pulumi-community #general

Channels

general

great-sunset-355

07/23/2021, 9:45 AM

How can I copy config between different projects? I've renamed the project by exporting and importing the stack, now I'd like to also copy the config to the new project, how can I do it? I tried

pulumi config cp --stack staging  --dest <owner>/dest-proj/staging

I get

error: [400] Message authentication failed

✅ 1

mysterious-australia-14256

07/23/2021, 3:51 PM

Hi, we are considering switching from an Azure backend to the Pulumi managed (Team) backend. Is there any information on SLAs associated with this service?

👍 2

little-whale-73288

07/23/2021, 4:30 PM

Hi, how can I create Pulumi access tokens for continuous delivery that are not tied to a particular person? I'd like their scope to be limited to a particular project within the organization

👍 1

miniature-advantage-31279

07/24/2021, 4:35 AM

Hi guys, just curious, how do you manage to avoid the Route53 records errors for:

[ERR]: Error building changeset: InvalidChangeBatch: [Tried to create resource record set [name='***', type='CNAME'] but it already exists]

even though I applied the options for:

{ deleteBeforeReplace: true },

average-television-1214

07/25/2021, 11:40 PM

Folks, the golang SDK often blows up on ctx.Export() in GCP, when some components are not ready. What's the general approach to dealing with it? As the script grows destroying and re-running from scratch becomes lengthier and and lengthier.

average-television-1214

07/25/2021, 11:43 PM

Something like this is not very helpful in identifying a root cause:

panic: fatal: An assertion has failed
 
goroutine 201 [running]:
 
<http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)>
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/common/util/contract/failfast.go:23
 
<http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)>
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/common/util/contract/assert.go:26
 
<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x288d040|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x288d040>, 0xc0000e0000, 0x2d2a180, 0x25fdda0, 0xc0000dd801, 0x109e5f2, 0x265f0e0, 0x1, 0xc0000dd898, 0x109ce25, ...)
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:280 +0x38c5
 
<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x29b50e0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x29b50e0>, 0xc000288850, 0x2d2a180, 0x25fdda0, 0x29b5001, 0xc000288850, 0x265f0e0, 0xc0000120b0, 0x94, 0x0, ...)
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:171 +0x73
 
<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x26d12a0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInputAndDetermineSecret(0x26d12a0>, 0xc000188450, 0x2d2a180, 0x2632e00, 0xc0001eee01, 0x1785baf, 0x273ee80, 0xc000592350, 0x2d2a180, 0x2454880, ...)
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:374 +0x100a
 
<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x26d12a0|github.com/pulumi/pulumi/sdk/v3/go/pulumi.marshalInput(0x26d12a0>, 0xc000188450, 0x2d2a180, 0x25fdda0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, ...)
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/rpc.go:171 +0x73
 
<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs.func1(0xc00026e000|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs.func1(0xc00026e000>, 0x2d24678, 0xc00023c1c0, 0xc000188450)
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/context.go:1400 +0x13d
 
created by <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*Context).RegisterResourceOutputs>
 
	/Users/alexlokshin/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.8.0/go/pulumi/context.go:1387 +0x96
 
exit status 2
 
error: an unhandled error occurred: program exited with non-zero exit code: 1

breezy-butcher-78604

07/26/2021, 5:53 AM

is there a way to get Pulumi to download any relevant security policies in advance? contest is I'm trying to build a Pulumi docker image with a Pulumi project to be run in CI/CD and I want to download/install all relevant providers and security policies as I can at build time so that it doesn't need to do it at run time. providers appear to get installed when the relevant npm modules are installed, but security policies only get downloaded when I run

pulumi up

quiet-architect-74241

07/26/2021, 8:36 AM

Looking for an example on how to use the VirtualMachineExtension in C#, Azure Native.

new AzureNative.Compute.VirtualMachineExtension($"{vmName}-VMExtensions", new AzureNative.Compute.VirtualMachineExtensionArgs()
            {
                VmName = vmName,
                ResourceGroupName = resourceGroup.Name,
                AutoUpgradeMinorVersion = true,
                Publisher = "Microsoft.Powershell",
                Type = "DSC",
                TypeHandlerVersion = "2.73",
                Settings = Output.Tuple(hostPool.Name, hostPool.RegistrationInfo).Apply((tuple) =>
                {
                    return JsonConvert.SerializeObject(new
                    {
                        modulesUrl = "<https://storageblobname.blob.core.windows.net/galleryartifacts/Configuration_5-5-2021.zip>",
                        configurationFunction = "Configuration.ps1\\AddSessionHost",
                        properties = new
                        {
                            hostPoolName = tuple.Item1,
                            registrationInfoToken = tuple.Item2.Token,
                            aadJoin = false,
                        }
                    });
                })
            });

which results in this error:

error: azure-native:compute:VirtualMachineExtension resource 'somename-vm-01-VMExtensions' has a problem: 'settings' should be of type '' but got a string

although the documentation says about the settings property:

Json formatted public settings for the extension.

I verified that the string that I am using for the settings property has the exact syntax as when I export the VirtualMachineExtension from the Azure Portal. Looking documentation or an example on how to use the VirtualMachineExtension for DSC extension. Can't find an example anywhere using my Google Fu.

quaint-garage-36651

07/26/2021, 11:14 AM

Hi Looking for example how to connect Network security Group to Network interface and how to add multiple rules in NSG using python for development of Azure

proud-dusk-33872

07/26/2021, 12:15 PM

Hi there. Is the slowness of

pulumi stack output

a known issue - and is there any way to work around it? It takes about 20 seconds to run for me and we have ~25 output variables

curved-ghost-20494

07/26/2021, 4:50 PM

Is there a away of “auto output-ing” variables? For example

const instance = new CustomResource('foo');

export.bar = instance.bar;
export.baz = instance.baz;
export.bam = instance.bam;

It’s kind of irritating to do this for lots of variables, especially if I then go and create more instances.

curved-ghost-20494

07/26/2021, 8:12 PM

Another question if I may! Is the

dependsOn

array supposed to work with a

ComponentResource

? I’ve created a wrapper around a tonne of project boilerplate, but I need an SSL certificate to be generated first.

let cert = new aws.acm.Certificate("cert", { domainName: '<http://example.com|example.com>' ]);

const project = new Project('foo', { dependsOn: [cert] });

Inside the

Project

there’s a call to

getCertificate('<http://example.com|example.com>')

and it fails as soon as I Run

pulumi up

, rather than waiting for the acm Certificate to complete. I’ve had

dependsOn

working in GCP without CustomResources no problem. Am I approaching this the right way, should I be doing something else perhaps? J x

worried-city-86458

07/26/2021, 11:19 PM

Quick question before I consider changing a username - do pulumi accounts using email login (within an organization) have to have a unique username across all of pulumi or just within the org?

great-sunset-355

07/27/2021, 5:13 AM

How can I undo

pulumi.export("some","value")

? Is this a bug? I exported the value and now I'd like to remove it so I removed it from the code and

pulumi up -y

Diff showed

Outputs:
  - some: "value"

But then

pulumi stack

still shows

Current stack outputs (1):
    OUTPUT  VALUE
    some    value

Pulumi then shows that it's removing the output until: another value is added to the Outputs

pulumi.export('another', 'value')

Then

pulumi up -y

Outputs:
  + another: "value"
  - some   : "value"

Then:

pulumi stack

Current stack outputs (1):
    OUTPUT   VALUE
    another  value

Note: As long as there is at least one output, removing it works as expected. The described scenario above happens if there is only 1 output in the stack to be removed.

kind-manchester-13281

07/27/2021, 7:17 AM

Hello!, quick question here: Im having trouble using pulumi on an aws ec2 machine with a role - terraform works great with that role but pulumi fails with:

2021-07-26 14:21:04,109 integration-test    [ip-172-31-30-43] 62c7f849 ERROR: got an exception while creating environment: 
 code: 255
 stdout: Updating (test):
+  pulumi:pulumi:Stack test-test creating
aws:ec2:SecurityGroup uat_automation_ubuntu:18.04_0_docker_installed_sg  error: 1 error occurred:
+  pulumi:pulumi:Stack test-test created
aws:ec2:SecurityGroup uat_automation_ubuntu:18.04_0_docker_installed_sg **failed** 1 error
Diagnostics:
aws:ec2:SecurityGroup (uat_automation_ubuntu:18.04_0_docker_installed_sg):
error: 1 error occurred:
* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
Please see <https://registry.terraform.io/providers/hashicorp/aws>
for more information about providing credentials.
Error: NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
Resources:

This is a ci machine that already has a role assumed, what should I do? Thanks!

calm-quill-21760

07/27/2021, 6:20 PM

Hi all! I’m building an EKS cluster and wanted to confirm whether this expected behavior. Basically, when I supply the minimum config, the EKS cluster builds and the nodes show up. When I specify the AMI, the nodes get built but they do not get attached to the cluster.

cluster = eks.Cluster(
    cluster_name,
    name=cluster_name,
# Omitting the node_ami_id succeeds. Adding it in causes nodes to build but not be attached.
    node_ami_id="ami-092263943bcda23f5",
    node_root_volume_size=50,
    desired_capacity=2,
    min_size=1,
    max_size=2,
    encrypt_root_block_device=True,
    vpc_id=myVpc.id,
    cluster_security_group=my_security_group,
    endpoint_public_access=True,
    endpoint_private_access=True,
    public_subnet_ids=public_subnet_ids,
    create_oidc_provider=True,
)

faint-dog-16036

07/27/2021, 7:09 PM

Man, absolute nightmare scenario using pulumi (this was probably my mistake): I just finished moving our dev cluster and vcs system to be managed by pulumi. I ran locally before landing into gitops to ensure things were clean, pulumi runs on gitops and wipes away our vcs hard disk, blob files, database and half of my cluster at random. The connection and state was fine just seconds before.

😞 1

🤔 1

rough-energy-67721

07/27/2021, 7:43 PM

Hello Everyone! Thanks for the call for AWS Community Builders, and the link to the Slack Channel. I work at T-Systems México, and I am part of the AWS User Group for México City, and the AWS Community Builders. Love to develop, and like CDK a lot. My first question: What does Pulumi means?

❤️ 1

kind-cpu-30872

07/28/2021, 5:12 AM

Hey, need some help. I want to import a handful of existing resources. The resources to import need to be gathered at runtime. I need to search the cloud provider (aws for me) by tag, then import all resources with that tag. I feel like this is a dumb question, but I can't figure out how to query the cloud provider in this way using Pulumi, can anyone point me in the right direction on how to do this? Or, if such a mechanism doesn't exist in Pulumi, what's an alternative? Is it common to import the aws sdk to query what I need, then use Pulumi's "import_" to bring them under the Pulumi umbrella?

boundless-cartoon-44055

07/28/2021, 7:44 AM

Hey there! 👋 I am looking into concurrency control for alternative backends. https://news.ycombinator.com/item?id=26884879 states, this was added into Pulumi a while ago. I am unable to find any documentation on this, though. Maybe someone could help push me in the right direction here?

little-van-8457

07/28/2021, 8:13 AM

Updating (test-stack):



    pulumi:pulumi:Stack test-project-test-stack running 

 ~  alicloud:fc:Service qianfeng-pulumi-component-test updating [diff: ~description]

 ~  alicloud:fc:Service qianfeng-pulumi-component-test updated [diff: ~description]

    alicloud:fc:Function my-function-1  

 ~  alicloud:fc:Service qianfeng-pulumi-component-test **updating failed** [diff: ~description]; error: Cannot delete parent resource 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service::qianfeng-pulumi-component-test' without also deleting child 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service$alicloud:fc/function:Function::my-function-1'.

    pulumi:pulumi:Stack test-project-test-stack  
 

Diagnostics:
  alicloud:fc:Service (qianfeng-pulumi-component-test):
    error: Cannot delete parent resource 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service::qianfeng-pulumi-component-test' without also deleting child 'urn:pulumi:test-stack::test-project::alicloud:fc/service:Service$alicloud:fc/function:Function::my-function-1'.
 
Outputs:
    functionUrn: "urn:pulumi:test-stack::test-project::alicloud:fc/service:Service$alicloud:fc/function:Function::my-function-1"
    serviceUrn : "urn:pulumi:test-stack::test-project::alicloud:fc/service:Service::qianfeng-pulumi-component-test"

Resources:
    ~ 1 updated
    2 unchanged

many-salesmen-89069

07/28/2021, 8:36 AM

Hi, I'm wondering if Pulumi has first class support for Packer like the Docker.Image resource? I'd like to set up a bastion instance as part of my Pulumi stack and I'd like to build the AMI for it with Packer

great-sunset-355

07/28/2021, 1:25 PM

Hi, I have a problem with renaming resources with aliases. I've read both articles: https://www.pulumi.com/blog/refactoring-iac/ https://www.pulumi.com/docs/intro/concepts/resources/#aliases But I'm not sure how to apply it for my use case and prevent deleting resources After creating several component resources and deploying them I noticed that the parent-child relationship is not correct due to the bug in my code where I merged the

opts

from

parent

into

child

- but

parent_opts

overridden

child_opts

but I wanted it the other way around where I can override

parent_opts

with

child_opts

during the merge. For that, I created a sample code: https://gist.github.com/1oglop1/dcb258471cd33f572bedf67c63b7fe00 with 2 merging methods: -

merge_opts_a

child_opts.merge(parent_opts)

- current & wrong -

merge_opts_b

ResourceOptions.merge(parent_opts, child_opts)

- expected & correct When I change from

merge_opts_a

merge_opts_b

and run

pulumi preview

it says that I'll delete some resources which I need to prevent. How can I correctly apply aliases to prevent the deletion of the resources? Assume all components are supposed to be reusable in another project that does not suffer the current problem. How is this going to behave when I deploy a different stack with Aliases? Can the same alias be assigned to multiple components/resources? Is it possible to pass the alias from the parent without modifying the children's code? Thank you Attached pictures: left - current & wrong, right - expected & correct After trial and error, I managed to solve it by editing the

AppComponent

merged_opts = pulumi.ResourceOptions.merge(
            parent_opts,
            pulumi.ResourceOptions(
                parent=self,
                aliases=[
                    Alias(parent=self),
                    Alias(parent=pulumi.ROOT_STACK_RESOURCE)
                ]
            ),
        )

✅ 1

little-whale-73288

07/28/2021, 1:39 PM

Hello, how can I generate a diff file between the actual state and the pulumi state?

pulumi refresh --diff --non-interactive

complains with:

error: --yes must be passed in to proceed when running in non-interactive mode

I'd rather pass a

--no

if it was available

cool-egg-852

07/28/2021, 2:56 PM

I believe there was an issue for tracking the fact that pulumi treats all resources, that reference a leaf resource that contains a secret, as a secret. Does anyone know the issue I’m referring to, and or any solutions? For example, if I have a

Deployment

which references a

Secret

for

imagePullSecrets

, then anything that references

Deployment

, such as a

Service

, has output marked as a secret for that particular property (think labels, etc.), rather than showing them in plain text as the property is not actually a secret.

bland-lamp-16797

07/28/2021, 3:00 PM

time pulumi --logtostderr -v=7 stack ls

takes around 4 minutes if the GCP bucket is not near the client. Is there any way for me to detect what exactly is causing this? The output of

-v=7

do not give alot

great-sunset-355

07/28/2021, 3:42 PM

Is it possible to deserialize

stackReference

into

pydantic

object?

stack core

import pulumi
import pulumi_aws.route53 as route53
my_zone = route53.Zone(
    "my-zone",
    comment="",
    force_destroy=False,
    name="<http://my-zone.domain.com|my-zone.domain.com>",
    opts=pulumi.ResourceOptions(protect=True),
)

pulumi.export("my_zone", my_zone)

stack app/dev

import pulumi
from pydantic import BaseModel


class MyZone(BaseModel):
    zone_id: str
    force_destroy: bool


ref_zone = pulumi.StackReference('jan/proj/core')

my_zone_pd = MyZone(**ref_zone.require_output('my_zone'))  # this is a problem

is there any trick on how to assign variables during

Output.apply()

chilly-lamp-75954

07/28/2021, 9:08 PM

Hello, Can

ignoreChanges

resource option be used to ignore provider changes on resource? I’ve tried to ignore ‘provider’ and ‘~provider’ - that did not work - thought i’ll ask here before I go into rabbit hope of digging it in core sources.

proud-dusk-33872

07/28/2021, 9:10 PM

Is it possible to impact / override how a resource is compared for changes vs how it will be deployed? An example would be a config store that uses a "sentinal" value to trigger when config has changed - I want to set the sentinal value as part of changes other values, but I don't want it detected as a change itself.

proud-dusk-33872

07/28/2021, 9:27 PM

Can the

parent

of a resource be via a stack reference? (I want to ignore changes of child resources X on the parent stack, and have other stacks contribute one or more children)

Title

proud-dusk-33872

07/28/2021, 9:27 PM

Can the

parent

of a resource be via a stack reference? (I want to ignore changes of child resources X on the parent stack, and have other stacks contribute one or more children)

My actual example is Event Grid subscriptions in Azure (though it would apply to SNS subscriptions in AWS)

little-cartoon-10569

07/28/2021, 9:37 PM

No. You cannot move resources between stacks like that. You can grab a resource's ID from another stack and create a read-only version of the resource, and make that the parent... but that's liable to cause problems later (e.g. when deleting resources).

But the parent attribute doesn't mean anything important at the provider level. It's only used for drawing resource graphs (e.g. in pulumi preview) and opt-inheritance. Just go with null parent, or this if it's in a ComponentResource.

proud-dusk-33872

07/28/2021, 9:45 PM

Ah gotcha. Can a read-only parent have a read-write child?

Also, if it's read only in the child stack I'm assuming the only way of getting it into state is by doing a refresh?

little-cartoon-10569

07/28/2021, 9:49 PM

Yes, afaik the writiness of a resources is not inherited 🙂

No, it's a full resource, but it doesn't provision/update it. Onesec I'll find the docs.

Heh, it's not documented as a separate concept. Just the get functions in each resource. https://www.pulumi.com/docs/reference/pkg/azure/eventgrid/eventsubscription/#look-up

So you'd need the id to be passed by StackReference, then use it in the 2nd stack. The name doesn't have to match and could be used to emphasize that it is a read-only resource managed in a different stack.

proud-dusk-33872

07/28/2021, 10:17 PM

Awesome that gives me enough to go off. Thanks for your help

👍 1

View count: 2