ripe-park-70944
01/26/2022, 12:07 PMimport
command without actually importing the resource into the stack?astonishing-monitor-79630
01/26/2022, 1:37 PMpulumi state delete urn:of:resource
, but what is the easiest way to find that urn from ideally the cli? I can use the somewhat unwieldy pulumi stack --show-ids --show-urns | grep 'resource_name'
but is there a better way?full-artist-27215
01/26/2022, 1:58 PMswift-intern-18856
01/26/2022, 6:38 PMan unhandled error occurred: Program exited with non-zero exit code: 1
from a stack that hasn’t changed in months. identical stack is working in our other account. made sure to update pulumi as well as the nodejs provider and all other dependencies, seeing absolutely nothing in verbose output to indicate what the problem is. indeed, seeing “Planner decided not to update after diff”, so no idea what could have broken here. how should i proceed?fast-easter-23401
01/26/2022, 7:14 PMcloud_sql_proxy
that handles TLS. My provider point to localhost:3307 where cloud_sql_proxy is listening.
new mysql.Grant(
'applications',
{
user: 'applications',
host: '%',
database: 'applications',
privileges: ['ALL'],
},
{
provider: new mysql.Provider(`import-applications-grant`, {
username: 'root',
endpoint: '127.0.0.1:3307',
password: config.requireSecret('MY_SQL_APPLICATIONS_SECRET'),
}),
import: 'applications@%:applications',
protect: true,
}
);
But then I get the following error:
Diagnostics:
pulumi:pulumi:Stack (env-staging):
error: preview failed
mysql:index:Grant (applications@%:applications):
error: Preview failed: refreshing urn:pulumi:staging::env::mysql:index/grant:Grant::applications@%:applications: user with host or a role is required
Any ideas?billions-judge-9412
01/26/2022, 7:39 PMdazzling-author-49810
01/26/2022, 8:56 PMstale-vase-87890
01/26/2022, 9:00 PMinterface appsecrets {
auth0clientid: string,
}
const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
const auth0client = appsecrets.auth0clientid
const example1 = {
auth0clientid1: auth0client
}
const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
secretId: example.id,
secretString: JSON.stringify(example1)
})
I have tried all sorts of things like appsecrets.auth0clientid.apply(v => JSON.stringify(v))
but it still is going to be a type of Output<T> and it sets the value in secrets manager as
Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.polite-napkin-90098
01/26/2022, 9:13 PMsg, err := ec2.NewSecurityGroup(ctx, "EKS", &ec2.SecurityGroupArgs{
Description: pulumi.String("Group for the EKS cluster"),
VpcId: pulumi.String(vpcid),
Ingress: ec2.SecurityGroupIngressArray{
&ec2.SecurityGroupIngressArgs{
Description: pulumi.String("https in from the nodes"),
FromPort: <http://pulumi.Int|pulumi.Int>(443),
ToPort: <http://pulumi.Int|pulumi.Int>(443),
Protocol: pulumi.String("tcp"),
SecurityGroups: pulumi.StringArray{
pulumi.String(cluster.NodeSecurityGroup),
},
},
},
Egress: ec2.SecurityGroupEgressArray{
// allow https out to anywhere
&ec2.SecurityGroupEgressArgs{
FromPort: <http://pulumi.Int|pulumi.Int>(443),
ToPort: <http://pulumi.Int|pulumi.Int>(443),
Protocol: pulumi.String("tcp"),
CidrBlocks: pulumi.StringArray{
pulumi.String("0.0.0.0/0"),
},
Ipv6CidrBlocks: pulumi.StringArray{
pulumi.String("::/0"),
},
},
},
}, nil)
if err != nil {
return err
}
// Create an EKS cluster
cluster, err := eks.NewCluster(ctx, "Test", &eks.ClusterArgs{
VpcId: pulumi.String(vpcid),
PrivateSubnetIds: pulumi.StringArray{
pulumi.String(private[0]),
pulumi.String(private[1]),
pulumi.String(private[2]),
},
PublicSubnetIds: pulumi.StringArray{
pulumi.String(public[0]),
pulumi.String(public[1]),
pulumi.String(public[2]),
},
ClusterSecurityGroup: sg,
EndpointPrivateAccess: pulumi.Bool(true),
EndpointPublicAccess: pulumi.Bool(false),
})
if err != nil {
return err
}
and if I put it that way round I get ./main.go:150:21: undefined: cluster
and if I put the cluster before the sg I get undefined: sg
polite-napkin-90098
01/26/2022, 9:16 PMflat-kangaroo-13810
01/26/2022, 9:41 PMTeam team = new Team("<name here built using an Output<string> from a previous resource>", new TeamArgs());
aloof-airport-42412
01/27/2022, 12:18 AMautoscaling:environment:
testEnv: testEnv
and I want to get it in typescript code
let config = new pulumi.Config();
let test = config.get("environment.testEnv");
console.log(`Environment Variable: ${test}`);
When I run pulumi up
I get Environment Variable: undefined
rather than the environment variablelittle-cartoon-10569
01/27/2022, 3:11 AMproviders
map (in the opt object)?wet-soccer-72485
01/27/2022, 3:48 AMminiature-photographer-46262
01/27/2022, 10:33 AMbillions-judge-9412
01/27/2022, 11:09 AMfast-florist-41572
01/27/2022, 12:50 PMastonishing-dentist-11149
01/27/2022, 1:38 PMhelpful-account-44059
01/27/2022, 2:00 PMpulumi up
, i got this error:
Diagnostics:
eks:index:VpcCni (relation-aws-eks-cluter-vpc-cni):
error: Command failed: kubectl apply -f C:\Users\Matrix\AppData\Local\Temp\tmp-6800oi250Aa7ZzSV.tmp
error: You must be logged in to the server (the server has asked for the client to provide credentials)
pulumi:pulumi:Stack (relation-aws-eks-cluter-dev):
error: You must be logged in to the server (the server has asked for the client to provide credentials)
error: update failed
how to fix?magnificent-lifeguard-15082
01/27/2022, 5:27 PMnice-pharmacist-5320
01/27/2022, 6:00 PMpulumi config -j
or get them one by one using pulumi config <config_name>
but I want it in env. Is there a way to export all config from pulumi config
to env? I have to set all of the config as env for a github actionbored-table-20691
01/27/2022, 6:47 PMpulumi up
wants to do a wholesale replace (of VPCs, EKS cluster, etc), which would be very sad.bored-table-20691
01/27/2022, 7:23 PMpulumi:disable-default-providers:
- aws
- kubernetes
This seems to work well for AWS, but I am having an odd issue with the Kubernetes one. Specifically, I have the following resource:
_, err = yaml.NewConfigFile(ctx, "certmanager-deploy-file", &yaml.ConfigFileArgs{
File: "./cert-manager.yaml",
Transformations: []yaml.Transformation{
// We need to make two modifications:
// 1. Add the role ARN for IRSA
// 2. Set the fsGroup for IRSA token mapping
// Docs here: <https://cert-manager.io/docs/configuration/acme/dns01/route53/#eks-iam-role-for-service-accounts-irsa>
func(state map[string]interface{}, opts ...pulumi.ResourceOption) {
metadata := state["metadata"].(map[string]interface{})
name := metadata["name"]
if state["kind"] == "ServiceAccount" && name == "cert-manager" {
var annotations map[string]interface{}
if v, ok := metadata["annotations"]; !ok {
annotations = make(map[string]interface{})
metadata["annotations"] = annotations
} else {
annotations = v.(map[string]interface{})
}
annotations["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = irsaRole.Arn
}
if state["kind"] == "Deployment" && name == "cert-manager" {
deploymentSpec := state["spec"].(map[string]interface{})
template := deploymentSpec["template"].(map[string]interface{})
podSpec := template["spec"].(map[string]interface{})
podSpec["securityContext"] = map[string]interface{}{
"fsGroup": 1001,
}
}
},
},
}, pulumi.DependsOn([]pulumi.Resource{irsaRole}), pulumi.Provider(eksConfig.Provider))
if err != nil {
return nil, err
}
Where eksConfig.Provider
is constructed as the result of an eks.Cluster
creation:
k8sProvider, err := providers.NewProvider(ctx, "k8s-ssa-provider", &providers.ProviderArgs{
Kubeconfig: kubeconfig,
})
if err != nil {
return nil, err
}
When I run this with the default Kubernetes one disabled, I get this error:
error: program failed: 1 error occurred:
* decoding YAML: rpc error: code = Unknown desc = unknown provider ''
exit status 1
There is not any more info in the logs even if I set logging to 9. If I enable the Kubernetes default provider, it works just fine, even though I am passing an explicit provider here.
Is this a bug or am I doing something unexpected here?curved-summer-41191
01/27/2022, 10:26 PMfierce-ability-58936
01/28/2022, 2:45 AMctx.RegisterStackTransformation(...
applies to all resources in order, without taking into account child/parent relationship. And it doesn't seem to be a way to check if "is it a parent of XX?".
I tried to add a transformation to the CustomComponent resource in the stack transformation but it didn't work (the nested one never runs). In other words, I wanted to add another transformation in the stack transformation. Seems to be a limitation?
I'm using Go, if that matters. Does anyone have an idea how to achieve this?
I could add that resource-specific transformation when instantiating the CustomResource, but that would require doing that everywhere including tests.most-lighter-95902
01/28/2022, 4:23 AM--config
flag to docker run
via Pulumi? I’m using new docker.Container
but not sure how I can pass in custom flags like this?most-lighter-95902
01/28/2022, 4:28 AMdocker run <theimage> --config /home/ory/kratos.yml
steep-cartoon-89174
01/28/2022, 11:09 AMsteep-cartoon-89174
01/28/2022, 11:11 AMsteep-cartoon-89174
01/28/2022, 11:11 AMsteep-cartoon-89174
01/28/2022, 11:11 AMmillions-furniture-75402
01/28/2022, 2:06 PMconst elbClient = new aws.sdk.ELBv2({ region: aws.config.region })
const resourceList = await elbClient.describeLoadBalancers().promise();