pulumi-community #general

creamy-nail-67991

09/23/2021, 1:46 PM

Hi, I am attempting to create a set of similar resources within ComponentResource using Azure Native v1.28.0 (in .NET). The

ComponentResource

receives an argument of using the

InputList<T>

where T is a custom class which we manipulate before creating the cloud resources. This means we have to iterate over the

InputList

property and create resources within the

Apply()

block. According to the documentation (https://www.pulumi.com/docs/intro/concepts/inputs-outputs)

“During some program executions, apply doesn’t run. For example, it won’t run during a preview, when resource output values may be unknown. Therefore, you should avoid side-effects within the callbacks. For this reason, you should not allocate new resources inside of your callbacks either, as it could lead to pulumi preview being wrong.”

Is there a better way of doing this, without creating resources within the

Apply()

? Here is a code snippet for some reference.

Copy code

frontendEndpointArgs.Apply(endpoints =>
{
	....
	
	foreach (var frontend in endpoints)
	{
		if (frontend.HttpsConfiguration == null)
		{
			continue;
		}

		var httpsConfigurationArgs = new CustomHttpsConfigurationArgs
		{
			FrontendEndpointId = Output.Format($"/subscriptions/{currentSubscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/frontDoors/{frontDoorName}/frontendEndpoints/{frontend.Name}"),
			CustomHttpsProvisioningEnabled = true,
			CustomHttpsConfigurationConfig = new CustomHttpsConfigurationCustomHttpsConfigurationArgs
			{
				CertificateSource = "AzureKeyVault",
				AzureKeyVaultCertificateVaultId = frontend.HttpsConfiguration.Apply(fe => fe.AzureKeyVaultCertificateVaultId),
				AzureKeyVaultCertificateSecretName = frontend.HttpsConfiguration.Apply(fe => fe.AzureKeyVaultCertificateSecretName),
				AzureKeyVaultCertificateSecretVersion = frontend.HttpsConfiguration.Apply(fe => fe.AzureKeyVaultCertificateSecretVersion),
				//MinimumTlsVersion = "1.2"
			},
		};

		_ = frontend.Name.Apply(frontendName => 
			new CustomHttpsConfiguration($"{frontendName}-SslCertificate", httpsConfigurationArgs, new CustomResourceOptions
			{
				Provider = provider,
				Parent = parent,
			}));
	}

	....
});

billions-mechanic-26704

09/23/2021, 2:42 PM

Hi community, What is the difference bwtween use

BranchProtection

github resource https://www.pulumi.com/docs/reference/pkg/github/branchprotection/#branchprotection And

BranchProtectionV3

github resource ? https://www.pulumi.com/docs/reference/pkg/github/branchprotectionv3/#branchprotectionv3 I see there are some different resource properties inputs like in v3 there is

branch

and in normal version i choose the branch using

pattern

parameter Which one should I choose?

clean-toddler-25770

09/23/2021, 3:44 PM

Hi everyone, does anyone have any prior experience dealing with features recently released by a cloud provider that are not yet supported by the Pulumi API? In our case, we want to start to use the dynamic partitioning in AWS Firehose, but this configuration is not included in the documentation. Any good approach to tackle this problem? Is editing from the console an option?

purple-train-14007

09/23/2021, 5:27 PM

Pulumi and Github Actions are a match made in heave imo. 💒👰

❤️ 4

refined-tent-12187

09/23/2021, 5:58 PM

hi everyone, i have few question, i use pulumi since 1 year now and i love it. But in certain case, it’s very hard to understand how use code without example. see my problem : I write my code with typescript, and i’am on Azure I use web.webaap for create a function app, and i want to add an identity provider. I use azuread.Application (App registration) who its work fine, but when i want to associate my function app with this App registration, i used WebAppAuthSettingsV2. And its very hard to understand how used it. Somebody have an working example ? See my code in the next message

billions-mechanic-26704

09/23/2021, 8:53 PM

Hi Everyone. I am using pulumi and azure python sdk. I want to spread the resources creation across several python files, so I have:

Copy code

__main__.py
azure-appservice.py

But it seems my code is only executed when it is in

__main__.py

and the resources defined on

azure-appservice.py

are not readed when I execute

pulumi up

command. Is there a way to use more than one python file similar to terraform?

many-psychiatrist-74327

09/24/2021, 3:01 AM

👋 hello! Has anyone been experiencing sporadic errors when doing

pulumi up

? The behavior I’m seeing: I run

pulumi up

. It takes an inordinate amount of time and hogs lots of resources. After ~10 mins, it fails with:

Copy code

Diagnostics:
  pulumi:pulumi:Stack (infra-dev):
    error: an unhandled error occurred: Program exited with non-zero exit code: -1

If I run

pulumi up

again, it runs quickly and with no errors. This cycle happens every time I make a change. Is this a known bug or has anyone else seen this? It’s making development impossibly slow. Thanks!

billions-mechanic-26704

09/24/2021, 2:59 PM

Hello community. (* I put this message on python channel but perhaps here it can get more attention, so sorry for replicating.) I have an existing Azure container registry which I imported and I am uising it in my pulumi code. I need to pull a docker image hosted there in order to reference it into an azure app service. Right now, I am creating the azure app service plan and the web app service. Taking as reference this docker azure app service example, they are building the image there I am just wondering whether is possible to pull an existing image as long I got the existing container registry instance. Is that possible? In this case, the

docker.Image

resource they use is not useful since

build

parameter is required. I am seeing this

docker.RemoteImage

resource from docker pulumi api, but not sure how to indicate it that the image should be pulled from my container registry I got previously. The code for getting my container registry is:

Copy code

container_image = "wmlab"

# GETTING MY CONTAINER REGISTRY
rhdhv_container_registry = azure_native.containerregistry.Registry(
    "rhdhvContainerRegistry",
    admin_user_enabled=True,
    location="westeurope",
    network_rule_set=azure_native.containerregistry.NetworkRuleSetArgs(
        default_action="Allow",
    ),
    registry_name="rhdhvContainerRegistry",
    resource_group_name="genericRG1",
    sku=azure_native.containerregistry.SkuArgs(
        name="Premium",
    ),
    opts=pulumi.ResourceOptions(protect=True))

# OUTPUT THE CREDENTIALS TO GET THEM
acr_credentials = pulumi.Output.all("genericRG1", rhdhv_container_registry.name).apply(
    lambda args: azure_native.containerregistry.list_registry_credentials(
        resource_group_name=args[0],
        registry_name=args[1]
    )
)
admin_username = acr_credentials.username
admin_password = acr_credentials.passwords[0]["value"]

I am a bit confused about how to pull an image from the existing container registry I got. Or perhaps does it need to be build and pushed from the same project? I would say should be possible to get an existing one. I need this because the build process is taking place in another repository project

bumpy-flag-23122

09/24/2021, 7:07 PM

Hi can anyone help me make a multi-level configmap using

pulumi_kubernetes

package. We have a configmap object that works fine if the data is flat, but it fails to parse the indented

usernameSecret

and

passwordSecret

entries.

Copy code

self.argo_configmap = ConfigMap(
            resource_name='test_cm',
            metadata=ObjectMetaArgs(name='argocd-cm',
                                    namespace='argocd'),
            data={
                "type": "helm",
                "url": "<https://test.com:8085>",
                "name": "test-helm-repo",
                "usernameSecret": {
                    "name": "test-helm-repo-credentials",
                    "key": "username"
                },
                "passwordSecret": {
                    "name": "test-helm-repo-credentials",
                    "key": "password"
                }
            },

I receive error:

Copy code

AssertionError: Unexpected type; expected a value of type `<class 'str'>` but got a value of type `<class 'dict'>` at resource `test_cm`, property `data.passwordSecret`: {'name': 'test-helm-repo-credentials', 'key': 'password'}

bumpy-flag-23122

09/24/2021, 7:09 PM

I understand that it is expecting a string instead of a dictionary, but I am at a loss for how to create a multi-level configmap

bumpy-flag-23122

09/24/2021, 7:19 PM

UPDATE: I've fixed this. I believe the correct way to use it is to put the entire CM under one key. Kind of confusing.

Copy code

self.argo_configmap = ConfigMap(
            resource_name='test_cm',
            metadata=ObjectMetaArgs(name='argocd-cm',
                                    namespace='argocd'),
            data={
                "repositories": """- type: helm
  url: <https://test.com:8085>
  name: test-helm-repo
  usernameSecret:
      name: test-helm-repo-credentials
      key: username
  passwordSecret:
      name: test-helm-repo-credentials
      key: password
      """
            },

✅ 1

great-table-28213

09/24/2021, 10:47 PM

Hi, I am attempting to run

pulumi preview

on a github remote runner which is an ec2 instance with a role granting it permission. How can I get Pulumi to assume the host's role to run vs passing it aws credentials?

calm-quill-21760

09/24/2021, 11:57 PM

Good evening. I’m trying to get a

pulumi_kubernetes.apiextensions.CustomResource

resource to wait upon successful completion of specific services in a

pulumi_kubernetes.yaml.ConfigFile

. The CustomResource has ConfigFile listed in

depends_on

, but watching the output of

pulumi up

shows it’s still trying to run before ConfigFile has completed. What am I missing?

alert-london-63088

09/25/2021, 5:50 AM

Hey everyone! I'm trying to run the Pulumi Github Action (v3) but I keep getting

no stack named 'myproject-dev*' found err?

. Pulumi up works just fine on my local machine, but not run through the action. Here's a gist of my config; https://gist.github.com/mhaagens/016c8139f2163a7b27fded86a5187a48 Can anyone help me out?

flat-appointment-12338

09/25/2021, 2:06 PM

I have an organization set up and I am noticing that after every stack operation (

up

config

refresh

, etc), the CLI somehow reverts to creating and selecting a stack by the same name in my personal account rather than in the organization. I have to

pulumi stack select myorg/project/stack

after every command

gifted-dentist-89608

09/26/2021, 3:14 PM

question: how do I send a post request to api-gateway? it shows up as a random string when I input testing:values in the values. having a little trouble

swift-island-2275

09/26/2021, 6:18 PM

Hi, I've a question regarding creation of Azure Kubernetes Services (AKS). I am able to create a cluster, however what I'd like to do next, is configure ClusterRoleBinding. The problem I face is that according to the documentation, I need to set the correct k8s context. How can I set the context of newly created AKS cluster ? Can I do it somehow in code just after the AKS cluster has been created ?

calm-solstice-91146

09/27/2021, 10:54 AM

Hi guys, anyone who can help me solve the issue with a resource in a pending state caused by an interrupted terminal while updating stack? I have followed the export import solution suggested by the cli, but I can't import the file again because of the very same resource which is in this pending state 😕 "solved it", by running pulumi rm and then manually deleting the resources and spinning up again.. Not a solution, but I can continue.

dazzling-grass-65770

09/27/2021, 8:37 PM

Hello there, just thinking out loud, anyone ever tried to pulumi pulumi, i.e. use the automation api in a resource provider, so that pulumi stacks can be up'd with a pulumi program ? automation api programs can look fine, I guess, but they seem to "go back" to 'imperative' mode while pulumi trained us to love to create stuff with real programming languages with declarative thinking.

purple-train-14007

09/27/2021, 8:59 PM

I see a few issues in the Pulumi repo that are closed regarding an issue Im having. This is preventing me from deploying my code and the workaround which is to set these vars to blank dont work. Anyone else know what to do for this error?

purple-train-14007

09/27/2021, 8:59 PM

Copy code

error: constructing secrets manager of type "passphrase": unable to find either `PULUMI_CONFIG_PASSPHRASE` or `PULUMI_CONFIG_PASSPHRASE_FILE` when trying to access the Passphrase Secrets Provider; please ensure one of these environment variables is set to allow the operation to continue

future-window-78560

09/28/2021, 12:39 AM

Hey! Cannot connect to docker daemon through pulumi while its active. Any guide to resolve this?

sparse-truck-33211

09/28/2021, 8:33 AM

Hi, How can i switch between the orgainsations?

microscopic-finland-82315

09/28/2021, 8:34 AM

Hey, I have a personal account and a organization. How to you link a project to a organization? It's always linked to my personal account. Do you need to transfer it? Kind regards, Frederik

calm-solstice-91146

09/28/2021, 10:54 AM

Is it possible to use RemoteArchive with authentication/header properties? Need a personal token to receive the archive I need.

orange-vr-54756

09/28/2021, 12:04 PM

Hello Team, I'm new to pulumi, when i refer this example to create GCE instance it throws this error

Copy code

default_account = gcp.service_account.Account("defaultAccount",
    AttributeError: module 'pulumi_gcp' has no attribute 'service_account'

fresh-judge-73477

09/28/2021, 12:34 PM

Hey, i am trying to do go get <http://github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2|github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2>
on a k8 container environment. Everytime I get below error

go build <http://github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2|github.com/pulumi/pulumi-aws/sdk/v4/go/aws/wafv2>: /usr/local/go/pkg/tool/linux_amd64/compile: signal: killed

. Below is the memort snapshot when it crashed

total        used        free      shared  buff/cache   available

Mem:           15Gi        14Gi       218Mi       1.0Mi       238Mi       174Mi

Swap:            0B          0B          0B

#golang #aws

purple-train-14007

09/28/2021, 4:14 PM

Anyone know how Im supposed to set these config passphrases? I am setting them to blank because we dont use pulumis secrets manager but rather have our own security internally that handles protecting our stacks. I looked at the feedback in the github repo and have tried all the things others have tried. Since none of this is working and since this basically stops me from updating my environment I put a note on the chocolatey repo about this issue and that they may run into it. This breaks customers just an FYI

purple-train-14007

09/28/2021, 4:17 PM

I have to now go tell other teams Im blocking that I cannot deploy my code which is going to prevent them from deploying their app and I cant just rebuild this network with a new stack. TBH if I end up having to do that Ill just go back to Terraform as my team run the foundational identity platform and there is low tolerance from Security for any problems like this with it.

polite-mechanic-60124

09/28/2021, 6:41 PM

Hello, I'm running into an issue where the output of pulumi.Output.all is either an

output<string>

on pulumi preview on a clean environment or is an Output<Mapping> on an incrementally updated environment.

Copy code

job_vars = pulumi.Output.all(
            _redis_endpoint=cache.endpoint, # should be an Output string
            **job_specific_inputs, # dict
            **generic_job_inputs, # dict
        )
        pulumi.export("core", job_vars)

pulumi preview on clean environment:

core                                 : output<string>

pulumi up on incrementally updated environment:

Copy code

+ core                                 : {
      + analyzer_bucket                      : "analyzers-bucket-196f898"
      + analyzer_dispatched_bucket           : "dispatched-analyzer-bucket-5177198"

Is there any recommended way to force output to be a mapping type?