https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • r

    ripe-park-70944

    01/26/2022, 12:07 PM
    Is there a way to get the generated code from the
    import
    command without actually importing the resource into the stack?
    e
    • 2
    • 3
  • a

    astonishing-monitor-79630

    01/26/2022, 1:37 PM
    Hello guys! Related question to import above: If I want to rollback an import of a resource, the way I have worked out is to use
    pulumi state delete urn:of:resource
    , but what is the easiest way to find that urn from ideally the cli? I can use the somewhat unwieldy
    pulumi stack --show-ids --show-urns | grep 'resource_name'
    but is there a better way?
    e
    l
    • 3
    • 7
  • f

    full-artist-27215

    01/26/2022, 1:58 PM
    Is there any formal way to annotate stack inputs and outputs with documentation strings to add additional context for their intention and purpose?
    g
    • 2
    • 3
  • s

    swift-intern-18856

    01/26/2022, 6:38 PM
    getting
    an unhandled error occurred: Program exited with non-zero exit code: 1
    from a stack that hasn’t changed in months. identical stack is working in our other account. made sure to update pulumi as well as the nodejs provider and all other dependencies, seeing absolutely nothing in verbose output to indicate what the problem is. indeed, seeing “Planner decided not to update after diff”, so no idea what could have broken here. how should i proceed?
    g
    • 2
    • 11
  • f

    fast-easter-23401

    01/26/2022, 7:14 PM
    Hello folks, I'm trying to import some databases grants created using Terraform. We have a MySQL instance running on GCP, to which I'm connecting using
    cloud_sql_proxy
    that handles TLS. My provider point to localhost:3307 where cloud_sql_proxy is listening.
    new mysql.Grant(
      'applications',
      {
        user: 'applications',
        host: '%',
        database: 'applications',
        privileges: ['ALL'],
      },
      {
        provider: new mysql.Provider(`import-applications-grant`, {
          username: 'root',
          endpoint: '127.0.0.1:3307',
          password: config.requireSecret('MY_SQL_APPLICATIONS_SECRET'),
        }),
        import: 'applications@%:applications',
        protect: true,
      }
    );
    But then I get the following error:
    Diagnostics:
      pulumi:pulumi:Stack (env-staging):
        error: preview failed
     
      mysql:index:Grant (applications@%:applications):
        error: Preview failed: refreshing urn:pulumi:staging::env::mysql:index/grant:Grant::applications@%:applications: user with host or a role is required
    Any ideas?
    l
    • 2
    • 4
  • b

    billions-judge-9412

    01/26/2022, 7:39 PM
    Hello! We're currently in the process of evaluating Pulumi to see if it fits our use case and came upon an issue and i can't find anything in the documentation on this. Basically, we have a resource (On azure, if that matters) that we're trying to update. However this update requires the resource to be recreated. The output says to destroy the component first. But just like how you would 'Taint' something in terraform - Is there an equivelant in Pulumi? TL;DR - Is there any way to force 'pulumi up' to recreate/destroy a specific resource? - Similiar to Terraforms taint function
    d
    • 2
    • 5
  • d

    dazzling-author-49810

    01/26/2022, 8:56 PM
    Hi, is there some sort of document/pattern etc about how Dependency Tracking works? @tall-librarian-49374
    e
    • 2
    • 21
  • s

    stale-vase-87890

    01/26/2022, 9:00 PM
    Hello Pulumi friends! I am trying to move our AWS SecretManager values into Pulumi so we can manage them with code! The secrets would be encrypted using pulumi secret foo 'bar' in the config file. Since we are reading them in from the config file they become an Output<T> which makes things a bit of a pain. To do a key/pair with secrets manager you have to pass it as json however you can't JSON.stringify a type of Output<T>, and there doesn't seem any way to convert it into anything else example:
    interface appsecrets {
        auth0clientid: string,
    }
    const appsecrets = config.requireSecretObject<appsecrets>("appsecrets")
    const auth0client = appsecrets.auth0clientid
    const example1 = {
        auth0clientid1: auth0client
    }
    
    const exampleSecretVersion = new aws.secretsmanager.SecretVersion("exampleSecretVersion", {
        secretId: example.id,
        secretString: JSON.stringify(example1)
    })
    I have tried all sorts of things like
    appsecrets.auth0clientid.apply(v => JSON.stringify(v))
    but it still is going to be a type of Output<T> and it sets the value in secrets manager as Calling [toJSON] on an [Output<T>] is not supported. To get the value of an Output as a JSON value or JSON string consider either: 1: o.apply(v => v.toJSON()) 2: o.apply(v => JSON.stringify(v)) See https://pulumi.io/help/outputs for more details. This function may throw in a future version of @pulumi/pulumi.
    b
    e
    • 3
    • 12
  • p

    polite-napkin-90098

    01/26/2022, 9:13 PM
    I'm sure I'm missing something obvious, but I'm struggling with circular dependencies. I'm using the EKS package to make a kluster The cluster needs a security group. The security group needs to allow access from the node pool security group The node pool security is created by the cluster and is an output from it. So essentially I have
    sg, err := ec2.NewSecurityGroup(ctx, "EKS", &ec2.SecurityGroupArgs{
                            Description: pulumi.String("Group for the EKS cluster"),
                            VpcId: pulumi.String(vpcid),
                            Ingress: ec2.SecurityGroupIngressArray{
                                    &ec2.SecurityGroupIngressArgs{
                                          Description: pulumi.String("https in from the nodes"),
                                          FromPort: <http://pulumi.Int|pulumi.Int>(443),
                                          ToPort: <http://pulumi.Int|pulumi.Int>(443),
                                          Protocol: pulumi.String("tcp"),
                                          SecurityGroups: pulumi.StringArray{
                                                  pulumi.String(cluster.NodeSecurityGroup),
                                          },
                                    },
                            },
                            Egress:  ec2.SecurityGroupEgressArray{
                                    // allow https out to anywhere
                                    &ec2.SecurityGroupEgressArgs{
                                            FromPort: <http://pulumi.Int|pulumi.Int>(443),
                                            ToPort:   <http://pulumi.Int|pulumi.Int>(443),
                                            Protocol: pulumi.String("tcp"),
                                            CidrBlocks: pulumi.StringArray{
                                                    pulumi.String("0.0.0.0/0"),
                                            },
                                            Ipv6CidrBlocks: pulumi.StringArray{
                                                    pulumi.String("::/0"),
                                            },
                                    },
                            },
                    }, nil)
                    if err != nil {
                            return err
                    }
                    // Create an EKS cluster
                    cluster, err := eks.NewCluster(ctx, "Test", &eks.ClusterArgs{
                            VpcId: pulumi.String(vpcid),
                            PrivateSubnetIds: pulumi.StringArray{
                                    pulumi.String(private[0]),
                                    pulumi.String(private[1]),
                                    pulumi.String(private[2]),
                            },
                            PublicSubnetIds: pulumi.StringArray{
                                    pulumi.String(public[0]),
                                    pulumi.String(public[1]),
                                    pulumi.String(public[2]),
                            },
                            ClusterSecurityGroup: sg,
                            EndpointPrivateAccess: pulumi.Bool(true),
                            EndpointPublicAccess: pulumi.Bool(false),
                    })
                    if err != nil {
                            return err
                    }
    and if I put it that way round I get
    ./main.go:150:21: undefined: cluster
    and if I put the cluster before the sg I get
    undefined: sg
    b
    • 2
    • 4
  • p

    polite-napkin-90098

    01/26/2022, 9:16 PM
    How do I do this properly?
  • f

    flat-kangaroo-13810

    01/26/2022, 9:41 PM
    Hi All, What is the best way to use an Output<string> in the name of a new resource. Context: I am trying to use an output from a previous resource to create deterministic naming of pulumi resources down the chain.
    Team team = new Team("<name here built using an Output<string> from a previous resource>", new TeamArgs());
    b
    e
    • 3
    • 4
  • a

    aloof-airport-42412

    01/27/2022, 12:18 AM
    Hello! I am new to Pulumi and apologize if this might be a stupid question Just trying Pulumi out with aws and having trouble with getting nested configuration in the code So I have below in my stack yaml file
    autoscaling:environment:
      testEnv: testEnv
    and I want to get it in typescript code
    let config = new pulumi.Config();
    let test = config.get("environment.testEnv");
    
    console.log(`Environment Variable: ${test}`);
    When I run
    pulumi up
    I get
    Environment Variable: undefined
    rather than the environment variable
    l
    • 2
    • 10
  • l

    little-cartoon-10569

    01/27/2022, 3:11 AM
    How does Pulumi decide which provider to use in the
    providers
    map (in the opt object)?
    e
    • 2
    • 8
  • w

    wet-soccer-72485

    01/27/2022, 3:48 AM
    Feature request: allow users on the Resources page https://app.pulumi.com/org/project/stack/resources to refresh the Graph View without having to click back to it after refreshing.
    👍 1
    g
    • 2
    • 8
  • m

    miniature-photographer-46262

    01/27/2022, 10:33 AM
    Hi! Has anyone used the Kong Pulumi Provider before? Having issues authentication with Kong, issue is detailed here: https://github.com/pulumi/pulumi-kong/issues/89
    g
    • 2
    • 2
  • b

    billions-judge-9412

    01/27/2022, 11:09 AM
    Hi, anyone got any idea how i can workaround this issue? https://github.com/pulumi/pulumi-azure-native/issues/1431 Its a huge blocker for us, since i effectively can't run my configuration 😞
  • f

    fast-florist-41572

    01/27/2022, 12:50 PM
    Is there any easy way to use a local stack without having to logout of my remote backend and login to the local one?
    l
    p
    • 3
    • 10
  • a

    astonishing-dentist-11149

    01/27/2022, 1:38 PM
    Heya, so we build our stacks with automation in gitlab CI. When we do this, obviously the files for the stack do not get "saved" back into the branch when this happens. They are created on the builder and deleted seconds after the build is complete. Do any of you have this problem? How have you solved it? What I have been doing is pulling the code and doing a pulumi refresh to bring it in when I need it. I have thought about letting the builder commit the new files, but that feels like a really bad idea in most cases.
    b
    b
    • 3
    • 5
  • h

    helpful-account-44059

    01/27/2022, 2:00 PM
    Hi,i'm following the code to create new aws eks cluter, after
    pulumi up
    , i got this error:
    Diagnostics:
      eks:index:VpcCni (relation-aws-eks-cluter-vpc-cni):
        error: Command failed: kubectl apply -f C:\Users\Matrix\AppData\Local\Temp\tmp-6800oi250Aa7ZzSV.tmp
        error: You must be logged in to the server (the server has asked for the client to provide credentials)
    
      pulumi:pulumi:Stack (relation-aws-eks-cluter-dev):
        error: You must be logged in to the server (the server has asked for the client to provide credentials)
    
        error: update failed
    how to fix?
    b
    • 2
    • 2
  • m

    magnificent-lifeguard-15082

    01/27/2022, 5:27 PM
    Is there a way (ts) to register events for resources when they are created/updated within the runtime? Ie. to publish on a sns topic when a certain resource is updated or created. Concrete example: publish sns topic when a Migration resource fails.
    e
    • 2
    • 2
  • n

    nice-pharmacist-5320

    01/27/2022, 6:00 PM
    Hello everyone. I have all my env values set in pulumi config as I want pulumi stack to be the source of truth. I can list all the values by running
    pulumi config -j
    or get them one by one using
    pulumi config <config_name>
    but I want it in env. Is there a way to export all config from
    pulumi config
    to env? I have to set all of the config as env for a github action
    o
    • 2
    • 1
  • b

    bored-table-20691

    01/27/2022, 6:47 PM
    Is there any way to change the provider without Pulumi wanting to do a replace? Specifically, I am changing from the default AWS provider to an explicit one (configured with all the same values), but running
    pulumi up
    wants to do a wholesale replace (of VPCs, EKS cluster, etc), which would be very sad.
    😬 1
    s
    • 2
    • 8
  • b

    bored-table-20691

    01/27/2022, 7:23 PM
    I am trying out the new Pulumi 3.23.0 capability of disabling the default providers, and have this in my stack:
    pulumi:disable-default-providers:
      - aws
      - kubernetes
    This seems to work well for AWS, but I am having an odd issue with the Kubernetes one. Specifically, I have the following resource:
    _, err = yaml.NewConfigFile(ctx, "certmanager-deploy-file", &yaml.ConfigFileArgs{
    		File: "./cert-manager.yaml",
    		Transformations: []yaml.Transformation{
    			// We need to make two modifications:
    			// 1. Add the role ARN for IRSA
    			// 2. Set the fsGroup for IRSA token mapping
    			// Docs here: <https://cert-manager.io/docs/configuration/acme/dns01/route53/#eks-iam-role-for-service-accounts-irsa>
    			func(state map[string]interface{}, opts ...pulumi.ResourceOption) {
    				metadata := state["metadata"].(map[string]interface{})
    				name := metadata["name"]
    				if state["kind"] == "ServiceAccount" && name == "cert-manager" {
    					var annotations map[string]interface{}
    					if v, ok := metadata["annotations"]; !ok {
    						annotations = make(map[string]interface{})
    						metadata["annotations"] = annotations
    					} else {
    						annotations = v.(map[string]interface{})
    					}
    					annotations["<http://eks.amazonaws.com/role-arn|eks.amazonaws.com/role-arn>"] = irsaRole.Arn
    				}
    				if state["kind"] == "Deployment" && name == "cert-manager" {
    					deploymentSpec := state["spec"].(map[string]interface{})
    					template := deploymentSpec["template"].(map[string]interface{})
    					podSpec := template["spec"].(map[string]interface{})
    					podSpec["securityContext"] = map[string]interface{}{
    						"fsGroup": 1001,
    					}
    				}
    
    			},
    		},
    	}, pulumi.DependsOn([]pulumi.Resource{irsaRole}), pulumi.Provider(eksConfig.Provider))
    	if err != nil {
    		return nil, err
    	}
    Where
    eksConfig.Provider
    is constructed as the result of an
    eks.Cluster
    creation:
    k8sProvider, err := providers.NewProvider(ctx, "k8s-ssa-provider", &providers.ProviderArgs{
    		Kubeconfig: kubeconfig,
    	})
    	if err != nil {
    		return nil, err
    	}
    When I run this with the default Kubernetes one disabled, I get this error:
    error: program failed: 1 error occurred:
        	* decoding YAML: rpc error: code = Unknown desc = unknown provider ''
        exit status 1
    There is not any more info in the logs even if I set logging to 9. If I enable the Kubernetes default provider, it works just fine, even though I am passing an explicit provider here. Is this a bug or am I doing something unexpected here?
    o
    • 2
    • 9
  • c

    curved-summer-41191

    01/27/2022, 10:26 PM
    Is there a way to interact with the pulumi engine programmatically? Like a pulumi cli api
    b
    • 2
    • 2
  • f

    fierce-ability-58936

    01/28/2022, 2:45 AM
    I want to apply a transformation to all children of a specific CustomComponent resource, to import existing resources into the stack on the first run. But I couldn't find a way how to do that transparently: The stack transformation
    ctx.RegisterStackTransformation(...
    applies to all resources in order, without taking into account child/parent relationship. And it doesn't seem to be a way to check if "is it a parent of XX?". I tried to add a transformation to the CustomComponent resource in the stack transformation but it didn't work (the nested one never runs). In other words, I wanted to add another transformation in the stack transformation. Seems to be a limitation? I'm using Go, if that matters. Does anyone have an idea how to achieve this? I could add that resource-specific transformation when instantiating the CustomResource, but that would require doing that everywhere including tests.
    l
    • 2
    • 3
  • m

    most-lighter-95902

    01/28/2022, 4:23 AM
    Hi, does anyone know how to pass in
    --config
    flag to
    docker run
    via Pulumi? I’m using
    new docker.Container
    but not sure how I can pass in custom flags like this?
    q
    • 2
    • 5
  • m

    most-lighter-95902

    01/28/2022, 4:28 AM
    For example,
    docker run <theimage> --config /home/ory/kratos.yml
  • s

    steep-cartoon-89174

    01/28/2022, 11:09 AM
    Hey all !
  • s

    steep-cartoon-89174

    01/28/2022, 11:11 AM
    I'm trying to get a list of my ALB listener's rules (in order to add/remove), we can list them on aws with describe-rules (https://docs.aws.amazon.com/cli/latest/reference/elbv2/describe-rules.html)
  • s

    steep-cartoon-89174

    01/28/2022, 11:11 AM
    any way to do that with pulumi ?
    m
    • 2
    • 1
Powered by Linen
Title
s

steep-cartoon-89174

01/28/2022, 11:11 AM
any way to do that with pulumi ?
m

millions-furniture-75402

01/28/2022, 2:06 PM
you can use the AWS sdk via pulumi, something like:
const elbClient = new aws.sdk.ELBv2({ region: aws.config.region })

const resourceList = await elbClient.describeLoadBalancers().promise();
View count: 6