or can only use in vscode and such

Any idea why a user who we’ve confirmed is logged in (via

pulumi login

) is getting this error:

could not decrypt configuration value: [400] Message authentication failed

When they run

pulumi config --show-secrets

? Update: I am also getting the same error on my end and I’m an admin for our team. Steps to reproduce: 1.

pulumi stack select ORG/prod

2.

pulumi config --show-secrets

Hi dear community, May I ask a question? I'm quite new to Pulumi, so I apologise if it might seem silly. I use

pulumi.export()

to export a variable in

file1.py

. I'm going to use this variable in

file2.py

Is there any way to get this variable in

file2.py

? So far I have found how to import this variable in CLI only

Hello, anyone knows a good way to implement this?

import * as aws from '@pulumi/aws'
import * as pulumi from '@pulumi/pulumi'

const failuresBackupBucketName = pulumi.output(
    aws.ssm.getParameter({ name: "/s3/bucket/failuresBackup" })
)

export const failuresBackupBucket = aws.s3.getBucket({
    bucket: failuresBackupBucketName.value
})

Im getting the following error

I also know that's because of the data type, but, ¿there's another way to get a bucket when it's name comes from Parameter Store?

I’m getting an error for a duplicate security group for a static ingress array that never changes. The source code:

const loadBalancerSecurityGroup = new aws.ec2.SecurityGroup(name + '-load-balancer-sg', {
  tags,
  vpcId: vpc.id,
  egress: [
    {
      protocol: 'tcp',
      fromPort: port,
      toPort: port,
      cidrBlocks: ['0.0.0.0/0']
    }
  ],
  ingress: [
    {
      protocol: 'tcp',
      fromPort: 80,
      toPort: 80,
      cidrBlocks: ['0.0.0.0/0']
    },
    {
      protocol: 'tcp',
      fromPort: 443,
      toPort: 443,
      cidrBlocks: ['0.0.0.0/0']
    }
  ]
})

The errors:

* [WARN] A duplicate Security Group rule was found on (sg-XYZ). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port: 80, ALLOW" already exists
	status code: 400, request id: d1bceeb0-9183-4877-9018-539e1bd6835d

error: 1 error occurred:
	* [WARN] A duplicate Security Group rule was found on (sg-XYZ). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
	status code: 400, request id: e69a1967-7418-42d7-8c71-39061f4db122

Any ideas? I’ve reviewed the issue that was linked but it seems unrelated as I’m not specifying any security groups in the rules.

Hello folks, @future-nail-59564 While decrypting sensitive outputs some unicode characters are converted into UTF-16 encoding. For instance,

<

becomes

\003c

when I run

pulumi stack output --show-secrets

. My value comes originally from my stack config. Is there a way to prevent this from happening, maybe a CLI flag or arg if you want to proceed programmatically? Many thanks,

Is it possible to perform a

kubectl apply

with

pulumi

. I'm trying to install GitLab Agent on a Kubernetes cluster and the "recommended method of installation" is the following.

docker run --pull=always --rm \
    <http://registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable|registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable> generate \
    --agent-token=REDACTED \
    --kas-address=<wss://kas.gitlab.com> \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

I was thinking I can probably run the Docker container via

pulumi

and get the output of the logs as a string. But then how can I apply that YAML with

kubectl

? I guess I could you the command package? https://www.pulumi.com/registry/packages/command/ But not very nice as it relies on my host's installation of

kubectl

and that it has access to the right cluster.

my pulumi code file is starting to get quite large. can someone point me to best practices here? 🧵

Hi, question about outputs and strings. I have been reading over the docs. Not finding a good example of of what I need. I created a python function which calls some apis after the aws cloud resources is created. The 'endpoint' is the dns name for the resource I'm calling. I cannot figure out how to make this work. please give me some advice

esa.create_app_role(example.endpoint.apply(lambda endpoint: f"{endpoint}"),admin_username,admin_password,app_role_payload,role_name)

Hi good people! Apologies for the cross-posting but this is a basic question about pulumi that I'm hoping has been addressed before: I have renamed the resource name (the first argument in a resource constructor) and pulumi up complains with a Error 409 that the resource already exists - what is the best practice on dealing with this? I have already: 1. used an alias 2. used delete_before_replace = True So I'm not sure why I would still get this issue? Would really love some insight into this!

Hi - Is there support for GCP in Automation API?

Hey team! Any example, way, or API doc for mounting filestore to GCE through pulumi???

Anyone here have much experience with tf2pulumi? I'm hitting a golang exception... something about fastfail and contracts. I'd found an issue that looked related but it seems to have been merged already. That said, I also see a call to tf12.something (0.12.x) in the stack trace and I have ga (1.x.x)). Maybe it's not up to date with ga state?

https://www.pulumi.com/registry/packages/kubernetes/api-docs/apiregistration/v1/serviceaccount is returning:

How does the Pulumi GitHub App communicate with pulumi? I am using GitHub Actions, however I am running pulumi inside docker containers to have a reproducible build environmen.

Hi there, I just released and published my provider last Friday. Seems that is correctly in the registry but I get this error when I try to use it with the JS SDK (published on NPM)

error: could not load plugin for checkly provider 'urn:pulumi:dev::pulumi-sample::pulumi:providers:checkly::default_0_0_1_alpha_1': no resource plugin 'checkly-v0.0.1-alpha.1' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource checkly v0.0.1-alpha.1`

What is weird is that I am using the version

checkly-v0.0.1-alpha.3

but for some reason it tries to find

checkly-v0.0.1-alpha.1

. Any ideas what could be wrong?

Hello I’m brand new to Pulumi and am stuck trying to create an IAM role that needs the ARN of a SSM Parameter. Any guidance for me? 🙂

oh I see the message now.

apply(v => v.toJSON())

nope. didn’t work either

Hi chris - I think what you want to do is create the resource within the apply - so for example: const myNewResource = myPreviousResource.arn.apply(myArn => (new Resource(‘my resource’, {arn: myArn}))

HI, does when I use Pulumi I must use the

pulumi.Run(func(ctx *pulumi.Context) error {

or there is option to use the SDK directly/other option

? I dont need state...

Hey Everyone, I'm using Github Actions to show previews on my pull requests, and the entirety of the output is quite verbose making the output really messy. On console, it's very concise and clean. There is any way to reduce the verbosity of

preview

the command on pull-request? Or even suppress everything except the result and errors? Here is my workflow on Github

pull_request.yml

.

name: Pulumi
on:
  - pull_request
jobs:
  preview:
    name: Preview
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 14.x
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-region: ${{ secrets.AWS_REGION }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - run: npm install
      - uses: pulumi/actions@v3
        with:
          command: preview
          work-dir: applications
          stack-name: production
          comment-on-pr: true
          github-token: ${{ secrets.GITHUB_TOKEN }}
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

Size comparison of output, an example of the output in the thread. And comparison of github/action and cli in image. Thank you very much for any help

👋 Hi everyone!

hopefully this is a quick one, i have setup auth0 tenant configuration with pulumi, and each time i run "up" it says a property has been removed

i execute the update

run "up" again and it says the same properties have been removed

it seems the change doesn't get applied on each "up"