https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • c

    crooked-laptop-67565

    07/06/2022, 8:57 PM
    If I
    curl '<https://21d11ca8c29669f0b6b22de0b70e2570.gr7.us-east-2.eks.amazonaws.com/openapi/v2?timeout=32s>'
    I get the error
    curl: (6) Could not resolve host: <http://21d11ca8c29669f0b6b22de0b70e2570.gr7.us-east-2.eks.amazonaws.com|21d11ca8c29669f0b6b22de0b70e2570.gr7.us-east-2.eks.amazonaws.com>
    but I don't know where this URL comes from or why Pulumi thinks it should be able to connect to it
    b
    • 2
    • 5
  • m

    magnificent-psychiatrist-75197

    07/06/2022, 9:38 PM
    Hi Everyone! If my js based stack is split across files, how do I reference resources across files. One option is to pass them around. But I see lot of pulumi documentation reference existing resources by e.g. aws_iam_role.example.name (which is how I did this in terraform). However I couldn't figure out a way to get this done with pulumi. Thanks 🙂
    b
    • 2
    • 20
  • b

    blue-leather-96987

    07/07/2022, 12:28 AM
    Is there a way to await the creation of resources? I read through the Inputs and Outputs section, and I use interpolation in some fields. For a concrete example, I create a GCP project and then a bucket in that project. The bucket creation fails because the project is not created. At the same time, the documentation says I should not be allocating resources in callbacks, but it's precisely what I seem to need
    b
    • 2
    • 2
  • m

    modern-evening-83482

    07/07/2022, 6:57 AM
    pulumi:pulumi:Stack pulumi-infrastructure-network.dev running Calling __str__ on an Output[T] is not supported.
        pulumi:pulumi:Stack pulumi-infrastructure-network.dev running To get the value of an Output[T] as an Output[str] consider:
        pulumi:pulumi:Stack pulumi-infrastructure-network.dev running 1. o.apply(lambda v => f"prefix{v}suffix")
        pulumi:pulumi:Stack pulumi-infrastructure-network.dev running See <https://pulumi.io/help/outputs> for more details.
        pulumi:pulumi:Stack pulumi-infrastructure-network.dev running This function may throw in a future version of Pulumi.
        pulumi:pulumi:Stack pulumi-infrastructure-network.dev  5 messages
    Hello Guys, Any clue why pulumi is throwing the following warning. I am create a aws vpc and then using the
    vpc.id
    field
    l
    • 2
    • 60
  • b

    big-psychiatrist-43588

    07/07/2022, 11:26 AM
    Hello Everyone I am using classic gcp library version 6.28 to get the getIamPolicy but getting the following error
    error: Error: invocation of gcp:organizations/getIAMPolicy:getIAMPolicy returned an error: unknown Invoke type "gcp:organizations/getIAMPolicy:getIAMPolicy"
    at Object.callback (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@pulumi/runtime/invoke.ts:159:33)
    at Object.onReceiveStatus (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/client.ts:338:26)
    at Object.onReceiveStatus (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)
    at Object.onReceiveStatus (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)
    at /home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24
    Here is my code
    private createIAMBinding = (gsaKsaBinding: string, ksa: k8s.core.v1.ServiceAccount): void =>{
            let account =pulumi.interpolate`serviceAccount:<projectId>.svc.id.goog[${this.namespace}/${ksa.metadata.name}]`;
            const iam_role = gcp.organizations.getIAMPolicy({
                bindings: [{
                    role: "roles/iam.workloadIdentityUser",
                    members: [account.get.name],
                }],
            },{provider: this.provider});
            
            new  gcp.serviceaccount.IAMPolicy(gsaKsaBinding, {
                serviceAccountId: this.serviceAccountEmailId,
                //project: project,
                policyData: iam_role.then(iam_role => iam_role.policyData),
            }, { dependsOn: [ksa], provider: this.provider });
        }
    Is there any clue why pulumi is throwing it
  • b

    bulky-agent-73210

    07/07/2022, 1:16 PM
    Hey all, I’m using Pulumi TLS plugin, does anyone know if I can import existing LocallySignedCert?
  • s

    sticky-wolf-35263

    07/07/2022, 4:52 PM
    Hi all, this is about the Pulumi GitHub action — we’ve seen most of our workflows using this break overnight with the release of v3.18.0. Looks like the issue has been reported here a few hours ago, but I wanted to get this on the radar (and possibly ask if a rollback to v3.17.0 is possible until it’s fixed? we don’t have our workflows pegged to a specific minor version)
    v
    • 2
    • 10
  • r

    rapid-spoon-72613

    07/07/2022, 7:24 PM
    Hello All, Looking for some assistance in the creation of a subnet with a delegation. The documentation with the example has the same example as the creation of the subnet. Please see below link. https://www.pulumi.com/registry/packages/azure-native/api-docs/network/subnet/#delegation
    a
    • 2
    • 1
  • b

    blue-leather-96987

    07/07/2022, 8:19 PM
    I am having a bit of a hard time figuring out how I can ignore specific keys of the form: {[key: string]: string} Specifically: https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrun/service/#annotations_nodejs
    • 1
    • 1
  • s

    steep-portugal-37539

    07/07/2022, 9:40 PM
    Hey guys 🙂 I’m trying to work with stackReferences The idea is to have a core stack deploying sensitive infra like a k8s cluster. And other stacks that will deploy resources into the cluster. The sensitive cluster needs to export the kubeconfig as output. But i only want that certain stacks can read it. Are there any permission boundaries that can be setup to prevent random stacks in the organization from reading sensitive stack outputs? Or any output in any stack is readable by any other stack, and hence any other user, etc
    b
    a
    • 3
    • 22
  • m

    magnificent-helicopter-3467

    07/08/2022, 1:42 AM
    How do I refresh pulumi state for my stack to sync with the actual state of my cloud infra? Namely, I have k8s resources (service, deployment, ingress) showing in my state, but the cluster was manually deleted. When I do
    pulumi refresh
    , I get the following error for these k8s resources:
    failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource
    So I get the URN by executing
    pulumi stack --show-urns
    . But when I copy the URN for the k8s resource in to
    pulumi state delete <urn>
    , I see the error:
    No such resource "<urn>" exists in the current state
    Is there a way to sync state so I can reliably do
    pulumi destroy/up
    again with the correct assumptions about current state of cloud infra?
    b
    • 2
    • 11
  • e

    early-postman-62454

    07/08/2022, 6:00 AM
    Hi I am having trouble creating a s3 bucket and a IAM policy for accessing it
  • e

    early-postman-62454

    07/08/2022, 6:00 AM
    bucket = s3.Bucket('my-testing-bucket') rp1 = aws.iam.RolePolicy( "my-test-policy", role=role.id, opts=pulumi.ResourceOptions(depends_on=[bucket]), policy=json.dumps({ "Version": "2012-10-17", "Statement": [ { "Action": ["s3:PutObject", "s3:ListBucket", "s3:GetObject"], "Effect": "Allow", "Resource": [bucket.arn], "Sid": "1" } ] }) )
  • e

    early-postman-62454

    07/08/2022, 6:01 AM
    code is simple as above
  • e

    early-postman-62454

    07/08/2022, 6:01 AM
    but it looks like the
    [bucket.arn]
    part cannot be JSONified
    b
    • 2
    • 4
  • e

    early-postman-62454

    07/08/2022, 6:02 AM
    if I change it to
    ["%s" % bucket.arn]
    JSONify is ok but AWS API returns
    [aws-sdk-go] DEBUG: Validate Response iam/PutRolePolicy failed, attempt 0/25, error MalformedPolicyDocument: Partition "
    which is weird
  • e

    early-postman-62454

    07/08/2022, 6:03 AM
    it must be something really simple
  • e

    early-postman-62454

    07/08/2022, 6:03 AM
    please hlep
  • a

    ambitious-agent-35343

    07/08/2022, 11:18 AM
    Any example of Pulumi [Python, AWS] + ArgoCD with Kustomize?
    b
    • 2
    • 1
  • s

    steep-toddler-94095

    07/08/2022, 6:28 PM
    re-asking this: is there a recommended way to scale usage of the pulumi-k8s-operator?
    b
    s
    • 3
    • 7
  • c

    crooked-laptop-67565

    07/08/2022, 7:33 PM
    Anyone have guidance on how to combine a system like AWS Secrets Manager with Pulumi? Currently I'm using
    Config.requireSecret
    to create k8s secrets from Pulumi's config store, eg for my database password. But Secrets Manager's code samples suggest having apps retrieve secrets directly from Secrets Manager. I'm also thinking that rather than using
    Config.requireSecret
    my Pulumi code could fetch credentials from Secrets Manager and use those to create the k8s secrets...?
    b
    • 2
    • 8
  • m

    mammoth-salesclerk-61945

    07/09/2022, 1:40 AM
    so I was wondering if I can get feedback on the following suggestion. https://github.com/pulumi/pulumi/issues/9954 tl;dr when you forget to set a config value, pulumi just asks you what the value is and continues running your program instead of crashing.
  • g

    gentle-advantage-80069

    07/09/2022, 2:23 PM
    getting error when trying to set the org, its taking my machine name and throwing error, can someone help please (am using gcp bucket as my backend state storage)
    b
    g
    m
    • 4
    • 9
  • e

    early-postman-62454

    07/10/2022, 8:45 AM
    Hi, is it possible to use pulumi in a Glue + Athena setup? The plan is to create database, table, etc in Glue and then setup datasource in Athena, like what's in the console. But currently pulumi API for Athena has database and catalog. Is it out of date?
  • g

    gentle-advantage-80069

    07/10/2022, 11:08 AM
    Hi, how can i pass "backend value" while creating a project ? https://www.pulumi.com/docs/intro/concepts/state/#logging-in This articles says to edit the pulumi.yaml to configure backend, but i want to pass the backend url while creating the project itself , how can i achieve that
    b
    • 2
    • 1
  • p

    prehistoric-sandwich-7272

    07/10/2022, 11:22 AM
    Hey Guys, I have an issue with Pulumi on Golang. I am trying to create a new EKS Cluster, and pass the
    clusterArgs
    the subnet ID’s of the VPC I have created in a different stack. I am getting the output from the stack reference like this:
    stack, err := pulumi.NewStackReference(ctx, Name, nil)
    if err != nil {
       log.Fatalf("Got error while trying to get a new stack reference! Error: %s", err)
    }
    VpcPublicSubnetIdsOutput := stack.GetStringOutput(pulumi.String("vpcPublicSubnetIds"))
    vpcPrivateSubnetIdsOutput := stack.GetStringOutput(pulumi.String("vpcPrivateSubnetIds"))
    
    VpcPublicSubnetIds := pulumi.ToStringArrayOutput([]pulumi.StringOutput{VpcPublicSubnetIdsOutput})
    vpcPrivateSubnetIds := pulumi.ToStringArrayOutput([]pulumi.StringOutput{vpcPrivateSubnetIdsOutput})
    So VpcPublicSubnetIds & vpcPrivateSubnetIds are both of type
    pulumi.StringArrayOutput
    But I can’t figure out how to pass the subnet ID’s to the clusterArgs, by indexing the elements from VpcPublicSubnetIds & vpcPrivateSubnetIds ! I tried doing it like this:
    eksCluster, err := eks.NewCluster(ctx, values.Name, &eks.ClusterArgs{
       Name:  pulumi.StringPtr(values.Name),
       VpcId: vpcId,
       PublicSubnetIds: pulumi.StringArray{
          pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(0))),
          pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(1))),
          pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(2))),
          pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(3))),
       },
       PrivateSubnetIds: pulumi.StringArray{
          pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(0))),
          pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(1))),
          pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(2))),
          pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(3))),
       },
    what am I doing wrong?
  • s

    sparse-intern-71089

    07/10/2022, 6:26 PM
    This message was deleted.
    b
    • 2
    • 1
  • s

    sparse-intern-71089

    07/10/2022, 8:18 PM
    This message was deleted.
    b
    • 2
    • 1
  • p

    proud-mechanic-27789

    07/10/2022, 8:35 PM
    Hi everyone, I want to save my pulumi stack to s3. how can I setup endpoint url?
    d
    • 2
    • 2
  • s

    stocky-petabyte-29883

    07/11/2022, 8:07 AM
    Hi Guys I want to read a remote file(possibly using remoteasset) and then use the file contents for creating an iam policy.
    const albPolicy = new aws.iam.Policy("alb-policy", {
        name: "AWSLoadBalancerControllerIAMPolicy",
        policy: new pulumi.asset.RemoteAsset("<https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.0/docs/install/iam_policy.json>"),
        tags: {
            Environment: stack,
        },
    });
    The code I sent doesn't work, but is there any way to achieve this?
Powered by Linen
Title
s

stocky-petabyte-29883

07/11/2022, 8:07 AM
Hi Guys I want to read a remote file(possibly using remoteasset) and then use the file contents for creating an iam policy.
const albPolicy = new aws.iam.Policy("alb-policy", {
    name: "AWSLoadBalancerControllerIAMPolicy",
    policy: new pulumi.asset.RemoteAsset("<https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.0/docs/install/iam_policy.json>"),
    tags: {
        Environment: stack,
    },
});
The code I sent doesn't work, but is there any way to achieve this?
View count: 2