https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • g

    gorgeous-angle-43463

    07/29/2022, 3:21 PM
    Hello all. Is there a way to produce an encrypted private key with the
    pulumi_tls
    package? Something similar to when using
    openssl req -new -newkey rsa:2048 -sha256 -keyout >(cat -) -passout "pass:${password}" -subj "/"
    .
    a
    • 2
    • 3
  • c

    calm-kitchen-4682

    07/29/2022, 4:08 PM
    Hello, could someone provide some insight into why running
    pulumi preview
    on a brand new M1 Macbook which is configured (aside for maybe versions of tools) similarly to another machine on which everything works fine:
    File "/Users/[REDACTED]/venv/lib/python3.9/site-packages/google/protobuf/descriptor.py", line 560, in __new__
    _message.Message._CheckCalledFromGeneratedFile()
    TypeError: Descriptors cannot not be created directly.
    If this call came from a _pb2.py file, your generated code is out of date and must be regenerated with protoc >= 3.19.0.
    If you cannot immediately regenerate your protos, some other possible workarounds are:
    1. Downgrade the protobuf package to 3.20.x or lower.
    2. Set PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python (but this will use pure-Python parsing and will be much slower).
    More information: <https://developers.google.com/protocol-buffers/docs/news/2022-05-06#python-updates>
    Using pulumi version 3.37.1 and python 3.9.13 On another box I'm using same python version and pulumi 3.34.1 and I do not encounter this issue. Any ideas if this could be pulumi version or could come from something else?
    e
    • 2
    • 1
  • b

    billowy-army-68599

    07/29/2022, 5:00 PM
    <!here> Hello friendly Pulumi Community! Next week (August 1st - August 5th), Pulumi is observing a company wide wellness week. Many Pulumi employees will be taking the week off to regroup after a busy few quarters filled with exciting announcements. During this time, responses by Pulumi employees may be delayed in this community support forum and on GitHub. The Pulumi Service and Pulumi support is fully staffed and will continue to operate as usual. We’ll see you all after a refreshing break! Thanks! The Pulumi Team
    😛ulumipus-dancing-music: 2
    ❤️ 6
    💆 3
    👍 1
  • f

    full-motherboard-20213

    07/29/2022, 9:05 PM
    Hello folks! how can implement
    AWS::Serverless::Api
    from
    cloudformation
    into a python pulumi project? It's just a
    apigateway
    ?, doc in https://www.pulumi.com/docs/guides/crosswalk/aws/api-gateway/
    b
    • 2
    • 4
  • s

    sparse-intern-71089

    07/29/2022, 11:26 PM
    This message was deleted.
  • f

    future-window-78560

    07/30/2022, 1:07 PM
    I am giving owner roles to gmail account but getting an error. Any guide on this?
    IAM2 = gcp.projects.IAMBinding("IAM2",
        members=[members[1]],
        project="myid",
        role="roles/owner")
    • 1
    • 1
  • p

    prehistoric-sandwich-7272

    07/30/2022, 5:54 PM
    Hey guys - any idea what is the Pulumi (in Golang) equivalent of
    ektctl
    command:
    eksctl create iamidentitymapping
    Basically I am trying to add via code -
    KarpenterInstanceNodeRole
    to aws-auth config map another way to do it is to just to edit it manually via the command:
    kubectl edit configmap aws-auth -n kube-system
    b
    • 2
    • 2
  • d

    dazzling-spring-78843

    07/30/2022, 7:57 PM
    So I've got Minikube running for testing and I deploy mariadb through Helm in one stack. In another stack, I need to add my user and database for that app into the instance of mariadb. I'm having DNS resolution problems and I'm trying to find the best solution to access the database in Pulumi. The stack deploying Pulumi is a runner stack and it's designed to run independent but the other stack is an API stack which requires the runner to operate. It's designed so others can run it minimally. Does anyone have a solution so I can access the database in the 2nd stack?
    b
    b
    m
    • 4
    • 66
  • a

    adamant-portugal-44732

    07/31/2022, 2:37 PM
    Hi! I was trying out the pulumi automation api for provisioning aws EKS cluster, i followed the code from example automation from github. My cluster is getting created but updating goes forever!
  • f

    future-window-78560

    07/31/2022, 3:54 PM
    Hey team, I am trying to create dataproc cluster via pulumi but it is running into quota issue. Whereas the same cluster is created through GCP console. What is the right pulumi API for creating dataproc cluster
    dataproccluster = gcp.dataproc.Cluster(dataproc_name, 
        name=dataproc_name,
        region="us-central1",
        cluster_config=gcp.dataproc.ClusterClusterConfigArgs(
            master_config=gcp.dataproc.ClusterClusterConfigMasterConfigArgs(
                num_instances=mastercofig_num_instances,
                #machine_type="e2-medium",
                machine_type=dataproc_machinetype,
                
                disk_config=gcp.dataproc.ClusterClusterConfigMasterConfigDiskConfigArgs(
                    boot_disk_type=dataproc_bootdisk_type,
                    boot_disk_size_gb=dataproc_boot_disk_size_gb,
                )
            ),
        worker_config=gcp.dataproc.ClusterClusterConfigWorkerConfigArgs(
                num_instances=workerconfig_num_instances,
                machine_type=worker_config_machinetype,
                disk_config=gcp.dataproc.ClusterClusterConfigWorkerConfigDiskConfigArgs(
                    boot_disk_size_gb=dataproc_boot_disk_size_gb,
                    boot_disk_type=workerconfig_dataproc_disktype,
                )
            )) )
  • w

    worried-helmet-23171

    07/31/2022, 9:08 PM
    Does anyone know if the Pulumi Github Action works with the Pulumi YAML type declarations. ?
    f
    • 2
    • 2
  • w

    worried-helmet-23171

    07/31/2022, 9:09 PM
    Appreciate in adv. any help.
  • f

    fancy-spoon-7206

    08/01/2022, 3:37 AM
    Anyone has seen this happen? I am trying to run some integration tests. Started happening all of a sudden
    ➜ resources (main) ✗ go test
    # <http://github.com/pulumi/pulumi/pkg/v3/resource/deploy|github.com/pulumi/pulumi/pkg/v3/resource/deploy>
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:137:21: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:205:53: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:207:23: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:212:23: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:321:29: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/plan.go:323:38: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/step_generator.go:339:81: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:986:24: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:987:31: req.GetUrnAliases undefined (type *pulumirpc.RegisterResourceRequest has no field or method GetUrnAliases)
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:988:38: undefined: resource.Alias
    ../../../../../../go/pkg/mod/github.com/pulumi/pulumi/pkg/v3@v3.35.1/resource/deploy/source_eval.go:988:38: too many errors
    FAIL	<http://github.com/aetion/aep-base-infra/internal/resources|github.com/aetion/aep-base-infra/internal/resources> [build failed]
    • 1
    • 2
  • r

    rough-dinner-7791

    08/01/2022, 9:05 AM
    Hi, gcp firestore now support ttl in beta, will pulumi support this ?
    l
    • 2
    • 2
  • g

    great-sunset-355

    08/01/2022, 9:33 AM
    Is it possible to tell pulumi to perform all
    destroy
    actions before everything else?
    l
    f
    • 3
    • 6
  • c

    curved-appointment-51749

    08/01/2022, 10:45 AM
    Hi. I renamed a Pulumi resource according the name of another resource, but there was an exception thrown as it couldn't convert Output<T> to Output<string>. Unfortunately rather than aborting the rename, the resource was renamed to the error message. The web interface has a 404 when trying to display the resource. Its a protected resource. I've corrected the problem but now my attempts to unprotect the resource or use an alias to rename it are failing. Copying the unprotect command given in the Pulumi output fails so I assume that it doesn't support the resource name just like the web interface, even though the change was allowed. Any suggestion on how to fix this? This is a production environment
    • 1
    • 1
  • f

    flat-appointment-12338

    08/01/2022, 3:05 PM
    Hello.. I am trying to publish a docker image to ECR with some custom tags. I can see in the Pulumi output that the image is being tagged locally and can confirm that it is tagged with
    docker image ls
    but the tag is not pushed to ECR. I am using
    buildAndPushImage
    and I don't think I see any options related to this. Any ideas what I am doing wrong?
  • f

    future-refrigerator-88869

    08/01/2022, 3:24 PM
    Hi all. I just stumbled upon this issue https://github.com/pulumi/pulumi/issues/3061. It is 3 years old at this point and doesn't really get too much attention unfortunately. I have tried the suggestions in the issue, but don't seem to work. I am using NX monorepo and I can't get the paths to work. 1. Has anyone managed to get them to work ? 2. Is the pulumi team considering looking into this issue ? When working with large code bases or monorepos being able to use custom paths is a must for readability. There's also this newer issue: https://github.com/pulumi/pulumi/issues/8865 but again, not much traction or answers.
  • f

    freezing-window-60195

    08/01/2022, 5:29 PM
    Hey all, has anyone had success deploying non-consumption SKU APIM instances? Seems pulumi adds a consumption-only parameter to all SKUs of APIM, making non-consumption deploys impossible. I've submitted a ticket here: https://github.com/pulumi/pulumi-azure-native/issues/1865
  • s

    shy-hydrogen-95871

    08/01/2022, 6:33 PM
    Hello, We are managing AWS IAM Roles and associated policies using Pulumi, we faced an issue that in case of any policy update (even basic changes in permissions/JSON) - Pulumi wants to recreate a policy but fails because it is associated to role 1. Why does permission change triggers resource recreation but not in-place update? 2. Is it any way to handle this without a recreation of Role? (It looks like https://www.pulumi.com/registry/packages/aws/api-docs/iam/rolepolicyattachment/ can help with this) 3. How to properly link Roles to permissions? Is depends_on enough? Thank you
  • b

    brief-baker-41837

    08/01/2022, 8:45 PM
    Hi, I am trying to create a VPC and then query the result object to get the private subnet but it is always failing with the following error during preview itself:
    * multiple EC2 Subnets matched; use additional constraints to reduce matches to a single EC2 Subnet
    I cant seem to figure out the cause specially when this is occurring in preview itself. Please help.
    vpc = awsx.ec2.Vpc("pulumi-test",cidr_block='10.2.0.0/16',subnet_specs=[
          awsx.ec2.SubnetSpecArgs(
            type=awsx.ec2.SubnetType.PRIVATE,
            cidr_mask=26,
          ),
          awsx.ec2.SubnetSpecArgs(
            type=awsx.ec2.SubnetType.PUBLIC,
            cidr_mask=26,
          )
        ], number_of_availability_zones=1)
    
    subnet = aws.ec2.get_subnet(id=vpc.private_subnet_ids[0])
    b
    • 2
    • 3
  • f

    fierce-ability-58936

    08/02/2022, 1:09 AM
    I can't find information about utility of
    Pulumi.yaml.append
    in templates. Only that it gets appended to
    Pulumi.yaml
    and used to be called
    Main.yaml
    . Why? Does anyone know?
    • 1
    • 1
  • b

    broad-parrot-78298

    08/02/2022, 2:32 PM
    Hello. Is there a way to put timeouts on pulumi’s state locks? For what it’s worth, we use the azure blob storage backend.
  • f

    fresh-librarian-41835

    08/02/2022, 5:01 PM
    Can someone help with
    pulumi refresh
    ? I am trying to refresh some objects in the stack state (Which takes about 7 mins to run) and pulumi CLI indicates it updated the resources but the File in the S3 backend is not updated. Rerunning
    pulumi refresh
    shows it wants to perform the same updates. Tried this on 2 different Macbooks (Intel and M1)
    b
    • 2
    • 16
  • f

    fancy-shoe-18611

    08/02/2022, 6:13 PM
    I’m using
    pulumi/actions@v3
    and am getting an error
    no resource plugin 'pulumi-resource-aws' found in the workspace at v5.4.0 or on your $PATH, install the pluging using 'pulumi plugin install resource aws v5.4.0
    I am able to resolve this locally but dont yet know how to get the plugin installed in the action
    s
    • 2
    • 2
  • f

    future-window-78560

    08/03/2022, 3:58 AM
    Team, Is there a way to schedule GCE instance through pulumi? Any guide on using following command through pulumi
    gcloud compute resource-policies create instance-schedule 
    SCHEDULE_NAME
     \ [--description='
    SCHEDULE_DESCRIPTION
    '] \ [--region=
    REGION
    ] \ [--vm-start-schedule='
    START-OPERATION_SCHEDULE
    '] \ [--vm-stop-schedule='
    STOP-OPERATION_SCHEDULE
    '] \ [--timezone=
    TIME_ZONE
    ] \ [--initiation-date=
    INITIATION_DATE
    ] \ [--end-date=
    END_DATE
    ]
  • r

    rich-agency-75207

    08/03/2022, 8:01 AM
    Hi All. Scenario: Google Cloud. Resource: Compute Instance (but could be any cloud resource). IaC: Terraform (active) Pulumi import Compute Instance (so stack is updated) and, post import output, main configuration file updated with resource definition. Does this mean that both IaC solutions could be used to amend / delete the resource? Does Pulumi overwrite any cloud resource attributes, in the cloud resource definition? Are there any edge cases where an IaC provider can write IaC-centric attributes to a resource and, when importing to Pulumi, would Pulumi overwrite those? Put another way - is the Pulumi import process a read only process? Once the stack is updated; how impactful could a pulumi up action be on that resource where the resource definition hasn't, as yet, changed?
    l
    m
    • 3
    • 54
  • r

    rich-agency-75207

    08/03/2022, 8:01 AM
    Context: Migration from one IaC provider to Pulumi
  • b

    big-psychiatrist-43588

    08/03/2022, 9:11 AM
    I wanted to encrypt passwords stored in application properties files. I can see that Pulumi secrets gives us the option to pick the encrypted password from pulumi config file but not from application properties file. Do we have any alternative so that i can pick the pulumi secrets from application properties file instead of pulumi config yaml files?
    l
    • 2
    • 1
  • s

    stocky-petabyte-29883

    08/03/2022, 10:04 AM
    Hey About using mysql provider for an aurora instance that is not publicly accessible, I have created a bastion machine that I am trying to use to access the database. Can I create a remote ssh connection the bastion via pulumi command and use it for the pulumi mysql provider? If not what is the recommended approach to run mysql commands to create a user.
    l
    • 2
    • 1
Powered by Linen
Title
s

stocky-petabyte-29883

08/03/2022, 10:04 AM
Hey About using mysql provider for an aurora instance that is not publicly accessible, I have created a bastion machine that I am trying to use to access the database. Can I create a remote ssh connection the bastion via pulumi command and use it for the pulumi mysql provider? If not what is the recommended approach to run mysql commands to create a user.
l

little-cartoon-10569

08/03/2022, 8:21 PM
Sounds like command.remote.Command (https://www.pulumi.com/registry/packages/command/api-docs/remote/command/) might help.
View count: 1