Hello all. Is there a way to produce an encrypted private key with the

pulumi_tls

package? Something similar to when using

openssl req -new -newkey rsa:2048 -sha256 -keyout >(cat -) -passout "pass:${password}" -subj "/"

.

Hello, could someone provide some insight into why running

pulumi preview

on a brand new M1 Macbook which is configured (aside for maybe versions of tools) similarly to another machine on which everything works fine:

File "/Users/[REDACTED]/venv/lib/python3.9/site-packages/google/protobuf/descriptor.py", line 560, in __new__

_message.Message._CheckCalledFromGeneratedFile()

TypeError: Descriptors cannot not be created directly.

If this call came from a _pb2.py file, your generated code is out of date and must be regenerated with protoc >= 3.19.0.

If you cannot immediately regenerate your protos, some other possible workarounds are:

1. Downgrade the protobuf package to 3.20.x or lower.

2. Set PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python (but this will use pure-Python parsing and will be much slower).

More information: <https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates>

Using pulumi version 3.37.1 and python 3.9.13 On another box I'm using same python version and pulumi 3.34.1 and I do not encounter this issue. Any ideas if this could be pulumi version or could come from something else?

<!here> Hello friendly Pulumi Community! Next week (August 1st - August 5th), Pulumi is observing a company wide wellness week. Many Pulumi employees will be taking the week off to regroup after a busy few quarters filled with exciting announcements. During this time, responses by Pulumi employees may be delayed in this community support forum and on GitHub. The Pulumi Service and Pulumi support is fully staffed and will continue to operate as usual. We’ll see you all after a refreshing break! Thanks! The Pulumi Team

Hello folks! how can implement

AWS::Serverless::Api

from

cloudformation

into a python pulumi project? It's just a

apigateway

?, doc in https://www.pulumi.com/docs/guides/crosswalk/aws/api-gateway/

This message was deleted.

I am giving owner roles to gmail account but getting an error. Any guide on this?

IAM2 = gcp.projects.IAMBinding("IAM2",
    members=[members[1]],
    project="myid",
    role="roles/owner")

Hey guys - any idea what is the Pulumi (in Golang) equivalent of

ektctl

command:

eksctl create iamidentitymapping

Basically I am trying to add via code -

KarpenterInstanceNodeRole

to aws-auth config map another way to do it is to just to edit it manually via the command:

kubectl edit configmap aws-auth -n kube-system

So I've got Minikube running for testing and I deploy mariadb through Helm in one stack. In another stack, I need to add my user and database for that app into the instance of mariadb. I'm having DNS resolution problems and I'm trying to find the best solution to access the database in Pulumi. The stack deploying Pulumi is a runner stack and it's designed to run independent but the other stack is an API stack which requires the runner to operate. It's designed so others can run it minimally. Does anyone have a solution so I can access the database in the 2nd stack?

Hi! I was trying out the pulumi automation api for provisioning aws EKS cluster, i followed the code from example automation from github. My cluster is getting created but updating goes forever!

Hey team, I am trying to create dataproc cluster via pulumi but it is running into quota issue. Whereas the same cluster is created through GCP console. What is the right pulumi API for creating dataproc cluster

dataproccluster = gcp.dataproc.Cluster(dataproc_name, 
    name=dataproc_name,
    region="us-central1",
    cluster_config=gcp.dataproc.ClusterClusterConfigArgs(
        master_config=gcp.dataproc.ClusterClusterConfigMasterConfigArgs(
            num_instances=mastercofig_num_instances,
            #machine_type="e2-medium",
            machine_type=dataproc_machinetype,
            
            disk_config=gcp.dataproc.ClusterClusterConfigMasterConfigDiskConfigArgs(
                boot_disk_type=dataproc_bootdisk_type,
                boot_disk_size_gb=dataproc_boot_disk_size_gb,
            )
        ),
    worker_config=gcp.dataproc.ClusterClusterConfigWorkerConfigArgs(
            num_instances=workerconfig_num_instances,
            machine_type=worker_config_machinetype,
            disk_config=gcp.dataproc.ClusterClusterConfigWorkerConfigDiskConfigArgs(
                boot_disk_size_gb=dataproc_boot_disk_size_gb,
                boot_disk_type=workerconfig_dataproc_disktype,
            )
        )) )

Does anyone know if the Pulumi Github Action works with the Pulumi YAML type declarations. ?

Appreciate in adv. any help.

Anyone has seen this happen? I am trying to run some integration tests. Started happening all of a sudden

➜ resources (main) ✗ go test
# <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy|github.com/pulumi/pulumi/pkg/v3/resource/deploy>
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:137:21: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:205:53: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:207:23: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:212:23: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:321:29: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:323:38: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/step_generator.go:339:81: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:986:24: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:987:31: req.GetUrnAliases undefined (type *pulumirpc.RegisterResourceRequest has no field or method GetUrnAliases)
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:988:38: undefined: resource.Alias
../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:988:38: too many errors
FAIL	<http://github.com/aetion/aep-base-infra/internal/resources|github.com/aetion/aep-base-infra/internal/resources> [build failed]

Hi, gcp firestore now support ttl in beta, will pulumi support this ?

Is it possible to tell pulumi to perform all

destroy

actions before everything else?

Hi. I renamed a Pulumi resource according the name of another resource, but there was an exception thrown as it couldn't convert Output<T> to Output<string>. Unfortunately rather than aborting the rename, the resource was renamed to the error message. The web interface has a 404 when trying to display the resource. Its a protected resource. I've corrected the problem but now my attempts to unprotect the resource or use an alias to rename it are failing. Copying the unprotect command given in the Pulumi output fails so I assume that it doesn't support the resource name just like the web interface, even though the change was allowed. Any suggestion on how to fix this? This is a production environment

Hello.. I am trying to publish a docker image to ECR with some custom tags. I can see in the Pulumi output that the image is being tagged locally and can confirm that it is tagged with

docker image ls

but the tag is not pushed to ECR. I am using

buildAndPushImage

and I don't think I see any options related to this. Any ideas what I am doing wrong?

Hi all. I just stumbled upon this issue https://github.com/pulumi/pulumi/issues/3061. It is 3 years old at this point and doesn't really get too much attention unfortunately. I have tried the suggestions in the issue, but don't seem to work. I am using NX monorepo and I can't get the paths to work. 1. Has anyone managed to get them to work ? 2. Is the pulumi team considering looking into this issue ? When working with large code bases or monorepos being able to use custom paths is a must for readability. There's also this newer issue: https://github.com/pulumi/pulumi/issues/8865 but again, not much traction or answers.

Hey all, has anyone had success deploying non-consumption SKU APIM instances? Seems pulumi adds a consumption-only parameter to all SKUs of APIM, making non-consumption deploys impossible. I've submitted a ticket here: https://github.com/pulumi/pulumi-azure-native/issues/1865

Hello, We are managing AWS IAM Roles and associated policies using Pulumi, we faced an issue that in case of any policy update (even basic changes in permissions/JSON) - Pulumi wants to recreate a policy but fails because it is associated to role 1. Why does permission change triggers resource recreation but not in-place update? 2. Is it any way to handle this without a recreation of Role? (It looks like https://www.pulumi.com/registry/packages/aws/api-docs/iam/rolepolicyattachment/ can help with this) 3. How to properly link Roles to permissions? Is depends_on enough? Thank you

Hi, I am trying to create a VPC and then query the result object to get the private subnet but it is always failing with the following error during preview itself:

* multiple EC2 Subnets matched; use additional constraints to reduce matches to a single EC2 Subnet

I cant seem to figure out the cause specially when this is occurring in preview itself. Please help.

vpc = awsx.ec2.Vpc("pulumi-test",cidr_block='10.2.0.0/16',subnet_specs=[
      awsx.ec2.SubnetSpecArgs(
        type=awsx.ec2.SubnetType.PRIVATE,
        cidr_mask=26,
      ),
      awsx.ec2.SubnetSpecArgs(
        type=awsx.ec2.SubnetType.PUBLIC,
        cidr_mask=26,
      )
    ], number_of_availability_zones=1)

subnet = aws.ec2.get_subnet(id=vpc.private_subnet_ids[0])

I can't find information about utility of

Pulumi.yaml.append

in templates. Only that it gets appended to

Pulumi.yaml

and used to be called

Main.yaml

. Why? Does anyone know?

Hello. Is there a way to put timeouts on pulumi’s state locks? For what it’s worth, we use the azure blob storage backend.

Can someone help with

pulumi refresh

? I am trying to refresh some objects in the stack state (Which takes about 7 mins to run) and pulumi CLI indicates it updated the resources but the File in the S3 backend is not updated. Rerunning

pulumi refresh

shows it wants to perform the same updates. Tried this on 2 different Macbooks (Intel and M1)

I’m using

pulumi/actions@v3

and am getting an error

no resource plugin 'pulumi-resource-aws' found in the workspace at v5.4.0 or on your $PATH, install the pluging using 'pulumi plugin install resource aws v5.4.0

I am able to resolve this locally but dont yet know how to get the plugin installed in the action

Team, Is there a way to schedule GCE instance through pulumi? Any guide on using following command through pulumi

gcloud compute resource-policies create instance-schedule 
SCHEDULE_NAME
 \ [--description='
SCHEDULE_DESCRIPTION
'] \ [--region=
REGION
] \ [--vm-start-schedule='
START-OPERATION_SCHEDULE
'] \ [--vm-stop-schedule='
STOP-OPERATION_SCHEDULE
'] \ [--timezone=
TIME_ZONE
] \ [--initiation-date=
INITIATION_DATE
] \ [--end-date=
END_DATE

]

Hi All. Scenario: Google Cloud. Resource: Compute Instance (but could be any cloud resource). IaC: Terraform (active) Pulumi import Compute Instance (so stack is updated) and, post import output, main configuration file updated with resource definition. Does this mean that both IaC solutions could be used to amend / delete the resource? Does Pulumi overwrite any cloud resource attributes, in the cloud resource definition? Are there any edge cases where an IaC provider can write IaC-centric attributes to a resource and, when importing to Pulumi, would Pulumi overwrite those? Put another way - is the Pulumi import process a read only process? Once the stack is updated; how impactful could a pulumi up action be on that resource where the resource definition hasn't, as yet, changed?

Context: Migration from one IaC provider to Pulumi

I wanted to encrypt passwords stored in application properties files. I can see that Pulumi secrets gives us the option to pick the encrypted password from pulumi config file but not from application properties file. Do we have any alternative so that i can pick the pulumi secrets from application properties file instead of pulumi config yaml files?