rapid-raincoat-36492
01/25/2022, 4:29 AMbored-barista-23480
01/25/2022, 12:42 PMTypeError: 'ResourceTransformationArgs' object is not subscriptable
. I could not find any mention of this error specific to this class. I also could't find any helpful examples of how to use transformations other than the mentioned one. Anyone have a clue why it does not work and how to fix it?worried-lifeguard-96134
01/25/2022, 3:07 PMsalmon-printer-16080
01/26/2022, 5:13 AMUserAssignedIdentity
into a WebApp
before in TS? I am having a lot of trouble.
The example I have here, shows I can add a UAI to a webapp when I hardcode the id as the property, with a value of {}
as stated by the documentation here: https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapp/#managedserviceidentity _(I found that even the docs mentions that the second property should be user_assigned_identities
but that doesnt work even with hardcoding, so ive fallen back to the ARM template output from a pre-created resource which seems to work)_
The entire string looks like this:
let identity: any = {
type: "UserAssigned",
userAssignedIdentities: {
"/subscriptions/<sub-id>/resourcegroups/<rg>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<uai-name>" : {}
}
}
However, I cannot get the actual UAI id into the identity object due to the property of userAssignedIdentities
not accepting an Output<string>
as a property type. Using [UAI]: {}
to try cast the identity does not work either as it tries to cast it to a string. How does everyone else do it?limited-island-40412
01/26/2022, 11:03 AMbillions-lawyer-5518
01/26/2022, 11:03 AMconst remoteInstance = new docker.Provider(
"remote",
{
host: interpolate`<ssh://user>@${externalIP}:22`,
},
{ dependsOn: dockerInstallation }
);
ripe-park-70944
01/26/2022, 12:07 PMimport
command without actually importing the resource into the stack?astonishing-monitor-79630
01/26/2022, 1:37 PMpulumi state delete urn:of:resource
, but what is the easiest way to find that urn from ideally the cli? I can use the somewhat unwieldy pulumi stack --show-ids --show-urns | grep 'resource_name'
but is there a better way?full-artist-27215
01/26/2022, 1:58 PMswift-intern-18856
01/26/2022, 6:38 PMan unhandled error occurred: Program exited with non-zero exit code: 1
from a stack that hasn’t changed in months. identical stack is working in our other account. made sure to update pulumi as well as the nodejs provider and all other dependencies, seeing absolutely nothing in verbose output to indicate what the problem is. indeed, seeing “Planner decided not to update after diff”, so no idea what could have broken here. how should i proceed?fast-easter-23401
01/26/2022, 7:14 PMcloud_sql_proxy
that handles TLS. My provider point to localhost:3307 where cloud_sql_proxy is listening.
new mysql.Grant(
'applications',
{
user: 'applications',
host: '%',
database: 'applications',
privileges: ['ALL'],
},
{
provider: new mysql.Provider(`import-applications-grant`, {
username: 'root',
endpoint: '127.0.0.1:3307',
password: config.requireSecret('MY_SQL_APPLICATIONS_SECRET'),
}),
import: 'applications@%:applications',
protect: true,
}
);
But then I get the following error:
Diagnostics:
pulumi:pulumi:Stack (env-staging):
error: preview failed
mysql:index:Grant (applications@%:applications):
error: Preview failed: refreshing urn:pulumi:staging::env::mysql:index/grant:Grant::applications@%:applications: user with host or a role is required
Any ideas?billions-judge-9412
01/26/2022, 7:39 PMdazzling-author-49810
01/26/2022, 8:56 PMstale-vase-87890
01/26/2022, 9:00 PMinterface appsecrets {
auth0clientid: string,
}
const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
const auth0client = appsecrets.auth0clientid
const example1 = {
auth0clientid1: auth0client
}
const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
secretId: example.id,
secretString: JSON.stringify(example1)
})
I have tried all sorts of things like appsecrets.auth0clientid.apply(v => JSON.stringify(v))
but it still is going to be a type of Output<T> and it sets the value in secrets manager as
Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.polite-napkin-90098
01/26/2022, 9:13 PMsg, err := ec2.NewSecurityGroup(ctx, "EKS", &ec2.SecurityGroupArgs{
Description: pulumi.String("Group for the EKS cluster"),
VpcId: pulumi.String(vpcid),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("https in from the nodes"),
FromPort: <http://pulumi.Int|pulumi.Int>(443),
ToPort: <http://pulumi.Int|pulumi.Int>(443),
Protocol: pulumi.String("tcp"),
SecurityGroups: pulumi.StringArray{
pulumi.String(cluster.NodeSecurityGroup),
},
},
},
Egress: ec2.SecurityGroupEgressArray{
// allow https out to anywhere
&ec2.SecurityGroupEgressArgs{
FromPort: <http://pulumi.Int|pulumi.Int>(443),
ToPort: <http://pulumi.Int|pulumi.Int>(443),
Protocol: pulumi.String("tcp"),
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("::/0"),
},
},
},
}, nil)
if err != nil {
return err
}
// Create an EKS cluster
cluster, err := eks.NewCluster(ctx, "Test", &eks.ClusterArgs{
VpcId: pulumi.String(vpcid),
PrivateSubnetIds: pulumi.StringArray{
pulumi.String(private[0]),
pulumi.String(private[1]),
pulumi.String(private[2]),
},
PublicSubnetIds: pulumi.StringArray{
pulumi.String(public[0]),
pulumi.String(public[1]),
pulumi.String(public[2]),
},
ClusterSecurityGroup: sg,
EndpointPrivateAccess: pulumi.Bool(true),
EndpointPublicAccess: pulumi.Bool(false),
})
if err != nil {
return err
}
and if I put it that way round I get ./main.go:150:21: undefined: cluster
and if I put the cluster before the sg I get undefined: sg
polite-napkin-90098
01/26/2022, 9:16 PMflat-kangaroo-13810
01/26/2022, 9:41 PMTeam team = new Team("<name here built using an Output<string> from a previous resource>", new TeamArgs());
aloof-airport-42412
01/27/2022, 12:18 AMautoscaling:environment:
testEnv: testEnv
and I want to get it in typescript code
let config = new pulumi.Config();
let test = config.get("environment.testEnv");
console.log(`Environment Variable: ${test}`);
When I run pulumi up
I get Environment Variable: undefined
rather than the environment variablelittle-cartoon-10569
01/27/2022, 3:11 AMproviders
map (in the opt object)?wet-soccer-72485
01/27/2022, 3:48 AMminiature-photographer-46262
01/27/2022, 10:33 AMbillions-judge-9412
01/27/2022, 11:09 AMfast-florist-41572
01/27/2022, 12:50 PMastonishing-dentist-11149
01/27/2022, 1:38 PMhelpful-account-44059
01/27/2022, 2:00 PMpulumi up
, i got this error:
Diagnostics:
eks:index:VpcCni (relation-aws-eks-cluter-vpc-cni):
error: Command failed: kubectl apply -f C:\Users\Matrix\AppData\Local\Temp\tmp-6800oi250Aa7ZzSV.tmp
error: You must be logged in to the server (the server has asked for the client to provide credentials)
pulumi:pulumi:Stack (relation-aws-eks-cluter-dev):
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: update failed
how to fix?magnificent-lifeguard-15082
01/27/2022, 5:27 PMnice-pharmacist-5320
01/27/2022, 6:00 PMpulumi config -j
or get them one by one using pulumi config <config_name>
but I want it in env. Is there a way to export all config from pulumi config
to env? I have to set all of the config as env for a github actionbored-table-20691
01/27/2022, 6:47 PMpulumi up
wants to do a wholesale replace (of VPCs, EKS cluster, etc), which would be very sad.bored-table-20691
01/27/2022, 7:23 PMpulumi:disable-default-providers:
- aws
- kubernetes
This seems to work well for AWS, but I am having an odd issue with the Kubernetes one. Specifically, I have the following resource:
_, err = yaml.NewConfigFile(ctx, "certmanager-deploy-file", &yaml.ConfigFileArgs{
File: "./cert-manager.yaml",
Transformations: []yaml.Transformation{
// We need to make two modifications:
// 1. Add the role ARN for IRSA
// 2. Set the fsGroup for IRSA token mapping
// Docs here: <https://cert-manager.io/docs/configuration/acme/dns01/route53/#eks-iam-role-for-service-accounts-irsa>
func(state map[string]interface{}, opts ...pulumi.ResourceOption) {
metadata := state["metadata"].(map[string]interface{})
name := metadata["name"]
if state["kind"] == "ServiceAccount" && name == "cert-manager" {
var annotations map[string]interface{}
if v, ok := metadata["annotations"]; !ok {
annotations = make(map[string]interface{})
metadata["annotations"] = annotations
} else {
annotations = v.(map[string]interface{})
}
annotations["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = irsaRole.Arn
}
if state["kind"] == "Deployment" && name == "cert-manager" {
deploymentSpec := state["spec"].(map[string]interface{})
template := deploymentSpec["template"].(map[string]interface{})
podSpec := template["spec"].(map[string]interface{})
podSpec["securityContext"] = map[string]interface{}{
"fsGroup": 1001,
}
}
},
},
}, pulumi.DependsOn([]pulumi.Resource{irsaRole}), pulumi.Provider(eksConfig.Provider))
if err != nil {
return nil, err
}
Where eksConfig.Provider
is constructed as the result of an eks.Cluster
creation:
k8sProvider, err := providers.NewProvider(ctx, "k8s-ssa-provider", &providers.ProviderArgs{
Kubeconfig: kubeconfig,
})
if err != nil {
return nil, err
}
When I run this with the default Kubernetes one disabled, I get this error:
error: program failed: 1 error occurred:
* decoding YAML: rpc error: code = Unknown desc = unknown provider ''
exit status 1
There is not any more info in the logs even if I set logging to 9. If I enable the Kubernetes default provider, it works just fine, even though I am passing an explicit provider here.
Is this a bug or am I doing something unexpected here?curved-summer-41191
01/27/2022, 10:26 PM