most-jordan-25674
05/31/2022, 8:52 PMhelpful-easter-62786
05/31/2022, 10:02 PMsalmon-printer-16080
06/01/2022, 1:55 AMApp Service Managed Certificate
as part of a deployment of an App Service to Azure. I cannot see where I can do that within the following API's in Pulumi, can someone point me in the right direction?
I have looked into the following providers / APIs - maybe I have missed something:
β’ https://www.pulumi.com/registry/packages/azure-native/api-docs/web/webapphostnamebinding/
β’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/managedcertificate/
β’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/customhostnamebinding/
β’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificate/
β’ https://www.pulumi.com/registry/packages/azure/api-docs/appservice/certificatebinding/bulky-agent-73210
06/01/2022, 8:56 AMorange-crowd-9665
06/01/2022, 9:32 AMadamant-father-26302
06/01/2022, 10:06 AMrich-agency-75207
06/01/2022, 10:36 AMrich-agency-75207
06/01/2022, 10:36 AMgoogle-native
Address
- https://www.pulumi.com/registry/packages/google-native/api-docs/compute/v1/address/rich-agency-75207
06/01/2022, 10:37 AMINTENRAL
IP resource. Purpose: VPC-PEERING
rich-agency-75207
06/01/2022, 10:37 AMsubnetwork
should only be used for GCE_ENDPOINT
and DNS_RESOLVER
rich-agency-75207
06/01/2022, 10:38 AMThe URL of the subnetwork in which to reserve the address. If an IP address is specified, it must be within the subnetwork's IP range. This field can only be used with INTERNAL type with a GCE_ENDPOINT or DNS_RESOLVER purpose.
rich-agency-75207
06/01/2022, 10:38 AMrich-agency-75207
06/01/2022, 10:38 AMerror: error sending request: googleapi: Error 400: Invalid value for field 'resource.subnetwork': ''. No default subnetwork was found for an address with type INTERNAL.
rich-agency-75207
06/01/2022, 10:38 AMerror: error sending request: googleapi: Error 400: Invalid value for field 'resource.purpose': 'VPC_PEERING'. The type/purpose values are invalid for subnetwork address.
rich-agency-75207
06/01/2022, 10:39 AMsubnetwork
rich-agency-75207
06/01/2022, 10:39 AMrich-agency-75207
06/01/2022, 10:40 AMrich-agency-75207
06/01/2022, 10:48 AMPRIVATE_RFC_1918
cold-midnight-33684
06/01/2022, 12:03 PMrich-tiger-43483
06/01/2022, 1:04 PMalert-zebra-27114
06/01/2022, 1:48 PMnarrow-translator-93508
06/01/2022, 2:31 PMKubernetes Operator
and GCP KMS
, because of a custom backend
(first), and custom secrets
provider (second), I have the below error in the logs.
Permission 'cloudkms.cryptoKeyVersions.useToDecrypt' denied on resource 'projects/XXX/locations/europe-west6/keyRings/secrets/cryptoKeys/pulumi'
Anyone else faced the same issue?adamant-father-26302
06/01/2022, 2:32 PMgo get <http://github.com/pulumi/pulumi-awsx/sdk|github.com/pulumi/pulumi-awsx/sdk>
), but getting below error when using it in code
error: no resource plugin 'pulumi-resource-awsx' found in the workspace at version v1.0.0-testplsignore.0 or on your $PATH, install the plugin using `pulumi plugin install resource awsx v1.0.0-testplsignore.0`
any solutions to that? (tried pulumi plugin install resource awsx v1.0.0-beta.7
but did not help)famous-needle-81667
06/01/2022, 2:57 PMuser_data = base64encode(
templatefile("../templates/bash_script.sh.tftpl", {
internal_lb_dns_name = aws_lb.aws-internal-load-balancer.dns_name
}
)
)
How to achieve similar results with pulumi?
If it was not a templated file it would be easy, namely:
UserData: pulumi.StringPtr(base64.StdEncoding.EncodeToString(bashScriptContent))
However, I need to inject some variables into that script that will be known once some resources got created.
Any help would be appreciated, this is a part of my Master's Degree thesis and it would be a shame that this cannot be solved in Pulumi π
//EDIT, I'm writing in Golangworried-queen-40276
06/01/2022, 3:51 PM.ts
is
// Create a Kubernetes cluster.
const cluster = new eks.Cluster('mlplatform-eks', {
createOidcProvider: true,
});
cluster.core.oidcProvider.arn
cluster.core.oidcProvider.url
However, I do not see any exposed method for python? Am I missing something?
I can do the same thing from aws cli but I need to do it programmatically from within pulumi to create components for another assume-policy component.
aws eks describe-cluster --name mlp-mlops-eksCluster-c2aab22 --query "cluster.identity.oidc.issuer" --output text
<https://oidc.eks.us-west-1.amazonaws.com/id/ABCFDRREJJKJEFBD0D4EABB3D90A>
aws iam list-open-id-connect-providers | grep ABCFDRREJJKJEFBD0D4EABB3D90A
"Arn": "arn:aws:iam::XXXXXXX:oidc-provider/oidc.eks.us-west-1.amazonaws.com/id/ABCFDRREJJKJEFBD0D4EABB3D90A"
most-jordan-25674
06/01/2022, 4:24 PMfancy-jelly-16159
06/01/2022, 4:34 PM<eliding>
specific info where necessary, I hope keeping the gist of it clear.
var pServiceAccountOptions []pulumi.ResourceOption
var pServiceAccount *pulumiIAM.LookupServiceAccountResult
if pServiceAccount, err = pulumiIAM.LookupServiceAccount(pctx, &pulumiIAM.LookupServiceAccountArgs{
Project: "<my-actual-google-project-id>",
ServiceAccountId: "<my-actual-service-account-id>",
}); err != nil {
err = nil // Don't propagate an error, but don't try to import it.
} else {
// Import it.
// This works, and we get the pServiceAccount
pServiceAccountOptions = append(pServiceAccountOptions, pulumi.Import(pulumi.ID(<WHAT-HERE>)))
}
The query works, and I'm trying to set up the ResourceOption to import into a following iam NewServiceAccount call (not shown here).
I've tried many properties and variants taken from the pServiceAccount for <WHAT-HERE>, but I get:
= google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import
= google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/s<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import error: Preview failed: property "projectsId"/"project" not found
+ pulumi:pulumi:Stack <my-stack> create error: preview failed
= google-native:iam/v1:ServiceAccount projects/<project-id>/serviceAccounts/<service-account-id>@<project-id>.<http://iam.gserviceaccount.com|iam.gserviceaccount.com> import 1 error
+ pulumi:pulumi:Stack <my-stack> create 1 error
Note: If I do NOT use the resource import option, the preview shows that a new service account would be created.
I've done the same approach with other resources, and it works, but I know that Service Accounts are an odd beast with respect to identifiers.
What am I doing wrong here? What does <WHAT-HERE> need to be?worried-queen-40276
06/01/2022, 6:17 PMmlflow_s3_policy = aws.iam.RolePolicy("mlflow_s3_policy",
role=mlflow_s3_role.id,
policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": "*",
"Effect": "Allow",
"Resource": mlflow_bucket.bucket.apply(lambda bucket_name: f'arn:aws:s3:::{bucket_name}/*'),
}],
}))
I get the following error
TypeError: Object of type Output is not JSON serializable
worried-gold-55244
06/01/2022, 7:27 PMthankful-coat-47937
06/01/2022, 9:42 PMcfg.requireSecret()
. currently it just serializes the literal function, but not the valuethankful-coat-47937
06/01/2022, 9:42 PMcfg.requireSecret()
. currently it just serializes the literal function, but not the valuelittle-cartoon-10569
06/01/2022, 10:07 PM