hundreds-article-77945
01/07/2022, 4:14 PMbulky-kite-69343
01/07/2022, 4:26 PMaz afd secret list --profile-name $PROFILE_NAME --resource-group $RESOURCE_GROUP_NAME
[
{
"deploymentStatus": "NotStarted",
"id": "/subscriptions/{{subscriptionId}}/resourcegroups/{{resourceGroupName}}/providers/Microsoft.Cdn/profiles/{{profileName}}/secrets/{{secretName}}",
"name": "name",
"parameters": {
"certificateAuthority": "CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US",
"expirationDate": "2022-05-10T23:59:59+00:00",
"secretSource": {
"id": "/subscriptions/{{subscriptionId}}/resourcegroups/{{resourceGroupName}}/providers/Microsoft.KeyVault/vaults/{{keyVaultName}}certificates/{{certificateName}}",
"resourceGroup": "{{resourceGroupName}}"
},
"secretVersion": null,
"subject": "*.<http://example.com|example.com>",
"subjectAlternativeNames": [
"*.<http://example.com|example.com>",
"<http://example.com|example.com>"
],
"thumbprint": "***",
"type": "CustomerCertificate",
"useLatestVersion": true
},
"provisioningState": "Succeeded",
"resourceGroup": "{{resourceGrupName}}",
"systemData": null,
"type": "Microsoft.Cdn/profiles/secrets"
}
]
If you look at secretSource: { id: string }
when getting the output from the CLI on the secret, you can see it outputs it as certificates
when comparing against the docs it has certificate
in the id string for secret source. I am happy to contribute an update, but I am unsure where this needs to be updated at.full-artist-27215
01/07/2022, 4:49 PMpulumi config set --path "obj.one" 1
and pulumi config set --path "obj.two" 2
, I'd like to do something similar to pulumi config set obj '{"one": 1, "two: 2}'
. However, that ends up setting obj
to a string, rather than an object.
There doesn't appear to be any kind of --object
option to config set
that might achieve this.
This is made a bit more confusing by the fact that the output of pulumi config
shows actual object values and JSON string values in the same way, while their representation in the raw YAML file is different.
Is there any way to achieve this, short of manually iterating through the object structure and adding each leaf value individually?full-dress-10026
01/07/2022, 5:08 PMhundreds-article-77945
01/07/2022, 6:36 PMhundreds-article-77945
01/07/2022, 8:01 PMedit-pr-comment
feature as the GitHub Actions integration?average-school-38756
01/07/2022, 8:49 PMsparse-student-54516
01/08/2022, 3:46 PMsparse-student-54516
01/08/2022, 3:47 PMsparse-student-54516
01/08/2022, 3:48 PM➜ devops-rancher-next git:(develop) ✗ pulumi login <s3://pulumi-testing?endpoint=s3.us-west-1.wasabisys.com/>\&disableSSL=true\&s3ForcePathStyle=true
Output => zsh: no matches found: <s3://pulumi-testing?endpoint=s3.us-west-1.wasabisys.com/&disableSSL=true&s3ForcePathStyle=true>
most-lighter-95902
01/09/2022, 3:11 AMwet-sunset-4939
01/09/2022, 6:22 AMsticky-exabyte-94099
01/09/2022, 8:23 AMCertificateOrder = new CertificateOrder("mycert", new CertificateOrderArgs
{
AutoRenew = true,
KeySize = 2048,
Location = "global",
Name = "mycert",
ProductType = "WildCard",
ResourceGroupName ="myresourcegroup",
ValidityInYears = 1,
});
but there is no keyVaultId to be found.
But Web.Certificate has KeyVaultId
var cert= new AzureNative.Web.Certificate("cert", new AzureNative.Web.CertificateArgs
{
KeyVaultId = KeyVault.Id,
...
}
So how can I hook them together?
I should probably use https://www.pulumi.com/registry/packages/azure/api-docs/keyvault/certificate/
Correct?
But how?
var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new Azure.KeyVault.CertificateArgs
{
KeyVaultId = KeyVault.Id,
KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
{
Contents = "??", //what would go in here? CertificateOrder.?
Password = "??"
}
});
There is a keyvault connection it seams but how do I set it?
var thereIsAKeyVaultConnection = CertificateOrder.Certificates.First().Apply(x => x.KeyVaultId);
full-dress-10026
01/09/2022, 7:49 PMhigh-grass-3103
01/10/2022, 7:53 AMwet-noon-14291
01/10/2022, 11:25 AMpulumi up
but all the resources have been created? I just created an issue on it: https://github.com/pulumi/pulumi/issues/8713future-daybreak-16512
01/10/2022, 11:38 AMfuture-window-78560
01/10/2022, 8:25 PMfuture-window-78560
01/10/2022, 8:55 PMable-camera-57198
01/11/2022, 1:31 AMaverage-arm-52191
01/11/2022, 12:17 PMpulumi config set --secret auth0Secret S3cr37
Now I have use case to use Auth0 API (management api) from auth0 SDK,
import { Config, Output } from '@pulumi/pulumi'
import * as Auth0 from 'auth0' // This is auth0 management api sdk.
const auth0Config = new Config('auth0')
const auth0 = new Auth0.ManagementClient({
domain: '<http://test-linktree.us.auth0.com|test-linktree.us.auth0.com>',
clientId: auth0Config.requireSecret('clientId'),
clientSecret: auth0Config.requireSecret('clientSecret')
})
await auth0.getClients();
Issue is output of auth0Config.requireSecret('clientId')
have type Output<T>, Is there way to get plain text out of it.
Please help.
Thanksmysterious-australia-14256
01/11/2022, 5:41 PMsquare-car-84996
01/11/2022, 7:23 PMsquare-car-84996
01/11/2022, 7:24 PMlively-author-18255
01/11/2022, 9:03 PMwet-noon-14291
01/11/2022, 9:48 PMComponentResource
? We struggle with having a stack hanging if the async requests fails. We are doing something like this:
export class Team extends pulumi.ComponentResource {
teamId: pulumi.Output<string>
constructor(name: string, teamSpec: types.TeamSpec) {
super("something", name, {});
const azureAdConfig = azuread.getClientConfig({})
const usersIds = pulumi.output(getUsers(teamSpec.members)); // getUsers is something that returns a promise
const adGroup = new azuread.Group(`${teamSpec.teamName}-ad-group`, {
displayName: teamSpec.teamName,
owners: [azureAdConfig.then(c => c.objectId)],
description: "Created and managed by Automation",
securityEnabled: true,
members: usersIds
});
....
if the call to getUsers
fails everything will just hang. I would expect pulumi to catch that and fail the whole process. Am I doing something wrong or is this a bug?fancy-egg-38667
01/12/2022, 12:13 AMmagnificent-lifeguard-15082
01/12/2022, 1:53 AMwet-noon-14291
01/12/2022, 8:22 AM{
"commandResult": {
"stdout": "....",
"stderr": "....",
"code": 255
},
"name": "CommandError"
}
where my internal error message is in the stdout
property as part of a long string. I can use regex on the string, but it should be an easier way as I see it. This isn't an issue when you are running from the CLI, but it is more an issue when you are using automation so you can provide better error messages to the users.quick-fall-21011
01/12/2022, 8:44 AMquick-fall-21011
01/12/2022, 8:44 AMvolumes:
- mountPath: /data
name: traefik-config
type: configMap
additionalArguments:
- --providers.file.filename=/data/traefik-config.yaml
- --entrypoints.websecure.http.tls.certresolver=le
- --entrypoints.websecure.http.tls.domains[0].main=xxx
- --entrypoints.websecure.http.tls.domains[0].sans=*.xxx
- --certificatesresolvers.le.acme.dnschallenge.provider=azure
- --certificatesresolvers.le.acme.email=xxxx
- --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1
- --certificatesresolvers.le.acme.storage=/certs/acme.json
- --certificatesresolvers.le.acme.dnschallenge=true
- --certificatesresolvers.le.acme.caserver=<https://acme-staging-v02.api.letsencrypt.org/directory>
- --certificatesresolvers.le.acme.tlschallenge=false
- --entrypoints.web.address=:80
- --<http://entrypoints.web.http.redirections.entryPoint.to|entrypoints.web.http.redirections.entryPoint.to>=websecure
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.websecure.address=:443
env:
- name: AZURE_CLIENT_ID
valueFrom:
secretKeyRef:
key: client_id
name: azure-api-credentials
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
key: client_secret
name: azure-api-credentials
- name: AZURE_SUBSCRIPTION_ID
valueFrom:
secretKeyRef:
key: subscription_id
name: azure-api-credentials
- name: AZURE_TENANT_ID
valueFrom:
secretKeyRef:
key: tenant_id
name: azure-api-credentials
- name: AZURE_RESOURCE_GROUP
valueFrom:
secretKeyRef:
key: resource_group
name: azure-api-credentials
ports:
web:
port: 80
expose: true
exposedPort: 80
protocol: TCP
nodePort: 32080
websecure:
port: 443
expose: true
exposedPort: 443
protocol: TCP
nodePort: 32443
service:
enabled: true
type: NodePort
persistence:
enabled: true
path: /certs
size: 128Mi
billowy-army-68599
01/12/2022, 3:11 PMvalues.schema.json
which we could use to generate type definitions, but we don't currently support them. I opened https://github.com/pulumi/pulumi-kubernetes/issues/1866 for itquick-fall-21011
01/12/2022, 11:12 PM