https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • m

    most-jordan-25674

    05/31/2022, 8:52 PM
    I’ve been creating some of my Pulumi scripts in different repos, and I want to consolidate some of them now. Is there a best practice for transferring ownership of the resources created with Pulumi to a different script? Or can I just copy the files / function calls and it will just work?
    w
    • 2
    • 2
  • h

    helpful-easter-62786

    05/31/2022, 10:02 PM
    πŸ‘‹ Does anyone have a working example that creates a Hashicorp Vault cluster in AWS?
  • s

    salmon-printer-16080

    06/01/2022, 1:55 AM
    Hi Pulumi people πŸ‘‹ I am trying to create an
    App Service Managed Certificate
    as part of a deployment of an App Service to Azure. I cannot see where I can do that within the following API's in Pulumi, can someone point me in the right direction? I have looked into the following providers / APIs - maybe I have missed something: β€’ https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapphostnamebinding/ β€’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/managedcertificate/ β€’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/customhostnamebinding/ β€’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificate/ β€’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificatebinding/
    • 1
    • 1
  • b

    bulky-agent-73210

    06/01/2022, 8:56 AM
    Is there a way for me to create and retrieve AWS SES SMTP credentials, in Golang?
  • o

    orange-crowd-9665

    06/01/2022, 9:32 AM
    Hello! On GCP, I'm creating PubSub Schemas (w/ gRPC), and then after PubSub topics with those schemas (w/ ResourceOptions depends_on parameter). A problem arises when I update my .proto files. I don't know the inners of Pulumi, but everytime I update a schema, the PubSub topics that rely on it will result in a "Deleted Schema" state. What are the best practices to update PubSub schemas?
  • a

    adamant-father-26302

    06/01/2022, 10:06 AM
    is there some pulumi helper function in golang to reference file relative to something, not relative to the entrypoint main.go ?
  • r

    rich-agency-75207

    06/01/2022, 10:36 AM
    Hi All. Wondering if someone can advise on a current pulumi issue of mine:
  • r

    rich-agency-75207

    06/01/2022, 10:36 AM
    Provider:
    google-native
    Address
    - https://www.pulumi.com/registry/packages/google-native/api-docs/compute/v1/address/
  • r

    rich-agency-75207

    06/01/2022, 10:37 AM
    Defined an
    INTENRAL
    IP resource. Purpose:
    VPC-PEERING
  • r

    rich-agency-75207

    06/01/2022, 10:37 AM
    According to docs;
    subnetwork
    should only be used for
    GCE_ENDPOINT
    and
    DNS_RESOLVER
  • r

    rich-agency-75207

    06/01/2022, 10:38 AM
    The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with a GCE_ENDPOINT or DNS_RESOLVER purpose.
  • r

    rich-agency-75207

    06/01/2022, 10:38 AM
    I therefore omitted this from the resource definition.
  • r

    rich-agency-75207

    06/01/2022, 10:38 AM
    However getting:
    error: error sending request: googleapi: Error 400: Invalid value for field 'resource.subnetwork': ''. No default subnetwork was found for an address with type INTERNAL.
  • r

    rich-agency-75207

    06/01/2022, 10:38 AM
    When I add this; I get (as expected):
    error: error sending request: googleapi: Error 400: Invalid value for field 'resource.purpose': 'VPC_PEERING'. The type/purpose values are invalid for subnetwork address.
  • r

    rich-agency-75207

    06/01/2022, 10:39 AM
    I have an identical resource defined via TF and can confirm that I don't use
    subnetwork
  • r

    rich-agency-75207

    06/01/2022, 10:39 AM
    I can't convert it from TF to pulumi tho (before anyone asks πŸ˜‰ )
  • r

    rich-agency-75207

    06/01/2022, 10:40 AM
    Should I use legacy GCP instead?
  • r

    rich-agency-75207

    06/01/2022, 10:48 AM
    In case relevant: My subnetwork's purpose is set to
    PRIVATE_RFC_1918
    e
    • 2
    • 9
  • c

    cold-midnight-33684

    06/01/2022, 12:03 PM
    hey everybody. how do I import a complete AWS Route53 hosted zone, with all of the records in it?
    e
    • 2
    • 2
  • r

    rich-tiger-43483

    06/01/2022, 1:04 PM
    Hi there, I submitted a new version of my community provider but do not see that reflected on the registry. Do I manually need to update that?
  • a

    alert-zebra-27114

    06/01/2022, 1:48 PM
    Does anybody have a working example of setting up OpenSearch with SAML support ? (Looking at https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html it looks awfully complicated 😞 )
  • n

    narrow-translator-93508

    06/01/2022, 2:31 PM
    Hi everybody πŸ‘‹ I have an issue with the
    Kubernetes Operator
    and
    GCP KMS
    , because of a custom
    backend
    (first), and custom
    secrets
    provider (second), I have the below error in the logs.
    Permission 'cloudkms.cryptoKeyVersions.useToDecrypt' denied on resource 'projects/XXX/locations/europe-west6/keyRings/secrets/cryptoKeys/pulumi'
    Anyone else faced the same issue?
    e
    • 2
    • 22
  • a

    adamant-father-26302

    06/01/2022, 2:32 PM
    I'm trying to use the newly released awsx for golang (
    go get <http://github.com/pulumi/pulumi-awsx/sdk|github.com/pulumi/pulumi-awsx/sdk>
    ), but getting below error when using it in code
    error: no resource plugin 'pulumi-resource-awsx' found in the workspace at version v1.0.0-testplsignore.0 or on your $PATH, install the plugin using `pulumi plugin install resource awsx v1.0.0-testplsignore.0`
    any solutions to that? (tried
    pulumi plugin install resource awsx v1.0.0-beta.7
    but did not help)
    • 1
    • 4
  • f

    famous-needle-81667

    06/01/2022, 2:57 PM
    Hello everyone, trying to port some changes from Terraform to Pulumi and run into an issue: This is EC2 instance spec in terraform. I have a templated bash script into which I inject loadbalancer DNS name.
    user_data                   = base64encode(
        templatefile("../templates/bash_script.sh.tftpl", {
            internal_lb_dns_name = aws_lb.aws-internal-load-balancer.dns_name
          }
        )
      )
    How to achieve similar results with pulumi? If it was not a templated file it would be easy, namely:
    UserData:            pulumi.StringPtr(base64.StdEncoding.EncodeToString(bashScriptContent))
    However, I need to inject some variables into that script that will be known once some resources got created. Any help would be appreciated, this is a part of my Master's Degree thesis and it would be a shame that this cannot be solved in Pulumi πŸ˜„ //EDIT, I'm writing in Golang
    f
    • 2
    • 3
  • w

    worried-queen-40276

    06/01/2022, 3:51 PM
    Hello All, How can I get the oidcProvider for aws eks in python? I saw the equivalent code in
    .ts
    is
    // Create a Kubernetes cluster.
    const cluster = new eks.Cluster('mlplatform-eks', {
      createOidcProvider: true,
    });
    
    cluster.core.oidcProvider.arn
    cluster.core.oidcProvider.url
    However, I do not see any exposed method for python? Am I missing something? I can do the same thing from aws cli but I need to do it programmatically from within pulumi to create components for another assume-policy component.
    aws eks describe-cluster --name mlp-mlops-eksCluster-c2aab22 --query "cluster.identity.oidc.issuer" --output text
    <https://oidc.eks.us-west-1.amazonaws.com/id/ABCFDRREJJKJEFBD0D4EABB3D90A>
    aws iam list-open-id-connect-providers | grep ABCFDRREJJKJEFBD0D4EABB3D90A
    "Arn": "arn:aws:iam::XXXXXXX:oidc-provider/oidc.eks.us-west-1.amazonaws.com/id/ABCFDRREJJKJEFBD0D4EABB3D90A"
  • m

    most-jordan-25674

    06/01/2022, 4:24 PM
    I’m creating a task definition for AWS ECS, and I need to provide a string with my task environment variables inside. I want to use a pulumi config secret, but when I get that secret I get an Output which can’t be put into the string. Do any of you have suggestions for how to get this secret in string form?
  • f

    fancy-jelly-16159

    06/01/2022, 4:34 PM
    Hello All. I'm trying to import an existing google cloud ServiceAccount using the latest google-native v0.19.1 plugin and am failing. As I'm new to Pulumi, I'm coding in golang a hybrid "query existing resources and pass them to the corresponding New calls as an import" in my Pulumi program. This lets me play around with both the query/get side and the upsert side. Note: please forgive the variable prefixes... p is for pulumi to differentiate other model spaces from which I'm drawing while I get my bearings. Note: Also, I'm
    <eliding>
    specific info where necessary, I hope keeping the gist of it clear.
    var pServiceAccountOptions []pulumi.ResourceOption
    var pServiceAccount *pulumiIAM.LookupServiceAccountResult
    if pServiceAccount, err = pulumiIAM.LookupServiceAccount(pctx, &pulumiIAM.LookupServiceAccountArgs{
        Project:          "<my-actual-google-project-id>",
        ServiceAccountId: "<my-actual-service-account-id>",
    }); err != nil {
        err = nil // Don't propagate an error, but don't try to import it.
    } else {
        // Import it.
        // This works, and we get the pServiceAccount
        pServiceAccountOptions = append(pServiceAccountOptions, pulumi.Import(pulumi.ID(<WHAT-HERE>)))
    }
    The query works, and I'm trying to set up the ResourceOption to import into a following iam NewServiceAccount call (not shown here). I've tried many properties and variants taken from the pServiceAccount for <WHAT-HERE>, but I get:
    =  google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import
     =  google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/s<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import error: Preview failed: property "projectsId"/"project" not found
     +  pulumi:pulumi:Stack <my-stack> create error: preview failed
     =  google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import 1 error
     +  pulumi:pulumi:Stack <my-stack> create 1 error
    Note: If I do NOT use the resource import option, the preview shows that a new service account would be created. I've done the same approach with other resources, and it works, but I know that Service Accounts are an odd beast with respect to identifiers. What am I doing wrong here? What does <WHAT-HERE> need to be?
  • w

    worried-queen-40276

    06/01/2022, 6:17 PM
    Hi All, How can I use the bucket name inside a inline policy json using pulumi in python e.g.
    mlflow_s3_policy = aws.iam.RolePolicy("mlflow_s3_policy",
                                          role=mlflow_s3_role.id,
                                          policy=json.dumps({
                                              "Version": "2012-10-17",
                                              "Statement": [{
                                                  "Action": "*",
                                                  "Effect": "Allow",
                                                  "Resource": mlflow_bucket.bucket.apply(lambda bucket_name: f'arn:aws:s3:::{bucket_name}/*'),
                                              }],
                                          }))
    I get the following error
    TypeError: Object of type Output is not JSON serializable
    w
    • 2
    • 3
  • w

    worried-gold-55244

    06/01/2022, 7:27 PM
    Hi All, Is it possible to detect if a resource is going to be replaced/deleted ? I need to trigger some logic in case a resource is going to be replaced
    a
    • 2
    • 1
  • t

    thankful-coat-47937

    06/01/2022, 9:42 PM
    how can I get config data into serialized pulumi functions. for example like
    cfg.requireSecret()
    . currently it just serializes the literal function, but not the value
    l
    • 2
    • 2
Powered by Linen
Title
t

thankful-coat-47937

06/01/2022, 9:42 PM
how can I get config data into serialized pulumi functions. for example like
cfg.requireSecret()
. currently it just serializes the literal function, but not the value
l

little-cartoon-10569

06/01/2022, 10:07 PM
Is this for use in a lambda or similar? You can't use Pulumi code from lambdas (or at least, you couldn't last time I tried...). Instead, put the value into something accessible at run time, like SSM Parameters, a vault, or similar. Then the serialized code should use normal AWS SDK to retrieve that value.
Alternatively you could pass the value into the serialized function, but that comes with a loss of encryption, I think.
View count: 4