pulumi-community #general

lively-ice-73493

08/16/2021, 9:08 PM

Copy code

// Attach required role for ECS to pull images
const roleAttachment = new aws.iam.PolicyAttachment(
  `${solution_name}-policy-attachment`,
  {
    roles: [solutionRole.name],
    policyArn:
       aws.iam.ManagedPolicy.AmazonECSTaskExecutionRolePolicy,
  }
);

The

AmazonECSTaskExecutionRolePolicy

is attached to another Role (role-b) in an AWS account. When you run

pulumi destroy

on the pipeline with the attachment in it, the attachment is also removed from

role-b

. System down. This seems related: https://github.com/pulumi/pulumi/issues/918 What am suppose to do besides create a bunch of user-defined policies and not use managed policies? Not what we want to do.

worried-church-46455

08/17/2021, 1:40 AM

Config File Format 👋 , I think it’d be nice to have a configuration format looks like this: to me it’s a bit easier to see the differences among the resources in different stacks, since the config file can get pretty big.

Copy code

config:
  aws:rds:Instance:
    engine: "mysql"
    instance_type:
      dev: "db.t2.micro"
      prod: "db.t2.xlarge"

I can do some codegen myself to regroup my new configuration format and separate it into .dev.yml & .prod.yml. Do you guys see any obvious cons with this step up? Is it possible to customize this behavior with in pulumi?

lemon-television-29125

08/17/2021, 7:55 AM

lemon-television-29125

08/17/2021, 7:56 AM

does anyone got success with the node_group_options in pulumi-eks.Cluster?

ancient-eve-13947

08/17/2021, 1:03 PM

why does docker.image create two tags in my ACR? one with the tag that I actually specify, another one with the commit hash. Can I turn this off?

mysterious-lighter-33699

08/17/2021, 2:18 PM

has anyone here tried building an integration with

deliverybot

for updating pulumi environments? I think it would allow us to do exactly what we need to do (have a really convenient & streamlined manual intervention step before deploying but be integrated with github actions), but I can't find the two mentioned together yet.

calm-quill-21760

08/17/2021, 5:30 PM

Good morning! I’m trying to automate deployment of several steps in EKS, including the creation of a CA, the CSR, and the Kubernetes secret. I see classes like

CertificateSigningRequestConditionArgs

and

CertificateSigningRequestStatusArgs

but have yet to find documentation as to how these tie into a

CertificateSigningRequest

so I can get the Kubernetes secret signed (“Approved,Issued”). Anyone have a pointer to an example?

refined-terabyte-65361

08/17/2021, 6:05 PM

Hello, I have pulumi stack in aws s3 how to import it to local ?

mysterious-lighter-33699

08/17/2021, 6:33 PM

hm, strike that question above - but is there an easy way to get, from

pulumi up

the URL where people can follow along, in a machine-readable form? I'd like to provide a link to that from a github workflow and it's only really accessible in logs right now

ancient-night-64850

08/17/2021, 7:14 PM

(typescript) How can I append a key value to this array? public static tags: pulumi.Input<{[key: string]: pulumi.Input<string>}>; tags = { "key1": "val1", "key2": "val2" }; Doing this replaces all the current tags with just the one key/value pair tags && { "key3": "val3" }

rough-window-15889

08/17/2021, 7:41 PM

How is everyone organizing their pulumi stacks? Are you using monolith stacks? Are you using microstacks? Have you used one and changed to the other? What were lessons learned or advantages to the different approaches?

wet-fall-57893

08/18/2021, 2:22 AM

hey everyone. what do I need to do in order to run

spread

const ssmPolicyDocumentStatement: pulumi.Input<pulumi.Input<aws.iam.PolicyStatement>[]>

context: need to merge 2 statements one from AWS managed policy the other is custom

rich-cat-16319

08/18/2021, 2:35 AM

Hi. I'm playing around with creating pulumi component providers using this example. and one of the properties of the component I am creating is an Azure App Service. The example uses an S3 bucket and has a

"$ref": "/aws/v4.0.0/schema.json#/resources/aws:s3%2Fbucket:Bucket"

that is in the

schema.json

Does anyone know where can I find the same reference but for the

azure-native:web:WebApp

fast-florist-41572

08/18/2021, 8:45 AM

Is there any easy way to rename a project a move around the files/folder root of the project

ancient-eve-13947

08/18/2021, 9:51 AM

is there a way to un-secret a pulumi.Output<> that's marked as secret because it depends/derives from a secret value in order to generate a config file for a non-Pulumi managed application?

ancient-eve-13947

08/18/2021, 11:03 AM

also, when creating docker images with pulumi, is there a way to suppress the output of all the layers when doing

pulumi up

pulumi preview

sparse-intern-71089

08/18/2021, 1:32 PM

This message was deleted.

icy-jordan-58549

08/18/2021, 3:13 PM

team, I want to highlight it here, we’ve had monorepo together with pulumi code for a long time and it was tough to keep it together due to performance issues, typescript was trying to index definition files forever, today we are gonna remove pulumi out from our codebase and keep it separately, which totally disables an ability to use interfaces across infra + backend in a single monorepo. https://github.com/pulumi/pulumi/issues/7082 (this issue was created in May 2021, no response, I hope you will find some time to have at least your input on this issue)

billowy-pilot-50934

08/18/2021, 3:34 PM

Hi, silly question here, how is pulumi pronounced?

stocky-magazine-78486

08/18/2021, 3:37 PM

Reposting here, to have a better reach

many-psychiatrist-74327

08/18/2021, 4:30 PM

👋 hello! qq: is there a way to see the historical outputs of my stack?

pulumi stack output

tells me what the outputs are now, but can I see the outputs for a previous revision/version?

👍 1

billowy-pilot-50934

08/18/2021, 6:42 PM

#general I'm testing out importing resources in AWS. I am using a dotnet application with the AWS SDK. I was able to import the VPC, security group and subnets. When I go online and view my resources, I see that Pulumi has imported additional information that I did not supply. In this case, Pulumi shows the egress and ingress information in the resource tab. I did not specify that information, but it is correct. Is there a way to import that additional information into the application? I see that I can copy the JSON for the security group by clicking details, but is there a way to have Pulumi update my c# code? my stack.yaml only has the region I an using, and the Pulumi.yaml only has the name, description and runtime. Example code below

billowy-pilot-50934

08/18/2021, 6:43 PM

This is the JSON for the ingress array of the security group I imported

billowy-pilot-50934

08/18/2021, 6:43 PM

Copy code

[
  {
    "cidrBlocks": [],
    "description": "Traffic from subnet",
    "fromPort": 0,
    "ipv6CidrBlocks": [],
    "prefixListIds": [],
    "protocol": "-1",
    "securityGroups": [],
    "self": true,
    "toPort": 0
  },
  {
    "cidrBlocks": [],
    "description": "Traffic VPN",
    "fromPort": 0,
    "ipv6CidrBlocks": [],
    "prefixListIds": [],
    "protocol": "-1",
    "securityGroups": [
      "sg-Hidden"
    ],
    "self": false,
    "toPort": 0
  },
  {
    "cidrBlocks": [
      "0.0.0.0/0"
    ],
    "description": "HTTPS",
    "fromPort": 443,
    "ipv6CidrBlocks": [],
    "prefixListIds": [],
    "protocol": "tcp",
    "securityGroups": [],
    "self": false,
    "toPort": 443
  }
]

billowy-pilot-50934

08/18/2021, 6:43 PM

Here is the c# code I am using

billowy-pilot-50934

08/18/2021, 6:43 PM

Copy code

private SecurityGroup ImportSecurityGroup()
    {
        var tags = new InputMap<string>();
        tags.Add("Name", "subnet-1_SG");

        return new SecurityGroup("dev-1a_sg",
            new SecurityGroupArgs
            {
                Name = "dev-public-1a_sg",
                VpcId = "vpc-097dc5c3d016997a8",
                Description = "Security group",
                Tags = tags,
                // I would like to get this information
                // which shows in my stack online
                Egress = null
                //^^^^^^^
            },
            new CustomResourceOptions
            {
                ImportId = "sg-Hidden"
            });
    }

billowy-pilot-50934

08/18/2021, 6:44 PM

Other than using the JSON online, is there a way to generate the properties with that additional info?

calm-quill-21760

08/18/2021, 10:56 PM

How do I prevent

pulumi

from downloading a plugin? I have a previous version installed but it insists on downloading a later one (that I suspect has a bug).

rapid-iron-52715

08/18/2021, 11:07 PM

I get an "refusing to proceed" when I try to import an exported stack where I deleted resources from "pending_operations", but this is the solution offered by the CLI.

rapid-iron-52715

08/18/2021, 11:08 PM

I had the impression these manual imports would get me around this refusal, haha