(Resolved) We're having issues automating the creation of new stacks with passphrase secrets-provider. We assign the environment variable

PULUMI_CONFIG_PASSPHRASE

ahead of running

$ pulumi stack select $CI_COMMIT_REF_NAME --create --secrets-provider passphrase --verbose 9

We see the initial stack get created with the following output

{
  "version": 3,
  "checkpoint": {
    "stack": "dev"
  }
}

But then immediately see the following ouput:

Created stack 'dev'
error: incorrect passphrase

Any ideas on what could be going on?

hi - is there any guidance on how to use multiple typescript files in a sub folder? for example: it seems like only the index file is detected by me specifying "main": "src/index.ts" in my package.json. i am basically looking for a way to separate stuff into different files so it's not just one massive index.ts

Hello, I'm trying to troubleshotting a stack update. Every time when I run

pulumi update

the process want to update my resource (db-instance) on my gcp even when diff operations shows that everything are the same. When I use

pulumi update --diff --json > diff-file.json

I can see the newState and oldState for resource is exactly the same but pulumi still want to update it with error like this:

... 1 error occurred:
        * Error, failed to update instance settings for : googleapi: Error 412: Condition does not match., staleData

Could anyone advice me how I could track it down?

Hi All, this is for GCP Cluster deployment using

masterAuthorizedNetworksConfig

. Anyone encountered an error below when trying to update the cidrBlocks in

masterAuthorizedNetworksConfig

?

error: error sending request: googleapi: Error 400: Must provide an update.

has anyone come across an error like :

> [2/2] COPY ./abc/abc_bin.jar app.jar:
    ------
    failed to compute cache key: "./abc/abc_bin.jar" not found: not found

when trying to build a docker image with Pulumi. My DockerFile (

ExampleProject/abc/DockerFile

)looks like this :

FROM openjdk:8-jdk-alpine
ARG JAR_FILE=./abc/abc_bin.jar
COPY ${JAR_FILE} app.jar
ENTRYPOINT ["java","-jar","/app.jar"]

My top level Bazel project is named

ExampleProject

under which I have

abc

as follows :

ExampleProject/abc

. When I run

bazel build //abc/...

from

ExampleProject

it creates a new directory called

/ExampleProject/bazel-bin/abc

which has all the jars including

abc_bin.jar

Hello, I think I'm missing something basic, but how do we construct an

IDInput

, e.g. for https://www.pulumi.com/registry/packages/gcp/api-docs/container/cluster/#look-up?

Hello, I have pulumi cli (on windows powershell 7) at version v3.28.0 and pulumi refresh is printing "Do you want to perform this refresh?" each time I navigate from yes->no->details. Not a big issue, but I don't have this behaviour with pulumi up.

Getting a 404 when trying to create a secret version in GCP, anyone know why this might be happening? Using Pulumi 3.28 and F#

hi, is there a way for Pulumi to read from a terraform state file? (so Terraform is the producer, and Pulumi is the consumer of the state file)

Not sure who to contact or where to send feedback to, but the link for “Pulumi secrets” at https://www.pulumi.com/docs/guides/adopting/from_terraform/ is wrong.

@broad-dog-22463 @faint-table-42725 hi guys could someone re-build https://github.com/pulumi/pulumi-kubernetes-cert-manager/issues/4 so the arm64 binary is available?

Hello! First time engaging in any kind of slack community. I’m following a AWS guide about cross-account role access for Amazon ECS tasks (see https://aws.amazon.com/premiumsupport/knowledge-center/ecs-iam-role-another-account/). It tells me to “modify the trust policy of the IAM role in the destination account”. However, I can’t find a way of modifying an existing role’s trust relationship via Pulumi. When creating a role I can provide the “AssumeRolePolicy” argument, but I can’t find a way to modify the role when it already exists. Would anyone be so helpful and point me in the right direction on how to proceed here? For context I’m writing Pulumi in Go.

👋 Hi everyone!

I am having some weird issue with SQL database provisioning in Azure. Sometimes it provisions another Sku size than I set. Is this the correct channel to ask for support?

is there a way to change the config via the command line/not with an

up

? a co-worker set the aws profile in a stack and pulumi keeps trying to use that 'profile' for the preview; i could rename it but it got me thinking, there might be situations like this in the future

👋 Hi everyone! Is there a timeline for when

pulumi-eks

will support

pulumi-aws >=5.0.0

? We are using

pulumi-aws=5.1.0

and

pulumi-eks 0.37.1

(latest) depends on

pulumi-aws<5.0.0 and >=4.15.0

Thanks!

Hi everyone. Does anyone know if there's a way to prevent the GUID from being added to the end of lambda function names? I'm already using a stage safe naming convention and I'd rather not have to set a reference for each lambda name in the env setting for a lambda

Hi, I'm trying to get pulumi to build a docker image and then publish it to my newly created (in the same stack) ACR instance. The ACR has AdminUserEnable = true, and I figured I might be able to use the code in the pulumi docs (https://www.pulumi.com/blog/build-publish-containers-iac/) to get the credentials, then tag/publish the image. However, when I deploy I get this Diagnostics: pulumipulumiStack (traffic-app-basic): error: Running program 'G:\src\aks-pulumi\infrastructure\bin\Debug\netcoreapp3.1\infrastructure.dll' failed with an unhandled exception: Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-nativecontainerregistrygetRegistryCredentials returned an error: request failed /subscriptions/50d3206e-7317-4bce-b8ac-34ac81 4fd0f5/resourceGroups/aksrg-basic9f0f894e/providers/Microsoft.ContainerRegistry/registries/registrybasic303721fe/getCredentials: autorest/azure: Service returned an error. Status=400 Code="NoRegisteredProviderFou nd" Message="No registered resource provider found for location 'switzerlandnorth' and API version '2016-06-27-preview' for type 'registries/GetCredentials'. The supported api-versions are '2016-06-27-preview'. T he supported locations are 'westus, eastus, southcentralus, westeurope'."") at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(InvokeRequest request) at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) at async Task<OutputData<T>> Pulumi.Deployment.RawInvoke<T>(string token, InvokeArgs args, InvokeOptions options) at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)

drat, it sent it already.

is it really true? that switzerlandnorth DOES NOT support getting the registry credentials - using GetRegistryCredentials?

var getCredsTask = GetRegistryCredentials.Invoke(new GetRegistryCredentialsInvokeArgs()
{
    RegistryName = registryName,
    ResourceGroupName = resourceGroupName
});

Thanks a bunch for any pointers - I'm only about 5 hours into using Pulumi, it's still a rats nest in my head but I'm loving it so far!

I am getting :

aws:ecr:Repository (abc-staging_trial_Mayuresh):
    error: 1 error occurred:
    	* failed creating ECR Repository (abc-staging_trial_Mayuresh-f8a8c04): InvalidParameterException: Invalid parameter at 'repositoryName' failed to satisfy constraint: 'must satisfy regular expression '(?:[a-z0-9]+(?:[._-][a-z0-9]+)*/)*[a-z0-9]+(?:[._-][a-z0-9]+)*''

when trying to create an AWS ECR repo... apparently

abc-staging_trial

was working fine, till yesterday

just curious; can you get information from pulumi stacks without using

pulumi up

? example: can i tie a CDK project to something i orchestrated in pulumi?

Is it possible to obtain a sha256 hash of the resulting archive file represented by an

AssetArchive

object? Thanks in advance.

I’m following along in the tutorial, fyi, and I have a few issues with the deploy step when adding a file to the bucket (https://www.pulumi.com/docs/get-started/aws/deploy-changes/):

Previewing update (dev):
     Type                    Name          Plan       Info
     pulumi:pulumi:Stack     pulumi-t-dev             1 warning
 +   └─ aws:s3:BucketObject  index.html    create     2 warnings

Diagnostics:
  pulumi:pulumi:Stack (pulumi-t-dev):
    warning: bucket is deprecated: Use the aws_s3_object resource instead

  aws:s3:BucketObject (index.html):
    warning: urn:pulumi:dev::pulumi-t::aws:s3/bucketObject:BucketObject::index.html verification warning: Argument is deprecated
    warning: urn:pulumi:dev::pulumi-t::aws:s3/bucketObject:BucketObject::index.html verification warning: Argument is deprecated


Do you want to perform this update?  [Use arrows to move, enter to select, type to filter]

1. the object deploys fine.. but why the warning, and can we fix this? (should we be using

BucketObjectv2

?) 2. I dug a bit into the docs and found https://www.pulumi.com/registry/packages/aws/api-docs/s3/bucketobject/ (which I assume is the right doc for aws_pulumi.s3.BucketObject?). There are deprecation warnings, sure (specifically:

Deprecated: Use the aws_s3_object resource instead

), but how about giving an actual link to this “aws_s3_object resource” so we actually have more info, and hopefully know what to do?

one thing that’s not clear to me based on what I’ve read so far: can 1 pulumi project only contain one pulumi program?

Hi, i found the pulumi will update the monitoringInterval everytime even i don't change anything, is it normal? it took a long time

export const rds = new aws.rds.Instance(baseTags.Name, {
    tags: baseTags,
    engine: "postgres",
    engineVersion: "13.6",
    allocatedStorage: 500,
    maxAllocatedStorage: 2000,
    instanceClass: "db.m5.xlarge",
    backupRetentionPeriod: 7,
    backupWindow: "00:00-01:00",
    maintenanceWindow: "Mon:02:00-Mon:04:00",
    monitoringRoleArn: enhancedMonitoringRole.arn,
    monitoringInterval: 15,
    username: "postgres",
    password: baseConfig.dbPassword,
    dbName: baseConfig.dbName,
    finalSnapshotIdentifier,
    storageType: "gp2",
    skipFinalSnapshot: false,
    dbSubnetGroupName: subnetGroup.name,
    vpcSecurityGroupIds: [networkingStack.getOutput("peeredSecurityGroupId")],
});

hi, I would like some help clarifying the definition of a “Pulumi Credit”, and how it is calculated. To set some context, I am assuming (let me know if I’m wrong) that the number of “hours” / length of time will be taken from the “Duration: ” output at the end of a

pulumi up

command. Also, assume that I just have one resource for the moment for simplicity’s sake. 1. besides

pulumi up

, are there any other operations that would draw down on the number of credits I have? 2. if I run

pulumi up

twice, and the first duration is 3s, and then second is 10s, does that equate to 1 hour at the end of the month (3s + 10s = 13s, which in total is a “partial hour”)… or 2 hours, with each of 3s and 10s counting as individual separate “partial hours”? https://www.pulumi.com/pricing/ says

Each partial hour used is billed as a full hour.

, but the definition of a “partial hour” could be clarified

Hi, apologies but I recall seeing some message about an online event (webinar? Twitch?) every Thursday on Pulumi. I was hoping to join today

Does pulumi have any way to check that the state storage backend is part of the project being modified? We have two projects in GCP. I was modifying one project, not realizing that I was currently logged in to the other project. Things got weird, but we were able to recover. I’m wondering if there’s some way for pulumi to catch that, so I don’t have to “just be more careful.”