Hello guys do we have a channel to discuss pulumi policy topics? thanks

Hello, I'm attempting to use stack references with Typescript and I'm having trouble figuring out the best way to get the stack output reference as the correct type. When I do a

requireOutput()

from the stack reference it always ends up as

Output<any>

type. Is there a way to set the expected type of the output so I can get something like

pulumi.Output<string>

or other types?

Hello guys. During CDK Day, somebody from Pulumi shared a demo about some “self service” tooling that displays a nice UI, etc. Can somebody point me to that information / project or person? Thanks.

Ack. I just accidentally overwrote a stack file,

Pulumi.prod.yaml

, before I had a chance to commit it. Is there any way of getting it back?

Hi. Does someone know how to setup Azure SQL Database in Server less mode with Pulumi C#?

Anyone know why Function Serialization doesn’t include node_modules packages in the uploaded code?

Hi all, trying to diagnose an issue in production with our Pulumi pipeline. It uses and AzureAD Provider (Terraform under the covers?) with a clientid/secret as follows:

var userTenantProvider = new Provider("UserTenantProvider", new ProviderArgs

{

TenantId = _config.Environment.ActiveDirectory.UserTenantId,

ClientId = _userTenantProviderConfig.ClientId,

ClientSecret = _userTenantProviderConfig.ClientSecret

});

The secret has been rotated and the new one is passed into the pipeline. However the pipeline still fails with the following message: _building client: unable to obtain access token: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '[secret]'._ The pipeline was working fine before the secret changed, it's as if the old one is cached somewhere. Any ideas?

This message was deleted.

Is it possible to do tf2pulumi with OCI terraform code ?

Does Pulumi's AWS Crosswalk API Gateway generate Swagger? For example, can it generate a JSON if I type in: https://<some aws url>/Stage/swagger/swagger.json?

Hi, has anyone got

RetainOnDelete

to work with a Helm v3.Chart? If I delete a chart it continues to delete the associated k8s resources, instead of leaving them unchanged. Namespaces (for example) work as expected, so maybe it is something to do with Helm charts and/or the Go implementation? (Example code in the comments)

Hi all, I am new to Pulumi and just wanted to check whether its possible to generate the ARM or CloudFormationTemplate from Pulumi code?

Hi. I am an avid Pulumi enthusiast. I want to share a project I have been working on that I hope might find someone's interest here. It is cost estimations for Pulumi, such that you always know what your infrastructure code will cost before you deploy it to the cloud. I have built a prototype that works with a couple Azure resources, but it is still under development. If you are interested you can find out more here and sign up to my email list so I know that you find this useful, since it takes a lot of time to develop this : https://cloudcostify.app/ Thanks for your time.

Is there an integration to manage slack apps (webhooks, etc)? I don’t see one (and the regular slack integration doesn’t have it) but figured I’d ask in case there was something in development.

Hello all! New to Pulumi here, I'm currently looking for a solution that imports all of our AWS infrastructure to IaC. Tried Terracognita and Terraformer as well but Pulumi seems to be the right tool for the job. Will the "pulumi import" tool be able to import the entire infrastructure or will it have to be 1 by 1?

Hi all, I have an ApplicationLoadBalancer (awsx.elasticloadbalancingv2.ApplicationLoadBalancer) that I create in my base network stack that listens to all subdomain requests (*.domain.com), in a higher level application stack I want to add a ListenerRule that points to a ApplicationTargetGroup using the ApplicationLoadBalancer but I can't seem to find a way in doing so using the TypeScript SDK. Can anyone point me in the right direction? Thanks. Here is a pseudo code of what i've tried so far and the error I get: *Base network stack

const alb = new awsx.elasticloadbalancingv2.ApplicationLoadBalancer ........
const appListenerHttps = alb.createListener.......
const zone  = aws.route53.getZoneOutput({name:domainAddress})
const albDomain = new aws.route53.Record(`domain-record`, {
    name: pulumi.interpolate `*.${domainAddress}`,
    zoneId: zone.zoneId,
    type: 'CNAME',
    records: [appListenerHttps.endpoint.hostname]
  });
export const albListenerArn = appListenerHttps.listener.arn
export const albArn = alb.loadBalancer.arn

*Application stack

const networkingStack = new StackReference(config.require('stack.networking'));
const alb =   aws.applicationloadbalancing.getLoadBalancerOutput({arn:networkingStack.getOutput('albArn')});
const targetGroup = new awsx.elasticloadbalancingv2.ApplicationTargetGroup(
      `app-alb-tg`,
      {
        ...............
        loadBalancer: new awsx.elasticloadbalancingv2.ApplicationLoadBalancer('alb',{
           loadBalancer:alb <----error: Type 'GetLoadBalancerResult' is missing the following properties from type 'LoadBalancer': enableCrossZoneLoadBalancing, namePrefix, tagsAll, urn, getProvider
        })
      }
    );

const itoolListener = new aws.lb.ListenerRule(
      `app-alb-lstn`,
      {
        listenerArn: networkingStack.getOutput('albListenerArn'),
        priority: 100,
        actions: [
          {
            type: 'forward',
            targetGroupArn: targetGroup.targetGroup.arn
          }
        ],
        conditions: [
          {
            hostHeader: {
              values: [pulumi.interpolate`test.${domainAddress}`]
            }
          }
        ]
      }
    );
.....

Hi All, does pulumi supports a native way to apply some resources to a specific stack only?. Say I have 3 VM instances that I am preparing to be rolled out on staging stack only, and not yet ready to roll to prod stack, how can I enforce Pulumi to ignore these resources if someone do

pulumi up

on prod stack?

Hello, I am using Pulumi and Localstack to run a stack. I'm running into a problem with an ECS cluster. I start it using this code and it starts succesfully.

const ecsCluster = new aws.ecs.Cluster(
    'test',
    {
      name: 'test',
    },
    {
      provider,
    },
  );

awslocal ecs describe-clusters --cluster test --region eu-central-1

shows this

{
  "clusters": [
    {
      "clusterArn": "arn:aws:ecs:eu-central-1:000000000000:cluster/test",
      "clusterName": "test",
      "status": "ACTIVE",
      "registeredContainerInstancesCount": 0,
      "runningTasksCount": 0,
      "pendingTasksCount": 0,
      "activeServicesCount": 0
    }
  ],
  "failures": []
}

But when I do

pulumilocal down

I get this error

error: deleting urn:pulumi:localstack::Development::aws:ecs/cluster:Cluster::test: 1 error occurred:
    	* error waiting for ECS Cluster (arn:aws:ecs:eu-central-1:000000000000:cluster/test) to become Deleted: couldn't find resource (21 retries)

Even though it does exist. It does however get deleted properly

hi, i'm trying to set up a FargateService with a non-default VPC and I keep running into this error on preview

Diagnostics:
  pulumi:pulumi:Stack (toronto):
    error: Error: invocation of aws:ec2/getVpc:getVpc returned an error: invoking aws:ec2/getVpc:getVpc: 1 error occurred:
        * no matching EC2 VPC found
    
    
        at Object.callback (/home/julian/betx/infra/node_modules/@pulumi/runtime/invoke.ts:162:33)
        at Object.onReceiveStatus (/home/julian/betx/infra/node_modules/@grpc/grpc-js/src/client.ts:338:26)
        at Object.onReceiveStatus (/home/julian/betx/infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
        at Object.onReceiveStatus (/home/julian/betx//infra/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
        at /home/julian/betx/infra/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
        at processTicksAndRejections (node:internal/process/task_queues:78:11)

i am using a custom VPC for an ECS service, but trying to do

pulumi up -v 4...7

doesn't seem to show anything useful. how can I debug this? for reference, i deleted the default VPC.

Still seems like there’s a good opportunity to abstract away IAM policies in Pulumi, e.g. define a link between a lambda and another lambda, or an S3 bucket, and immediately get generated for you: • sensible and customizable IAM policies (e.g. invokeLambda, getObject) • environment variables in the lambda (ARN of other lambda or s3 bucket name)

Hi. Does anyone know why one needs to define two environment variables to support the

google native

provider and

Google Cloud Key Management Service (KMS)

provider? Pulumi uses:

GOOGLE_CREDENTIALS

to support:

Pulumi in a non-interactive setting (for example CI/CD systems, where a person can not complete the normal gcloud auth application-default login flow).

which I have configured since Day 1. However, I recently changed secrets provider to Google's KMS service and I now must also define the

GOOGLE_APPLICATION_CREDENTIALS

envvar with the same creds..? Why the need for 2 x envvars?

Note: my CICD env does not utilise the gcloud sdk. I am purposefully constructing a GitOps workflow where the gcloud sdk is not a dependency.

Is it not possible to run pulumi functions in a pulumi-policy? Do I have to use the normal aws-sdk? When trying i get `Error: Program run without the Pulumi engine available; re-run using the

pulumi

CLI`

Hi, does this work yet? I upgraded to eks provider 0.40 but it doesn't seem to fix it https://pulumi-community.slack.com/archives/C84L4E3N1/p1652470392669989

Hey all, is there any parameter I can set so that Pulumi saves stack data to a custom folder, instead of

.pulumi

? Using Pulumi inline programs, if that matters

Hi All. Could use some advice on secrets. I have configured my stack to use GCP KMS as the secret provider. I then proceeded to define a GCP service account and key and augmented the key resource with:

options:
      additionalSecretOutputs:
        - privateKeyData

This ensured that the corresponding output is

[secret]

and the json key is, indeed, obfuscated; however, it has only been base64 encoded as opposed to encrypted using GCP's KMS service. Clearly I've missed a step in this process and/or have too high expectations wrt pulumi's encoding scheme if the secrets provider is changed. Please can someone clarify?

Hi, I need to add a delay (sleep) when a ressource is deleted by pulumi destroy because Azure native returns but it takes a couple more seconds before the resource is actually deleted on Azure side and it throws error when pulumi trys to delete the depended on ressource. Any way other than using pulumi command (local) to add a dirty wait(1000) ondelete of the ressource?

I all, I'm encountering this issue and I'm not able to get past it. Ive put my pulumi code behind an http route, and I'm trying to deploy a gcr.io image from [Project A] into [Project B]. I've tried everything. Creating service accounts, assigning roles (including max roles didn't work for me) This is my code: https://gist.github.com/georgeportillo/982c7e2a5f56d6ad0b14babe7308b367 Any guidance to solve the issue in the screenshot in a programatic way would be helpful

Hi Guys, I'm new to Pulumi, trying to understand how pricing works. Am I right the cost per resource is about 0.5 USD per resource per month? 730 hours per month * $0.00075 = 0.5475 USD