Currently I'm fixing it by running

pulumi export

and removing the deleted resource from the JSON

To clarify: The whole

refresh

is failing because of this error, it's just not failing to update the one missing resource

Hi everyone! I am playing a little bit with Pulumi to get into it. I tried out the google-native sdk. I wrote following code:

import * as gcp from "@pulumi/google-native";

const customProvider = new gcp.Provider("default",{
    project: "12312312"
})

const agent = new gcp.dialogflow.v3.Agent("Test", {
    defaultLanguageCode: "DE",
    displayName: "Pulumi-Demo",
    timeZone: "Europe/Berlin",
    location: "global",
}, {
    provider: customProvider
})

const page = new gcp.dialogflow.v3.Page("basicPage", {
    agentId: agent.id,
    displayName: "BasicPage",
    flowId: agent.startFlow,
    location: "global",
}, {
    provider: customProvider
})

Poorly I am getting the following error message:

error: error sending request: googleapi: Error 400: com.google.apps.framework.request.BadRequestException: Page name should not be specified as it will be automatically generated by Dialogflow upon creation.: "<https://dialogflow.googleapis.com/v3/projects/.../locations/global/agents/v3%2Fprojects%2Flocations%2Fglobal%2Fagents%2Fc6e7342e-3385-4846-af64-cbf6918c2b39/flows/projects%2FFlocations%2Fglobal%2Fagents%2Fc6e7342e-3385-4846-af64-cbf6918c2b39%2Fflows%2F00000000-0000-0000-0000-000000000000/pages>" map[__autonamed:true agentId:v3/projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39 displayName:Hallo flowId:projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39/flows/00000000-0000-0000-0000-000000000000 location:global name:projects/.../locations/global/agents/v3/projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39/flows/projects/.../locations/global/agents/c6e7342e-3385-4846-af64-cbf6918c2b39/flows/00000000-0000-0000-0000-000000000000/pages/5757dc8e-e2ce-4d51-a257-675cd7c00e01-5bc9156 project:...]

It seams Pulumi wants to set the name / id of the page. But google does not allow it. Someone who tried this earlier? Thanks for helping!

Hi All, I'm a noob to typescript but have a bit of experience with pulumi. I'm trying to find a way to define an array in my stack yaml (Pulumi.int.yaml) and reference the array within a class and pass it as an array to azure.network.Subnet. eg. My class looks like

export class subNet {
    constructor(name: string) {
        const data = new azure.network.Subnet("data", {
            addressPrefixes: [config.require('datasubnetrange')],
            enforcePrivateLinkEndpointNetworkPolicies: true,
            name: "data",
            resourceGroupName: "dpc-spi-networking-"+config.require('envid')+"-rg-aue-"+config.require('index'),
            serviceEndpoints: [
                //"Microsoft.KeyVault",
                //"Microsoft.AzureActiveDirectory",
                //"Microsoft.Storage",
                //"Microsoft.Sql",
                config.require('serviceEndpoints')
            ],
            virtualNetworkName: "dpc-vnet-spi-"+config.require('envid')+"-aue-"+config.require('index'),
        }, {
            protect: true,
        });
    }
}

My stack yaml will look something like

env:serviceEndpoints:
    - Microsoft.KeyVault
    - Microsoft.AzureActiveDirectory
    - Microsoft.Storage
    - Microsoft.Sql

I've tried everything I can think of. Any help would be greatly appreciated.

Hi, when i execute

pulumi refresh

, i got these errors, i'm sure i have the correct aws profile config

aws:ec2:SecurityGroup (relation-nodeSecurityGroup):
    error: Preview failed: 1 error occurred:
    	* error configuring Terraform AWS Provider: AWS account ID not previously found and failed retrieving via all available methods. See <https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id> for workaround and implications. Errors: 3 errors occurred:
    	* failed getting account information via iam:GetUser: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
    	status code: 403, request id: 34fa5f6b-9d3a-420a-a840-3c5a1c0a1cc2
    	* error calling sts:GetCallerIdentity: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
    	status code: 403, request id: 64751105-14bb-40e7-b12d-2b94e75a9280
    	* failed getting account information via iam:ListRoles: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.
    	status code: 403, request id: 70da462e-b97e-42f2-a389-62147dd6c695

Quick question, I’m trying to re-create access to one of my pulumi infra. What I did is I downloaded

state.json

file from S3 bucket and now I’m trying to do something like this:

➜  sandbox git:(main) ✗ pulumi stack import --file state.json
error: this command requires a stack, but there are none
➜  sandbox git:(main) ✗ pulumi stack import --stack eba --file state.json
error: no stack named 'eba' found

Am I missing something? I don’t see any other options for

import

argument. And I see

eba

name in the state.json file:

➜  sandbox git:(main) ✗
{
    "version": 3,
    "checkpoint": {
        "stack": "eba", (...)

Hi, I need a help in updating the service discovery instance's custom attribute. I have created a service discovery in aws via pulumi let it be service A, and it holds only one instance, in that I have added a custom attribute. Now I'm creating a new service B when creating the service B I need to update the service A's custom attribute with the value got from service B. Any help would be greatly appreciated.

Hi, I would like to make a REST API call to an endpoint. I can use the language specific tools (ie for python, `requests`or

urllib

), but I would like pulumi to understand to make the API call only once on the first

pulumi up

. In other words is there a pulumi resource that make REST API call? Thanks

Hi all, I'm interested in transitioning to Pulumi for a fairly large TF repo. I've already tried tf2pulumi and that didn't work, however I have a long car ride coming up where I won't have access to internet and I was thinking about creating it then. Is there a good way to do a testing "plan" without internet access? I just want to see what it would do if it had no real previous state.

was there an incompatible change in the tls provider?

SelfSignedCert.subjects

has changed to subject (singular) and from array to a scalar, but I don't recall changing version in the package.json...

Hi all! I've recently began using Pulumi's automation API to manage Cloudfront Distributions and ran into an efficiency problem. Wondering if someone here could help me out: • I commonly use 4+ distributions for my environments. • Each distribution is taking about 3 minutes to complete. • They all appear to be deploying serially, i.e. one after another. • So, about 12 minutes per execution of the deployment script. _The actual question_: Is it possible to deployment the distributions in parallel instead of one after another? edit: Sorry for all the edits. My brain is frazzled after coding all day.

I have started working with the Auth0 provider and I ran into a problem. I'm trying to configure custom database connection with Auth0. I'm using auth0.Connection. When I run

pulumi up

it says my connection resource was created but I see no update on the Auth0 web ui. When I run

pulumi up

(multiple times) it always ways the plan is to create the "options" on my connection. Even though nothing has changed since the last

pulumi up

. I'm provisioning Connection like this:

auth0.Connection(
            f"{name}-connection",
            options=auth0.ConnectionOptionsArgs(
                brute_force_protection=True,
                custom_scripts={"login": login_script},
                debug=True,
                disable_cache=True,
                disable_signup=True,
                import_mode=False,
                name="Database Connection Opts",
                tenant_domain=auth0.get_tenant().domain,
            ),
            strategy="custom",
            enabled_clients=client_ids,
            display_name="Database Connection",
            opts=opts,
        )

Does anyone have any clue what I might be doing wrong?

Hi, I have created 2 VPCs with Private Subnets in each. Now in future, is it possible to update Routes in a Route tables via pulumi- typescript so as to make a private subnet of VPC-A gets connected to a private subnet of VPC-B via a peering gateway ? I tried my hand with this already but I got few exceptions. So I am not sure if that is possible at all using "getRoutetable". Or is there any other way around. Thanks for any suggestions, help.

So I have two separate projects, one deploys the UI and the other deploys the backend API. The common thing they share is a Kubernetes namespace. Is there a way to have either project deploy the namespace without each project trying to own it? I could create a third project that does the namespace but that is a bit.... cluttered

Hi Looking at awsx vpc package This document mentions about a natgateway strategy, (https://www.pulumi.com/docs/guides/crosswalk/aws/vpc/) However this doesn't seem to be available in the package, only fields found regarding nats are numberOfNatGateways. Am I looking at the wrong place? pulumi AWS Virtual Private Cloud (VPC) Pulumi Crosswalk for AWS provides simple, out of the box VPC functionality that follows widely accepted best practices.

I am seeing conflicting references to whats available in the package https://www.pulumi.com/registry/packages/awsx/api-docs/ec2/vpc/ https://www.pulumi.com/docs/reference/pkg/nodejs/pulumi/awsx/ec2/#Vpc Am I missing something?

Hi, I need help to resolve the following case i face now, Project -1 : First I create "VPC-A" with a Private Subnet without any specific routes. Project - 2: Secondly I create another VPC "VPC-B" with a Public Subnet and 2 Private Subnets. Along with this I establish Peering Connection between these two VPCs and once the peering connection is made, new route tables are created so that the Private Subnets of "VPC B" can "ingress" into Private Subnets of "VPC A". So far so good. Now, I need to add routes to the already existing route table of the Private Subnet of "VPC - A" to egress to Private Subnets of "VPC-B" via the "Peering gateway". Like this I may in future need to add more routes to an existing route table. Is this possible ? i am not trying to import already existing route table outside the pulumi stack. I tried different means and many times i got exception as "trying to create a new route table with an existing name, try give an unique name". Need a helping hand in this .

Hi, I have aws sns topic access policy as picture, it was edited by manual, when i try to translate to pulumi IaC code, it not accepted 1. Statement IDs (SID) must be alpha-numeric.

Check that your input satisfies the regular expression [0-9A-Za-z]*

2. I change the Sid to AllowPublishAlarms

error creating IAM Policy sns-access-policy: MalformedPolicyDocument: Policy document should not specify a principal

const snsAccessPolicy = new aws.iam.Policy("sns-access-policy", {
  name: "sns-access-policy",
  policy: {
    Version: "2012-10-17",
    Statement: [
      {
        Sid: "Allow_Publish_Alarms",
        Effect: "Allow",
        Principal: {
          Service: "<http://aps.amazonaws.com|aps.amazonaws.com>",
        },
        Action: ["sns:Publish", "sns:GetTopicAttributes"],
        Resource: "arn:aws:sns:ap-southeast-1:482414749843:amp-sns-topic",
        Condition: {
          StringEquals: {
            "AWS:SourceAccount": "482414749843",
          },
          ArnEquals: {
            "aws:SourceArn":
              "arn:aws:aps:ap-southeast-1:482414749843:workspace/ws-be6e741f-d8ac-4330-b0fb-6a0c0aa92d6f",
          },
        },
      },
    ],
  },
});

Hello, I'm in the middle of an architecture design but have come to a blocker. I've searched the docs/web but cannot find a way to avoid using local stack config files (i.e.

.yaml

files) for stack configuration settings. Ideally, I would like to use something like AWS SSM or similar to manage all stack config variables. Does anyone know if this is possible or must I use YAML files for stack config?

Hello, May be this thread belongs here. Any help is much appreciated. https://pulumi-community.slack.com/archives/CJ909TL6P/p1657791281703139

Just curious to understand. If we plan to use our own local backend(filesystem), then is it completely free? or do we still need to buy the subscriptions as per the pricing plans mention on Pulumi's website?

Hi there. We're deploying Confluent Kafka clusters with Pulumi, which has been working properly for the Basic cluster type. However we now need to deploy Dedicated Confluent clusters, and there doesn't seem to be an option for this with the API. I do notice that when deploying Dedicated Confluent clusters using their console, that the CKU value is set to

1

by default, and so I've tried to do this with Pulumi, as there is a CKU resource name...but nothing seems to change, ie. the cluster is still Basic type, and there's no CKU property with the cluster at all. Has anyone been able to deploy Dedicated Confluent clusters with Pulumi...or even a Standard cluster type, and if so what am I overlooking here?

Question about some resources that i’ve generated using `crd2Pulumi`: In most regular k8s objects, you have something like

readonly metadata: pulumi.Output<outputs.meta.v1.ObjectMeta>;

on the resource instance. However, on my generated resources, it’s instead

pulumi.Output<k8s.types.input.meta.v1.ObjectMeta>

which leads to weird type juggling. everything works, but i’m not able to do something like

resource.meta.name

as an input to another resource. For reference, the CRDs i’m working with are the

<http://snapshot.storage.k8s.io/v1|snapshot.storage.k8s.io/v1>

which are annoying not part of the standard k8s api although they are standardized (not pulumi’s fault).

Does anyone know if we can create spot fleet scheduled scaling via pulumi ? I have found the

aws.autoscaling.Schedule

but it asks for a group and I'm not sure how to reference the spot fleet request. In the aws console, it looks quite simple. Anyone can point me in the right direction ?

Hello. I am getting an error `error: failed to discover plugin requirements: calling `python -m pip list -v --format json`: exit status 1` when I ran

pulumi up

on an pulumi-aws project. I created the pulumi project a few months back, it was working well that time and I created a few resources. I am re-visiting the project again, and it throws me this error. What could have went wrong? I only updated the pulumi version.

Hi, wondering how I could stop pulumi preview or update when error occurred and handle exceptions however I want. Right now I just throw an exception, it does the work but I see:

error: Program failed with an unhandled exception:

, instead I want a short and clear message.

is it possible to write a component in a component provider that accepts inputs/outputs of raw strings (and other primitives), in addition to promises/(input type)?

Back with n00b questions 🙂 • Context: ◦ I'm using the Automation API and Python. ◦ Working with

aws.cloudfront.Distribution

. ◦ Seems the only way to bounce between regions is to set the

aws:region

configuration. ▪︎ Please correct me if I'm wrong about setting that value. • Questions: ◦ Should the

aws:region

config be changed between calls to

aws.cloudfront.Distribution

, can I expect the subsequent distribution to be deployed in the most resent setting? ◦ If using the stack config to exchange parameters between the local program and the Pulumi program, what is the most effective method of getting a

pulumi.automation.Stack

instance in the Pulumi program? ▪︎ I've considered

__file__

,

pulumi.get_stack()

, and

pulumi.automation.select_stack()

but it seems like I'm missing a more obvious method. ▪︎ Edits: • I'm looking to set new values to the stack's config. • Can confirm that the

pulumi.automation.select_stack()

works.

Hey Can I check if a resource exists in pulumi without throwing an error? I am trying to see if an LB exists and if it does then create some subsequent resources. I tried wrapping the get method in a try catch without much success