pulumi-community #general

Channels

general

hundreds-article-77945

01/07/2022, 4:14 PM

Does Pulumi SaaS support some form of per-stack locking that would prevent multiple folks from previewing/applying unless they hold that lock?

bulky-kite-69343

01/07/2022, 4:26 PM

Hello, I found a issue with the docs for for this resource. https://www.pulumi.com/registry/packages/azure-native/api-docs/cdn/secret/#customercertificateparameters

az afd secret list --profile-name $PROFILE_NAME --resource-group $RESOURCE_GROUP_NAME
[
  {
    "deploymentStatus": "NotStarted",
    "id": "/subscriptions/{{subscriptionId}}/resourcegroups/{{resourceGroupName}}/providers/Microsoft.Cdn/profiles/{{profileName}}/secrets/{{secretName}}",
    "name": "name",
    "parameters": {
      "certificateAuthority": "CN=DigiCert TLS RSA SHA256 2020 CA1, O=DigiCert Inc, C=US",
      "expirationDate": "2022-05-10T23:59:59+00:00",
      "secretSource": {
        "id": "/subscriptions/{{subscriptionId}}/resourcegroups/{{resourceGroupName}}/providers/Microsoft.KeyVault/vaults/{{keyVaultName}}certificates/{{certificateName}}",
        "resourceGroup": "{{resourceGroupName}}"
      },
      "secretVersion": null,
      "subject": "*.<http://example.com|example.com>",
      "subjectAlternativeNames": [
        "*.<http://example.com|example.com>",
        "<http://example.com|example.com>"
      ],
      "thumbprint": "***",
      "type": "CustomerCertificate",
      "useLatestVersion": true
    },
    "provisioningState": "Succeeded",
    "resourceGroup": "{{resourceGrupName}}",
    "systemData": null,
    "type": "Microsoft.Cdn/profiles/secrets"
  }
]

If you look at

secretSource: { id: string }

when getting the output from the CLI on the secret, you can see it outputs it as

certificates

when comparing against the docs it has

certificate

in the id string for secret source. I am happy to contribute an update, but I am unsure where this needs to be updated at.

full-artist-27215

01/07/2022, 4:49 PM

Is there a way to set an object in a stack configuration file in one operation? That is, rather than doing

pulumi config set --path "obj.one" 1

and

pulumi config set --path "obj.two" 2

, I'd like to do something similar to

pulumi config set obj '{"one": 1, "two: 2}'

. However, that ends up setting

obj

to a string, rather than an object. There doesn't appear to be any kind of

--object

option to

config set

that might achieve this. This is made a bit more confusing by the fact that the output of

pulumi config

shows actual object values and JSON string values in the same way, while their representation in the raw YAML file is different. Is there any way to achieve this, short of manually iterating through the object structure and adding each leaf value individually?

full-dress-10026

01/07/2022, 5:08 PM

Hello. My org is currently on the old user based pricing and we would like to switch to the usage based plan. How can I do that in the Pulumi app?

hundreds-article-77945

01/07/2022, 6:36 PM

I’m having issues with Pulumi not sending email verification or org invites to a new user of mine. I’m wondering if it’s tripping up some spam prevention since I have “bot” in the email?

hundreds-article-77945

01/07/2022, 8:01 PM

Does the Pulumi GitHub app support the same

edit-pr-comment

feature as the GitHub Actions integration?

average-school-38756

01/07/2022, 8:49 PM

Is there a way to convert/export Pulumi crosswalk code into non-crosswalk code, keeping the state file as-is?

sparse-student-54516

01/08/2022, 3:46 PM

Hi,

sparse-student-54516

01/08/2022, 3:47 PM

Can someone help me with setting pulumi backend with s3 compatible storage. In my case I am using wasabi s3 storage.

sparse-student-54516

01/08/2022, 3:48 PM

➜  devops-rancher-next git:(develop) ✗ pulumi login <s3://pulumi-testing?endpoint=s3.us-west-1.wasabisys.com/>\&disableSSL=true\&s3ForcePathStyle=true

Output => zsh: no matches found: <s3://pulumi-testing?endpoint=s3.us-west-1.wasabisys.com/&disableSSL=true&s3ForcePathStyle=true>

most-lighter-95902

01/09/2022, 3:11 AM

Can you have unlimited number of projects with Pulumi Team plan?

wet-sunset-4939

01/09/2022, 6:22 AM

Hi All, as "Dynamic Providers are currently not supported in .NET" is there any workaround solution? 🙏

sticky-exabyte-94099

01/09/2022, 8:23 AM

To be able to use a wildcard certificate I need to go through the steps shown in the Azure portal on the image. My question how do I add it to keyVault in Pulumi? I got the following code when importing the cert

CertificateOrder = new CertificateOrder("mycert", new CertificateOrderArgs
{
    AutoRenew = true,
    KeySize = 2048,
    Location = "global",
    Name = "mycert",
    ProductType = "WildCard",
    ResourceGroupName ="myresourcegroup",
    ValidityInYears = 1,
});

but there is no keyVaultId to be found. But Web.Certificate has KeyVaultId

var cert= new AzureNative.Web.Certificate("cert", new AzureNative.Web.CertificateArgs
{
  KeyVaultId = KeyVault.Id,
  ...
}

So how can I hook them together? I should probably use https://www.pulumi.com/registry/packages/azure/api-docs/keyvault/certificate/ Correct? But how?

var exampleCertificate = new Azure.KeyVault.Certificate("exampleCertificate", new Azure.KeyVault.CertificateArgs
{
    KeyVaultId = KeyVault.Id,
    KeyVaultCertificate = new Azure.KeyVault.Inputs.CertificateCertificateArgs
    {
        Contents = "??", //what would go in here? CertificateOrder.?
        Password = "??"
    }
});

There is a keyvault connection it seams but how do I set it?

var thereIsAKeyVaultConnection = CertificateOrder.Certificates.First().Apply(x => x.KeyVaultId);

full-dress-10026

01/09/2022, 7:49 PM

Does Pulumi support TypeScript 4.x?

high-grass-3103

01/10/2022, 7:53 AM

I don't want to accidentality delete our production website, so I'd rather ask before I do anything involving production stack and protect flag: How do I make my production stack protected and dev stack unprotected by default?

👀 1

wet-noon-14291

01/10/2022, 11:25 AM

Has anyone experienced pulumi reporting that it failed with

pulumi up

but all the resources have been created? I just created an issue on it: https://github.com/pulumi/pulumi/issues/8713

future-daybreak-16512

01/10/2022, 11:38 AM

Do Pulumi have local-exec & remote-exec like provisioners? Usecase : I want to run ansible playbook after EC2 instance provision using Pulumi. Any suggestion?

future-window-78560

01/10/2022, 8:25 PM

Hello there! For me, eks fargate with awsx does not show up with the same issue (nodes not created). But there is a major issue even after successful deployments which is that I am UNABLE TO ACCESS EXTERNAL IP OF SERVICES IN THE BROWSER. The containers and images which are running on localhost built, are not accessible with the external IP of service in the browser after AWS successful deployments using pulumi. That's another debate that I do not prefer awsx module but yes even after the creation of eks fargate, errorless deployments I am unable to access applications on the browser. Even sample Nginx image. And have no idea how to resolve this issue.

future-window-78560

01/10/2022, 8:55 PM

warning LoggingDisabled fargate-scheduler Disabled logging because aws-logging configmap was not found. configmap "aws-logging" not found. Any assistance with this issue?

able-camera-57198

01/11/2022, 1:31 AM

Are there any plans to address a lot of the usability issues around state? (See this ticket: https://github.com/pulumi/pulumi/issues/8450#issuecomment-1009519047 , amongst others.)

average-arm-52191

01/11/2022, 12:17 PM

Hello, I have auth0 secrete in my Pulumi.yml where I have set auth0 secrete likes this

pulumi config set --secret auth0Secret S3cr37

Now I have use case to use Auth0 API (management api) from auth0 SDK,

import { Config, Output } from '@pulumi/pulumi'
import * as Auth0 from 'auth0' // This is auth0 management api sdk.

const auth0Config = new Config('auth0')

const auth0 = new Auth0.ManagementClient({
  domain: '<http://test-linktree.us.auth0.com|test-linktree.us.auth0.com>',
  clientId: auth0Config.requireSecret('clientId'),
  clientSecret: auth0Config.requireSecret('clientSecret')
}) 

await auth0.getClients();

Issue is output of

auth0Config.requireSecret('clientId')

have type Output<T>, Is there way to get plain text out of it. Please help. Thanks

mysterious-australia-14256

01/11/2022, 5:41 PM

Hi, I had a deployment fail today and as a result the stack was no longer showing when I did a list. I am using an Azure blob for storing the stacks and looking in there I could see the stack.json.bak file but not the stack.json file. I created a copy of the stack file as stack.json and can now see it from the cli. I need to do a bit of clean-up on it so I exported it and the export is over 200MB in size. This seems crazy big. 90% of the file seems to be aliases for a handful of azure servicebus topics and related subscriptions. Does this seem reasonable ?

square-car-84996

01/11/2022, 7:23 PM

what is the difference between pulumi.dynamic.ResourceProvider and pulumi.ProviderResource? I'm trying to create my own set of custom resources on a provider (i.e. a database connection) but the provider needs to be from another Resource that gets created earlier in the run... so i'm trying to figure out how to structure this

square-car-84996

01/11/2022, 7:24 PM

and https://dev.to/fllstck/control-your-custom-cloud-resources-with-pulumi-1l4i doesn't help me understand it

lively-author-18255

01/11/2022, 9:03 PM

Hi, I am trying to migrate from helm charts to using kubernetes manifests directly. But I run into this issue. "some resources have the same name on kubernetes. Pulumi though thinks they are different but unrelated, so it attempts to create the new resources through, which fails as the resource already exists." I tried setting the createBeforeDelete option but it did not work, which I think makes sense since I am adding it to the ConfigFile resource and not the Chart one (which is removed). Any suggestions? Thanks!

wet-noon-14291

01/11/2022, 9:48 PM

What is the correct way of retrieving "async" values in a custom

ComponentResource

? We struggle with having a stack hanging if the async requests fails. We are doing something like this:

export class Team extends pulumi.ComponentResource {
    teamId: pulumi.Output<string>

    constructor(name: string, teamSpec: types.TeamSpec) {
        super("something", name, {});
        const azureAdConfig = azuread.getClientConfig({})

        const usersIds = pulumi.output(getUsers(teamSpec.members)); // getUsers is something that returns a promise

        const adGroup = new azuread.Group(`${teamSpec.teamName}-ad-group`, {
            displayName:  teamSpec.teamName,
            owners: [azureAdConfig.then(c => c.objectId)],
            description: "Created and managed by Automation",
            securityEnabled: true,
            members: usersIds
        });
   ....

if the call to

getUsers

fails everything will just hang. I would expect pulumi to catch that and fail the whole process. Am I doing something wrong or is this a bug?

fancy-egg-38667

01/12/2022, 12:13 AM

In Pulumi, I want to target a specific Kubernetes cluster in my kubectx. I have three envs: • local ( local docker ) • dev • stg How do I explicitly target these k8s clusters in code? I am in GoLang.

magnificent-lifeguard-15082

01/12/2022, 1:53 AM

Anyone have any idea what might have happened to my stack: an update hung, I canceled, web console still shows it running despite me getting cli confirmation of cancel, repeat cancel calls throw a conflict saying already cancelled, refresh is stuck, if I look at stack it seems to have created everything, updates still going, running more previews just hangs with little to no output - what's the best way to diagnose hangs? (node/typescript)

wet-noon-14291

01/12/2022, 8:22 AM

When I have an error in pulumi, is there an easy way to extract the error message (using typescript)? The error I get from pulumi has the following structure:

{
  "commandResult": {
    "stdout": "....",
    "stderr": "....",
    "code": 255
  },
  "name": "CommandError"
}

where my internal error message is in the

stdout

property as part of a long string. I can use regex on the string, but it should be an easier way as I see it. This isn't an issue when you are running from the CLI, but it is more an issue when you are using automation so you can provide better error messages to the users.

quick-fall-21011

01/12/2022, 8:44 AM

I have a question regarding pulumi and kubernetes, specifically helm deployments. It's been quite a learning curve, but somehow missed crd2pulumi and was using yaml files with transformations. Beyond changing a few basic parameters with transformations it gets pretty ugly real quick. So switched over to crd2pulumi generated classes and it's a thing of beauty now. I was just wondering if there's a way to get rid of all yaml, including the helm chart values in an elegant strongly-typed way.

Title

quick-fall-21011

01/12/2022, 8:44 AM

Here's what I have in the yaml

volumes: 
  - mountPath: /data
    name: traefik-config
    type: configMap

additionalArguments:
  - --providers.file.filename=/data/traefik-config.yaml
  - --entrypoints.websecure.http.tls.certresolver=le 
  - --entrypoints.websecure.http.tls.domains[0].main=xxx
  - --entrypoints.websecure.http.tls.domains[0].sans=*.xxx

  - --certificatesresolvers.le.acme.dnschallenge.provider=azure
  - --certificatesresolvers.le.acme.email=xxxx
  - --certificatesresolvers.le.acme.dnschallenge.resolvers=1.1.1.1
  - --certificatesresolvers.le.acme.storage=/certs/acme.json

  - --certificatesresolvers.le.acme.dnschallenge=true
  - --certificatesresolvers.le.acme.caserver=<https://acme-staging-v02.api.letsencrypt.org/directory>
  - --certificatesresolvers.le.acme.tlschallenge=false

  - --entrypoints.web.address=:80
  - --<http://entrypoints.web.http.redirections.entryPoint.to|entrypoints.web.http.redirections.entryPoint.to>=websecure
  - --entrypoints.web.http.redirections.entryPoint.scheme=https
  - --entrypoints.websecure.address=:443

env: 
  - name: AZURE_CLIENT_ID
    valueFrom:
      secretKeyRef:
        key: client_id
        name: azure-api-credentials
  - name: AZURE_CLIENT_SECRET
    valueFrom:
      secretKeyRef:
        key: client_secret
        name: azure-api-credentials
  - name: AZURE_SUBSCRIPTION_ID
    valueFrom:
      secretKeyRef:
        key: subscription_id
        name: azure-api-credentials
  - name: AZURE_TENANT_ID
    valueFrom:
      secretKeyRef:
        key: tenant_id
        name: azure-api-credentials
  - name: AZURE_RESOURCE_GROUP
    valueFrom:
      secretKeyRef:
        key: resource_group
        name: azure-api-credentials

ports:
  web:
    port: 80
    expose: true
    exposedPort: 80
    protocol: TCP
    nodePort: 32080
  websecure:
    port: 443
    expose: true
    exposedPort: 443
    protocol: TCP
    nodePort: 32443

service:
  enabled: true
  type: NodePort

persistence:
  enabled: true
  path: /certs
  size: 128Mi

Oh and forgot to mention this is for c#

I've seen this page describing a Dictionary build up, but would like something strongly typed - https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#set-chart-values

(if possible)

billowy-army-68599

01/12/2022, 3:11 PM

@quick-fall-21011 some charts publish a

values.schema.json

which we could use to generate type definitions, but we don't currently support them. I opened https://github.com/pulumi/pulumi-kubernetes/issues/1866 for it

quick-fall-21011

01/12/2022, 11:12 PM

@billowy-army-68599 thanks a lot!

View count: 5