👋 Hi everyone! I am new to pulumi, I just got introduced to it today, and I have this issue that I've been stuck with for python and gcp, apologies if it's really newbie the question, but how to fix this error, studying this source code from youtuber ArjanCodes: https://github.com/ArjanCodes/2022-pulumi/tree/main/cloud_func:

Type                                      Name               Plan       Info
 +   pulumi:pulumi:Stack                       cloud_func-dev     create
 +   ├─ gcp:storage:Bucket                     cf_demo_bucket     create
 +   ├─ gcp:storage:BucketObject               eta_demo_object    create
     └─ gcp:cloudfunctions/functions:Function  eta_demo_function             1 error
 
Diagnostics:
  gcp:cloudfunctions/functions:Function (eta_demo_function):
    error: unrecognized resource type (Check): gcp:cloudfunctions/functions:Function

Hello! Is it possible to write unit tests to validate that IgnoreChanges is working correctly?

Hello All., How can you ignore_changes to a specific image tag in the task def of a ecs service with pulumi?

👋 Hi everyone! I am new to pulumi, I just started playing with it by converting the existing terraform templates into go. I am facing some random issue while converting

tf2pulumi --target-language go
error: rpc error: code = Unimplemented desc = GetSchema is not yet implemented

Hi, I am new to pulumi, I have question, when I use console to add policy for role , there are some built-in defined policies had provided by aws, I want to when I use pulumi how to import and use this same built-in defined policies?

Hey guys, I’m implementing GCP KMS in my pulumi project and im having a hard time understanding how it will work since I’m creating the key from pulumi but also im supposed to use the key (that is yet to be created) in my stack config file. From my understanding, this seems like something that wouldnt be able to be done in one shot but would require a

pulumi up

command to create the key followed by a

pulumi stack change-secrets-provider

, am i understanding that correctly?

Hi, I am evaluating Pulumi for our projects. I'd like to find a best practice on how to add Tags for existing subnet? Any suggestion? Here is the code that cannot work properly.

(async () => {
    publicSubnets = await vpc.publicSubnets;
    publicSubnets.forEach(
        sub => {
            // console.log(sub.id);
            new aws.ec2.Tag('',{
               resourceId: sub.id,
               key: '<http://kubernetes.io/role/elb|kubernetes.io/role/elb>',
               value: '1'
            });
        }
    );
})();

I’m trying to do something similar to this example, which illustrates how to use the Azure SDK to fetch data that can’t be queried through the Pulumi resource model. When I unit test my code, I can intercept the

authorization.GetClientConfig

call, as that is a provider function on the azure-native provider. That is, it can be handled in the

Call()

function as defined in the unit testing documentation. The code I have for calling the Azure SDK is in an ApplyT. Is it possible to intercept this as well, and specify the return value in a similar way as with the provider functions, or will I have to handle this by creating an interface I can mock?

has anyone else been having issues with `refresh: "always"`option after the latest version upgrade? I’m getting the following error in my projects with this config:

error: could not get cloud url: could not load current project: 1 error occurred:
	* #/options/refresh: expected boolean, but got string

HI. Has anyone ever managed to deploy a helm release with OCI repository using Pulumi?

Hello, I am reviewing: https://www.pulumi.com/registry/packages/aws/api-docs/cloudwatch/eventtarget/ based on this documentation, we need an arn parameter and the documentation specifies

ARN of the SQS queue specified as the target for the dead-letter queue.

. However, I am trying to set it as a ECS target and I'm a bit confused as to if the documentation is wrong or if I really need a SQS DQL for an ECS target? Any advice would be great. thanks!

I'm trying to write a Resource Validation Policy for a bunch of Artifactory repositories (https://www.pulumi.com/registry/packages/artifactory/api-docs/) Many repository types have a boolean property that I'd like to ensure is always

true

whenever I create one of these repositories (in particular, the

xray_index

property: https://www.pulumi.com/registry/packages/artifactory/api-docs/localgenericrepository/#xray_index_python). I know that I can explicitly check the type of the resource first and then see if the property is set:

if args.resource_type in ["artifactory:index/localGenericRepository:LocalGenericRepository", ...]:
  if not args.props.get("xrayIndex"):
    report_violation(...)

However, I was wondering if it would instead be possible to just see if the resource had an

xrayIndex

property (without listing out all the resource types explicitly). However, it only appears that I have access to whatever properties happen to have been set on the concrete resource. Since this particular boolean property defaults to

false

, this makes any resources that are in violation "invisible" to this kind of checking logic. Is there any way in a policy to see all the possible properties a resource could have, rather than just the ones that have been set on any given instance? After typing this out, I think I may end up sticking with the more explicit approach, but now I'm curious 😅

Have any of you run into an issue where you use Pulumi to create a GCP project, and it succeeds, but Pulumi hangs forever. Then if you cancel it, on restart, it complains that the project already exists. How do I work around that?

We'd like to use the official PostgreSQL provider targeting a PG instance within a Kubernetes cluster -- an instance which itself is managed with the Pulumi Kubernetes provider. We'd like to use on-the-fly Kubernetes port forwarding for such a scenario. How would one go about doing this within the same stack? • We're exploring creating a custom provider "based on" the existing one. In simplistic OOP terms we'd "override"/wrap provider methods to set up the port forwarding before the "base class" call and tear it down afterwards. We're using TypeScript. However, it's unclear if there is any SDK to target another resource provider directly, or if the relevant gRPC interface is meant to be used for any other client than the Pulumi engine. • We could use different stacks and leverage the Pulumi automation API (we're already using it for many other scenarios). However in this case this stack boundary doesn't feel right/natural in our architecture. Do you think the scenario is common enough to be addressed in the way we want (one stack), or should we work harder to prove ourselves wrong on this point (justify multiple stacks)? • We could open up direct/public access to the PG instance. It's likely possible to do it sufficiently safely but again it doesn't feel like we'd be doing it for the right reasons. Could we be wrong about that? Thanks for reading, any input/opinions would be greatly appreciated.

Does this error mean anything to you?

> $ pulumi new                                                                                                                                                                                          error: could not get cloud url: could not load current project: 1 error occurred:
	* #/config: expected string or null, but got object

I upgraded pulumi and switched to a new network. Any suggestiosn?

Looking to create a DNS record on my domain controller (inside an azure VM) for one of my created resources in my Pulumi stack. Anyone have experience doing this?

I have a scenario whereby I would like to distinguish my resources per "environment" but also have a stack per set of resources. I was thinking of the following structures •

my-{pre-prod or prod}-project/{resource-collection}-1

•

my-project/{pre-prod or prod}-{resource-collection}-1

Anyone have any views on this they don't mind sharing?

Hey guys. Is there a way how I can turn on canary deployments in ecs using pulumi python?

Is there a way to programmatically delete a resource on the stack? For example, I want to spin up and EC2 instance, do some computation and delete this instance when I'm done.

ive got a resource that depends on a s3-bucketobject, but when the s3 bucket object changes its content, the resource that depends on it doesnt update. is there a way of fixing that?

Hi, I'm using Pulumi GitHub Actions during the CI workflow. Recently I wanted to debug an issue and found out that the action doesn't produce any output in the GHA workflow log (see the screenshot). The

pulumi/actions@v3

parameters are as follows:

with:
    command: up
    refresh: true
    stack-name: ***
    work-dir: infra
    cloud-url: s3://***
    comment-on-pr: false
    github-token: ***
    parallel: 2147483647
    target-dependents: false
    upsert: false
    edit-pr-comment: true
    pulumi-version: ^3
    color: auto
  env:
    AWS_DEFAULT_REGION: ***
    AWS_REGION: ***
    AWS_ACCESS_KEY_ID: ***
    AWS_SECRET_ACCESS_KEY: ***
    AWS_SESSION_TOKEN: ***
    pythonLocation: /opt/hostedtoolcache/Python/3.8.13/x64
    PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.8.13/x64/lib/pkgconfig
    Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.8.13/x64
    Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.8.13/x64
    Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.8.13/x64
    LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.8.13/x64/lib
    PULUMI_CONFIG_PASSPHRASE: ***

I was able to track this down to happen somewhere between Pulumi CLI v3.39.1 (produces output) and v3.39.3 (doesn't produce output). I looked at release notes (https://github.com/pulumi/pulumi/releases) but couldn't find anything relevant. It happens both for Pulumi programs written in Python and TypeScript, if that is important. Anyone has a clue what to try next?

I’m seeing an issue where, if we get an error from upstream (Google Cloud Platform in this case), the resource we’re trying to create isn’t fully added to our stack. There’s a reference to the resource in the stack, but it seems incomplete, presumably because creation didn’t complete. We’re creating Cloud SQL instances, and we add a randomized suffix to the name to avoid collisions, and the effect that we’re seeing is that we create a new Cloud SQL instance on the next attempt at upping the stack. What’s the recommended way to deal with this error mode?

When issuing

pulumi stack init

on an existing stack, is there a way to ignore the fact that it already exists? Use case: Looking at a way to create stacks on the fly without needing to do a lookup of sorts before issuing an

init

.

Suppose I want to re-execute a

local.Command

every time a set of files on the local filesystem changes. I think this is the use of the

triggers

argument to

local.Command

, but am wondering what the best thing to pass here is. It is a hash of the files that I construct myself? I was hoping Pulumi would have something here, but the asset and archive classes for instance don't appear to expose any methods or paths in that vein. All suggestions welcome!

Hello Team, 1. Can we use same bucket name in different accounts For eg#

bucket01

in

<mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>

and

bucket01

in

<mailto:gcpacc22@gmail.com|gcpacc22@gmail.com>

especially when

<mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>

is deleted I get this error so I have to change the bucket name in the script every time which is a manual step in the automation process and we need to avoid that

googleapi: Error 409: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again., conflict

----------------------------------------------- Also, Team!! 2. We need to know if creating a new GCP project is possible without specifying any project_ID in the pulumi script? Our purpose is to have a console-free IAC which is possible through pulumi but we have to create a GCP project manually first because we need a project ID as input for creating a new GCP project.

hey guys, is there any way to get a reference of the user/serviceaccount that is running the pulumi command? I’m trying to create a

GCP CloudRun

service, but as specified in the docs, unless you specify a

ServiceTemplateSpec serviceAccountName

it will use the default cloud engine service account which has Editor permissions and therefore gets a permission denied on SecretManager resources for example. I’m setting my service account credentials in my stack config file through the

gcp:credentials

value. Any help or tips would be greatly appreciated!

Hey everyone, I've been helping a startup in the developer-first security niche (JIT, workOS, skyflow), and I'm looking to talk to developers about product security. I won't take more than 10 minutes of your time, let me know what you need in return.

hi does anybody know why when I do a

pulumi up -r

, I keep seeing “diffs”, even if nothing has changed in the underlying infrastructure?

Previewing update (dev)

View Live: <https://app.pulumi.com/><redacted>/<proj>/dev/previews/<id>

     Type                       Name        Plan     Info
     pulumi:pulumi:Stack        proj-dev
     ├─ aws:ec2:LaunchTemplate  aaaaa                [diff: ~vpcSecurityGroupIds]
     ├─ aws:lb:TargetGroup      api
     ├─ aws:autoscaling:Group   aaaaa                [diff: ~launchTemplate,vpcZoneIdentifiers]
     ├─ aws:ec2:LaunchTemplate  api                  [diff: ~vpcSecurityGroupIds]
     ├─ aws:lb:TargetGroup      aaaaa
     └─ aws:autoscaling:Group   api                  [diff: ~launchTemplate,vpcZoneIdentifiers]

Resources:
    7 unchanged

When I select

details

, I get this:

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
    ~ aws:autoscaling/group:Group: (refresh)
        [id=api]
        [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:autoscaling/group:Group: (refresh)
        [id=aaaaa]
        [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:lb/targetGroup:TargetGroup: (refresh)
        [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/aaaaa/8e2bbbab0efedbad]
        [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:lb/targetGroup:TargetGroup: (refresh)
        [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/api/df555747b8eaeb92]
        [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
        [id=lt-09afb8d3b2f6ae9ac]
        [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
        [id=lt-0b38e76b0e7b3a1e9]
        [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]

Hi. (I've tried googling, but I felt I need to look for help here, so perhaps docs need to be clearer on this.) I have a (Python) program with a bunch of imported (AWS) resources, but my plan is to make this a template, so I can create and destroy these at will. The problem I have is that if I start with a clean slate, (no stack state file) then • I can't use

pulumi stack import

, because I don't have a stack state file like that, • I can't use

pulumi up

, because that wants to create things that already exist, • I can't use

pulumi refresh

, because it (apparently) doesn't care what I've declared, only what's in the stack state file. • I refuse to believe that the idea is to manually import each resource again, like a peasant. I should also point out that it would be nice if nomenclature and docs could be clearer on what's a resource in a program, in a stack state and with the actual cloud provider, at least two of these are very different, right?