Is there a way to get the generated code from the

import

command without actually importing the resource into the stack?

Hello guys! Related question to import above: If I want to rollback an import of a resource, the way I have worked out is to use

pulumi state delete urn:of:resource

, but what is the easiest way to find that urn from ideally the cli? I can use the somewhat unwieldy

pulumi stack --show-ids --show-urns | grep 'resource_name'

but is there a better way?

Is there any formal way to annotate stack inputs and outputs with documentation strings to add additional context for their intention and purpose?

getting

an unhandled error occurred: Program exited with non-zero exit code: 1

from a stack that hasn’t changed in months. identical stack is working in our other account. made sure to update pulumi as well as the nodejs provider and all other dependencies, seeing absolutely nothing in verbose output to indicate what the problem is. indeed, seeing “Planner decided not to update after diff”, so no idea what could have broken here. how should i proceed?

Hello folks, I'm trying to import some databases grants created using Terraform. We have a MySQL instance running on GCP, to which I'm connecting using

cloud_sql_proxy

that handles TLS. My provider point to localhost:3307 where cloud_sql_proxy is listening.

new mysql.Grant(
  'applications',
  {
    user: 'applications',
    host: '%',
    database: 'applications',
    privileges: ['ALL'],
  },
  {
    provider: new mysql.Provider(`import-applications-grant`, {
      username: 'root',
      endpoint: '127.0.0.1:3307',
      password: config.requireSecret('MY_SQL_APPLICATIONS_SECRET'),
    }),
    import: 'applications@%:applications',
    protect: true,
  }
);

But then I get the following error:

Diagnostics:
  pulumi:pulumi:Stack (env-staging):
    error: preview failed
 
  mysql:index:Grant (applications@%:applications):
    error: Preview failed: refreshing urn:pulumi:staging::env::mysql:index/grant:Grant::applications@%:applications: user with host or a role is required

Any ideas?

Hello! We're currently in the process of evaluating Pulumi to see if it fits our use case and came upon an issue and i can't find anything in the documentation on this. Basically, we have a resource (On azure, if that matters) that we're trying to update. However this update requires the resource to be recreated. The output says to destroy the component first. But just like how you would 'Taint' something in terraform - Is there an equivelant in Pulumi? TL;DR - Is there any way to force 'pulumi up' to recreate/destroy a specific resource? - Similiar to Terraforms taint function

Hi, is there some sort of document/pattern etc about how Dependency Tracking works? @tall-librarian-49374

Hello Pulumi friends! I am trying to move our AWS SecretManager values into Pulumi so we can manage them with code! The secrets would be encrypted using pulumi secret foo 'bar' in the config file. Since we are reading them in from the config file they become an Output<T> which makes things a bit of a pain. To do a key/pair with secrets manager you have to pass it as json however you can't JSON.stringify a type of Output<T>, and there doesn't seem any way to convert it into anything else example:

interface appsecrets {
    auth0clientid: string,
}
const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
const auth0client = appsecrets.auth0clientid
const example1 = {
    auth0clientid1: auth0client
}

const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
    secretId: example.id,
    secretString: JSON.stringify(example1)
})

I have tried all sorts of things like

appsecrets.auth0clientid.apply(v => JSON.stringify(v))

but it still is going to be a type of Output<T> and it sets the value in secrets manager as Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.

I'm sure I'm missing something obvious, but I'm struggling with circular dependencies. I'm using the EKS package to make a kluster The cluster needs a security group. The security group needs to allow access from the node pool security group The node pool security is created by the cluster and is an output from it. So essentially I have

sg, err := ec2.NewSecurityGroup(ctx, "EKS", &ec2.SecurityGroupArgs{
                        Description: pulumi.String("Group for the EKS cluster"),
                        VpcId: pulumi.String(vpcid),
                        Ingress: ec2.SecurityGroupIngressArray{
                                &ec2.SecurityGroupIngressArgs{
                                      Description: pulumi.String("https in from the nodes"),
                                      FromPort: <http://pulumi.Int|pulumi.Int>(443),
                                      ToPort: <http://pulumi.Int|pulumi.Int>(443),
                                      Protocol: pulumi.String("tcp"),
                                      SecurityGroups: pulumi.StringArray{
                                              pulumi.String(cluster.NodeSecurityGroup),
                                      },
                                },
                        },
                        Egress:  ec2.SecurityGroupEgressArray{
                                // allow https out to anywhere
                                &ec2.SecurityGroupEgressArgs{
                                        FromPort: <http://pulumi.Int|pulumi.Int>(443),
                                        ToPort:   <http://pulumi.Int|pulumi.Int>(443),
                                        Protocol: pulumi.String("tcp"),
                                        CidrBlocks: pulumi.StringArray{
                                                pulumi.String("0.0.0.0/0"),
                                        },
                                        Ipv6CidrBlocks: pulumi.StringArray{
                                                pulumi.String("::/0"),
                                        },
                                },
                        },
                }, nil)
                if err != nil {
                        return err
                }
                // Create an EKS cluster
                cluster, err := eks.NewCluster(ctx, "Test", &eks.ClusterArgs{
                        VpcId: pulumi.String(vpcid),
                        PrivateSubnetIds: pulumi.StringArray{
                                pulumi.String(private[0]),
                                pulumi.String(private[1]),
                                pulumi.String(private[2]),
                        },
                        PublicSubnetIds: pulumi.StringArray{
                                pulumi.String(public[0]),
                                pulumi.String(public[1]),
                                pulumi.String(public[2]),
                        },
                        ClusterSecurityGroup: sg,
                        EndpointPrivateAccess: pulumi.Bool(true),
                        EndpointPublicAccess: pulumi.Bool(false),
                })
                if err != nil {
                        return err
                }

and if I put it that way round I get

./main.go:150:21: undefined: cluster

and if I put the cluster before the sg I get

undefined: sg

How do I do this properly?

Hi All, What is the best way to use an Output<string> in the name of a new resource. Context: I am trying to use an output from a previous resource to create deterministic naming of pulumi resources down the chain.

Team team = new Team("<name here built using an Output<string> from a previous resource>", new TeamArgs());

Hello! I am new to Pulumi and apologize if this might be a stupid question Just trying Pulumi out with aws and having trouble with getting nested configuration in the code So I have below in my stack yaml file

autoscaling:environment:
  testEnv: testEnv

and I want to get it in typescript code

let config = new pulumi.Config();
let test = config.get("environment.testEnv");

console.log(`Environment Variable: ${test}`);

When I run

pulumi up

I get

Environment Variable: undefined

rather than the environment variable

How does Pulumi decide which provider to use in the

providers

map (in the opt object)?

Feature request: allow users on the Resources page https://app.pulumi.com/org/project/stack/resources to refresh the Graph View without having to click back to it after refreshing.

Hi! Has anyone used the Kong Pulumi Provider before? Having issues authentication with Kong, issue is detailed here: https://github.com/pulumi/pulumi-kong/issues/89

Hi, anyone got any idea how i can workaround this issue? https://github.com/pulumi/pulumi-azure-native/issues/1431 Its a huge blocker for us, since i effectively can't run my configuration 😞

Is there any easy way to use a local stack without having to logout of my remote backend and login to the local one?

Heya, so we build our stacks with automation in gitlab CI. When we do this, obviously the files for the stack do not get "saved" back into the branch when this happens. They are created on the builder and deleted seconds after the build is complete. Do any of you have this problem? How have you solved it? What I have been doing is pulling the code and doing a pulumi refresh to bring it in when I need it. I have thought about letting the builder commit the new files, but that feels like a really bad idea in most cases.

Hi，i'm following the code to create new aws eks cluter, after

pulumi up

, i got this error:

Diagnostics:
  eks:index:VpcCni (relation-aws-eks-cluter-vpc-cni):
    error: Command failed: kubectl apply -f C:\Users\Matrix\AppData\Local\Temp\tmp-6800oi250Aa7ZzSV.tmp
    error: You must be logged in to the server (the server has asked for the client to provide credentials)

  pulumi:pulumi:Stack (relation-aws-eks-cluter-dev):
    error: You must be logged in to the server (the server has asked for the client to provide credentials)

    error: update failed

how to fix?

Is there a way (ts) to register events for resources when they are created/updated within the runtime? Ie. to publish on a sns topic when a certain resource is updated or created. Concrete example: publish sns topic when a Migration resource fails.

Hello everyone. I have all my env values set in pulumi config as I want pulumi stack to be the source of truth. I can list all the values by running

pulumi config -j

or get them one by one using

pulumi config <config_name>

but I want it in env. Is there a way to export all config from

pulumi config

to env? I have to set all of the config as env for a github action

Is there any way to change the provider without Pulumi wanting to do a replace? Specifically, I am changing from the default AWS provider to an explicit one (configured with all the same values), but running

pulumi up

wants to do a wholesale replace (of VPCs, EKS cluster, etc), which would be very sad.

I am trying out the new Pulumi 3.23.0 capability of disabling the default providers, and have this in my stack:

pulumi:disable-default-providers:
  - aws
  - kubernetes

This seems to work well for AWS, but I am having an odd issue with the Kubernetes one. Specifically, I have the following resource:

_, err = yaml.NewConfigFile(ctx, "certmanager-deploy-file", &yaml.ConfigFileArgs{
		File: "./cert-manager.yaml",
		Transformations: []yaml.Transformation{
			// We need to make two modifications:
			// 1. Add the role ARN for IRSA
			// 2. Set the fsGroup for IRSA token mapping
			// Docs here: <https://cert-manager.io/docs/configuration/acme/dns01/route53/#eks-iam-role-for-service-accounts-irsa>
			func(state map[string]interface{}, opts ...pulumi.ResourceOption) {
				metadata := state["metadata"].(map[string]interface{})
				name := metadata["name"]
				if state["kind"] == "ServiceAccount" && name == "cert-manager" {
					var annotations map[string]interface{}
					if v, ok := metadata["annotations"]; !ok {
						annotations = make(map[string]interface{})
						metadata["annotations"] = annotations
					} else {
						annotations = v.(map[string]interface{})
					}
					annotations["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = irsaRole.Arn
				}
				if state["kind"] == "Deployment" && name == "cert-manager" {
					deploymentSpec := state["spec"].(map[string]interface{})
					template := deploymentSpec["template"].(map[string]interface{})
					podSpec := template["spec"].(map[string]interface{})
					podSpec["securityContext"] = map[string]interface{}{
						"fsGroup": 1001,
					}
				}

			},
		},
	}, pulumi.DependsOn([]pulumi.Resource{irsaRole}), pulumi.Provider(eksConfig.Provider))
	if err != nil {
		return nil, err
	}

Where

eksConfig.Provider

is constructed as the result of an

eks.Cluster

creation:

k8sProvider, err := providers.NewProvider(ctx, "k8s-ssa-provider", &providers.ProviderArgs{
		Kubeconfig: kubeconfig,
	})
	if err != nil {
		return nil, err
	}

When I run this with the default Kubernetes one disabled, I get this error:

error: program failed: 1 error occurred:
    	* decoding YAML: rpc error: code = Unknown desc = unknown provider ''
    exit status 1

There is not any more info in the logs even if I set logging to 9. If I enable the Kubernetes default provider, it works just fine, even though I am passing an explicit provider here. Is this a bug or am I doing something unexpected here?

Is there a way to interact with the pulumi engine programmatically? Like a pulumi cli api

I want to apply a transformation to all children of a specific CustomComponent resource, to import existing resources into the stack on the first run. But I couldn't find a way how to do that transparently: The stack transformation

ctx.RegisterStackTransformation(...

applies to all resources in order, without taking into account child/parent relationship. And it doesn't seem to be a way to check if "is it a parent of XX?". I tried to add a transformation to the CustomComponent resource in the stack transformation but it didn't work (the nested one never runs). In other words, I wanted to add another transformation in the stack transformation. Seems to be a limitation? I'm using Go, if that matters. Does anyone have an idea how to achieve this? I could add that resource-specific transformation when instantiating the CustomResource, but that would require doing that everywhere including tests.

Hi, does anyone know how to pass in

--config

flag to

docker run

via Pulumi? I’m using

new docker.Container

but not sure how I can pass in custom flags like this?

For example,

docker run <theimage> --config /home/ory/kratos.yml

Hey all !

I'm trying to get a list of my ALB listener's rules (in order to add/remove), we can list them on aws with describe-rules (https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-rules.html)