I’m getting an error for a duplicate security group for a static ingress array that never changes. The source code:

const loadBalancerSecurityGroup = new aws.ec2.SecurityGroup(name + '-load-balancer-sg', {
  tags,
  vpcId: vpc.id,
  egress: [
    {
      protocol: 'tcp',
      fromPort: port,
      toPort: port,
      cidrBlocks: ['0.0.0.0/0']
    }
  ],
  ingress: [
    {
      protocol: 'tcp',
      fromPort: 80,
      toPort: 80,
      cidrBlocks: ['0.0.0.0/0']
    },
    {
      protocol: 'tcp',
      fromPort: 443,
      toPort: 443,
      cidrBlocks: ['0.0.0.0/0']
    }
  ]
})

The errors:

* [WARN] A duplicate Security Group rule was found on (sg-XYZ). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port: 80, ALLOW" already exists
	status code: 400, request id: d1bceeb0-9183-4877-9018-539e1bd6835d

error: 1 error occurred:
	* [WARN] A duplicate Security Group rule was found on (sg-XYZ). This may be
a side effect of a now-fixed Terraform issue causing two security groups with
identical attributes but different source_security_group_ids to overwrite each
other in the state. See <https://github.com/hashicorp/terraform/pull/2376> for more
information and instructions for recovery. Error: InvalidPermission.Duplicate: the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port: 443, ALLOW" already exists
	status code: 400, request id: e69a1967-7418-42d7-8c71-39061f4db122

Any ideas? I’ve reviewed the issue that was linked but it seems unrelated as I’m not specifying any security groups in the rules.

Hello folks, @future-nail-59564 While decrypting sensitive outputs some unicode characters are converted into UTF-16 encoding. For instance,

<

becomes

\003c

when I run

pulumi stack output --show-secrets

. My value comes originally from my stack config. Is there a way to prevent this from happening, maybe a CLI flag or arg if you want to proceed programmatically? Many thanks,

Is it possible to perform a

kubectl apply

with

pulumi

. I'm trying to install GitLab Agent on a Kubernetes cluster and the "recommended method of installation" is the following.

docker run --pull=always --rm \
    <http://registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable|registry.gitlab.com/gitlab-org/cluster-integration/gitlab-agent/cli:stable> generate \
    --agent-token=REDACTED \
    --kas-address=<wss://kas.gitlab.com> \
    --agent-version stable \
    --namespace gitlab-kubernetes-agent | kubectl apply -f -

I was thinking I can probably run the Docker container via

pulumi

and get the output of the logs as a string. But then how can I apply that YAML with

kubectl

? I guess I could you the command package? https://www.pulumi.com/registry/packages/command/ But not very nice as it relies on my host's installation of

kubectl

and that it has access to the right cluster.

my pulumi code file is starting to get quite large. can someone point me to best practices here? 🧵

Hi, question about outputs and strings. I have been reading over the docs. Not finding a good example of of what I need. I created a python function which calls some apis after the aws cloud resources is created. The 'endpoint' is the dns name for the resource I'm calling. I cannot figure out how to make this work. please give me some advice

esa.create_app_role(example.endpoint.apply(lambda endpoint: f"{endpoint}"),admin_username,admin_password,app_role_payload,role_name)

Hi good people! Apologies for the cross-posting but this is a basic question about pulumi that I'm hoping has been addressed before: I have renamed the resource name (the first argument in a resource constructor) and pulumi up complains with a Error 409 that the resource already exists - what is the best practice on dealing with this? I have already: 1. used an alias 2. used delete_before_replace = True So I'm not sure why I would still get this issue? Would really love some insight into this!

Hi - Is there support for GCP in Automation API?

Hey team! Any example, way, or API doc for mounting filestore to GCE through pulumi???

Anyone here have much experience with tf2pulumi? I'm hitting a golang exception... something about fastfail and contracts. I'd found an issue that looked related but it seems to have been merged already. That said, I also see a call to tf12.something (0.12.x) in the stack trace and I have ga (1.x.x)). Maybe it's not up to date with ga state?

https://www.pulumi.com/registry/packages/kubernetes/api-docs/apiregistration/v1/serviceaccount is returning:

How does the Pulumi GitHub App communicate with pulumi? I am using GitHub Actions, however I am running pulumi inside docker containers to have a reproducible build environmen.

Hi there, I just released and published my provider last Friday. Seems that is correctly in the registry but I get this error when I try to use it with the JS SDK (published on NPM)

error: could not load plugin for checkly provider 'urn:pulumi:dev::pulumi-sample::pulumi:providers:checkly::default_0_0_1_alpha_1': no resource plugin 'checkly-v0.0.1-alpha.1' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource checkly v0.0.1-alpha.1`

What is weird is that I am using the version

checkly-v0.0.1-alpha.3

but for some reason it tries to find

checkly-v0.0.1-alpha.1

. Any ideas what could be wrong?

Hello I’m brand new to Pulumi and am stuck trying to create an IAM role that needs the ARN of a SSM Parameter. Any guidance for me? 🙂

oh I see the message now.

apply(v => v.toJSON())

nope. didn’t work either

Hi chris - I think what you want to do is create the resource within the apply - so for example: const myNewResource = myPreviousResource.arn.apply(myArn => (new Resource(‘my resource’, {arn: myArn}))

HI, does when I use Pulumi I must use the

pulumi.Run(func(ctx *pulumi.Context) error {

or there is option to use the SDK directly/other option

? I dont need state...

Hey Everyone, I'm using Github Actions to show previews on my pull requests, and the entirety of the output is quite verbose making the output really messy. On console, it's very concise and clean. There is any way to reduce the verbosity of

preview

the command on pull-request? Or even suppress everything except the result and errors? Here is my workflow on Github

pull_request.yml

.

name: Pulumi
on:
  - pull_request
jobs:
  preview:
    name: Preview
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 14.x
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-region: ${{ secrets.AWS_REGION }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - run: npm install
      - uses: pulumi/actions@v3
        with:
          command: preview
          work-dir: applications
          stack-name: production
          comment-on-pr: true
          github-token: ${{ secrets.GITHUB_TOKEN }}
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

Size comparison of output, an example of the output in the thread. And comparison of github/action and cli in image. Thank you very much for any help

👋 Hi everyone!

hopefully this is a quick one, i have setup auth0 tenant configuration with pulumi, and each time i run "up" it says a property has been removed

i execute the update

run "up" again and it says the same properties have been removed

it seems the change doesn't get applied on each "up"

how can i either diagnose this, or force the update to occur?

Hi everyone. Has anyone idea on how to enable billing using the native gcp provider

You can set or update the billing account associated with a project using the [

projects.updateBillingInfo

] (/billing/reference/rest/v1/projects/updateBillingInfo) method.

Is the pulumi docs suggesting that we are supposed to use the relevant gcp api to update the billing https://cloud.google.com/billing/docs/reference/rest/v1/projects/updateBillingInfo ? Thank you

Hi, I have a problem authenticating to an ECR registry using the Docker Provider • I have logged in using the docker CLI, which works! • I have tried running pulumi without DOCKER_HOST and also set it to

unix:///var/run/docker.sock

Now when I run

pulumi up

, I get an error:

Diagnostics:
  docker:index:RegistryImage (hello-world):
    error: 1 error occurred:
        * Error pushing docker image: Error response from daemon: Bad parameters and missing X-Registry-Auth: EOF

What this is related to and how do I fix it?

Hello everyone, I often find it difficult to get the connectivity in my Pulumi deployments right. E.g., ensuring that two containerised services in AWS can talk to each other (and nobody else can). I usually end up in iteratively deploying, testing, trying to fix the (network) configuration. How do you go about this? Does anyone have some cool advice, e.g., a testing tool or some methodology that helps me identifying these connectivity issues earlier, reducing the number of needed iterations?

Question: Anyone here know if GCP BQ table schemas are capable of being updated in Pulumi (example to add a new column) ?