If I

curl '<https://21d11ca8c29669f0b6b22de0b70e2570.gr7.us-east-2.eks.amazonaws.com/openapi/v2?timeout=32s>'

I get the error

curl: (6) Could not resolve host: <http://21d11ca8c29669f0b6b22de0b70e2570.gr7.us-east-2.eks.amazonaws.com|21d11ca8c29669f0b6b22de0b70e2570.gr7.us-east-2.eks.amazonaws.com>

but I don't know where this URL comes from or why Pulumi thinks it should be able to connect to it

Hi Everyone! If my js based stack is split across files, how do I reference resources across files. One option is to pass them around. But I see lot of pulumi documentation reference existing resources by e.g. aws_iam_role.example.name (which is how I did this in terraform). However I couldn't figure out a way to get this done with pulumi. Thanks 🙂

Is there a way to await the creation of resources? I read through the Inputs and Outputs section, and I use interpolation in some fields. For a concrete example, I create a GCP project and then a bucket in that project. The bucket creation fails because the project is not created. At the same time, the documentation says I should not be allocating resources in callbacks, but it's precisely what I seem to need

pulumi:pulumi:Stack pulumi-infrastructure-network.dev running Calling __str__ on an Output[T] is not supported.
    pulumi:pulumi:Stack pulumi-infrastructure-network.dev running To get the value of an Output[T] as an Output[str] consider:
    pulumi:pulumi:Stack pulumi-infrastructure-network.dev running 1. o.apply(lambda v => f"prefix{v}suffix")
    pulumi:pulumi:Stack pulumi-infrastructure-network.dev running See <https://pulumi.io/help/outputs> for more details.
    pulumi:pulumi:Stack pulumi-infrastructure-network.dev running This function may throw in a future version of Pulumi.
    pulumi:pulumi:Stack pulumi-infrastructure-network.dev  5 messages

Hello Guys, Any clue why pulumi is throwing the following warning. I am create a aws vpc and then using the

vpc.id

field

Hello Everyone I am using classic gcp library version 6.28 to get the getIamPolicy but getting the following error

error: Error: invocation of gcp:organizations/getIAMPolicy:getIAMPolicy returned an error: unknown Invoke type "gcp:organizations/getIAMPolicy:getIAMPolicy"

at Object.callback (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@pulumi/runtime/invoke.ts:159:33)

at Object.onReceiveStatus (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/client.ts:338:26)

at Object.onReceiveStatus (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/client-interceptors.ts:426:34)

at Object.onReceiveStatus (/home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/client-interceptors.ts:389:48)

at /home/workstation/thx/workspace/shared-services/30062022/thxcs-shared-services/node_modules/@grpc/grpc-js/src/call-stream.ts:276:24

Here is my code

private createIAMBinding = (gsaKsaBinding: string, ksa: k8s.core.v1.ServiceAccount): void =>{
        let account =pulumi.interpolate`serviceAccount:<projectId>.svc.id.goog[${this.namespace}/${ksa.metadata.name}]`;
        const iam_role = gcp.organizations.getIAMPolicy({
            bindings: [{
                role: "roles/iam.workloadIdentityUser",
                members: [account.get.name],
            }],
        },{provider: this.provider});
        
        new  gcp.serviceaccount.IAMPolicy(gsaKsaBinding, {
            serviceAccountId: this.serviceAccountEmailId,
            //project: project,
            policyData: iam_role.then(iam_role => iam_role.policyData),
        }, { dependsOn: [ksa], provider: this.provider });
    }

Is there any clue why pulumi is throwing it

Hey all, I’m using Pulumi TLS plugin, does anyone know if I can import existing LocallySignedCert?

Hi all, this is about the Pulumi GitHub action — we’ve seen most of our workflows using this break overnight with the release of v3.18.0. Looks like the issue has been reported here a few hours ago, but I wanted to get this on the radar (and possibly ask if a rollback to v3.17.0 is possible until it’s fixed? we don’t have our workflows pegged to a specific minor version)

Hello All, Looking for some assistance in the creation of a subnet with a delegation. The documentation with the example has the same example as the creation of the subnet. Please see below link. https://www.pulumi.com/registry/packages/azure-native/api-docs/network/subnet/#delegation

I am having a bit of a hard time figuring out how I can ignore specific keys of the form: {[key: string]: string} Specifically: https://www.pulumi.com/registry/packages/gcp/api-docs/cloudrun/service/#annotations_nodejs

Hey guys 🙂 I’m trying to work with stackReferences The idea is to have a core stack deploying sensitive infra like a k8s cluster. And other stacks that will deploy resources into the cluster. The sensitive cluster needs to export the kubeconfig as output. But i only want that certain stacks can read it. Are there any permission boundaries that can be setup to prevent random stacks in the organization from reading sensitive stack outputs? Or any output in any stack is readable by any other stack, and hence any other user, etc

How do I refresh pulumi state for my stack to sync with the actual state of my cloud infra? Namely, I have k8s resources (service, deployment, ingress) showing in my state, but the cluster was manually deleted. When I do

pulumi refresh

, I get the following error for these k8s resources:

failed to read resource state due to unreachable cluster. If the cluster has been deleted, you can edit the pulumi state to remove this resource

So I get the URN by executing

pulumi stack --show-urns

. But when I copy the URN for the k8s resource in to

pulumi state delete <urn>

, I see the error:

No such resource "<urn>" exists in the current state

Is there a way to sync state so I can reliably do

pulumi destroy/up

again with the correct assumptions about current state of cloud infra?

Hi I am having trouble creating a s3 bucket and a IAM policy for accessing it

bucket = s3.Bucket('my-testing-bucket') rp1 = aws.iam.RolePolicy( "my-test-policy", role=role.id, opts=pulumi.ResourceOptions(depends_on=[bucket]), policy=json.dumps({ "Version": "2012-10-17", "Statement": [ { "Action": ["s3:PutObject", "s3:ListBucket", "s3:GetObject"], "Effect": "Allow", "Resource": [bucket.arn], "Sid": "1" } ] }) )

code is simple as above

but it looks like the

[bucket.arn]

part cannot be JSONified

if I change it to

["%s" % bucket.arn]

JSONify is ok but AWS API returns

[aws-sdk-go] DEBUG: Validate Response iam/PutRolePolicy failed, attempt 0/25, error MalformedPolicyDocument: Partition "

which is weird

it must be something really simple

please hlep

Any example of Pulumi [Python, AWS] + ArgoCD with Kustomize?

re-asking this: is there a recommended way to scale usage of the pulumi-k8s-operator?

Anyone have guidance on how to combine a system like AWS Secrets Manager with Pulumi? Currently I'm using

Config.requireSecret

to create k8s secrets from Pulumi's config store, eg for my database password. But Secrets Manager's code samples suggest having apps retrieve secrets directly from Secrets Manager. I'm also thinking that rather than using

Config.requireSecret

my Pulumi code could fetch credentials from Secrets Manager and use those to create the k8s secrets...?

so I was wondering if I can get feedback on the following suggestion. https://github.com/pulumi/pulumi/issues/9954 tl;dr when you forget to set a config value, pulumi just asks you what the value is and continues running your program instead of crashing.

getting error when trying to set the org, its taking my machine name and throwing error, can someone help please (am using gcp bucket as my backend state storage)

Hi, is it possible to use pulumi in a Glue + Athena setup? The plan is to create database, table, etc in Glue and then setup datasource in Athena, like what's in the console. But currently pulumi API for Athena has database and catalog. Is it out of date?

Hi, how can i pass "backend value" while creating a project ? https://www.pulumi.com/docs/intro/concepts/state/#logging-in This articles says to edit the pulumi.yaml to configure backend, but i want to pass the backend url while creating the project itself , how can i achieve that

Hey Guys, I have an issue with Pulumi on Golang. I am trying to create a new EKS Cluster, and pass the

clusterArgs

the subnet ID’s of the VPC I have created in a different stack. I am getting the output from the stack reference like this:

stack, err := pulumi.NewStackReference(ctx, Name, nil)
if err != nil {
   log.Fatalf("Got error while trying to get a new stack reference! Error: %s", err)
}
VpcPublicSubnetIdsOutput := stack.GetStringOutput(pulumi.String("vpcPublicSubnetIds"))
vpcPrivateSubnetIdsOutput := stack.GetStringOutput(pulumi.String("vpcPrivateSubnetIds"))

VpcPublicSubnetIds := pulumi.ToStringArrayOutput([]pulumi.StringOutput{VpcPublicSubnetIdsOutput})
vpcPrivateSubnetIds := pulumi.ToStringArrayOutput([]pulumi.StringOutput{vpcPrivateSubnetIdsOutput})

So VpcPublicSubnetIds & vpcPrivateSubnetIds are both of type

pulumi.StringArrayOutput

But I can’t figure out how to pass the subnet ID’s to the clusterArgs, by indexing the elements from VpcPublicSubnetIds & vpcPrivateSubnetIds ! I tried doing it like this:

eksCluster, err := eks.NewCluster(ctx, values.Name, &eks.ClusterArgs{
   Name:  pulumi.StringPtr(values.Name),
   VpcId: vpcId,
   PublicSubnetIds: pulumi.StringArray{
      pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(0))),
      pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(1))),
      pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(2))),
      pulumi.StringInput(VpcPublicSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(3))),
   },
   PrivateSubnetIds: pulumi.StringArray{
      pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(0))),
      pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(1))),
      pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(2))),
      pulumi.StringInput(vpcPrivateSubnetIds.Index(<http://pulumi.Int|pulumi.Int>(3))),
   },

what am I doing wrong?

This message was deleted.

This message was deleted.

Hi everyone, I want to save my pulumi stack to s3. how can I setup endpoint url?