pulumi-community #general

general

most-jordan-25674

05/31/2022, 8:52 PM

I’ve been creating some of my Pulumi scripts in different repos, and I want to consolidate some of them now. Is there a best practice for transferring ownership of the resources created with Pulumi to a different script? Or can I just copy the files / function calls and it will just work?

helpful-easter-62786

05/31/2022, 10:02 PM

👋 Does anyone have a working example that creates a Hashicorp Vault cluster in AWS?

salmon-printer-16080

06/01/2022, 1:55 AM

Hi Pulumi people 👋 I am trying to create an

App Service Managed Certificate

as part of a deployment of an App Service to Azure. I cannot see where I can do that within the following API's in Pulumi, can someone point me in the right direction? I have looked into the following providers / APIs - maybe I have missed something: • https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapphostnamebinding/ • https://www.pulumi.com/registry/packages/azure/api-docs/appservice/managedcertificate/ • https://www.pulumi.com/registry/packages/azure/api-docs/appservice/customhostnamebinding/ • https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificate/ • https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificatebinding/

bulky-agent-73210

06/01/2022, 8:56 AM

Is there a way for me to create and retrieve AWS SES SMTP credentials, in Golang?

orange-crowd-9665

06/01/2022, 9:32 AM

Hello! On GCP, I'm creating PubSub Schemas (w/ gRPC), and then after PubSub topics with those schemas (w/ ResourceOptions depends_on parameter). A problem arises when I update my .proto files. I don't know the inners of Pulumi, but everytime I update a schema, the PubSub topics that rely on it will result in a "Deleted Schema" state. What are the best practices to update PubSub schemas?

adamant-father-26302

06/01/2022, 10:06 AM

is there some pulumi helper function in golang to reference file relative to something, not relative to the entrypoint main.go ?

rich-agency-75207

06/01/2022, 10:36 AM

Hi All. Wondering if someone can advise on a current pulumi issue of mine:

rich-agency-75207

06/01/2022, 10:36 AM

Provider:

google-native

Address

- https://www.pulumi.com/registry/packages/google-native/api-docs/compute/v1/address/

rich-agency-75207

06/01/2022, 10:37 AM

Defined an

INTENRAL

IP resource. Purpose:

VPC-PEERING

rich-agency-75207

06/01/2022, 10:37 AM

According to docs;

subnetwork

should only be used for

GCE_ENDPOINT

and

DNS_RESOLVER

rich-agency-75207

06/01/2022, 10:38 AM

The URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with a GCE_ENDPOINT or DNS_RESOLVER purpose.

rich-agency-75207

06/01/2022, 10:38 AM

I therefore omitted this from the resource definition.

rich-agency-75207

06/01/2022, 10:38 AM

However getting:

error: error sending request: googleapi: Error 400: Invalid value for field 'resource.subnetwork': ''. No default subnetwork was found for an address with type INTERNAL.

rich-agency-75207

06/01/2022, 10:38 AM

When I add this; I get (as expected):

error: error sending request: googleapi: Error 400: Invalid value for field 'resource.purpose': 'VPC_PEERING'. The type/purpose values are invalid for subnetwork address.

rich-agency-75207

06/01/2022, 10:39 AM

I have an identical resource defined via TF and can confirm that I don't use

subnetwork

rich-agency-75207

06/01/2022, 10:39 AM

I can't convert it from TF to pulumi tho (before anyone asks 😉 )

rich-agency-75207

06/01/2022, 10:40 AM

Should I use legacy GCP instead?

rich-agency-75207

06/01/2022, 10:48 AM

In case relevant: My subnetwork's purpose is set to

PRIVATE_RFC_1918

cold-midnight-33684

06/01/2022, 12:03 PM

hey everybody. how do I import a complete AWS Route53 hosted zone, with all of the records in it?

rich-tiger-43483

06/01/2022, 1:04 PM

Hi there, I submitted a new version of my community provider but do not see that reflected on the registry. Do I manually need to update that?

alert-zebra-27114

06/01/2022, 1:48 PM

Does anybody have a working example of setting up OpenSearch with SAML support ? (Looking at https://docs.aws.amazon.com/opensearch-service/latest/developerguide/saml.html it looks awfully complicated 😞 )

narrow-translator-93508

06/01/2022, 2:31 PM

Hi everybody 👋 I have an issue with the

Kubernetes Operator

and

GCP KMS

, because of a custom

backend

(first), and custom

secrets

provider (second), I have the below error in the logs.

Permission 'cloudkms.cryptoKeyVersions.useToDecrypt' denied on resource 'projects/XXX/locations/europe-west6/keyRings/secrets/cryptoKeys/pulumi'

Anyone else faced the same issue?

adamant-father-26302

06/01/2022, 2:32 PM

I'm trying to use the newly released awsx for golang (

go get <http://github.com/pulumi/pulumi-awsx/sdk|github.com/pulumi/pulumi-awsx/sdk>

), but getting below error when using it in code

error: no resource plugin 'pulumi-resource-awsx' found in the workspace at version v1.0.0-testplsignore.0 or on your $PATH, install the plugin using `pulumi plugin install resource awsx v1.0.0-testplsignore.0`

any solutions to that? (tried

pulumi plugin install resource awsx v1.0.0-beta.7

but did not help)

famous-needle-81667

06/01/2022, 2:57 PM

Hello everyone, trying to port some changes from Terraform to Pulumi and run into an issue: This is EC2 instance spec in terraform. I have a templated bash script into which I inject loadbalancer DNS name.

user_data                   = base64encode(
    templatefile("../templates/bash_script.sh.tftpl", {
        internal_lb_dns_name = aws_lb.aws-internal-load-balancer.dns_name
      }
    )
  )

How to achieve similar results with pulumi? If it was not a templated file it would be easy, namely:

UserData:            pulumi.StringPtr(base64.StdEncoding.EncodeToString(bashScriptContent))

However, I need to inject some variables into that script that will be known once some resources got created. Any help would be appreciated, this is a part of my Master's Degree thesis and it would be a shame that this cannot be solved in Pulumi 😄 //EDIT, I'm writing in Golang

worried-queen-40276

06/01/2022, 3:51 PM

Hello All, How can I get the oidcProvider for aws eks in python? I saw the equivalent code in

.ts

// Create a Kubernetes cluster.
const cluster = new eks.Cluster('mlplatform-eks', {
  createOidcProvider: true,
});

cluster.core.oidcProvider.arn
cluster.core.oidcProvider.url

However, I do not see any exposed method for python? Am I missing something? I can do the same thing from aws cli but I need to do it programmatically from within pulumi to create components for another assume-policy component.

aws eks describe-cluster --name mlp-mlops-eksCluster-c2aab22 --query "cluster.identity.oidc.issuer" --output text

<https://oidc.eks.us-west-1.amazonaws.com/id/ABCFDRREJJKJEFBD0D4EABB3D90A>

aws iam list-open-id-connect-providers | grep ABCFDRREJJKJEFBD0D4EABB3D90A

"Arn": "arn:aws:iam::XXXXXXX:oidc-provider/oidc.eks.us-west-1.amazonaws.com/id/ABCFDRREJJKJEFBD0D4EABB3D90A"

most-jordan-25674

06/01/2022, 4:24 PM

I’m creating a task definition for AWS ECS, and I need to provide a string with my task environment variables inside. I want to use a pulumi config secret, but when I get that secret I get an Output which can’t be put into the string. Do any of you have suggestions for how to get this secret in string form?

fancy-jelly-16159

06/01/2022, 4:34 PM

Hello All. I'm trying to import an existing google cloud ServiceAccount using the latest google-native v0.19.1 plugin and am failing. As I'm new to Pulumi, I'm coding in golang a hybrid "query existing resources and pass them to the corresponding New calls as an import" in my Pulumi program. This lets me play around with both the query/get side and the upsert side. Note: please forgive the variable prefixes... p is for pulumi to differentiate other model spaces from which I'm drawing while I get my bearings. Note: Also, I'm

<eliding>

specific info where necessary, I hope keeping the gist of it clear.

var pServiceAccountOptions []pulumi.ResourceOption
var pServiceAccount *pulumiIAM.LookupServiceAccountResult
if pServiceAccount, err = pulumiIAM.LookupServiceAccount(pctx, &pulumiIAM.LookupServiceAccountArgs{
    Project:          "<my-actual-google-project-id>",
    ServiceAccountId: "<my-actual-service-account-id>",
}); err != nil {
    err = nil // Don't propagate an error, but don't try to import it.
} else {
    // Import it.
    // This works, and we get the pServiceAccount
    pServiceAccountOptions = append(pServiceAccountOptions, pulumi.Import(pulumi.ID(<WHAT-HERE>)))
}

The query works, and I'm trying to set up the ResourceOption to import into a following iam NewServiceAccount call (not shown here). I've tried many properties and variants taken from the pServiceAccount for <WHAT-HERE>, but I get:

=  google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import
 =  google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/s<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import error: Preview failed: property "projectsId"/"project" not found
 +  pulumi:pulumi:Stack <my-stack> create error: preview failed
 =  google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import 1 error
 +  pulumi:pulumi:Stack <my-stack> create 1 error

Note: If I do NOT use the resource import option, the preview shows that a new service account would be created. I've done the same approach with other resources, and it works, but I know that Service Accounts are an odd beast with respect to identifiers. What am I doing wrong here? What does <WHAT-HERE> need to be?

worried-queen-40276

06/01/2022, 6:17 PM

Hi All, How can I use the bucket name inside a inline policy json using pulumi in python e.g.

mlflow_s3_policy = aws.iam.RolePolicy("mlflow_s3_policy",
                                      role=mlflow_s3_role.id,
                                      policy=json.dumps({
                                          "Version": "2012-10-17",
                                          "Statement": [{
                                              "Action": "*",
                                              "Effect": "Allow",
                                              "Resource": mlflow_bucket.bucket.apply(lambda bucket_name: f'arn:aws:s3:::{bucket_name}/*'),
                                          }],
                                      }))

I get the following error

TypeError: Object of type Output is not JSON serializable

worried-gold-55244

06/01/2022, 7:27 PM

Hi All, Is it possible to detect if a resource is going to be replaced/deleted ? I need to trigger some logic in case a resource is going to be replaced

thankful-coat-47937

06/01/2022, 9:42 PM

how can I get config data into serialized pulumi functions. for example like

cfg.requireSecret()

. currently it just serializes the literal function, but not the value

Title

thankful-coat-47937

06/01/2022, 9:42 PM

how can I get config data into serialized pulumi functions. for example like

cfg.requireSecret()

. currently it just serializes the literal function, but not the value

little-cartoon-10569

06/01/2022, 10:07 PM

Is this for use in a lambda or similar? You can't use Pulumi code from lambdas (or at least, you couldn't last time I tried...). Instead, put the value into something accessible at run time, like SSM Parameters, a vault, or similar. Then the serialized code should use normal AWS SDK to retrieve that value.

Alternatively you could pass the value into the serialized function, but that comes with a loss of encryption, I think.

View count: 4