Hey all, do we have

typescript

package for istio provider?

Hello there! I'm having problem while removing aws.lambda_.Permission resource,

pulumi up

stucks on "deleting..", verbose logging shows 500 error "An error occurred and the request cannot be processed.", Does anybody know how I can get more details about this error (cloudwatch or sth) ?

Hi all, I’m wondering if anyone has any suggestion for monitoring the status of BigQuery jobs deployed from Pulumi I’m able to create a job using code from the example here https://www.pulumi.com/docs/reference/pkg/gcp/bigquery/job/ however the Pulumi deployment returns successful whether the job passed or failed I see there’s a way to look up an existing job resource and view it’s status but not sure how I can make it work with polling, as it looks like this creates a new Pulumi resource with ID and I’d need to potentially check the status many times until the job is done or times out

Heya all. I have a few questions regarding the Pulumi K8s Operator (PKO), which I’d really appreciate some feedback on. In no particular order: Does the PKO support checking out the head of branches, rather than specific commits - i.e. follow master (and what is the default branch it uses - it is complaining about not being able to find my master branch); Does PKO support local state management, rather than operating against the Pulumi API? (If so, how does one pass this requirement to the stack CR); I’m getting “Failed to setup Pulumi workdir”,“Request.Namespace”:“default”,“Request.Name”:“bow-poc”,“Stack.Name”:“bow-poc”,“error”:“failed to create local workspace: failed to create workspace, unable to enlist in git repo: unable to checkout branch: object not found”" when attempting to pull down a remote repo. Could someone point me in the right direction, please?

Hi!! I have a question ... we have an output when I do pulumi up with"read" but it want to delete some resource... what means "read"?

Im using aws and need to use a specific role to connect to and perform changes, is there anything on setting the cli to allow this?

Hi there, wondering if anyone has experience with Azure ApplicationGateway using azure-native (https://www.pulumi.com/docs/reference/pkg/azure-native/network/applicationgateway/) and writing the templates in C#. I’m having a lot of trouble resolving the Ids for child components such as

HttpListeners.FrontendConfiguration

. I have separating

ApplicationGatewayFrontendIPConfigurationArgs

into its own variable, defining it ahead of the ApplicationGateway, and then attempting to use

new SubResourceArgs { Id: frontendConfig.Id }

to get the Id, but this doesn’t appear to resolve before it is needed (Which makes sense since it’s part of the ApplicationGateway) I have also tried predicting the Ids ahead of time, but I realised this won’t work since I don’t know what the Id of the ApplicationGateway is going to be yet. I’m sure I’m probably missing something silly and I will feel stupid when I work it out, but this has had me stumped…

So..potentially stupid question here..is it ok to store your state files locally? I mean they’ll be added to the GitHub repo so it’ll be source controlled.

Pulumi doesn't support aws MFA scenarios does it?

Hello Everyone! I want to clarify one thing. Currently, I'm passing a Promise to the chart's "skipCRDRendering" property. My code seems to work, and it looks like that although this property accepts only boolean, internally, it handles the Promises too. Am I right? P.S. I'm using Typescript.

How can I get the Pulumi CLI/automation API to output URNs when it reports missing resources? Verbosity levels don't seem to help here. Would be so useful in avoiding grepping through the output of

pulumi stack export

hi, i am trying to migrate from Pulumi Github Actions v1 ( docker://pulumi/actions) to v3 ( pulumi/actions@v3) and I am getting the following error. I basically followed the template and works locally.

pulumi:pulumi:Stack backend-staging  error: It looks like the Pulumi SDK has not been installed. Have you run npm install or yarn install?
      pulumi:pulumi:Stack backend-staging  1 message
   
  Diagnostics:
    pulumi:pulumi:Stack (backend-staging):
      error: It looks like the Pulumi SDK has not been installed. Have you run npm install or yarn install?
   
  
   stderr: error: failed to load language plugin nodejs: could not read plugin [/opt/hostedtoolcache/pulumi/3.10.1/x64/pulumi-language-nodejs] stdout: EOF
  
   err?: 
  
  (node:1638) UnhandledPromiseRejectionWarning: Error: ENOENT: no such file or directory, stat '/tmp/automation-logs-preview-tYu3e4/eventlog.txt'
  (node:1638) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). (rejection id: 2)
  (node:1638) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Hey everyone! I am trying to use StackReferences in conjunction with saving my state in S3 buckets in AWS. I have a stack in the bucket: 

<s3://pulumi-state-1234567899875/shared>

 with a fully qualified name: 

kiawnna/buildbot-shared-123456789/dev

 and a stack in the bucket: 

<s3://pulumi-state-1234567899875/builds/{build_id}/{repo_name}>

  named 

kiawnna/buildbot-12345-{repo}/dev

. I'm getting the below error(s) from the StackReferences I have.

Diagnostics:
pulumi:pulumi:Stack (buildbot-12345-python-backend-dev):
error: update failed

pulumi:pulumi:StackReference (kiawnna/buildbot-shared-123456789/dev):
error: unknown stack "kiawnna/buildbot-shared-123456789/dev"

Resources:
5 unchanged

Duration: 4s

Traceback (most recent call last):
  File "containerized_build.py", line 320, in <module>
    launch_app_stack()
  File "containerized_build.py", line 317, in launch_app_stack
Task exception was never retrieved
future: <Task finished name='Task-34' coro=<RPCManager.do_rpc.<locals>.rpc_wrapper() done, defined at /home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/runtime/rpc_manager.py:61> exception=<_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1628855755.981741273","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3008,"referenced_errors":[{"created":"@1628855755.981738026","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":397,"grpc_status":14}]}"
>>
Traceback (most recent call last):
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/runtime/rpc_manager.py", line 67, in rpc_wrapper
    result = await rpc
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/runtime/resource.py", line 397, in do_read
    log.debug(f"resource read successful: ty={ty}, urn={resp.urn}")
AttributeError: 'NoneType' object has no attribute 'urn'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/runtime/rpc_manager.py", line 70, in rpc_wrapper
    log.debug("RPC failed with exception:")
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/log.py", line 40, in debug
    _log(engine, engine_pb2.DEBUG, msg, resource, stream_id, ephemeral)
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/log.py", line 114, in _log
    engine.Log(req)
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/grpc/_channel.py", line 946, in __call__
    return _end_unary_response_blocking(state, call, False, None)
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/grpc/_channel.py", line 849, in _end_unary_response_blocking
    raise _InactiveRpcError(state)
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses"
        debug_error_string = "{"created":"@1628855755.981741273","description":"Failed to pick subchannel","file":"src/core/ext/filters/client_channel/client_channel.cc","file_line":3008,"referenced_errors":[{"created":"@1628855755.981738026","description":"failed to connect to all addresses","file":"src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc","file_line":397,"grpc_status":14}]}"
>
    up_res = stack.up(on_output=print)
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/automation/_stack.py", line 262, in up
    up_result = self._run_pulumi_cmd_sync(args, on_output)
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/automation/_stack.py", line 591, in _run_pulumi_cmd_sync
    result = _run_pulumi_cmd(args, self.workspace.work_dir, envs, on_output)
  File "/home/kia/projects/sindri/venv/lib/python3.8/site-packages/pulumi/automation/_cmd.py", line 75, in _run_pulumi_cmd
    raise create_command_error(result)
pulumi.automation.errors.CommandError:
 code: 255
 stdout: Updating (dev):

pulumi:pulumi:Stack buildbot-12345-python-backend-dev running
aws:ecs:TaskDefinition 12345-python-backend-qa  [diff: +__defaults]
aws:cloudwatch:LogGroup 12345-python-backend-qa  [diff: ~tags]
aws:codebuild:Project 12345-python-backend-qa-1  [diff: ~environment,source,tags]
pulumi:pulumi:Stack buildbot-12345-python-backend-dev running read pulumi:pulumi:StackReference kiawnna/buildbot-shared-123456789/dev
aws:codebuild:Project 12345-python-backend-qa-0  [diff: ~environment,source,tags]
pulumi:pulumi:StackReference kiawnna/buildbot-shared-123456789/dev  error: unknown stack "kiawnna/buildbot-shared-123456789/dev"
pulumi:pulumi:Stack buildbot-12345-python-backend-dev running read pulumi:pulumi:StackReference kiawnna/buildbot-shared-123456789/dev
pulumi:pulumi:Stack buildbot-12345-python-backend-dev running error: update failed
pulumi:pulumi:StackReference kiawnna/buildbot-shared-123456789/dev **failed** 1 error
pulumi:pulumi:Stack buildbot-12345-python-backend-dev **failed** 1 error

Diagnostics:
pulumi:pulumi:Stack (buildbot-12345-python-backend-dev):
error: update failed

pulumi:pulumi:StackReference (kiawnna/buildbot-shared-123456789/dev):
error: unknown stack "kiawnna/buildbot-shared-123456789/dev"

Resources:
5 unchanged

Duration: 4s

In the stack that depends on the shared stack, I'm doing:

shared_stack = StackReference(f"kiawnna/buildbot-shared-123456789/dev")
cluster_name = shared_stack.get_output("cluster_name")
vpc_id = shared_stack.get_output("vpc_id")
capacity_provider_name = shared_stack.get_output("capacity_provider_name")

Is what I want to do possible? How would I set it up differently? THanks!

Hey all, I'm trying to get the outputs of a custom resource when its create function is called. With this example, how would I go about accessing the "my_number_output" and "my_string_output" properties?

Oops, I forgot the link!

hello friendly community! Pulumi is having a staff/company offsite today with many of the Pulumi folks attending. Responses from Pulumi employees like myself may be delayed until next week

Hi @tall-librarian-49374 When creating bastion host I got this error:

azure-native:network:BastionHost (sandbox-codehub-bst-hbd):
    error: Code="InvalidRequestFormat" Message="Cannot parse the request." Details=[]

Not sure what is wrong. Here is my code

export default ({ name, group, subnetId }: Props) => {

  const ipAddress = IpAddress({
    name,
    group,
    sku: { name: 'Standard', tier: 'Regional' },
  });

  return new network.BastionHost(
    name,
    {
      bastionHostName: name,
      ...group,
      dnsName: name,
      ipConfigurations: [
        {
          publicIPAddress: { id: ipAddress.id },
          subnet: { id: subnetId },
        },
      ],
      tags: defaultTags,
    },
    { dependsOn: ipAddress }
  );
};

How can I select the

availabilityZones

for a

NodeGroup

in

eks

? Like here https://eksctl.io/usage/schema/#nodeGroups-availabilityZones

More of an approach question than anything - My pulumi stack creates a bunch of resources with the end result of generating a url endpoint - not something that is statically set. I'd like

pulumi up

to finish once this resource is up (which can be determined by making a HTTP GET to it and reading the response. In Terraform I'd probably use something like local exec with curl, in go, i'd probably use the http package and put that in a loop. I'd also like to log when it's attempted, I assume putting this in a loop and writing to fmt.println would be appropriate, unless there's something better with the pulumi context object

Hi,raised the question earlier but didnt get the reply, we have api which create project and stack and creates the pulumi project folder on the specified location using automation api . however when we try to deploy any service ie ec2,s3 on specific project/stack it gives error,

unable to find the stack

. Just would like to confirm if we are using the right function to select the existing stack .Below is the the code , workDir is the absolute path there the project directory is created . We have tried giving different ways with no luck

workDir := "./projects"	fmt.Println("workDir",workDir)

s, err := auto.SelectStackInlineSource(ctx, projvls.Stackname, projvls.Projectname , program,  auto.PulumiHome(workDir), envvars)	if err != nil {

we have also tried to use following function as well but unable to locate the stack

// WorkDir is the directory to execute commands from and store state.
func WorkDir(workDir string) LocalWorkspaceOption {
	return localWorkspaceOption(func(lo *localWorkspaceOptions) {
		lo.WorkDir = workDir
	})
}

Is there a way to access a Stack’s non-secret output without having access to the stack’s secretprovider? This should be the default behavior, in my opinion (since otherwise, what’s the point of differentiating between regular vs. secret outputs?), however when I try it I get the error:

error: constructing secrets manager of type "cloud": secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
        status code: 400, request id: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

is this doc out of date? https://www.pulumi.com/docs/guides/crosswalk/aws/eks/ provider is not an output of eks.Cluster https://www.pulumi.com/docs/reference/pkg/aws/eks/cluster/

how do I tell pulumi that a resource already exists (because it was created manually before)? I tried

pulumi refresh

and

pulumi up --refresh

, but neither seems to do this. Exact steps: 1. added resource manually 2. updated Pulumi definitions to match 3. run

pulumi refresh

etc. with no success Why do I need this? because the resource in question is one I don't have permissions to create, it was created by someone higher up the food-chain.

is there a way to use

docker.Image

to just build an image and keep it locally, without pushing it anywhere? background: without Pulumi, I first build a temporary image that builds my whole solution and publishes each service therein into a separate output directory; this one is huge and contains sensitive information (the access to our private nuget stream) and should never be pushed anywhere; and then I build the actual runtime images, using the temporary image with, for example,

COPY --from=tmpbuilder /output/notifications

. these should get pushed, obviously.

// Attach required role for ECS to pull images
const roleAttachment = new aws.iam.PolicyAttachment(
  `${solution_name}-policy-attachment`,
  {
    roles: [solutionRole.name],
    policyArn:
       aws.iam.ManagedPolicy.AmazonECSTaskExecutionRolePolicy,
  }
);

The

AmazonECSTaskExecutionRolePolicy

is attached to another Role (role-b) in an AWS account. When you run

pulumi destroy

on the pipeline with the attachment in it, the attachment is also removed from

role-b

. System down. This seems related: https://github.com/pulumi/pulumi/issues/918 What am suppose to do besides create a bunch of user-defined policies and not use managed policies? Not what we want to do.

Config File Format 👋 , I think it’d be nice to have a configuration format looks like this: to me it’s a bit easier to see the differences among the resources in different stacks, since the config file can get pretty big.

config:
  aws:rds:Instance:
    engine: "mysql"
    instance_type:
      dev: "db.t2.micro"
      prod: "db.t2.xlarge"

I can do some codegen myself to regroup my new configuration format and separate it into .dev.yml & .prod.yml. Do you guys see any obvious cons with this step up? Is it possible to customize this behavior with in pulumi?

o/

does anyone got success with the node_group_options in pulumi-eks.Cluster?

why does docker.image create two tags in my ACR? one with the tag that I actually specify, another one with the commit hash. Can I turn this off?