Hi, is it possible to use different provider versions for different resources?

I’ve written a VPC module written in Golang which uses the Pulumi Automation API, that produces its own stack (with all its metadata, like VPC ID, subnet ID, NAT, etc., exported in a pulumi context), that’s also stored into its own state file in AWS S3. I now need to write several other modules that will be on their separate stacks -- all of which will need the VPC stack metadata, so that they can, for example, be deployed in the subnets of the said VPC. Question: how can I make these other modules load/utilize the VPC stack? Is there a specific method to do this, or do I just have to write a function to load the VPC module’s state file?

How would you manage a single tenant self registered clients infrastructure? Managing files for each deployment is impossible, as each client need a setup of his own (buckets, cloudfront distros etc).

Hi, is there an example for how to use external libraries for Python Lambda? Either by pushing a lambda layer or without? All I can find are some guides where someone has already prebuilt a

.zip

file with the modules but surely I can automate that since CDK allows building it with Docker as well?

error: malformed configuration value '127.0.0.1:9092': invalid character '.' after top-level value

running into above issue while creating kafka topic Any solution?

Pulumi Team! Is there any way to remove the random string from the name of every resource when it is created through pulumi??

Hi, Pulumi Team. Wonderful tool, had fun exploring it’s abilities. Struggled with the helm chart installation, specifically kube-prometheus-stack. Following code fails to create entities based on CRD’s, I guess chart doesn’t install them.

from pulumi_kubernetes.helm.v3 import Chart, ChartOpts, FetchOpts

# ...

def remove_status(obj, opts):
    if obj["kind"] == "CustomResourceDefinition":
        del obj["status"]

prometheus_stack_chart = Chart(
    "prometheus-stack",
    ChartOpts(
        chart="kube-prometheus-stack",
        transformations=[remove_status],
        version="34.8.0",
        fetch_opts=FetchOpts(
            repo="<https://prometheus-community.github.io/helm-charts>",
        ),
        namespace=monitoring_namespace.id,
        values=values,
        skip_await=False
    ),
    pulumi.ResourceOptions(depends_on=[monitoring_namespace, cluster])
)

I may notice the

remove_status

hack (I’ve found on the Internet), without it installation fails before the beginning, ’cause somewhere inside it tries to pass that

status

argument to a function that doesn’t expect it. Am I doing something wrong, or am I just unlucky to need the Chart that is trouble to install with pulumi? Do you have any ideas or suggestions?

Greetings, Is there any way we can dump the context of a C# tuple into a file during the execution? . I am trying to dump the kubeconfig into a file which will be used in Pulumi.Command module.

any ideas, why my preview always shows this changes? even if I use

pulumi.unsecret

?

Is it possible to write to a stack Config from code? Looks like it only has Require/Get and not Set?

Hey is it possible to write a module in say python and then convert it to another language?

Hey is it possible to add billing information to the invoice such as taxpayer ID, company name?

hey folks! would love some votes on this: https://twitter.com/briggsl/status/1513572290109186048?s=20&t=Pmr0nLlMSXS0UbG9M7Nffw

as far as I can tell, the AWS provider has not been updated to support Lambda FunctionURLs yet, is that correct? https://github.com/pulumi/pulumi-aws/issues/1900

is there an advantage of running

pulumi destroy

before running a

pulumi up

?

Is there any plans to add support for service accounts or scoped auth tokens on the pulumi hosted service?

I find it quite ironic that there's no easy way to scope permissions properly for automation tools with it

hi

hi folks, is there a way to manage github PAT with pulumi? including creating, renew, deletion etc.

Seems like it's not possible to create Azure Keyvaults with more than one dash (-) in the name. Is that a straight up bug in the regex validation?

Hi, i follow this guide and write the blew code to create aws eks's aws-ebs-csi-driver addon

axios.default.get("<https://raw.githubusercontent.com/kubernetes-sigs/aws-ebs-csi-driver/master/docs/example-iam-policy.json>")
    .then((response) => {
        const eksEbsCsiDriverPolicy = new aws.iam.Policy("AmazonEKS_EBS_CSI_Driver_Policy", {
            path: "/",
            policy: JSON.stringify(response.data),
        });

        const eksEbsCsiDriverPolicyRole = new aws.iam.Role("AmazonEKS_EBS_CSI_Driver_Policy_Role", {
            assumeRolePolicy: `{
                  "Version": "2012-10-17",
                  "Statement": [
                    {
                      "Action": "sts:AssumeRole",
                      "Principal": {
                        "Service": "<http://ec2.amazonaws.com|ec2.amazonaws.com>"
                      },
                      "Effect": "Allow",
                      "Sid": ""
                    }
                  ]
                }`
        });

        new aws.iam.RolePolicyAttachment("policy-attach", {
            role: eksEbsCsiDriverPolicyRole.name,
            policyArn: eksEbsCsiDriverPolicy.arn,
        });

        const ebsCsiAddon = new aws.eks.Addon("aws-ebs-csi-driver", {
            clusterName: eksCluster.eksCluster.name,
            addonName: "aws-ebs-csi-driver",
            serviceAccountRoleArn: eksEbsCsiDriverPolicyRole.arn,
            resolveConflicts: "OVERWRITE",
        });
    });

run this command,

kubectl describe pvc ebs-claim

, and got the error:

Name:          ebs-claim
Namespace:     default
StorageClass:  ebs-sc
Status:        Pending
Volume:        
Labels:        <none>
Annotations:   <http://volume.beta.kubernetes.io/storage-provisioner|volume.beta.kubernetes.io/storage-provisioner>: <http://ebs.csi.aws.com|ebs.csi.aws.com>
               <http://volume.kubernetes.io/selected-node|volume.kubernetes.io/selected-node>: ip-172-28-161-249.ap-southeast-1.compute.internal
Finalizers:    [<http://kubernetes.io/pvc-protection|kubernetes.io/pvc-protection>]
Capacity:      
Access Modes:  
VolumeMode:    Filesystem
Used By:       app
Events:
  Type     Reason              Age   From                                                                                      Message
  ----     ------              ----  ----                                                                                      -------
  Warning  ProvisioningFailed  103s  persistentvolume-controller                                                               <http://storageclass.storage.k8s.io|storageclass.storage.k8s.io> "ebs-sc" not found
  Warning  ProvisioningFailed  98s   ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
           status code: 403, request id: 08d8c9b1-d5c6-43b6-b0b4-8bcc9ffb0ca6
  Warning  ProvisioningFailed  97s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
           status code: 403, request id: 294b3cd6-bba8-45b7-a456-bf711ab8c9d4
  Warning  ProvisioningFailed  95s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
           status code: 403, request id: e994db08-fb40-40d0-a7ee-5a1bd91f03b1
  Warning  ProvisioningFailed  91s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
           status code: 403, request id: e3085d02-4dae-4c8b-bf24-3a082b028544
  Warning  ProvisioningFailed  83s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
           status code: 403, request id: 7ae3cb86-3fb5-4490-bc96-f3dd40009b99
  Warning  ProvisioningFailed  66s  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
           status code: 403, request id: 5b4f043e-90f0-4e2b-b97e-782416eb7000
  Normal   Provisioning        34s (x7 over 101s)  ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  External provisioner is provisioning volume for claim "default/ebs-claim"
  Warning  ProvisioningFailed  34s                 ebs.csi.aws.com_ebs-csi-controller-5fdd7948b6-zx94h_dce2f430-e960-4ce1-9fb5-e997ca6cd4e3  failed to provision volume with StorageClass "ebs-sc": rpc error: code = Internal desc = Could not create volume "pvc-4b7cadcc-c2b7-413a-a5e0-d366da9b912c": could not create volume in EC2: WebIdentityErr: failed to retrieve credentials
caused by: AccessDenied: Not authorized to perform sts:AssumeRoleWithWebIdentity
          status code: 403, request id: 743b9abd-b0e8-471a-aa08-9507df6476b8
  Normal  ExternalProvisioning  5s (x9 over 101s)  persistentvolume-controller  waiting for a volume to be created, either by external provisioner "<http://ebs.csi.aws.com|ebs.csi.aws.com>" or manually created by system administrator

anyone knowns how to fix it ?

Hi all, I came across the fact that in python pulumi_aws, pulumi_aws.eks.NodeGroupScalingConfigArgs has desired_size as required. Does this make sense somehow? I thought it should be optional; for an autoscaling eks cluster, I’d like some way to be able to update the other scaling configs without changing desired count.

👋 Hi everyone! was wondering if i could get help related to the pulumi-civo provider here

Hi I am using pulumi/eks to create a cluster and nodegroup. We use aws sso to switch between profiles. We logged with sso to the corresponding account and fetched our credentials. We then set the profile using

export AWS_PROFILE=XXXX

to set our profile. When we run pulumi up we are getting an error.

Error: It looks like you're using AWS profiles. Please specify this profile in providerCredentialOpts

I think this issue only happens when using crossrails EKS and not aws-classic(could be wrong here). I know there is a profile key in providerCredentialOpts I can add, but we can't ensure everyone who uses pulumi uses the same naming for their aws profiles. Am I missing something here?

(Resolved) We're having issues automating the creation of new stacks with passphrase secrets-provider. We assign the environment variable

PULUMI_CONFIG_PASSPHRASE

ahead of running

$ pulumi stack select $CI_COMMIT_REF_NAME --create --secrets-provider passphrase --verbose 9

We see the initial stack get created with the following output

{
  "version": 3,
  "checkpoint": {
    "stack": "dev"
  }
}

But then immediately see the following ouput:

Created stack 'dev'
error: incorrect passphrase

Any ideas on what could be going on?

hi - is there any guidance on how to use multiple typescript files in a sub folder? for example: it seems like only the index file is detected by me specifying "main": "src/index.ts" in my package.json. i am basically looking for a way to separate stuff into different files so it's not just one massive index.ts

Hello, I'm trying to troubleshotting a stack update. Every time when I run

pulumi update

the process want to update my resource (db-instance) on my gcp even when diff operations shows that everything are the same. When I use

pulumi update --diff --json > diff-file.json

I can see the newState and oldState for resource is exactly the same but pulumi still want to update it with error like this:

... 1 error occurred:
        * Error, failed to update instance settings for : googleapi: Error 412: Condition does not match., staleData

Could anyone advice me how I could track it down?

Hi All, this is for GCP Cluster deployment using

masterAuthorizedNetworksConfig

. Anyone encountered an error below when trying to update the cidrBlocks in

masterAuthorizedNetworksConfig

?

error: error sending request: googleapi: Error 400: Must provide an update.

has anyone come across an error like :

> [2/2] COPY ./abc/abc_bin.jar app.jar:
    ------
    failed to compute cache key: "./abc/abc_bin.jar" not found: not found

when trying to build a docker image with Pulumi. My DockerFile (

ExampleProject/abc/DockerFile

)looks like this :

FROM openjdk:8-jdk-alpine
ARG JAR_FILE=./abc/abc_bin.jar
COPY ${JAR_FILE} app.jar
ENTRYPOINT ["java","-jar","/app.jar"]

My top level Bazel project is named

ExampleProject

under which I have

abc

as follows :

ExampleProject/abc

. When I run

bazel build //abc/...

from

ExampleProject

it creates a new directory called

/ExampleProject/bazel-bin/abc

which has all the jars including

abc_bin.jar