https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • g

    great-sunset-355

    07/23/2021, 9:45 AM
    How can I copy config between different projects? I've renamed the project by exporting and importing the stack, now I'd like to also copy the config to the new project, how can I do it? I tried
    pulumi config cp --stack staging  --dest <owner>/dest-proj/staging
    I get
    error: [400] Message authentication failed
    ✅ 1
    b
    • 2
    • 7
  • m

    mysterious-australia-14256

    07/23/2021, 3:51 PM
    Hi, we are considering switching from an Azure backend to the Pulumi managed (Team) backend. Is there any information on SLAs associated with this service?
    👍 2
    b
    l
    • 3
    • 3
  • l

    little-whale-73288

    07/23/2021, 4:30 PM
    Hi, how can I create Pulumi access tokens for continuous delivery that are not tied to a particular person? I'd like their scope to be limited to a particular project within the organization
    👍 1
    b
    p
    +5
    • 8
    • 10
  • m

    miniature-advantage-31279

    07/24/2021, 4:35 AM
    Hi guys, just curious, how do you manage to avoid the Route53 records errors for:
    [ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='***', type='CNAME'] but it already exists]
    even though I applied the options for:
    { deleteBeforeReplace: true },
    b
    • 2
    • 2
  • a

    average-television-1214

    07/25/2021, 11:40 PM
    Folks, the golang SDK often blows up on ctx.Export() in GCP, when some components are not ready. What's the general approach to dealing with it? As the script grows destroying and re-running from scratch becomes lengthier and and lengthier.
  • a

    average-television-1214

    07/25/2021, 11:43 PM
    Something like this is not very helpful in identifying a root cause:
    panic: fatal: An assertion has failed
     
    goroutine 201 [running]:
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)>
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/common/util/contract/failfast.go:23
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)>
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/common/util/contract/assert.go:26
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x288d040|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x288d040>, 0xc0000e0000, 0x2d2a180, 0x25fdda0, 0xc0000dd801, 0x109e5f2, 0x265f0e0, 0x1, 0xc0000dd898, 0x109ce25, ...)
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:280 +0x38c5
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x29b50e0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x29b50e0>, 0xc000288850, 0x2d2a180, 0x25fdda0, 0x29b5001, 0xc000288850, 0x265f0e0, 0xc0000120b0, 0x94, 0x0, ...)
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:171 +0x73
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x26d12a0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x26d12a0>, 0xc000188450, 0x2d2a180, 0x2632e00, 0xc0001eee01, 0x1785baf, 0x273ee80, 0xc000592350, 0x2d2a180, 0x2454880, ...)
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:374 +0x100a
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x26d12a0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x26d12a0>, 0xc000188450, 0x2d2a180, 0x25fdda0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:171 +0x73
     
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs.func1(0xc00026e000|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs.func1(0xc00026e000>, 0x2d24678, 0xc00023c1c0, 0xc000188450)
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/context.go:1400 +0x13d
     
    created by <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs>
     
    	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/context.go:1387 +0x96
     
    exit status 2
     
    error: an unhandled error occurred: program exited with non-zero exit code: 1
  • b

    breezy-butcher-78604

    07/26/2021, 5:53 AM
    is there a way to get Pulumi to download any relevant security policies in advance? contest is I'm trying to build a Pulumi docker image with a Pulumi project to be run in CI/CD and I want to download/install all relevant providers and security policies as I can at build time so that it doesn't need to do it at run time. providers appear to get installed when the relevant npm modules are installed, but security policies only get downloaded when I run
    pulumi up
  • q

    quiet-architect-74241

    07/26/2021, 8:36 AM
    Looking for an example on how to use the VirtualMachineExtension in C#, Azure Native.
    new AzureNative.Compute.VirtualMachineExtension($"{vmName}​-VMExtensions", new AzureNative.Compute.VirtualMachineExtensionArgs()
                {
                    VmName = vmName,
                    ResourceGroupName = resourceGroup.Name,
                    AutoUpgradeMinorVersion = true,
                    Publisher = "Microsoft.Powershell",
                    Type = "DSC",
                    TypeHandlerVersion = "2.73",
                    Settings = Output.Tuple(hostPool.Name, hostPool.RegistrationInfo).Apply((tuple) =>
                    {
                        return JsonConvert.SerializeObject(new
                        {
                            modulesUrl = "<https://storageblobname.blob.core.windows.net/galleryartifacts/Configuration_5-5-2021.zip>",
                            configurationFunction = "Configuration.ps1\\AddSessionHost",
                            properties = new
                            {
                                hostPoolName = tuple.Item1,
                                registrationInfoToken = tuple.Item2.Token,
                                aadJoin = false,
                            }
                        }​);
                    })
                }​);
    which results in this error:
    error: azure-native:compute:VirtualMachineExtension resource 'somename-vm-01-VMExtensions' has a problem: 'settings' should be of type '' but got a string
    although the documentation says about the settings property:
    Json formatted public settings for the extension.
    I verified that the string that I am using for the settings property has the exact syntax as when I export the VirtualMachineExtension from the Azure Portal. Looking documentation or an example on how to use the VirtualMachineExtension for DSC extension. Can't find an example anywhere using my Google Fu.
    • 1
    • 1
  • q

    quaint-garage-36651

    07/26/2021, 11:14 AM
    Hi Looking for example how to connect Network security Group to Network interface and how to add multiple rules in NSG using python for development of Azure
    m
    • 2
    • 2
  • p

    proud-dusk-33872

    07/26/2021, 12:15 PM
    Hi there. Is the slowness of
    pulumi stack output
    a known issue - and is there any way to work around it? It takes about 20 seconds to run for me and we have ~25 output variables
    m
    q
    p
    • 4
    • 5
  • c

    curved-ghost-20494

    07/26/2021, 4:50 PM
    Is there a away of “auto output-ing” variables? For example
    const instance = new CustomResource('foo');
    
    export.bar = instance.bar;
    export.baz = instance.baz;
    export.bam = instance.bam;
    It’s kind of irritating to do this for lots of variables, especially if I then go and create more instances.
    r
    • 2
    • 2
  • c

    curved-ghost-20494

    07/26/2021, 8:12 PM
    Another question if I may! Is the
    dependsOn
    array supposed to work with a
    ComponentResource
    ? I’ve created a wrapper around a tonne of project boilerplate, but I need an SSL certificate to be generated first.
    let cert = new aws.acm.Certificate("cert", { domainName: '<http://example.com|example.com>' ]);
    
    const project = new Project('foo', { dependsOn: [cert] });
    Inside the
    Project
    there’s a call to
    getCertificate('<http://example.com|example.com>')
    and it fails as soon as I Run
    pulumi up
    , rather than waiting for the acm Certificate to complete. I’ve had
    dependsOn
    working in GCP without CustomResources no problem. Am I approaching this the right way, should I be doing something else perhaps? J x
    b
    • 2
    • 11
  • w

    worried-city-86458

    07/26/2021, 11:19 PM
    Quick question before I consider changing a username - do pulumi accounts using email login (within an organization) have to have a unique username across all of pulumi or just within the org?
    l
    • 2
    • 5
  • g

    great-sunset-355

    07/27/2021, 5:13 AM
    How can I undo
    pulumi.export("some","value")
    ? Is this a bug? I exported the value and now I'd like to remove it so I removed it from the code and
    pulumi up -y
    Diff showed
    Outputs:
      - some: "value"
    But then
    pulumi stack
    still shows
    Current stack outputs (1):
        OUTPUT  VALUE
        some    value
    Pulumi then shows that it's removing the output until: another value is added to the Outputs
    pulumi.export('another', 'value')
    Then
    pulumi up -y
    Outputs:
      + another: "value"
      - some   : "value"
    Then:
    pulumi stack
    Current stack outputs (1):
        OUTPUT   VALUE
        another  value
    Note: As long as there is at least one output, removing it works as expected. The described scenario above happens if there is only 1 output in the stack to be removed.
  • k

    kind-manchester-13281

    07/27/2021, 7:17 AM
    Hello!, quick question here: Im having trouble using pulumi on an aws ec2 machine with a role - terraform works great with that role but pulumi fails with:
    2021-07-26 14:21:04,109 integration-test    [ip-172-31-30-43] 62c7f849 ERROR: got an exception while creating environment: 
     code: 255
     stdout: Updating (test):
    +  pulumi:pulumi:Stack test-test creating
    aws:ec2:SecurityGroup uat_automation_ubuntu:18.04_0_docker_installed_sg  error: 1 error occurred:
    +  pulumi:pulumi:Stack test-test created
    aws:ec2:SecurityGroup uat_automation_ubuntu:18.04_0_docker_installed_sg **failed** 1 error
    Diagnostics:
    aws:ec2:SecurityGroup (uat_automation_ubuntu:18.04_0_docker_installed_sg):
    error: 1 error occurred:
    * error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
    Please see <https://registry.terraform.io/providers/hashicorp/aws>
    for more information about providing credentials.
    Error: NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors
    Resources:
    This is a ci machine that already has a role assumed, what should I do? Thanks!
    b
    g
    • 3
    • 4
  • c

    calm-quill-21760

    07/27/2021, 6:20 PM
    Hi all! I’m building an EKS cluster and wanted to confirm whether this expected behavior. Basically, when I supply the minimum config, the EKS cluster builds and the nodes show up. When I specify the AMI, the nodes get built but they do not get attached to the cluster.
    cluster = eks.Cluster(
        cluster_name,
        name=cluster_name,
    # Omitting the node_ami_id succeeds. Adding it in causes nodes to build but not be attached.
        node_ami_id="ami-092263943bcda23f5",
        node_root_volume_size=50,
        desired_capacity=2,
        min_size=1,
        max_size=2,
        encrypt_root_block_device=True,
        vpc_id=myVpc.id,
        cluster_security_group=my_security_group,
        endpoint_public_access=True,
        endpoint_private_access=True,
        public_subnet_ids=public_subnet_ids,
        create_oidc_provider=True,
    )
    b
    • 2
    • 7
  • f

    faint-dog-16036

    07/27/2021, 7:09 PM
    Man, absolute nightmare scenario using pulumi (this was probably my mistake): I just finished moving our dev cluster and vcs system to be managed by pulumi. I ran locally before landing into gitops to ensure things were clean, pulumi runs on gitops and wipes away our vcs hard disk, blob files, database and half of my cluster at random. The connection and state was fine just seconds before.
    😞 1
    🤔 1
    b
    • 2
    • 9
  • r

    rough-energy-67721

    07/27/2021, 7:43 PM
    Hello Everyone! Thanks for the call for AWS Community Builders, and the link to the Slack Channel. I work at T-Systems México, and I am part of the AWS User Group for México City, and the AWS Community Builders. Love to develop, and like CDK a lot. My first question: What does Pulumi means?
    ❤️ 1
    g
    h
    • 3
    • 3
  • k

    kind-cpu-30872

    07/28/2021, 5:12 AM
    Hey, need some help. I want to import a handful of existing resources. The resources to import need to be gathered at runtime. I need to search the cloud provider (aws for me) by tag, then import all resources with that tag. I feel like this is a dumb question, but I can't figure out how to query the cloud provider in this way using Pulumi, can anyone point me in the right direction on how to do this? Or, if such a mechanism doesn't exist in Pulumi, what's an alternative? Is it common to import the aws sdk to query what I need, then use Pulumi's "import_" to bring them under the Pulumi umbrella?
    l
    b
    • 3
    • 7
  • b

    boundless-cartoon-44055

    07/28/2021, 7:44 AM
    Hey there! 👋 I am looking into concurrency control for alternative backends. https://news.ycombinator.com/item?id=26884879 states, this was added into Pulumi a while ago. I am unable to find any documentation on this, though. Maybe someone could help push me in the right direction here?
    b
    • 2
    • 7
  • l

    little-van-8457

    07/28/2021, 8:13 AM
    Updating (test-stack):
    
    
    
        pulumi:pulumi:Stack test-project-test-stack running 
    
     ~  alicloud:fc:Service qianfeng-pulumi-component-test updating [diff: ~description]
    
     ~  alicloud:fc:Service qianfeng-pulumi-component-test updated [diff: ~description]
    
        alicloud:fc:Function my-function-1  
    
     ~  alicloud:fc:Service qianfeng-pulumi-component-test **updating failed** [diff: ~description]; error: Cannot delete parent resource 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service::qianfeng-pulumi-component-test' without also deleting child 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service$alicloud:fc/function:Function::my-function-1'.
    
        pulumi:pulumi:Stack test-project-test-stack  
     
    
    Diagnostics:
      alicloud:fc:Service (qianfeng-pulumi-component-test):
        error: Cannot delete parent resource 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service::qianfeng-pulumi-component-test' without also deleting child 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service$alicloud:fc/function:Function::my-function-1'.
     
    Outputs:
        functionUrn: "urn:pulumi:test-stack::test-project::alicloud:fc/service:Service$alicloud:fc/function:Function::my-function-1"
        serviceUrn : "urn:pulumi:test-stack::test-project::alicloud:fc/service:Service::qianfeng-pulumi-component-test"
    
    Resources:
        ~ 1 updated
        2 unchanged
    c
    • 2
    • 18
  • m

    many-salesmen-89069

    07/28/2021, 8:36 AM
    Hi, I'm wondering if Pulumi has first class support for Packer like the Docker.Image resource? I'd like to set up a bastion instance as part of my Pulumi stack and I'd like to build the AMI for it with Packer
    b
    l
    • 3
    • 4
  • g

    great-sunset-355

    07/28/2021, 1:25 PM
    Hi, I have a problem with renaming resources with aliases. I've read both articles: https://www.pulumi.com/blog/refactoring-iac/ https://www.pulumi.com/docs/intro/concepts/resources/#aliases But I'm not sure how to apply it for my use case and prevent deleting resources After creating several component resources and deploying them I noticed that the parent-child relationship is not correct due to the bug in my code where I merged the
    opts
    from
    parent
    into
    child
    - but
    parent_opts
    overridden
    child_opts
    but I wanted it the other way around where I can override
    parent_opts
    with
    child_opts
    during the merge. For that, I created a sample code: https://gist.github.com/1oglop1/dcb258471cd33f572bedf67c63b7fe00 with 2 merging methods: -
    merge_opts_a
    -
    child_opts.merge(parent_opts)
    - current & wrong -
    merge_opts_b
    -
    ResourceOptions.merge(parent_opts, child_opts)
    - expected & correct When I change from
    merge_opts_a
    to
    merge_opts_b
    and run
    pulumi preview
    it says that I'll delete some resources which I need to prevent. How can I correctly apply aliases to prevent the deletion of the resources? Assume all components are supposed to be reusable in another project that does not suffer the current problem. How is this going to behave when I deploy a different stack with Aliases? Can the same alias be assigned to multiple components/resources? Is it possible to pass the alias from the parent without modifying the children's code? Thank you Attached pictures: left - current & wrong, right - expected & correct After trial and error, I managed to solve it by editing the
    AppComponent
    merged_opts = pulumi.ResourceOptions.merge(
                parent_opts,
                pulumi.ResourceOptions(
                    parent=self,
                    aliases=[
                        Alias(parent=self),
                        Alias(parent=pulumi.ROOT_STACK_RESOURCE)
                    ]
                ),
            )
    ✅ 1
  • l

    little-whale-73288

    07/28/2021, 1:39 PM
    Hello, how can I generate a diff file between the actual state and the pulumi state?
    pulumi refresh --diff --non-interactive
    complains with:
    error: --yes must be passed in to proceed when running in non-interactive mode
    I'd rather pass a
    --no
    if it was available
    b
    • 2
    • 49
  • c

    cool-egg-852

    07/28/2021, 2:56 PM
    I believe there was an issue for tracking the fact that pulumi treats all resources, that reference a leaf resource that contains a secret, as a secret. Does anyone know the issue I’m referring to, and or any solutions? For example, if I have a
    Deployment
    which references a
    Secret
    for
    imagePullSecrets
    , then anything that references
    Deployment
    , such as a
    Service
    , has output marked as a secret for that particular property (think labels, etc.), rather than showing them in plain text as the property is not actually a secret.
    • 1
    • 1
  • b

    bland-lamp-16797

    07/28/2021, 3:00 PM
    time pulumi --logtostderr -v=7 stack ls
    takes around 4 minutes if the GCP bucket is not near the client. Is there any way for me to detect what exactly is causing this? The output of
    -v=7
    do not give alot
  • g

    great-sunset-355

    07/28/2021, 3:42 PM
    Is it possible to deserialize
    stackReference
    into
    pydantic
    object?
    stack core
    import pulumi
    import pulumi_aws.route53 as route53
    my_zone = route53.Zone(
        "my-zone",
        comment="",
        force_destroy=False,
        name="<http://my-zone.domain.com|my-zone.domain.com>",
        opts=pulumi.ResourceOptions(protect=True),
    )
    
    pulumi.export("my_zone", my_zone)
    stack app/dev
    import pulumi
    from pydantic import BaseModel
    
    
    class MyZone(BaseModel):
        zone_id: str
        force_destroy: bool
    
    
    ref_zone = pulumi.StackReference('jan/proj/core')
    
    my_zone_pd = MyZone(**ref_zone.require_output('my_zone'))  # this is a problem
    is there any trick on how to assign variables during
    Output.apply()
    ?
    b
    r
    • 3
    • 7
  • c

    chilly-lamp-75954

    07/28/2021, 9:08 PM
    Hello, Can
    ignoreChanges
    resource option be used to ignore provider changes on resource? I’ve tried to ignore ‘provider’ and ‘~provider’ - that did not work - thought i’ll ask here before I go into rabbit hope of digging it in core sources.
    l
    • 2
    • 9
  • p

    proud-dusk-33872

    07/28/2021, 9:10 PM
    Is it possible to impact / override how a resource is compared for changes vs how it will be deployed? An example would be a config store that uses a "sentinal" value to trigger when config has changed - I want to set the sentinal value as part of changes other values, but I don't want it detected as a change itself.
    l
    • 2
    • 6
  • p

    proud-dusk-33872

    07/28/2021, 9:27 PM
    Can the
    parent
    of a resource be via a stack reference? (I want to ignore changes of child resources X on the parent stack, and have other stacks contribute one or more children)
    l
    • 2
    • 10
Powered by Linen
Title
p

proud-dusk-33872

07/28/2021, 9:27 PM
Can the
parent
of a resource be via a stack reference? (I want to ignore changes of child resources X on the parent stack, and have other stacks contribute one or more children)
My actual example is Event Grid subscriptions in Azure (though it would apply to SNS subscriptions in AWS)
l

little-cartoon-10569

07/28/2021, 9:37 PM
No. You cannot move resources between stacks like that. You can grab a resource's ID from another stack and create a read-only version of the resource, and make that the parent... but that's liable to cause problems later (e.g. when deleting resources).
But the parent attribute doesn't mean anything important at the provider level. It's only used for drawing resource graphs (e.g. in pulumi preview) and opt-inheritance. Just go with null parent, or this if it's in a ComponentResource.
p

proud-dusk-33872

07/28/2021, 9:45 PM
Ah gotcha. Can a read-only parent have a read-write child?
Also, if it's read only in the child stack I'm assuming the only way of getting it into state is by doing a refresh?
l

little-cartoon-10569

07/28/2021, 9:49 PM
Yes, afaik the writiness of a resources is not inherited 🙂
No, it's a full resource, but it doesn't provision/update it. Onesec I'll find the docs.
Heh, it's not documented as a separate concept. Just the get functions in each resource. https://www.pulumi.com/docs/reference/pkg/azure/eventgrid/eventsubscription/#look-up
So you'd need the id to be passed by StackReference, then use it in the 2nd stack. The name doesn't have to match and could be used to emphasize that it is a read-only resource managed in a different stack.
p

proud-dusk-33872

07/28/2021, 10:17 PM
Awesome that gives me enough to go off. Thanks for your help
👍 1
View count: 2