https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • b

    breezy-queen-71785

    07/11/2022, 8:37 AM
    Hey guys, new to the pulumi world. I'm trying to make aws eks cluster with alb attached. Do you have any good resource that I can look for as an example? I've found one here https://www.learnaws.org/2021/06/22/aws-eks-alb-controller-pulumi/
    j
    • 2
    • 1
  • d

    dazzling-oxygen-84405

    07/11/2022, 9:47 AM
    Is it possible to define a relationship like “if this resource is deleted, all of these associated resources are implicitly deleted”? The specific problem I have is using the new
    Command
    module, if my instance is deleted, Pulumi tries to execute the
    delete
    part of the command, which is no longer possible. So I want to tell it to just give up on cleaning up any commands that were run on a deleted instance. Is something like this possible? Right now, I have to manually edit my state to clean them up.
    l
    • 2
    • 8
  • j

    jolly-plumber-1488

    07/11/2022, 11:07 AM
    Hi guys, has anyone seen this error before when creating eks cluster?
    Message_: "Security group(s) [sg-0cb56162e90f5f571] are not in the same VPC as the subnets. Please specify a security group that is associated with the VPC: vpc-0b6bc0745054144c7."
    This the python code to create cluster:
    cluster = eks.Cluster(
        cluster_name,
        version="1.22",
    
        skip_default_node_group=True,
    
        vpc_id=vpc.id,
        public_subnet_ids=vpc.public_subnet_ids,
        node_associate_public_ip_address=False,
        private_subnet_ids=vpc.private_subnet_ids,
        cluster_security_group=cluster_sg,
    
        service_role=cluster_role,
        instance_roles=[node_role],
    
        create_oidc_provider=True,
    
        cluster_tags=common_tags
    )
    I know EKS will create a separate security group for cluster service, but seems it’s using my default VPC instead of the
    vpc.id
    that I passed.
    m
    • 2
    • 9
  • f

    flat-umbrella-41594

    07/11/2022, 12:53 PM
    Does anyone know the Self Hosted Pulumi (Enterprise) Default admin credentials?
    b
    • 2
    • 3
  • r

    rapid-football-44318

    07/11/2022, 2:28 PM
    Hi, A question on the Azure Web Apps and having all the existing App Settings wiped!! It appears that any non-Pulumi app settings are getting wiped even when Pulumi indicates that it will not be updating the App Settings. This was a Pulumi Preview --diff for a function app of mine. No AppSetting changes indicated. I did the Pulumi Up and all existing App Settings were deleted. Very annoying!! This was after doing a Refresh and then also an Import to ensure all existing settings were discovered. However it does not appear that AppSettings are gathered into state using either. Is this expected behaviour or am I missing something? Ran
    pulumi preview --target 'urn:pulumi:qa::gqt::azure-native:web:WebApp::######-func-gqtproperty-qa-ne' --diff
    Got following response
    Build succeeded.
        0 Warning(s)
        0 Error(s)
    
    Time Elapsed 00:00:00.75
    
    'dotnet build -nologo .' completed successfully
      pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:qa::gqt::pulumi:pulumi:Stack::gqt-qa]
        --outputs:--
      + Readme: output<string>
        ~ azure-native:web:WebApp: (update)
            [id=/subscriptions/#####/resourceGroups/#####-rg-gqt-qa-ne/providers/Microsoft.Web/sites/#####-func-gqtproperty-qa-ne]
            [urn=urn:pulumi:qa::gqt::azure-native:web:WebApp::#####-func-gqtproperty-qa-ne]
            [provider: urn:pulumi:qa::gqt::pulumi:providers:azure-native::default_1_64_1::2ed5c319-5430-469d-9031-83ac95dd6fc9 => urn:pulumi:qa::gqt::pulumi:providers:azure-native::default_1_66_0::f2b4d03f-0b4d-4628-8f22-da8abd55a375]
          ~ tags                  : {
              ~ Purpose: "Contain Bedroom Genie Resources" => "Contains Groups Quoting Tool (GQT) Resources"
            }
          ~ virtualNetworkSubnetId: "/subscriptions/#####/resourceGroups/#####-rg-network-qa-Ne/providers/Microsoft.Network/virtualNetworks/#####-vnet-intrt-qa-Ne/subnets/#####-snet-intrt-qa-Ne-002" => "/subscriptions/#####/resourcegroups/#####-rg-network-qa-ne/providers/microsoft.network/virtualnetworks/#####-vnet-intrt-qa-ne/subnets/#####-snet-intrt-qa-ne-002"
    Resources:
        ~ 1 to update
        124 unchanged
    My WebApp code looks like
    var webAppArgs = new WebAppArgs
    {
    	Name = funcAppName,
    	Kind = "functionapp,linux",
    	ResourceGroupName = args.ResourceGroupName,
    	ServerFarmId = args.ServerFarmId,
    	HttpsOnly = true,
    	SiteConfig = new SiteConfigArgs
    	{
    		Cors = new CorsSettingsArgs() { AllowedOrigins = "*" },
    		AlwaysOn = true,
    		AppSettings = new[]
    		{
    			new NameValuePairArgs
    			{
    				Name = "AzureWebJobsStorage",
    				Value = AsfPulumiHelper.GetConnectionString(args.ResourceGroupName,
    					args.FuncStorageAccountName),
    			},
    			new NameValuePairArgs
    			{
    				Name = "FUNCTIONS_WORKER_RUNTIME",
    				Value = "dotnet",
    			},
    			new NameValuePairArgs
    			{
    				Name = "FUNCTIONS_EXTENSION_VERSION",
    				Value = "~4"
    			},
    			new NameValuePairArgs
    			{
    				Name = "APPLICATIONINSIGHTS_CONNECTION_STRING",
    				Value = Output.Format($"InstrumentationKey={args.AppInsightsInstrumentKey}"),
    			},
    			new NameValuePairArgs
    			{
    				Name = "APPINSIGHTS_INSTRUMENTATIONKEY",
    				Value = args.AppInsightsInstrumentKey
    			},
    		}
    	},
    	Identity = new Pulumi.AzureNative.Web.Inputs.ManagedServiceIdentityArgs
    	{
    		Type = ManagedServiceIdentityType.SystemAssigned,
    	},
    	Tags = args.Tags
    };
    if (!string.IsNullOrEmpty(args.VnetSubNetId))
    {
    	webAppArgs.VirtualNetworkSubnetId = args.VnetSubNetId;
    }
  • s

    steep-island-39848

    07/11/2022, 3:46 PM
    Hi, I am using the automation API and to test certain workflows that use infrastructure that’s managed by Pulumi I’d like to run tests in one stack per test each. That works, but now I am accumulating empty stacks. Is there a way to remove a stack programmatically, i.e. other than through
    pulumi stack rm
    ?
    stack.Destroy()
    only removes resources, but keeps the stack itself.
    q
    w
    • 3
    • 3
  • c

    crooked-laptop-67565

    07/11/2022, 10:28 PM
    Are intermittent errors like this a known issue? Happens to me about every 3-4 runs of
    pulumi up
    . Re-running without changes usually works
    error: could not read plugin [/Users/craigglennie/.pulumi/plugins/resource-aws-v5.9.2/pulumi-resource-aws] stdout: EOF
    l
    • 2
    • 5
  • h

    high-cricket-61841

    07/11/2022, 10:37 PM
    Is there a way to see what stacks in an organization are using the stack outputs of particular stack? For example, if stack "Org/A " has a stack output "output1" can I see all stacks within "Org" that are using "output1" from stack "Org/A" without manually looking through all stacks?
    f
    • 2
    • 2
  • f

    future-refrigerator-88869

    07/11/2022, 10:42 PM
    I am having a problem with the pulumi spot fleet request, maybe someone can help. Everything works as expected, except when i try to destroy the stack. Because pulumi doesn't wait for the ec2 instances of the spot request to be deleted, it starts romoving the VPC which removes the internet gateway and all other associated resources. It then waits until the subnet can be deleted which happens after the actual instance is terminated. Becuase of this behaviour, the ec2 instance cannot trigger an http call that I have configured on termination. (no internet gateway, no security group to allow any traffic). Anyone has any ideas how to tell pulumi to basically remove spot fleet request, then maybe wait 2 minutes, then continue to remove the vpc and its resources?
    l
    h
    • 3
    • 6
  • c

    crooked-laptop-67565

    07/12/2022, 3:21 AM
    When I run
    pulumi new
    with an AWS template it asks for the AWS region. How do I change the region later? I don't see it anywhere in the project files
    l
    • 2
    • 4
  • n

    nice-plastic-94318

    07/12/2022, 8:34 AM
    What is the best way to handle when normal operation hits IAC'y code ? With IAC'y code I mean when under normal operation the code needs to create or destroy resources or make configuations of those resources. Examples from Azure Example 1: a user is added to a customer. In application that adds a subscription for a topic in the Azure Event Grid. Is this IAC that Pulumi should handle or just in code as it is not IAC'y enough ? Example 2: a new customer is added. In application that adds a container on the blob storages for documents for that customer so it is easier to adhere to GDPR. IAC'y ? Example 3: a new customer is added. The creation of a new database is made for the customers data. IAC'y? Example 4: a new customer is added. The autorization system creates the default setup for the customer. IAC'y? #general
    l
    • 2
    • 5
  • s

    steep-island-39848

    07/12/2022, 9:14 AM
    In case this is also used as a feedback channel I’ll drop a tiny feature request: I’d love a little reload button in the Pulumi web UI, like it’s also available in the GCP or AWS UIs, to refresh changes without having to reload the whole page. I didn’t need it in the past but now I’m using the automation API and find myself debugging using the web UI Cheers and thanks for your great work 🚀
    l
    b
    • 3
    • 2
  • a

    ambitious-agent-35343

    07/12/2022, 1:38 PM
    Should I separate the ArgoCD manifests repo and Pulumi IaC repo?
    w
    • 2
    • 2
  • a

    average-tiger-58107

    07/12/2022, 2:09 PM
    Hey team, I've been using API Gateway to serve static files, essentially doing what is specified in the docs here. The only trouble I am having is getting the content of the s3 bucket to deterministically change based on changes to file contents on my local file system. Ideallly, I would like to keep the
    localPath
    and
    path
    static, but ensure that the resource is updated each time the file contents change. Reading this document, it suggests this would be the default behavior. Am I misunderstanding something?
    • 1
    • 1
  • a

    ambitious-lifeguard-6753

    07/12/2022, 2:35 PM
    Hey guys, I've been setting up an AWS WAFV2 and have been running into issues where pulumi assumes my rules for my webacl have been changed every time I
    pulumi up
    . I know sometimes it has to do with some default values in a field that need to be provided but in this case, I'm not too sure which field I'm missing. Here is the example code
    m
    • 2
    • 2
  • c

    cold-toothbrush-60276

    07/12/2022, 3:00 PM
    hi, is there a way to use stack references when storing state in s3 buckets?
    m
    v
    +2
    • 5
    • 30
  • f

    fancy-spoon-7206

    07/12/2022, 3:16 PM
    How do I remove stale stacks that are in a weird state? These are stacks that were never deleted as something went wrong during testing and they were not cleaned up. For more context, I am using the integration testing set up using Golang.
    ➜ vpc-builder (main) ✔ pulumi stack rm p-it-ny6j4r57fl-aep-base-i-1768dd0e
    error: failed to decrypt: incorrect passphrase, please set PULUMI_CONFIG_PASSPHRASE to the correct passphrase or set PULUMI_CONFIG_PASSPHRASE_FILE to a file containing the passphrase
  • m

    magnificent-sugar-26362

    07/12/2022, 5:32 PM
    👋 Hi everyone!
    👋🏼 1
    👋 1
  • m

    many-spring-73557

    07/12/2022, 6:15 PM
    I want to make sure that we’re running commands on a stack against the correct AWS account. My first approach is to use
    aws.getCallerIdentity({})
    to get the accountId and compare it, but that’s not possible:
    const accountId = await aws.getCallerIdentity({}).then(current => current.accountId);
    
    if((pulumi.getStack() == "prod" && accountId != "512302493601") || (pulumi.getStack() != "prod" && accountId != "497659568814")) {
      process.exit(1);
    }
    (
    await
    can only be used against an async function). I also tried
    await aws.getCallerIdentity({})
    and got the same result. Any suggestions? I want to add a little safeguard so we don’t inadvertently run stack commands against the wrong account.
    f
    • 2
    • 4
  • m

    microscopic-postman-4756

    07/12/2022, 6:27 PM
    Is anyone running their Pulumi stack in something like AWS Lambda? As in,
    index.ts
    of Pulumi is actually a function and I can trigger it from all the usual lambda sources?
    b
    • 2
    • 5
  • a

    acoustic-tiger-77630

    07/12/2022, 6:57 PM
    Does anyone knows where I can watch previously recorded Pulumi Webinars?
  • w

    wooden-hydrogen-21594

    07/12/2022, 8:43 PM
    Hello everyone 👋 I couldn't find example in TS how to set up Route53 / ALB / ECS / Fargate / RDS in VPC with needed SGs. Could anyone share such example?
    c
    w
    • 3
    • 6
  • s

    swift-intern-18856

    07/12/2022, 9:03 PM
    Having a really confusing problem creating a CRD object that I generated using crd2pulumi. The diff shows the correct spec for the resource I’m trying to create, but when I actually execute I get
    [spec.source: Invalid value: "string": spec.source in body must be of type object: "string", <nil>: Invalid value: "": "spec.source" must validate one and only one schema (oneOf). Found 2 valid alternatives]
    indicating that a nil or empty value is actually being passed to k8s and failing validation server side. Since the diff is correct and shows the populated value, I have no idea how to debug. Any ideas? EDIT: Figured this out, the type was generated as
    any
    and I was improperly supplying the wrong value due to type inference missing.
  • c

    crooked-laptop-67565

    07/12/2022, 10:01 PM
    I'm working with a third-party plugin (Twingate) and I think I've found a bug in the plugin, but just want to check the expected behaviour before I report it or try to fix it. I am running
    pulumi refresh
    and it's giving an error about not finding an expected Twingate resource (because it's been deleted via the Twingate UI). IMO this should update the current state by removing the resource, rather than failing with an error. Does that seem right?
  • c

    crooked-laptop-67565

    07/12/2022, 10:02 PM
    Currently I'm fixing it by running
    pulumi export
    and removing the deleted resource from the JSON
  • c

    crooked-laptop-67565

    07/12/2022, 10:04 PM
    To clarify: The whole
    refresh
    is failing because of this error, it's just not failing to update the one missing resource
  • w

    wonderful-midnight-15751

    07/12/2022, 10:40 PM
    Hi everyone! I am playing a little bit with Pulumi to get into it. I tried out the google-native sdk. I wrote following code:
    import * as gcp from "@pulumi/google-native";
    
    const customProvider = new gcp.Provider("default",{
        project: "12312312"
    })
    
    const agent = new gcp.dialogflow.v3.Agent("Test", {
        defaultLanguageCode: "DE",
        displayName: "Pulumi-Demo",
        timeZone: "Europe/Berlin",
        location: "global",
    }, {
        provider: customProvider
    })
    
    const page = new gcp.dialogflow.v3.Page("basicPage", {
        agentId: agent.id,
        displayName: "BasicPage",
        flowId: agent.startFlow,
        location: "global",
    }, {
        provider: customProvider
    })
    Poorly I am getting the following error message:
    error: error sending request: googleapi: Error 400: com.google.apps.framework.request.BadRequestException: Page name should not be specified as it will be automatically generated by Dialogflow upon creation.: "<https://dialogflow.googleapis.com/v3/projects/.../locations/global/agents/v3%2Fprojects%2Flocations%2Fglobal%2Fagents%2Fc6e7342e-3385-4846-af64-cbf6918c2b39/flows/projects%2FFlocations%2Fglobal%2Fagents%2Fc6e7342e-3385-4846-af64-cbf6918c2b39%2Fflows%2F00000000-0000-0000-0000-000000000000/pages>" map[__autonamed:true agentId:v3/projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39 displayName:Hallo flowId:projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39/flows/00000000-0000-0000-0000-000000000000 location:global name:projects/.../locations/global/agents/v3/projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39/flows/projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39/flows/00000000-0000-0000-0000-000000000000/pages/5757dc8e-e2ce-4d51-a257-675cd7c00e01-5bc9156 project:...]
    It seams Pulumi wants to set the name / id of the page. But google does not allow it. Someone who tried this earlier? Thanks for helping!
  • a

    able-engineer-79880

    07/13/2022, 3:16 AM
    Hi All, I'm a noob to typescript but have a bit of experience with pulumi. I'm trying to find a way to define an array in my stack yaml (Pulumi.int.yaml) and reference the array within a class and pass it as an array to azure.network.Subnet. eg. My class looks like
    export class subNet {
        constructor(name: string) {
            const data = new azure.network.Subnet("data", {
                addressPrefixes: [config.require('datasubnetrange')],
                enforcePrivateLinkEndpointNetworkPolicies: true,
                name: "data",
                resourceGroupName: "dpc-spi-networking-"+config.require('envid')+"-rg-aue-"+config.require('index'),
                serviceEndpoints: [
                    //"Microsoft.KeyVault",
                    //"Microsoft.AzureActiveDirectory",
                    //"Microsoft.Storage",
                    //"Microsoft.Sql",
                    config.require('serviceEndpoints')
                ],
                virtualNetworkName: "dpc-vnet-spi-"+config.require('envid')+"-aue-"+config.require('index'),
            }, {
                protect: true,
            });
        }
    }
    My stack yaml will look something like
    env:serviceEndpoints:
        - Microsoft.KeyVault
        - Microsoft.AzureActiveDirectory
        - Microsoft.Storage
        - Microsoft.Sql
    I've tried everything I can think of. Any help would be greatly appreciated.
    q
    • 2
    • 3
  • h

    helpful-account-44059

    07/13/2022, 7:27 AM
    Hi, when i execute
    pulumi refresh
    , i got these errors, i'm sure i have the correct aws profile config
    aws:ec2:SecurityGroup (relation-nodeSecurityGroup):
        error: Preview failed: 1 error occurred:
        	* error configuring Terraform AWS Provider: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 3 errors occurred:
        	* failed getting account information via iam:GetUser: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
        	status code: 403, request id: 34fa5f6b-9d3a-420a-a840-3c5a1c0a1cc2
        	* error calling sts:GetCallerIdentity: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
        	status code: 403, request id: 64751105-14bb-40e7-b12d-2b94e75a9280
        	* failed getting account information via iam:ListRoles: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
        	status code: 403, request id: 70da462e-b97e-42f2-a389-62147dd6c695
    a
    l
    • 3
    • 2
  • j

    jolly-church-88521

    07/13/2022, 10:25 AM
    Quick question, I’m trying to re-create access to one of my pulumi infra. What I did is I downloaded
    state.json
    file from S3 bucket and now I’m trying to do something like this:
    ➜  sandbox git:(main) ✗ pulumi stack import --file state.json
    error: this command requires a stack, but there are none
    ➜  sandbox git:(main) ✗ pulumi stack import --stack eba --file state.json
    error: no stack named 'eba' found
    Am I missing something? I don’t see any other options for
    import
    argument. And I see
    eba
    name in the state.json file:
    ➜  sandbox git:(main) ✗
    {
        "version": 3,
        "checkpoint": {
            "stack": "eba", (...)
    e
    • 2
    • 11
Powered by Linen
Title
j

jolly-church-88521

07/13/2022, 10:25 AM
Quick question, I’m trying to re-create access to one of my pulumi infra. What I did is I downloaded
state.json
file from S3 bucket and now I’m trying to do something like this:
➜  sandbox git:(main) ✗ pulumi stack import --file state.json
error: this command requires a stack, but there are none
➜  sandbox git:(main) ✗ pulumi stack import --stack eba --file state.json
error: no stack named 'eba' found
Am I missing something? I don’t see any other options for
import
argument. And I see
eba
name in the state.json file:
➜  sandbox git:(main) ✗
{
    "version": 3,
    "checkpoint": {
        "stack": "eba", (...)
e

echoing-dinner-19531

07/13/2022, 10:31 AM
stack init
to create a new stack first.
j

jolly-church-88521

07/13/2022, 10:37 AM
Thanks. I still have some issue with the state file:
➜  sandbox git:(main) ✗ pulumi stack import --stack eba --file eba.json
error: could not deserialize deployment: unexpected end of JSON input
File looks valid to me (I double checked it with Go).
e

echoing-dinner-19531

07/13/2022, 10:42 AM
How did you check its valid?
j

jolly-church-88521

07/13/2022, 10:42 AM
I have a tool in Go for checking json.
I think it’s working now. I added local storage for the state file:
pulumi login file:///...
and I copied file there (without using import):
cp state.json state/.pulumi/stacks/eba.json
and now I see stack and resources.
e

echoing-dinner-19531

07/13/2022, 10:44 AM
hmm odd that import didn't like it, I thought the format written by filestate would match what import expected
but glad something worked out
j

jolly-church-88521

07/13/2022, 10:45 AM
According to the documentation it should work 😕 So no idea why I run into this. At least the same file works fine when I move it to the new stack directory 🙂
View count: 15