add some baseline rules to the system db (master)

new Pulumi.AzureNative.Sql.DatabaseVulnerabilityAssessmentRuleBaseline(baselineName, new Pulumi.AzureNative.Sql.DatabaseVulnerabilityAssessmentRuleBaselineArgs
{
    BaselineName = baselineName,
    DatabaseName = "master",
    ResourceGroupName = resourceGroup.Name,
    ServerName = sqlServer.Name,
    RuleId = ruleID,
    VulnerabilityAssessmentName = assessmentName,
    BaselineResults = firewallBaselineArgs
}, new CustomResourceOptions { DependsOn = { sqlServer } });

But Im getting an error on deployment - whats the best way to await for this - adding a delay is a bit crude but works

Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'sqlInstance/master' not found

Additionally subsequent deployments or teardowns I get the following:

"Vulnerability Assessment settings don't exist or invalid storage specified in settings 'storageContainerPath'

Hello, I have a problem with the passphrase. It did not prompt for the second time when I did the 

pulumi up

 . It actually forced me to set up the pass-phrase when I created the stack.  It is throwing me the following error.

constructing secrets manager of type "passphrase": unable to find either `PULUMI_CONFIG_PASSPHRASE` or `PULUMI_CONFIG_PASSPHRASE_FILE` when trying to access the Passphrase Secrets Provider; please ensure one of these environment variables is set to allow the operation to continue

hey guys, im evaluating pulumi for a large enterprise company and have a couple of questions: 1. am i right that all calls to create resources in aws are forwarded via pulumi platform and not directly to aws? if it is forwarded via your platform do you have a self hosted solution then? 2. are argoCD and pulumi mutually excluding tools? per my understanding if we create eks cluster with some config maps via pulumi, argo won't be able to synchronize a git repo with a cluster since infrastructure is not in yaml format

Hi! I'd like to run some additional scripts which are able to get stack output data using StackReference(), but I'm getting "Program run without the Pulumi engine available; re-run using the

pulumi

CLI". What is the way to achieve this?

Hi everyone, I was wondering if this issue got addressed, (PR bot should remove old comments) https://github.com/pulumi/pulumi/issues/4515 or if anyone knows a workaround? One of our projects is using Pulumi and frequently has 10+ preview diffs posted by the github app/bot on a pull request because each time a new commit is pushed it posts the changes diff as a new comment Thanks

It's me again about dynamic resources... I'm really struggling to understand how outputs are handled. In one example in the documentation, we have:

export class MyResource extends pulumi.dynamic.Resource {
    public readonly myStringOutput!: pulumi.Output<string>;
    public readonly myNumberOutput!: pulumi.Output<number>;

    constructor(name: string, props: MyResourceInputs, opts?: pulumi.CustomResourceOptions) {
        super(myprovider, name, { myStringOutput: undefined, myNumberOutput: undefined, ...props }, opts);
    }
}

from my own experimentation, it would seem that passing

myStringOutput: undefined

to

super

is how the property

this.myStringOutput

is populated... I'm really weirded out by this, they are not the same variable/reference and there's very little documentation on it. How are they "linked" together?

hi everyone! i have a terraform provider but no corresponding pulumi provider. how can i utilize such terraform provider in my pulumi project? do i need to convert terraform provider to a pulumi provider? i see there are many terraform providers forks like

terraform-provider-aiven

in the pulumi github org. can they directly be used by pulumi project?

hi when i run

make prepare

by following pulumi-tf-provider-boilerplate readme i have the following error, anyone has idea what i did wrong here?

mv "provider/cmd/pulumi-tfgen-x""yz" provider/cmd/pulumi-tfgen-foo
mv "provider/cmd/pulumi-resource-x""yz" provider/cmd/pulumi-resource-foo
if [[ "Linux" != "Darwin" ]]; then \
        sed -i 's,<http://github.com/pulumi/pulumi-xyz,github.com/pulumi/pulumi-foo,g|github.com/pulumi/pulumi-xyz,github.com/pulumi/pulumi-foo,g>' provider/go.mod; \
        find ./ ! -path './.git/*' -type f -exec sed -i 's/[x]yz/foo/g' {} \; &> /dev/null; \
fi
/bin/sh: 1: [[: not found
# In MacOS the -i parameter needs an empty string to execute in place.
if [[ "Linux" == "Darwin" ]]; then \
        sed -i '' 's,<http://github.com/pulumi/pulumi-xyz,github.com/pulumi/pulumi-foo,g|github.com/pulumi/pulumi-xyz,github.com/pulumi/pulumi-foo,g>' provider/go.mod; \
        find ./ ! -path './.git/*' -type f -exec sed -i '' 's/[x]yz/foo/g' {} \; &> /dev/null; \
fi
/bin/sh: 1: [[: not found

to re-produce, follow the readme:

git clone <https://github.com/pulumi/pulumi-tf-provider-boilerplate> pulumi-xyz
cd pulumi-xyz
make prepare NAME=foo REPOSITORY=<http://github.com/pulumi/pulumi-foo|github.com/pulumi/pulumi-foo>

os:

Ubuntu 20.04.2 LTS

Hello guys, when using the pulumi python sdk do you know if there is there any way to tell if the CLI was invoked with

pulumi up

pulumi destroy

or

pulumi preview

?

Hi, how can i access existing eks cluster provider ?

Is there a way to skipAwait a k8s service because i need the name in a variable of the deployment, and then re-activate await so i can get the loadbalancer ip out of the service before creating a cloudflare domainname? Or can i overrride skipAwait by dependsOn in the cloudflare resource?

Hello guys, can i create multiple azure blobContainers inside loop for (const container of containers){ new azure_native.storage.BlobContainer('blobContainer', { accountName: storageAccount.name, containerName: name, resourceGroupName: resourceGroup.name } } Erro: Duplicate recource URN I tryed with await but still same error

Can we use Pulumi inside a Kubernetes cluster without a CLI option??

I’m trying to troubleshoot some basic network setup in the Civo cloud. What I do is this: 1. Provision a network 2. Provision a firewall 3. Provision 2 rules for http (80) and https (443) using a CIDR block for our network The issue I’m having is on step 3. One of the two rules gets provisioned, but the other errors out with an unhelpful UnknownError error message:

Type                        Name                Status                  Info
 +   pulumi:pulumi:Stack         acme_iac-dev   **creating failed**     1 error; 2 messages
 +   ├─ civo:index:Network       acme-network   created                 
 +   ├─ civo:index:Firewall      acme-firewall  created                 
 +   ├─ civo:index:FirewallRule  rule-2         created                 
 +   └─ civo:index:FirewallRule  rule-1         **creating failed**     1 error
 
Diagnostics:
  civo:index:FirewallRule (rule-1):
    error: 1 error occurred:
        * [ERR] failed to create a new firewall: UnknownError
 
  pulumi:pulumi:Stack (acme_iac-dev):
    error: update failed
 
  civo:index:FirewallRule (rule-1):
    error: 1 error occurred:
        * [ERR] failed to create a new firewall: UnknownError

Resources:
    + 4 created

Duration: 9s

It fails reliably, but I’m just sure why. If I comment out the code for rule-2, rule-1 gets created fine. Same if I comment out the code to create *rule-1*; that is, rule-2 gets created fine. I feel like I’m missing something fundamental about Pulumi. 😜 I’m open to suggestions. Thanks in advance!

Hey, folks. I'm new to pulumi, running into an interesting problem. After running "pulumi up" all of my resources are automatically created, but I get this error. Can reproduce it with both 3.6.0 and 3.6.1. Seems to be caused by this:

privateVpcConnection, err := servicenetworking.NewConnection(ctx, "privateVpcConnection", &servicenetworking.ConnectionArgs{
			Network: containerNetwork.ID(),
			Service: pulumi.String("<http://servicenetworking.googleapis.com|servicenetworking.googleapis.com>"),
			ReservedPeeringRanges: pulumi.StringArray{
				dbPrivateRange.Name,
			},
		})
		if err != nil {
			return err
		}

Diagnostics:
  pulumi:pulumi:Stack (avsatum-dev):
    panic: fatal: An assertion has failed
    goroutine 103 [running]:
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)>
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/common/util/contract/failfast.go:23
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)>
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/common/util/contract/assert.go:26
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x1df8800|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x1df8800>, 0xc0005c2280, 0x208b8c0, 0x1c8e7a0, 0xc0004f7801, 0x109d052, 0x1cdba00, 0x1, 0xc0004f78d8, 0x109b885, ...)
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/pulumi/rpc.go:272 +0x36f0
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x1e9a5e0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x1e9a5e0>, 0xc00018c540, 0x208b8c0, 0x1c8e7a0, 0x1e9a501, 0xc00018c540, 0x1cdba00, 0xc0000c5140, 0x94, 0x1, ...)
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/pulumi/rpc.go:170 +0x73
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x1d39b40|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x1d39b40>, 0xc000496630, 0x208b8c0, 0x1cb6f60, 0xc00060ce01, 0x173572f, 0x1d8a940, 0xc000548270, 0x208b8c0, 0x1bd41c0, ...)
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/pulumi/rpc.go:358 +0x100a
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x1d39b40|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x1d39b40>, 0xc000496630, 0x208b8c0, 0x1c8e7a0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/pulumi/rpc.go:170 +0x73
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs.func1(0xc0003a6640|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs.func1(0xc0003a6640>, 0x2084d68, 0xc0000aa410, 0xc000496630)
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/pulumi/context.go:1169 +0x13c
    created by <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs>
        /Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.6.1/go/pulumi/context.go:1156 +0x96
    exit status 2
 
    error: an unhandled error occurred: program exited with non-zero exit code: 1

Hi, Iv’e recently started seeing several organizations working with Pulumi, It’s great to see the ease of use and how much power they have when writing code. As a security professional I have some questions and issues I am trying to figure out on best practices for working with Pulumi. As it is executing the code as the way the framework works, and if I want to run it in my CI with “pulumi preview” and CrossGuard, How can I prevent a malicious user writing code that will steal my secrets? I tried looking in the documentation and found nothing about the secure way to use Pulumi. Thanks in advance, Rotem

Hi! How may I get AccessKey.encrypted_secret output? Now it is shown as

aws_secret_access_key: output<string>

How do I refer self arn in the same resource?

Hi, I’ve noticed the same issue. Has it been already reported?