Howdy all, Are there any consensus on how to update an existing Kubernetes ConfigMap from Pulumi. It is the usual CoreDNS configuration in a EKS based cluster 🙂 I'm trying to do an import then update cycle via automation, but I'm not having too much success with this.

hi, i'm getting an error

Error creating EdgeCacheOrigin: googleapi: Error 404: Method not found.

when trying to create an

EdgeCacheOrigin

for a bucket, pretty much from the documentation:

const webStaticOrigin = new gcp.networkservices.EdgeCacheOrigin(
  "web-static-origin",
  {
    originAddress: webStaticBucket.url,
  }
);

any idea how to fix?

Hi everyone. Getting a strange error when setting up an ECR RegistryScanningConfiguration. The config can have multiple rules. A rule (according to the Pulumi source, and AWS config) can have a value of "SCAN_ON_PUSH", "CONTINUOUS", or "MANUAL". I've been able to provision a config with a "SCAN_ON_PUSH" rule. Adding a "MANUAL" rule causes it to break on validation.

1 error occurred:
	* updating urn:pulumi:production::<service-name>::aws:ecr/registryScanningConfiguration:RegistryScanningConfiguration::<service-name>: 1 error occurred:
	* error creating ECR Registry Scanning Configuration: InvalidParameterException: Invalid parameter failed to satisfy constraint: 'Invalid scan frequency: MANUAL'

Any pointers?

Hello everybody, I wanna create multiple database within a Azure Postgres v13 flexible server. As I found here I need to use

v20200214preview

like this:

export const myDB = new azureNative.dbforpostgresql.v20200214preview.Server(
  "myDB",
  {
    administratorLogin: config.POSTGRES_USERNAME,
    administratorLoginPassword: config.POSTGRES_PASSWORD,
    createMode: "Default",
    storageProfile: {
      backupRetentionDays: 7,
      storageMB: 32768,
    },
    resourceGroupName: config.RESOURCE_GROUP_NAME,
    serverName: config.POSTGRES_SERVER_NAME,
    sku: {
      name: config.POSTGRES_INSTANCE_TYPE,
      tier: config.POSTGRES_INSTANCE_TIER,
    },
    version: "13",
  },
  {
    dependsOn: resourceGroup,
  }
)

But when I try to add new database to this server I can't find

Database

resource in this preview class:

new azureNative.dbforpostgresql.v20200214preview.Database    <------ This resource not exists in Pulumi

Can you tell me how I can add more database to the above postgres server? In the azure document they told that it's allowed and possible to use single postgres server with multiple database:

Within an Azure Database for PostgreSQL server, you can create one or multiple databases. You can opt to create a single database per server to utilize all the resources, or create multiple databases to share the resources.

Ref: https://docs.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-servers

Ooh, looks like the public roadmap got updated, thanks!

Hello, is there an example of how to use Minio as backend ? I have a local minio instance that I want to use.. I tried this:

➜ pulumi login "<s3://pulumi-bucket?endpoint=192.168.31.2:54640&disableSSL=true&s3ForcePathStyle=true>"

When I try to bring up the stack:

➜ pulumi up
error: could not query backend for stacks: error listing stacks: could not list bucket: blob (code=Unknown): MissingRegion: could not find region configuration

Also, my minio endpoint has login/password, I am not sure where to specify that

Let’s say I have a project and stack named

itay/myproj/mystack

, and then I use a StackReference to refer to it from another project and stack (

itay/someproj/clientstack

). Then, say I rename the original stack to

itay/myproj2/mystack2

. Now, if I do a

pulumi up

on the

itay/someproj/clientstack

stack. Will I get an error saying that

itay/myproj/mystack

doesn’t exist, since it’s stored in the state of this client stack? What’s the right way to tackle this?

Question on pulumi import resource commands. Is there a way to import all rules (ingress/egress and all ports etc) for a specific SG without having to specifically adding each and every sg rule explicitly with pulumi import command? i am looking at these examples but each of them list adding one rule at a time... https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygrouprule/#import

Hi everybody, I need to grant read-write permissions to a GCP serviceAccount for a given set of google-sheets documents. Do you know if there’s a way to automate that with pulumi (i.e., creating dynamic-provider)?

Another import related issue - Also we are facing this issue and seems like no resolution yet - https://github.com/pulumi/pulumi-aws/issues/1605. Any updates on this issue?

TL; DR: Is “pulumi login” mandatory step before using automation API. Is there a way to specify the login details into the automation API? I am trying to run pulumi in automation mode (without having ~/.pulumi/credentials). I am configuring the projectSettings this way:

self.projectSettings = auto.ProjectSettings(
            name=projectName,
            runtime="python",
            backend={"url": f"<s3://pulumi?region=us-east-1&endpoint={epUrl}&disableSSL=true&s3ForcePathStyle=true>"}
        )

When I run my code - I see this:

>           raise Exception(err)
E           Exception: Error Deploying HELM -
E            code: 255
E            stdout:
E            stderr: Logging in using access token from PULUMI_ACCESS_TOKEN
E           error: invalid access token

IACLib/src/pulumi_iac/platforms/kubernetes/__init__.py:145: Exception

What am I missing here that pulumi is asking for PULUMI_ACCESS_TOKEN ? If I do pulumi login (and it produces the credentials file), things work fine.

➜ cat ~/.pulumi/credentials.json
{
    "current": "<s3://pulumi?region=us-east-1>\u0026endpoint=192.168.31.2:54640\u0026disableSSL=true\u0026s3ForcePathStyle=true",
    "accessTokens": {
        "<s3://pulumi?region=us-east-1>\u0026endpoint=192.168.31.2:54640\u0026disableSSL=true\u0026s3ForcePathStyle=true": ""
    },
    "accounts": {
        "<s3://pulumi?region=us-east-1>\u0026endpoint=192.168.31.2:54640\u0026disableSSL=true\u0026s3ForcePathStyle=true": {
            "lastValidatedAt": "0001-01-01T00:00:00Z"
        }
    }
}%

and I have to set these exports:

export AWS_ACCESS_KEY_ID=miniouser
export AWS_SECRET_ACCESS_KEY=miniopasswd
export AWS_PROFILE=minio

I want to know how to pass the credentials via automation without having this file..

I want to add pulumi to my docker image (based on python): when i extract pulumi tar.gz, I see the following files. When copying files into the docker, can I safely exclude the *nodejs*/*go*/*dotnet* files if I am only interested in python?

➜ ll pulumi
total 139196
-rwxr-xr-x 1 bhakta bhakta 20866682 Feb  5 00:30 pulumi-language-python
-rwxr-xr-x 1 bhakta bhakta 20916427 Feb  5 00:30 pulumi-language-nodejs
-rwxr-xr-x 1 bhakta bhakta 21950449 Feb  5 00:30 pulumi-language-go
-rwxr-xr-x 1 bhakta bhakta 20813269 Feb  5 00:30 pulumi-language-dotnet
-rwxr-xr-x 1 bhakta bhakta 57955904 Feb  5 00:30 pulumi
-rwxr-xr-x 1 bhakta bhakta     1893 Feb  5 01:30 pulumi-resource-pulumi-python
-rwxr-xr-x 1 bhakta bhakta      238 Feb  5 01:30 pulumi-resource-pulumi-nodejs
-rwxr-xr-x 1 bhakta bhakta     6142 Feb  5 01:30 pulumi-language-python-exec
-rwxr-xr-x 1 bhakta bhakta     1853 Feb  5 01:30 pulumi-analyzer-policy-python
-rwxr-xr-x 1 bhakta bhakta      245 Feb  5 01:30 pulumi-analyzer-policy

Hola! New user here. What's the suggested approach for filing bugs?

I got this error after 8m3s 😮

Diagnostics:
  pulumi:pulumi:Stack (xxxx):
    error: update failed
 
  aws:ecs:Service (xxxx):
    error: 1 error occurred:
    	* failed creating ECS service (xxxx): InvalidParameterException: The target group with targetGroupArn arn:aws:elasticloadbalancing:us-west-2:xxxx:targetgroup/xxxx/xxxx does not have an associated load balancer.
 
Resources:
    24 unchanged

Duration: 8m3s

wonder why this took so long

Hey everyone! Are there any good resources about more-advanced Pulumi usage patterns? Something to find stuff like "use component resources, you might want to pass a custom provider instead of relying on the default one". Right now, I'm finding mentions of this kind of interesting details in GitHub issues - a book, video series or single blog post around this would be great to know about. Any recommendations?

Hey everybody, Does anyone knows how I can translate this azure cli command to Pulumi?

az postgres flexible-server db create --resource-group
                                      --server-name
                                      [--charset]
                                      [--collation]
                                      [--database-name]
                                      [--subscription]

Heya again! I have a question regarding using existing resource parameters as inputs when creating new resources. I went through the "Input and Outputs" page on the documentation but I still can't seem to get it to work. For example - When I try to create a

aws.cloudwatch.MetricAlarm

and I want to use

<http://aws.lb|aws.lb>.TargetGroup.name

to construct the

resource_name

I get this error. source:

aws.cloudwatch.MetricAlarm(
            resource_name=Output.concat("", target_group.name, "-CPUHigh-alarm"),

error:

raise TypeError("Expected resource name to be a string")
    TypeError: Expected resource name to be a string
    error: an unhandled error occurred: Program exited with non-zero exit code: 1

Surprisingly, this same approach works for

aws.cloudwatch.MetricAlarm.dimensions

treat_missing_data="breaching",
            dimensions={
                "TargetGroup": Output.concat("", args.target_group.name),
            },

I haven't been able to figure out how to use existing resource fields when creating new resources. What am I missing?

Hi, I am creating my own provider using the TF bridge and having some troubles with id types when linking resources using

ID

. I have a resource called

Group

and other called

Check

. You should be able to use the

groupId

property of the

Check

in order to link them. The problem is when I tried to do it, I get this error message:

error: checkly:index/check:Check resource 'pulumi-api-check' has a problem: Attribute must be a whole number, got 257503. Examine values at 'Check.GroupId'

I guess this is related with types and for some reason the

ID

of the group is being returned as

string

when it should be a

number

. In my TF provider the

ID

has the correct type, so I am not sure why this is happening. I could try to manually parse the

ID

to integer when setting it in the group but don’t think will be a good DX. Here is the JS source of the example I am trying to make it work 👇

const checkly = require( "@pulumi/checkly");

const group = new checkly.CheckGroup("group", {
  activated: true,
  concurrency: 1,
  locations: ['us-east-1'],
});

new checkly.Check("api-check", {
  activated: true,
  frequency: 10,
  type: "API",
  groupId: group.id
});

Any help/suggestion will be appreciated 🙏

Hello all, just getting started and I ran into some behavior that I have questions on. 🧵

Is it just me, or unsecret isn't doing anything?

I messed up and ran

pulumi delete <urn>

on some resource that still exists. (k8s namespace)

pulumi refresh

isn't doing anything to add it back to the state and

pulumi up

fails because the resource already exists. How can I add it back to the state without having to destroy first?

When I try to use pulumi with MinIO backend AND try to configure AWS:ec2 instance, I see issues resulting from clash in the AWS key and credentials//

[default]
aws_access_key_id = MyKey
aws_secret_access_key = MySecret

[minio]
aws_access_key_id = minioadmin
aws_secret_access_key = minioadmin

I am setting AWS_PROFILE=minio so the backend can use the minio profile. However, this collides with AWS operations as pulimi tries to use the same key with AWS and fails.. If set the profile to default the backend calls fail.. How do I get around this?

Hi, Is it possible to create a Pulumi Access Token for an organization account, instead of through a personal account? I'm having trouble getting my GitHub Action to manage my stack through the organization instead of my personal account. More info in slack thread.

How might I set the log group parameters on a pulumi lambda function resource? i would like my lambda logs to only persist for a week instead of default never

👋 Hello everyone!

Hello @future-cartoon-6373

Is there any way to backup the state locally from the Pulumi Service Backend?

Anyone know a way to check if the current stack has a lock and wait a specified amount of time for it to clear? I’m trying to deal with parallel CI/CD builds