Hi Everyone, I'm trying to find some guidance on what to do when a Pulumi App can't complete because its state is out of sync with what does/doesn't exist. (details in thread)

Team, we have

aws eks list-clusters

option in AWS (https://docs.aws.amazon.com/cli/latest/reference/eks/list-clusters.html) Do we have a similar in Pulumi? I could see getcluster and getclusters (https://www.pulumi.com/registry/packages/aws/api-docs/eks/) but here we need to provide the cluster name.

I’m getting a really strange pulumi issue. Today I noticed an package-lock out of sync issue and ran

npm install

to update it. It fixed up a conflict with

ts-node

, but now when I run pulumi to preview one of my stacks I get:

error: Running program '/Users/mbusby/dev/kojo-web-infra' failed with an unhandled exception:
    TSError: ⨯ Unable to compile TypeScript:
    stacks/dev/busby/index.ts(3,36): error TS2554: Expected 1 arguments, but got 2.

The line in question is creating a custom component:

import { DevEBEnv } from '../../../components/DevEBEnv';

new DevEBEnv('kojo-web-dev-busby', { ... }); // <-- this line errors

which is defined like:

export class DevEBEnv extends pulumi.ComponentResource {
  constructor(name: `kojo-${string}-dev-${string}`, opts: DevEBEnvOptions) {

I can’t see why this would be erroring. So I think somehow this change in installed

ts-node

version is breaking the compilation, not sure why, anyone have ideas on how to debug this?

Hello everyone. We run pulumi via the pulumi-kubernetes-operator. After some time the operator stops updating stacks. We were able to track the issue down to zombie processes being left behind by pulumi (and the OS running into the max pid). From what we can see the issue looks something like this: The pulumi operator “up”s a stack. Calling the pulumi binary which runs binaries for the different providers.

ps axu --forrest

looks like this

azureus+ 11707 11.1  0.2 1082492 80860 ?       Ssl  21:03   2:24  \_ /usr/local/bin/pulumi-kubernetes-operator --zap-level=error --zap-time-encoding=iso8601
azureus+ 32037  9.3  0.1 753864 63388 ?        Sl   21:24   0:00      \_ pulumi up --yes --skip-preview --exec-kind=auto.local --exec-agent=pulumi-kubernetes-operator/v1.6.0-a8c9e89 --stack REDACTED --non-interactive
azureus+ 32063  0.5  0.0 717528 20020 ?        Sl   21:24   0:00      |   \_ /usr/bin/pulumi-language-go -root=/tmp/pulumi_auto2129071416/hack/pulumi/REDACTED 127.0.0.1:41789
azureus+ 32175  0.0  0.0 1527900 22928 ?       Sl   21:24   0:00      |   |   \_ /usr/local/go/bin/go run /tmp/pulumi_auto2129071416/hack/pulumi/azure/postgresdb
azureus+ 32088  124  1.2 1099896 399404 ?      Sl   21:24   0:02      |   \_ /home/pulumi-kubernetes-operator/.pulumi/plugins/resource-azure-native-v1.64.1/pulumi-resource-azure-native 127.0.0.1:41789
azureus+ 32153  0.0  0.0 726880 29356 ?        Sl   21:24   0:00      |   \_ /home/pulumi-kubernetes-operator/.pulumi/plugins/resource-random-v4.8.0/pulumi-resource-random 127.0.0.1:41789
azureus+ 32163  0.0  0.1 759624 59440 ?        Sl   21:24   0:00      |   \_ /home/pulumi-kubernetes-operator/.pulumi/plugins/resource-kubernetes-v3.19.2/pulumi-resource-kubernetes 127.0.0.1:41789
azureus+ 32049  3.5  0.0      0     0 ?        Z    21:24   0:00      \_ [pulumi-resource] <defunct>
azureus+ 32143 38.0  0.2 753928 70156 ?        Sl   21:24   0:00      \_ pulumi stack history --json --show-secrets --page-size 1 --page 1 --stack REDACTED --non-interactive

After the completion of the stack “up” (which is successful) we see:

azureus+ 11707 11.1  0.1 1082492 63332 ?       Ssl  21:03   2:24  \_ /usr/local/bin/pulumi-kubernetes-operator --zap-level=error --zap-time-encoding=iso8601
azureus+ 32063  0.1  0.0      0     0 ?        Z    21:24   0:00      \_ [pulumi-language] <defunct>
azureus+ 32088 28.2  0.0      0     0 ?        Z    21:24   0:02      \_ [pulumi-resource] <defunct>
azureus+ 32153  0.7  0.0      0     0 ?        Z    21:24   0:00      \_ [pulumi-resource] <defunct>
azureus+ 32163  3.0  0.0      0     0 ?        Z    21:24   0:00      \_ [pulumi-resource] <defunct>

Before long we see many thousands of zombie processes. Has anyone seen anything similar?

Has anyone got an example of using

pulumi confg set --secret

with a multi-line value? I see the note that it needs to be catted (not echoed?) in via a pipe. But when I do that, only the first line is being encrypted and kept; the rest of the file is ignored.

Hi, I'm having trouble creating an

aws:acm:CertificateValidation

. It just never completes. I've let

pulumi up

run for up to 30m and it's just sat there saying "creating". I can't see any open Github issues about this problem. I've tried running with the debug flag, but I don't understand the output. Does anyone have any suggestions?

Hey guys, is there a way to remove an

Identity

from a Pulumi account ? I’d like to go back to login/password instead of Gitlab SSO, but I can’t find any option for it

Hi there, Has anybody encountered following error while using the latest pulumi azuread library : azuread:index:Application (<app name>): error: error reading from server: EOF

I set up a new Pulumi project using the Pulumi Service provider (https://www.pulumi.com/registry/packages/pulumiservice/) to set up some stack tags. Everything was going well until I decided to change the tag value of a subset of my tags. Now, I continually get

error: field type "string" does not match property "invalid"

on all these resources, no matter what I seem to do... I can't update them, and I can't delete them. Cranking up the log verbosity doesn't show anything (literally nothing... setting

--verbose 10

looks no different than leaving off

--verbose

entirely). I'm at a bit of a loss as to what's going on here... any suggestions?

👋 Hi everyone!

hi someone, has a example on assigning

AcrPull

role to the automatically created User Assigned Managed Identity while attaching a acr to aks in azure using the cloud native azure provider?

Hi all, looking for any guidance if anyone's encountered needing an old

pulumi resource aws

version - but i can't install v3.30.1 since I'm on a new M1 mac, trying to take over a 1 year old deployment built with intel. is it possible to upgrade it to latest (~5.10.0) and still use the same state file on pulumi.com? I'm trying to avoid needing to manually import everything already deployed. is it possible to get the old stacks updated to the latest aws provider?

Hello! I’ve made a component resource, in Go, and I’m trying to use this from another part of our code tree. I get an error saying:

error: no resource plugin 'pulumi-resource-foo' found in the workspace or on your $PATH, install the plugin using `pulumi plugin install resource foo`

Is it necessary to write a fully fledged plugin in order to create a component resource, or am I just doing it wrong?

Hi, I need KMS key functionality that is in pending PR to terraform https://github.com/hashicorp/terraform-provider-aws/pull/24787 - adds

custom_key_store

property Can I extend the existing

pulumi.CustomResource

or hack something with resource transformation or do I need to create a Dynamic resource?

hi, someone knows how to deal with unknown marshalling property values while using outputs as inputs

Hello. Can someone help to understand what is the right way to get a service hostname? I installed the helm release and need to get service IP (from AWS) after a short period. This code works but it looks ugly.

const service = new local.Command("getService", {
  create: `sleep 10 && kubectl get svc -o=jsonpath='{.items[?(@.metadata.name=="myservice")].status.loadBalancer.ingress[0].hostname}'`,
  environment: {
    KUBECONFIG: 'config.json',
  },
});

Hi all, in my setup, I have many different AWS components, which include ECS Task definition, and ECS Service. Whenever I run

pulumi up

, without changing anything to ECS Task definition, it is still replaced. Is there anyway to prevent this from happening?

Hi, I am currently searching for a solution to use Pulumi to manage a set of Google Workspace groups and add users/groups to these groups. There is a Terraform Provider, but I couldn’t find a Pulumi pendant for it, only an empty git repo 😞 https://github.com/pulumi/pulumi-googleworkspace with an initial PR that hasn’t been responded to. If someone here had the same requirement and solved it differently, please share or send me a DM. Thanks 😉

How to use provider in python. Like I am trying to assume a role and then get the details of that role in getCallerIdentity.

provider = aws.Provider{"privileged:,
assume_role={'role_arn': role_to_assume_arn,
'session_name': 'Test',
},region=aws_config.require('region))

Now I want to use this in my getCallerIdentity

assumedRole = aws.getCallerIdentity(provider=provider).arn. How to do this.

Hi I am trying to create an aurora instance via pulumi aws provider and then use the myql provider to provision a user. I am following this document here, https://www.pulumi.com/blog/managing-your-mysql-databases-with-pulumi/ In the example it talks about adding vpc for the cluster but no mention of how to setup the mysql provider with it

We are using the beta of

awsx

to deploy fargate services. We have > 100 of these services all coming from the same image, only differing in their runtime arguments. We create images and push them to ECR using

awsx.ecr.Image

. We would rather not redeploy these images to Fargate if the images don't change between runs. The

sha256

Id on the docker image is an easy way to verify this. I imagine that our

Image

resource gets a new name each time pulumi is run, which could result in Fargate redeploying every time, even when it doesn't need to. Does anybody have experience dealing with this?

Hi all it's so great to be part of this community!

Hi Pulumi Team. Is it possible to create app service managed certificate with the Azure Native Pulumi lib? I am trying to create an Azure WebApp with a custom domain and a managed certificate by Azure. (The manual process works great, but I have a hard time, to do it with Pulumi https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-custom-domain?tabs=a%2Cazurecli)

Hi everyone - I'm trying use CDK v2 to deploy files to a bucket via "aws-cdk-lib/aws-s3-deployment" and using BucketDeployment, but the resource type is Custom::CDKBucketDeployment and there is no direct mapping to it for Cloud Control API (https://docs.aws.amazon.com/cloudcontrolapi/latest/userguide/supported-resources.html). Even with manual mapping, it doesn't really seem to work. Does anyone know a workaround for this?

Hi, I have created an azure container registry 'acracr166usdevt' using pulumi native 1.66. I have used both the following methods to retrieve admin user and password var registry = GetRegistryCredentials.Invoke(new GetRegistryCredentialsInvokeArgs { ResourceGroupName = _settings.ResourceGroup, RegistryName = registryName }); but getting following errors 2022-07-25T18:32:48.1317669Z Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:containerregistry:getRegistryCredentials returned an error: request failed /subscriptions/............./resourceGroups/.............../providers/Microsoft.ContainerRegistry/registries/acracr166usdevt/getCredentials: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'acracr166usdevt' not found."") and var registry = GetRegistryCredentials.InvokeAsync(new GetRegistryCredentialsArgs() { ResourceGroupName = _settings.ResourceGroup, RegistryName = registryName }).GetAwaiter().GetResult(); at Task<int> Pulumi.Deployment+Runner.Pulumi.IRunner.RunAsync<TStack>(IServiceProvider serviceProvider)+() => { } 2022-07-25T18:12:50.0562862Z at Task<int> Pulumi.Deployment+Runner.RunAsync<TStack>(Func<TStack> stackFactory) ---> Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:containerregistry:getRegistryCredentials returned an error: request failed /subscriptions/......../resourceGroups/..................../providers/Microsoft.ContainerRegistry/registries/acracr166usdevt/getCredentials: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'acracr166usdevt' not found."") 2022-07-25T18:12:50.0564522Z at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request) 2022-07-25T18:12:50.0565245Z at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2 2022-07-25T18:12:50.0566041Z at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult) 2022-07-25T18:12:50.0567018Z at ContainerApp ....Pulumi.Resources.ContainerAppService.CreateContainerApp(string appName, Input<string> envId, Input<string> registryServer) in D😕a/1/s/build/pulumi/...Pulumi/Resources/ContainerAppService.cs:line 56 2022-07-25T18:12:50.0568101Z at void ........Pulumi.Resources.ContainerAppService.CreateContainerApp() in D😕a/1/s/build/pulumi/.......Pulumi/Resources/ContainerAppService.cs:line 30 2022-07-25T18:12:50.0569006Z at new ......Pulumi.CoreRuntimeStack() in D😕a/1/s/build/pulumi/.....Pulumi/CoreRuntimeStack.cs:line 18 2022-07-25T18:12:50.0569605Z --- End of inner exception stack trace ---

Hey all, got a quick question. Say we run

pulumi preview

with

--target

flags. If a resource is not in the targets list and is not in the dependency path, will its state still be read? I know its state is not included in the CLI output but I'm wondering if it is read at all.

Hey, do you know if Pulumi supports the following features of Azure B2C identity provider: api : https://docs.microsoft.com/da-dk/azure/active-directory-b2c/microsoft-graph-operations) custom policies: https://docs.microsoft.com/da-dk/azure/active-directory-b2c/deploy-custom-policies-devops So far I can only find the ability to create B2C tenant

Another question: How can I setup Azure resources in different regions for the same stack?

Hey all! I have a question I couldn’t solve with the online resources. I have a simple GitHub Actions workflow to build the resources, with the following yaml file content:

name: Build staging resources

on:
  push:
    branches:
    - develop
    paths-ignore:
      - "*.md"
      - "*.gitignore"

jobs:
  deploy:
    name: Build staging resources
    runs-on: ubuntu-latest
    steps:
      - uses: pulumi/actions@v3
        with:
          command: up
          stack-name: tachikoma/tachikoma-backend/staging
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

However, when pushing, I get the following output from GitHub Actions: `stderr: error: no Pulumi.yaml project file found (searching upwards from ). If you have not created a project yet, use

pulumi new

to do so` I don’t get it since I got a Pulumi.yaml file at the root of the project and I’m following the Pulumi GitHub Actions example. What did I got wrong?