https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    boundless-queen-72669

    05/19/2022, 2:12 PM
    Hi Team , Do we have any sample piece of code on pulumi-command (python specific) ? https://www.pulumi.com/registry/packages/command/api-docs/local/command/
    v
    • 2
    • 8
  • p

    proud-machine-85126

    05/19/2022, 4:51 PM
    I'm having a performance issue where it appears that pulumi is mostly running serially with 1 thread, despite setting the -p option to
    2147483647
    . I've tried with both
    pulumi config set pulumi:noSyncCalls true
    and not set. Any suggestions? I now have 1000s of resources so simply validating the state takes 20+min (This is using the pulumi cli)
  • f

    fast-river-57630

    05/19/2022, 5:23 PM
    how would you defer some change? For example changing 'nodeType' for an AWS instance. I want to to happen on monday but want to pulumi up the rest today. I know I can grab the URNs i want to update specifically but I'd rather be able to mark entities as "Update Later" (for now just manually reverting the commit in question).
    b
    • 2
    • 1
  • d

    damp-flower-48607

    05/19/2022, 5:29 PM
    How to run auth application-default login command to obtain GCP credentials when using wsl2, keep getting error (unable to launch browser) gcloud auth application-default login
    b
    • 2
    • 2
  • b

    bored-jewelry-6309

    05/19/2022, 6:19 PM
    Hello, is there a in-memory secret provider, which can be used for tests?
  • b

    bored-jewelry-6309

    05/19/2022, 6:22 PM
    I have an integration test suite, which runs a stack against azure. I'm using localworkspace to run it
  • f

    fancy-vase-72193

    05/20/2022, 5:33 AM
    Hey! Curious if anybody knows a good way to sync a directory to S3, but when the directory changes, only ever add or overwrite files to S3? Never deleting files from the bucket?
    l
    s
    • 3
    • 2
  • p

    purple-sundown-54409

    05/20/2022, 11:13 AM
    👋 Hi everyone! When will we have official examples of how to implement testing with Java?
    b
    • 2
    • 2
  • p

    purple-megabyte-83002

    05/20/2022, 4:15 PM
    hello im very stuck with this error after upgrading pulumi
    error: Error: package.json export path for ".pnpm/tslib@2.4.0/node_modules/tslib/tslib.js" not found
            at ModuleMap.get (/home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/runtime/closure/package.ts:216:16)
            at Object.getModuleFromPath (/home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/runtime/closure/package.ts:265:6)
            at /home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/runtime/closure/createClosure.ts:1229:19
            at Generator.next (<anonymous>)
            at /home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/pulumi/runtime/closure/createClosure.js:21:71
            at new Promise (<anonymous>)
            at __awaiter (/home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/pulumi/runtime/closure/createClosure.js:17:12)
            at captureModuleAsync (/home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/pulumi/runtime/closure/createClosure.js:871:20)
            at /home/orphee/workspace/app/node_modules/.pnpm/@pulumi+pulumi@3.33.1/node_modules/@pulumi/runtime/closure/createClosure.ts:931:19
            at Generator.next (<anonymous>)
  • c

    curved-morning-41391

    05/20/2022, 7:38 PM
    That automation API is some next level shit, nice work!!
  • w

    white-chef-55657

    05/20/2022, 7:45 PM
    I’m trying to be good and create ComponentResource for everything and it’s working really well! my only issue is URNs, I’m trying to be forward compatible and inherit the URN from the parent, in case I need to change some naming structure but obviously this won’t fly
    super(pulumi.interpolate`${opts.parent?.urn}:cluster`, name, {}, opts);
    as the constructor won’t take an Output, and I can’t nest the super inside an apply has anyone tried doing something like this?
  • s

    salmon-truck-53389

    05/20/2022, 8:55 PM
    Hi all, having an issue with ECS/Fargate Auto Scaling where everything gets created, however, the auto scaling policies don’t contain scaling action value (although it’s in the CloudWatch monitoring rule.) Here’s an example. Image one, displays everything correctly. When you update the ECS/Fargate service, and reach the Auto Scaling section, the value is missing. I’m able to reproduce this on multiple projects running latest pulumi version.
  • s

    shy-translator-25082

    05/20/2022, 9:25 PM
    Hi all, Do we have a way to send stack logs/metrics to datadog?
    l
    • 2
    • 5
  • a

    average-tiger-58107

    05/20/2022, 10:11 PM
    Hey team, I'm currently using the new
    awsx
    beta, version
    1.0.0-beta.5
    . I am encountering an issue with the plugin when attempting
    pulumi up
    locally on my M1 mac. Plugin seems to be working fine on github actions linux hosts.
    error: could not load plugin for awsx provider 'urn:pulumi:dev::cfx-solana::pulumi:providers:awsx::default_1_0_0_beta_5': could not read plugin [/Users/wizardfiction/.pulumi/plugins/resource-awsx-v1.0.0-beta.5/pulumi-resource-awsx] stdout: EOF
    o
    • 2
    • 30
  • m

    magnificent-smartphone-40853

    05/21/2022, 12:12 AM
    How do you ignore all changes to a property inside of a nested array? something like:
    ignoreChanges: ['taskDefinitionArgs.containers[*].image']
    where
    containers
    is an array.
    l
    • 2
    • 2
  • a

    average-tiger-58107

    05/21/2022, 1:13 AM
    Does anybody have a good method for accessing structured config in code when an object has both secret and non secret values? The docs advise using the secret getters on secret values to ensure they remain encrypted at all times.
    For example:
    
    yaml
    
    config:
      namespace:service:
        - name: my-service
          secrets:
          - name: SECRET_NAME
            value:
              secure: ...
            ...
    
    typescript
    
    interface ServiceConfig {
      name: string;
      secrets: Secret[];
    }
    
    interface Secret {
      name: string;
      value: pulumi.Output<string>;
    }
    
    // Secret values appear to be read as secrets but docs suggest specifically using secret getters, making below seem like a bad idea
    
    const serviceConfig = new pulumi.Config().requireObject<ServiceConfig>("service");
    
    // All values will be read as secrets which I think would work fine but not optimal
    
    const secretServiceConfig = new pulumi.Config().requireSecretObject<ServiceConfig>("service")
    Ultimately I would like to be able to recursively unpack config values, using secret and non-secret getters respectively. I have tried a few approaches but can't seem to get anything to work. Is this a crazy configuration structure in the first place? I like this approach because it allows me to dynamically supply configuration values to my container's runtime environment without modifying the typescript code
  • m

    magnificent-smartphone-40853

    05/21/2022, 1:32 AM
    Is there a way to convert a VPC created with `awsx.ec2.Vpc`to a VPC created with the
    aws.ec2.Vpc
    without having to destroy the existing vpc & subnets? I started out with awsx.ec2.Vpc, and realize that we do not have enough control of the subnet / route table associations.
    l
    • 2
    • 2
  • w

    white-chef-55657

    05/21/2022, 6:04 AM
    ok this is new.. pulumi dies while previewing an update
    panic: fatal: An assertion has failed
    
    goroutine 144 [running]:
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)>
            /Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/failfast.go:23
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assert(...)>
            /Users/runner/work/pulumi/pulumi/sdk/go/common/util/contract/assert.go:26
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.NewDeleteReplacementStep|github.com/pulumi/pulumi/pkg/v3/resource/deploy.NewDeleteReplacementStep>(0xc0004116b0, 0xc001058ea0, 0x80)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step.go:306 +0x16c
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepGenerator).generateStepsFromDiff(0xc000647320|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepGenerator).generateStepsFromDiff(0xc000647320>, {0x7f17ebbb5258, 0xc001f7cdf0}, {0xc002a3c870, 0x0}, 0xc000cb77a0, 0xc0005e9b00, 0xc0009763c0, 0xc0019d6480, 0xc001aa9f80, ...)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_generator.go:835 +0x1445
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepGenerator).generateSteps(0xc000647320|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepGenerator).generateSteps(0xc000647320>, {0x7f17ebbb5258, 0xc001f7cdf0})
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_generator.go:622 +0x1cf2
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepGenerator).GenerateSteps(0xc000647320|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepGenerator).GenerateSteps(0xc000647320>, {0x7f17ebbb5258, 0xc001f7cdf0})
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/step_generator.go:190 +0x46
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).handleSingleEvent(0xc0006292a8|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).handleSingleEvent(0xc0006292a8>, {0x2205760, 0xc001f7cdf0})
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment_executor.go:447 +0xe5
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute.func3(0xc00067d800|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute.func3(0xc00067d800>, 0xc0006292a8, 0xc001e4c080, {0x2242b50, 0xc001e2e400}, 0x0, 0x0, {0x2242bf8, 0xc001a46420})
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment_executor.go:284 +0x273
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute(0xc0006292a8|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute(0xc0006292a8>, {0x2242bf8, 0xc001a46420}, {{0x7f17eb8e7180, 0xc000fc11e0}, 0x7fffffff, 0x0, 0x0, {0x3230378, 0x0, ...}, ...}, ...)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment_executor.go:300 +0x99f
    <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*Deployment).Execute(0xc0004116b0|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*Deployment).Execute(0xc0004116b0>, {0x2242bf8, 0xc001a46420}, {{0x7f17eb8e7180, 0xc000fc11e0}, 0x7fffffff, 0x0, 0x0, {0x3230378, 0x0, ...}, ...}, ...)
            /Users/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment.go:432 +0xd0
    <http://github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run.func1()|github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run.func1()>
            /Users/runner/work/pulumi/pulumi/pkg/engine/deployment.go:269 +0x250
    created by <http://github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run|github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run>
            /Users/runner/work/pulumi/pulumi/pkg/engine/deployment.go:252 +0x365
  • h

    hundreds-toothbrush-20089

    05/21/2022, 11:29 AM
    👋 Hi everyone!
    👋 4
  • p

    purple-sundown-54409

    05/21/2022, 6:53 PM
    Hi. I am trying to find Java Class
    SubnetRouteTableAssociation
    …
  • v

    victorious-ghost-35676

    05/21/2022, 7:12 PM
    Are Integration tests available only in GO? or are they available with .NET and Python as well? https://www.pulumi.com/docs/guides/testing/integration/
    o
    • 2
    • 5
  • w

    white-chef-55657

    05/22/2022, 11:25 AM
    is it possible to use the self-hosted pulumi instance with an s3 backend, without a subscription? it’s unclear if self-hosted pulumi also requires a subscription
    v
    m
    a
    • 4
    • 3
  • m

    many-garden-84306

    05/22/2022, 5:37 PM
    Hello, I am trying to construct an AssetArchive from a folder and upload it to an S3 BucketObject. It works fine, but it creates the archive in ZIP format regardless of what extension and content-type I use on the S3 object. I need the archive to preserve file permissions (e.g., executable bit), so I want to use tar.gz format. I can't find an option anywhere in the documentation for setting the archive format. Any ideas?
    l
    • 2
    • 2
  • b

    blue-leather-96987

    05/22/2022, 9:46 PM
    Hello, I was just wondering if there's a way to delete a project. I searched as much as I could and all I could find was stuff about deleting stacks, not projects
    l
    m
    • 3
    • 4
  • p

    purple-sundown-54409

    05/23/2022, 11:37 AM
    Hi. Is everything okay with Pulumi? I’m trying to upload a Stack, it seems pretty slow.
  • a

    adamant-father-26302

    05/23/2022, 1:09 PM
    if you have multiple versions of a plugin installed, is it possible to explicitly use a certain version when doing actions like
    pulumi destroy
    ?
    m
    a
    • 3
    • 8
  • d

    damp-honey-93158

    05/23/2022, 1:36 PM
    Can anyone explain the difference between the dependency between objects created by using Output<> params, and the Parent? I've noticed that the Parent (via ComponentResourceOptions) impacts the resource graph in the pulumi service, but apart from that does using Parent confer some other benefit? For example, I have a key vault, then I create a key - I can choose not to set the Parent for the key - this doesn't seem to affect destroy operations at all.
    g
    o
    • 3
    • 2
  • g

    great-sunset-355

    05/23/2022, 1:38 PM
    Can I call a function when
    OnDelete
    is called on resource?
  • s

    salmon-art-85736

    05/23/2022, 8:05 PM
    Hey, how is everyone using Pulumi for configuration management after provisioning of infra? I would normally use TF to provision then run Ansible separately, does Pulumi make this process any "better"?
    f
    • 2
    • 2
  • f

    faint-balloon-33174

    05/23/2022, 8:19 PM
    Where can I find the specifications of the built-in secret encryption for Pulumi? I'd like to know the algorithm and key size
    f
    o
    • 3
    • 6
Powered by Linen
Title
f

faint-balloon-33174

05/23/2022, 8:19 PM
Where can I find the specifications of the built-in secret encryption for Pulumi? I'd like to know the algorithm and key size
f

few-wolf-27303

05/23/2022, 8:42 PM
This is the code where that is configured in Go: https://github.com/pulumi/pulumi/blob/d320d68014c78c0bd13cdd1b4a1c73059fbd9adb/pkg/cmd/pulumi/util.go#L195
o

orange-policeman-59119

05/23/2022, 8:42 PM
For the passphrase based cryptography, I can point you here: https://github.com/pulumi/pulumi/blob/5528cde977ff1006895ad1a56b089a3ff43a3d90/sdk/go/common/resource/config/crypt.go#L151-L158 https://github.com/pulumi/pulumi/blob/5528cde977ff1006895ad1a56b089a3ff43a3d90/sdk/go/common/resource/config/crypt.go#L168 The key derivation function is
pbkdf2
with 1 million rounds and a per-environment salt. This function is provided by the official golang package golang.org/x/crypto/pbkdf2 The encryption algorithm is AES256GCM, which was created using
crypto/aes
and
crypto/cipher
. The nonce is randomly generated via
cryptorand.Read
& as @few-wolf-27303 pointed you to, for different providers we may use different algorithms, such as RSA-OEAP-256 for azure key vault. For each of the backend services, you'll need to refer to their documentation. For the Pulumi Service's cryptography, I can refer you to our internal folks as I'm not sure what we disclose there.
f

faint-balloon-33174

05/23/2022, 8:49 PM
I'm looking for the details of the default (non-password) cryptography that Pulumi provides, the first link appears to relate to non-default secret providers.
o

orange-policeman-59119

05/23/2022, 8:50 PM
Got it, yeah, let me see if I can provide you some info. Are you asking on behalf of a current or prospective business customer?
Ah, it looks like we've published our whitepaper as a link on our security page: https://www.pulumi.com/security/ & https://www.pulumi.com/security/pulumi-cloud-security-whitepaper.pdf
Various Pulumi editions offer configurable secrets management options. By default, the Pulumi-hosted backend (app.pulumi.com) manages per-stack AWS KMS-based encryption keys on the server. All secrets are sent over HTTPS to app.pulumi.com, and the backend uses AES256GCM to encrypt values with the stack-specific key.
View count: 5