https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • t

    thousands-jordan-32051

    01/12/2022, 12:12 PM
    Hi - I am struggling a little bit with Unions in C#. Specifically I want to map an InputUnion<T0, T1> to a different InputUnion<U0, U1>. I can use an apply, and I can get an Output<Union<U0, U1>> but I'm really struggling to find a nice way to do this. The only solution so far is to use a Match within an Apply to set the InputUnion<U0, U1> to a specific value - ideally I would like to return an Output<Union<U0, U1>> and assign it to a property of type InputUnion<U0, U1>, but that's not possible. Furthermore the Map operation only allows me to map one or the other input (i.e. to InputUnion<T0, U1> or InputUnion<U0, T1>) but not both. Any ideas how I can get around this?
    e
    • 2
    • 7
  • b

    bored-continent-69206

    01/12/2022, 5:10 PM
    Hey everybody, can someone help me? I'm trying to import an exisiting Route53 HostedZone like that:
    const zone = new aws.route53.Zone(
                    "www",
                    { name: "<http://example.com|example.com>" },
                    { import: "ZoneID" }
                );
    But during deployment I always get the error that the resource does not exist
    aws:route53:Zone (www):
        error: inputs to import do not match the existing resource
    What values do I need to provide to properly import the zone? thanks
    b
    • 2
    • 17
  • f

    fast-pager-93865

    01/12/2022, 8:28 PM
    Hey Good Evening, I am just working my way through a simple AWS VPC setup with Pulumi / aws-go, I was had the following issue though, I can create a “Create New VPC” function with a return type of the ec2.Vpc. I can use this return type and from this return, pass in the ID() method to my other “Create New Subnets” function. This is great and works as expected !  However, I would like my code to be a little more flexible and check if there is an existing vpc passed it as a config item
    Vpc:id: "vpcid1234"
    If there is a VPC:id set then don’t run the first “Create New VPC” function, instead just use this string value as my VPC id for the “Create New Subnets” function.  The issue I have run into is I am now dealing with a different type. So for the “Create new subnets function to take in the VPC from the ID() method then I can have func like this:
    func CreateSubnets(ctx *pulumi.Context, vpcID pulumi.IDOutput) { << vpcID is type pulumi.IDOoutput
       //creates subnet(s)
    Now for a string ID taken from the config object I need it to look like this
    func CreateSubnets(ctx *pulumi.Context, vpcID string {
       //creates subnet(s)
    My question is am I tackling this the wrong way and if so what would be another approach? It feels like I am. I do of course appreciate this is a Go Type issue rather than a strictly Pulumi one :)
    l
    b
    • 3
    • 13
  • s

    salmon-truck-53389

    01/12/2022, 9:46 PM
    Hello everyone, can anyone suggest a valid/proper method for deploying ECS cluster of type EC2 (non-fargate)? I’m having some issues with that and I wasn’t able to find examples for that on Pulumi.com. I’ve spent a decent amount on that already, and defaulted to using CloudFormation which allows me to deploy the ecs ec2 cluster. Having that working, I pasted my CF code to
    <https://www.pulumi.com/cf2pulumi/>
    so that I can convert it to TypeScript but it fails.
    b
    • 2
    • 8
  • l

    loud-parrot-24969

    01/13/2022, 2:02 AM
    Hello, I'm currently using Terraform, which I have used for maybe 4 years. It seems like recently it has just fallen apart. Plans hang for 20 minutes in the middle, error messages that make no sense. I'm very familiar with HCL, so switching to Pulumi would require learning a new language. Is there any chance
    Rust
    will be integrated as a supported language?
    l
    e
    • 3
    • 4
  • f

    flat-kangaroo-13810

    01/13/2022, 2:11 AM
    Hi All, I have been learning Pulumi for a few weeks. I am working with dotnet deploying GCP and Kubernetes resources. I have run into an issue where when running pulumi up, the preview does not display all of the operations that I am trying to create. But when the actual update operation happens, it does the correct thing and creates all the correct items. This started occurring after I wanted to make the stack a bit easier to add DNS items for cloud-dns for GCP. I pulled the details of each record into the pulumi config in a json object, then on start up I parsed the config and generated all of the dns records. When I run Pulumi Up, the preview does not show any of the cloud dns records I am creating. If by chance I have already ran the operation once and created the records, the preview says it wants to delete the records. Does anyone happen to know why the preview would break by doing this? Example: (quick snippet on pulling dns records from config and creating them. )
    var data = config.RequireObject<Models.DNS.DNSConfigModel>("dns");
    
    foreach (Models.DNS.ZoneConfigModel zone in data.zones)
                {
                    ManagedZone requestedZone = createManagedZone(zone, new List<Resource>() {});
    
                    foreach (Models.DNS.RecordConfigModel record in zone.records)
                    {
    
                        Output.All(requestedZone.Name, ingressIp.Apply(t => t)).Apply(x =>
                        {
                            createRecordSet(x[0], record, new List<Resource>() { requestedZone }, x[1]);
                            return "";
                        });
                    }
                }
    Example: (config)
    <project>:dns:
        zones:
        - name: website-com
          projectKey: networking
          dnsName: <http://website.com|website.com>.
          description: "Zone for website-com"
          protect: true
          records:
          - name: <http://api.website.com|api.website.com>.
            isIngressEndpoint: false
            projectKey: networking
            type: CNAME
            ttl: 300
            protect: true
            rrDatas:
            - website.hosted.com.
    e
    w
    • 3
    • 12
  • a

    able-honey-93860

    01/13/2022, 4:59 AM
    Anyone experience issues where pulumi destroy doesn't delete all resources? I'm using the okta provider and consistently resources are being left behind causing issues where I have to manually remove them from the okta console
    m
    f
    • 3
    • 8
  • i

    important-midnight-13972

    01/13/2022, 8:25 AM
    hey people, we are using Pulumi and indeed all is cool, but right now (with around 140 ressources) we are facing more and more issues (I do not know yet, if this is even related to the amount of ressources we have). One of the errors we get is a BANDWITDH_EXHAUSTED, or another time we get 503 Service Unavailable. I was tending to believe that with the individual plan we are reaching some limits here, but the docs are claiming that this is not really the case? Anyhow, could it be, that the individual plan is simply running on low priority? Or what could be the problem here?
    😮 1
    p
    e
    • 3
    • 4
  • q

    quick-fall-21011

    01/13/2022, 8:29 AM
    I have a quick question regarding multiple k8s clusters. On my local machine my kubeconfig has multiple, so when running
    pulumi up --stack dev
    I accidentally targeted another cluster since my local context was pointing not to
    dev
    . Thinking ahead and hoping to avoid this, storing the
    kubeconfig
    in pulumi config seems like a good move (as described https://www.pulumi.com/registry/packages/kubernetes/installation-configuration/), though I'm not comfortable setting that in plain text and committing to source control. Does the kubernetes provider allow reading the
    kubernetes:kubeconfig
    as a secret?
    p
    e
    • 3
    • 12
  • f

    fresh-furniture-72056

    01/13/2022, 11:51 AM
    hey all, we are trying to integrate pulumi to manage our infra in our github actions workflows. We use a monorepo setup and can have situations where a single commit might trigger multiple workflow files (which work based on path filters to decide what to build and deploy). This inevitably will cause a 409 conflict within Pulumi -
    Another update is currently in progress
    . I've seen suggestions of using
    pulumi cancel
    pulumi stack export | pulumi stack import
    pulumi up
    Is this the best way to handle this sort of scenario? (This can cause the other workflows to fail potentially). Just wondering if there is a more cleaner way like waiting on currently running stack updates before running
    up
    etc?
    g
    • 2
    • 2
  • b

    bumpy-agent-19616

    01/13/2022, 12:15 PM
    With the latest pulumi CLI version 3.22.0 which was released today, we have problems in K8s deployments after pulumi CLI upgrade when we have apps with the environment variables of type integer in your stack yaml file which must be treated as string during pulumi update. It actually coverts them back to integer typed values instead of string typed values. To give an example, we have an app containing the following environment variables whose values must be of type string
    secretsprovider: azurekeyvault://************
    encryptedkey: ******
    config:
      azure:clientId: ************
      azure:clientSecret:
        secure: **************************
      azure:environment: public
      azure:location: ***********
      azure:subscriptionId: ******************
      azure:tenantId: **********
      tre-se-api:container-env-variables:
       - name: SERVER_CACHE_TTL
         value: "10000"
       - name: CACHE_TTL
         value: "10"
       - name: CACHE_CHECK_PERIOD
         value: "60"
    When we do
    pulumi up
    , it changes the above stack config as below,
    secretsprovider: azurekeyvault://************
    encryptedkey: ******
    config:
      azure:clientId: ************
      azure:clientSecret:
        secure: **************************
      azure:environment: public
      azure:location: ***********
      azure:subscriptionId: ******************
      azure:tenantId: **********
      tre-se-api:container-env-variables:
       - name: SERVER_CACHE_TTL
         value: 10000
       - name: CACHE_TTL
         value: 10
       - name: CACHE_CHECK_PERIOD
         value: 60
    Due to the change of stack config, we get
    cannot convert int64 to string
    problem. Solution: we needed to go back to the previous version(v3.21.2) to solve this problem.
  • f

    future-daybreak-16512

    01/13/2022, 12:38 PM
    Can I use existing terraform template with Pulumi? Usecase : We have number of existing infrastructure template written in terraform. I'm checking the possibility to use the tf template in Pulumi without converting them. Is this possible?
    b
    • 2
    • 3
  • w

    wet-noon-14291

    01/13/2022, 12:40 PM
    How do I rename a stack if I don't have access to the actual stack (it is part of an automation project). Running
    pulumi stack rename <new-name> -s <old-name>
    doesn't work. Output from this is: error: no Pulumi project found in the current working directory. If you're using the
    --stack
    flag, make sure to pass the fully qualified name (org/project/stack) Do I have to be in a project directory to rename a stack?
    f
    • 2
    • 1
  • n

    nice-beard-3866

    01/13/2022, 2:29 PM
    Hey, I'm having an issue where pulumi overwrites the stack config file on each run (
    Pulumi.production.yaml
    ) it sorts all the keys and removes all comments and whitespace. Is there some way to prevent it from doing this? I have a bunch of comments and logical grouping/ordering that I don't want to get lost
    m
    • 2
    • 5
  • c

    crooked-postman-72907

    01/13/2022, 4:28 PM
    hey all. Im having trouble converting HCL/Terraform into Python. Can anyone lend me a hand?
    b
    • 2
    • 2
  • m

    microscopic-dress-1605

    01/13/2022, 4:41 PM
    Hello, I’m trying to import a resource that is inside a
    CustomResource
    using the pulumi cli. When I execute
    pulumi import pulumi-resource-id cloud-provider-resource-id
    the resource is successfully imported. However, the resource is then a top-level resource and not a chilled of the Custom Resource. Thank you for your help!
    e
    l
    a
    • 4
    • 14
  • h

    high-cricket-61841

    01/13/2022, 5:39 PM
    Is there a public IP range accessible for accessing the pulumi api? My team is using the pulumi automation api in a hosted service. We would like to do more outbound traffic control so having an ip range for the pulumi api would be helpful in securing our virtual network.
    b
    • 2
    • 2
  • l

    lemon-television-29125

    01/14/2022, 7:08 AM
    o/ are there any things like that in pulumi ? https://registry.terraform.io/providers/hashicorp/http/latest/docs/data-sources/http
    e
    • 2
    • 2
  • p

    polite-addition-60031

    01/14/2022, 7:17 AM
    hello, i'm running pulumi for the first time. i have setup aws-python project. on running pulumi up i get the following error: quickstart/venv/lib/python3.6/site-packages/pulumi_aws/_inputs.py", line 147 def __init__(self, *, ^ SyntaxError: more than 255 arguments is this a right channel to ask questions?
    e
    • 2
    • 2
  • c

    cuddly-actor-99406

    01/14/2022, 11:27 AM
    hi, trying to
    pulumi up
    my prod environment after not touching it for a while, and it is hanging (100% cpu on python process) in preview. I believe is it related to the large (alb and cert-manager)
    k8s.yaml.ConfigFile
    resources I have. Everything has been fine for many months, but since the last time I ran it, pulumi, python, pulumi-kubernetes, and my laptop (new m1) have gone through many updates (which I have just applied). I've tried logging as suggested on the troubleshooting page, but can't see anything interesting.
    pulumi refresh
    seems to work ok.
    aws cli
    and
    kubectl
    are connecting. If I comment out the
    ConfigFile
    resource, then preview completes normally (and offers to delete my resources). I'm out of ideas. This is prod and I don't want to delete anything. Any ideas?. The last line of the log is
    I0114 22:12:30.762818   83092 eventsink.go:62] eventSink::Debug(<{%reset%}>resource registration successful: ty=kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition|apiextensions.k8s.io/v1:CustomResourceDefinition>, urn=urn:pulumi:xxxx.prod::xxxx::kubernetes:yaml:ConfigFile$kubernetes:<http://apiextensions.k8s.io/v1:CustomResourceDefinition::certificaterequests.cert-manager.io<{%reset%}>)|apiextensions.k8s.io/v1:CustomResourceDefinition::certificaterequests.cert-manager.io<{%reset%}>)>
    e
    v
    • 3
    • 11
  • p

    polite-article-56500

    01/14/2022, 11:55 AM
    Hello guys, I’ve facing issues on
    pulimi config set
    after the new version
    3.22.0
    the issue: https://github.com/pulumi/pulumi/issues/8752
    e
    • 2
    • 1
  • e

    eager-gigabyte-20835

    01/14/2022, 1:16 PM
    Hello All, I am using the pulumi native for azure and was wondering if I can use CertificateBinding option for WebAppHostnameBinding as available in the classic Module https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificatebinding/
  • b

    billions-lawyer-5518

    01/14/2022, 1:31 PM
    Hi all, I have created a GCP - VM instance using pulumi, when I try to ssh into it using pulumi command package I am getting the following error. Can anyone help me with this ? Thank you!
    error: ssh: handshake failed: ssh: unable to authenticate, attempted methods [none publickey], no supported methods remain
    Code snippet:
    import * as gcp from "@pulumi/gcp";
    import { remote, types } from "@pulumi/command";
    import { Config } from "@pulumi/pulumi";
    import * as fs from "fs";
    import * as os from "os";
    import * as path from "path";
    
    const config = new Config();
    const publicKey = config.get("publicKey");
    
    const privateKeyBase64 = config.get("privateKeyBase64");
    
    const privateKey = privateKeyBase64
      ? Buffer.from(privateKeyBase64, "base64").toString("ascii")
      : fs.readFileSync(path.join(os.homedir(), ".ssh", "id_rsa")).toString("utf8");
    
    const svcAct = new gcp.serviceaccount.Account("my-service-account", {
      accountId: "service-account",
      displayName: "Service account for Pulumi",
    });
    
    const svcKey = new gcp.serviceaccount.Key("my-service-key", {
      serviceAccountId: svcAct.name,
      publicKeyType: "TYPE_X509_PEM_FILE",
    });
    
    const address = new gcp.compute.Address("my-address", {
      region: "us-central1",
    });
    
    // Create a Virtual Machine Instance
    const computeInstance = new gcp.compute.Instance("instance", {
      machineType: "n2-standard-2",
      zone: "us-central1-a",
      bootDisk: {
        initializeParams: {
          image: "ubuntu-os-cloud/ubuntu-1804-lts",
          size: 20,
        },
      },
      networkInterfaces: [
        {
          network: "default",
          accessConfigs: [{ natIp: address.address }],
        },
      ],
      advancedMachineFeatures: { enableNestedVirtualization: true },
      serviceAccount: {
        scopes: ["<https://www.googleapis.com/auth/cloud-platform>"],
        email: svcAct.email,
      },
      metadata: {
        "enable-oslogin": "false",
        "ssh-keys": `user:${publicKey}`,
      },
    });
    
    const connection: types.input.remote.ConnectionArgs = {
      host: address.address,
      user: "user",
      privateKey: privateKey,
    };
    
    const copyFile = new remote.CopyFile("docker-install-file", {
      connection,
      localPath: "./deploy.sh",
      remotePath: "deploy.sh",
    });
    
    const execCommand = new remote.Command(
      "exec-docker-shell",
      {
        connection: connection,
        create: "sh deploy.sh",
      },
      { dependsOn: copyFile }
    );
    
    // Export the name and IP address of the Instance
    export const instanceName = computeInstance.name;
    b
    • 2
    • 2
  • m

    magnificent-lifeguard-15082

    01/14/2022, 3:57 PM
    How can I avoid (or redirect) providers (such as Datadog) which use a terraform bridge and end up leaving an untracked
    tfplan
    and
    .terraform
    in my source tree?
    b
    • 2
    • 4
  • r

    rapid-raincoat-36492

    01/14/2022, 9:17 PM
    Do you still pay per-resource costs if you self-host Pulumi on the gold plan?
    b
    • 2
    • 2
  • h

    hundreds-article-77945

    01/15/2022, 12:59 AM
    Can you access the output of a resource from another stack? Or only stack outputs?
    p
    • 2
    • 5
  • m

    mysterious-dawn-40701

    01/16/2022, 9:24 AM
    I am trying to understand destroy order... At the moment, when running destroy we have error similar to:
    timeout removing Node Template: Bad response statusCode [405]. Status [405 Method Not Allowed]. Body: [baseType=error, code=MethodNotAllow, message=Template is in use by a node.]
    Is there any way to influence what order destroy will use
    e
    • 2
    • 8
  • m

    mysterious-dawn-40701

    01/16/2022, 9:25 AM
    it is a bit frustrating that we cannot easily destroy when testing
  • m

    most-lighter-95902

    01/16/2022, 5:51 PM
    Hi, is it possible to run
    pulumi up
    in multiple stacks in parallel?
    e
    • 2
    • 2
  • m

    magnificent-lifeguard-15082

    01/16/2022, 8:40 PM
    It appears that if an absolute path is passed to
    FileArchive
    then pulumi will have a hard time on another machine and will fail to update 😬 Is this expected? If so might be worth adding a warning or explicit mention of relative path requirement on the docs. I do wonder how we should handle non-deterministic paths though between builds? I have a "file not found" error where a
    BucketObject
    is referencing a
    .zip
    with an absolute path which was created running
    up
    on another machine.
    l
    e
    • 3
    • 22
Powered by Linen
Title
m

magnificent-lifeguard-15082

01/16/2022, 8:40 PM
It appears that if an absolute path is passed to
FileArchive
then pulumi will have a hard time on another machine and will fail to update 😬 Is this expected? If so might be worth adding a warning or explicit mention of relative path requirement on the docs. I do wonder how we should handle non-deterministic paths though between builds? I have a "file not found" error where a
BucketObject
is referencing a
.zip
with an absolute path which was created running
up
on another machine.
Kind of feels like the local path is insignificant to the actual resource representation. It's the resolved file (and it's data) that is important.
l

little-cartoon-10569

01/16/2022, 8:42 PM
That sounds like a normal programming issue. Exception handling and testing are the way to go, here.
m

magnificent-lifeguard-15082

01/16/2022, 8:47 PM
Yes.
l

little-cartoon-10569

01/16/2022, 8:48 PM
There isn't a relative path requirement, so it can't be added to the docs. The relative path thing is a requirement only when running on multiple machines with different directory hierarchies. Frequently, this isn't the case.
Absolute paths would be fine if deploying only from CI, or only within a containerized environment, or similar.
m

magnificent-lifeguard-15082

01/16/2022, 8:49 PM
It's not my code throwing the exception though. Pulumi is storing in state (validated via
pulumi stack export
) an absolute path that is not valid across environments.
Your last statement is more true but not entirely. If I change the working directory configuration of my CI container tomorrow paths will be invalidated.
l

little-cartoon-10569

01/16/2022, 8:50 PM
So the exception handling would have to wrap the execution of the Pulumi engine, which is inconvenient but not difficult.
If you change the working directory configuration of your CI container, that's equivalent to changing the code. You need to test that.
m

magnificent-lifeguard-15082

01/16/2022, 8:55 PM
Err, not really agreeing with your sentiment. Of course we should "handle errors that could occur in your code". However, I believe this error should be handled by pulumi. In my configuration it is correctly pointing to the right file path that exists on the machine pulumi is running on. Pulumi is trying to do something with the old state and failing - which I'm pretty sure is the biggest jobs of pulumi (ie. to detect configuration drift so that it can perform the right CRUD actions). It's seeing "oh this FileArchive doesn't exist anymore" but I've got a new one in it's place and do not have control over what pulumi is doing in the background when it realises an old FileArchive resource is orphaned.
l

little-cartoon-10569

01/16/2022, 8:57 PM
If Pulumi did that, how would you handle the case where you require the file to be at a specific, absolute location? And where if it path changes, then deployment should correctly fail?
m

magnificent-lifeguard-15082

01/16/2022, 8:57 PM
The problem is apparent when you consider the
Asset
resources are the only resources that do not have a stable name you can provide. It is expecting to use the file path as a stable reference for the "virtual resource" AND as a pointer to "physical resource".
l

little-cartoon-10569

01/16/2022, 9:04 PM
That does complicate matters...
In cases where this is likely to become a problem, it might be worth wrapping the Asset in a ComponentResource with the same name as the Asset's constructor. You'd achieve the same protection, but with annoying boilerplate code, and extra resources which you might have to pay for if you're using a paid plan.
Having separate name and path properties would be better. It's probably worth opening an issue explaining this.
m

magnificent-lifeguard-15082

01/16/2022, 9:08 PM
Yeah defo will do. Thanks for helping me validate the issue
for reference and anyone else exploring this issue: this is the offending BucketObject state that exists in the stack which it's trying to do something with even though it sees the path has changed. It may actually be isolated to just s3.BucketObject so will explore a bit deeper. (my config is simply {source: FileArchive(
/abs/path.zip
)
"source": {
                        "4dabf18193072939515e22adb298388d": "0def7320c3a5731c473e5ecbe6d01bc7",
                        "hash": "63d94894644f928fdc44fc353c161ca544f477d28880d07c2f8634322ce3b1d6",
                        "path": "/Users/path/to/repo/modules.zip"
                    }
e

echoing-dinner-19531

01/17/2022, 9:24 AM
I think I understand your problem now. You had old state that refered to one file, and now you've moved to a new machine and that file doesn't exist anymore and you've changed your program to use a new file path. But when pulumi runs it's still trying to actually read the file at the old path and causing a file not found error? Could you ping us the output from up so we could see where exactly this error is showing up, a quick look at the engine code suggests we should be handling the case of the old file going missing without issue.
I assume this is https://github.com/pulumi/pulumi-aws/issues/1767, thanks for the issue.
✅ 1
m

magnificent-lifeguard-15082

01/18/2022, 10:40 AM
That's the one. The more I'm thinking about it the more likely it might be tied in with my other linked issue related to
source: FileArchive
and
sourceHash
Let me know if the output would still be useful (I imagine you'd want the result of -v ? with --logtostderr)
e

echoing-dinner-19531

01/18/2022, 2:44 PM
I don't think its needed but we'll ping on the ticket if that changes.
View count: 3