https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • e

    enough-house-68209

    09/20/2022, 10:40 AM
    👋 Hi everyone! I am new to pulumi, I just got introduced to it today, and I have this issue that I've been stuck with for python and gcp, apologies if it's really newbie the question, but how to fix this error, studying this source code from youtuber ArjanCodes: https://github.com/ArjanCodes/2022-pulumi/tree/main/cloud_func:
    Type                                      Name               Plan       Info
     +   pulumi:pulumi:Stack                       cloud_func-dev     create
     +   ├─ gcp:storage:Bucket                     cf_demo_bucket     create
     +   ├─ gcp:storage:BucketObject               eta_demo_object    create
         └─ gcp:cloudfunctions/functions:Function  eta_demo_function             1 error
     
    Diagnostics:
      gcp:cloudfunctions/functions:Function (eta_demo_function):
        error: unrecognized resource type (Check): gcp:cloudfunctions/functions:Function
    b
    l
    • 3
    • 14
  • g

    gorgeous-accountant-60580

    09/20/2022, 1:57 PM
    Hello! Is it possible to write unit tests to validate that IgnoreChanges is working correctly?
    b
    • 2
    • 4
  • m

    modern-evening-83482

    09/20/2022, 4:33 PM
    Hello All., How can you ignore_changes to a specific image tag in the task def of a ecs service with pulumi?
  • c

    curved-hair-82998

    09/21/2022, 7:46 AM
    👋 Hi everyone! I am new to pulumi, I just started playing with it by converting the existing terraform templates into go. I am facing some random issue while converting
    tf2pulumi --target-language go
    error: rpc error: code = Unimplemented desc = GetSchema is not yet implemented
    e
    • 2
    • 12
  • b

    busy-daybreak-12707

    09/21/2022, 9:29 AM
    Hi, I am new to pulumi, I have question, when I use console to add policy for role , there are some built-in defined policies had provided by aws, I want to when I use pulumi how to import and use this same built-in defined policies?
    e
    • 2
    • 3
  • s

    steep-lock-88842

    09/21/2022, 3:18 PM
    Hey guys, I’m implementing GCP KMS in my pulumi project and im having a hard time understanding how it will work since I’m creating the key from pulumi but also im supposed to use the key (that is yet to be created) in my stack config file. From my understanding, this seems like something that wouldnt be able to be done in one shot but would require a
    pulumi up
    command to create the key followed by a
    pulumi stack change-secrets-provider
    , am i understanding that correctly?
  • f

    fancy-xylophone-7581

    09/21/2022, 4:05 PM
    Hi, I am evaluating Pulumi for our projects. I'd like to find a best practice on how to add Tags for existing subnet? Any suggestion? Here is the code that cannot work properly.
    (async () => {
        publicSubnets = await vpc.publicSubnets;
        publicSubnets.forEach(
            sub => {
                // console.log(sub.id);
                new aws.ec2.Tag('',{
                   resourceId: sub.id,
                   key: '<http://kubernetes.io/role/elb|kubernetes.io/role/elb>',
                   value: '1'
                });
            }
        );
    })();
    b
    • 2
    • 13
  • g

    gorgeous-accountant-60580

    09/21/2022, 5:41 PM
    I’m trying to do something similar to this example, which illustrates how to use the Azure SDK to fetch data that can’t be queried through the Pulumi resource model. When I unit test my code, I can intercept the
    authorization.GetClientConfig
    call, as that is a provider function on the azure-native provider. That is, it can be handled in the
    Call()
    function as defined in the unit testing documentation. The code I have for calling the Azure SDK is in an ApplyT. Is it possible to intercept this as well, and specify the return value in a similar way as with the provider functions, or will I have to handle this by creating an interface I can mock?
    l
    • 2
    • 3
  • c

    colossal-belgium-59643

    09/21/2022, 10:00 PM
    has anyone else been having issues with `refresh: "always"`option after the latest version upgrade? I’m getting the following error in my projects with this config:
    error: could not get cloud url: could not load current project: 1 error occurred:
    	* #/options/refresh: expected boolean, but got string
    v
    • 2
    • 3
  • l

    lemon-vase-32091

    09/22/2022, 7:27 AM
    HI. Has anyone ever managed to deploy a helm release with OCI repository using Pulumi?
    f
    • 2
    • 2
  • s

    sparse-gold-10561

    09/22/2022, 2:06 PM
    Hello, I am reviewing: https://www.pulumi.com/registry/packages/aws/api-docs/cloudwatch/eventtarget/ based on this documentation, we need an arn parameter and the documentation specifies
    ARN of the SQS queue specified as the target for the dead-letter queue.
    . However, I am trying to set it as a ECS target and I'm a bit confused as to if the documentation is wrong or if I really need a SQS DQL for an ECS target? Any advice would be great. thanks!
    s
    • 2
    • 19
  • f

    full-artist-27215

    09/22/2022, 6:03 PM
    I'm trying to write a Resource Validation Policy for a bunch of Artifactory repositories (https://www.pulumi.com/registry/packages/artifactory/api-docs/) Many repository types have a boolean property that I'd like to ensure is always
    true
    whenever I create one of these repositories (in particular, the
    xray_index
    property: https://www.pulumi.com/registry/packages/artifactory/api-docs/localgenericrepository/#xray_index_python). I know that I can explicitly check the type of the resource first and then see if the property is set:
    if args.resource_type in ["artifactory:index/localGenericRepository:LocalGenericRepository", ...]:
      if not args.props.get("xrayIndex"):
        report_violation(...)
    However, I was wondering if it would instead be possible to just see if the resource had an
    xrayIndex
    property (without listing out all the resource types explicitly). However, it only appears that I have access to whatever properties happen to have been set on the concrete resource. Since this particular boolean property defaults to
    false
    , this makes any resources that are in violation "invisible" to this kind of checking logic. Is there any way in a policy to see all the possible properties a resource could have, rather than just the ones that have been set on any given instance? After typing this out, I think I may end up sticking with the more explicit approach, but now I'm curious 😅
  • p

    proud-nail-99860

    09/22/2022, 11:32 PM
    Have any of you run into an issue where you use Pulumi to create a GCP project, and it succeeds, but Pulumi hangs forever. Then if you cancel it, on restart, it complains that the project already exists. How do I work around that?
    l
    • 2
    • 4
  • c

    colossal-caravan-76991

    09/23/2022, 9:29 AM
    We'd like to use the official PostgreSQL provider targeting a PG instance within a Kubernetes cluster -- an instance which itself is managed with the Pulumi Kubernetes provider. We'd like to use on-the-fly Kubernetes port forwarding for such a scenario. How would one go about doing this within the same stack? • We're exploring creating a custom provider "based on" the existing one. In simplistic OOP terms we'd "override"/wrap provider methods to set up the port forwarding before the "base class" call and tear it down afterwards. We're using TypeScript. However, it's unclear if there is any SDK to target another resource provider directly, or if the relevant gRPC interface is meant to be used for any other client than the Pulumi engine. • We could use different stacks and leverage the Pulumi automation API (we're already using it for many other scenarios). However in this case this stack boundary doesn't feel right/natural in our architecture. Do you think the scenario is common enough to be addressed in the way we want (one stack), or should we work harder to prove ourselves wrong on this point (justify multiple stacks)? • We could open up direct/public access to the PG instance. It's likely possible to do it sufficiently safely but again it doesn't feel like we'd be doing it for the right reasons. Could we be wrong about that? Thanks for reading, any input/opinions would be greatly appreciated.
    l
    l
    • 3
    • 26
  • c

    clean-salesclerk-32849

    09/23/2022, 8:47 PM
    Does this error mean anything to you?
    > $ pulumi new                                                                                                                                                                                          error: could not get cloud url: could not load current project: 1 error occurred:
    	* #/config: expected string or null, but got object
    I upgraded pulumi and switched to a new network. Any suggestiosn?
    b
    e
    • 3
    • 2
  • l

    late-lizard-19909

    09/23/2022, 8:50 PM
    Looking to create a DNS record on my domain controller (inside an azure VM) for one of my created resources in my Pulumi stack. Anyone have experience doing this?
  • c

    colossal-vr-62639

    09/26/2022, 6:16 AM
    I have a scenario whereby I would like to distinguish my resources per "environment" but also have a stack per set of resources. I was thinking of the following structures •
    my-{pre-prod or prod}-project/{resource-collection}-1
    •
    my-project/{pre-prod or prod}-{resource-collection}-1
    Anyone have any views on this they don't mind sharing?
    e
    • 2
    • 2
  • s

    stocky-father-68249

    09/26/2022, 6:26 AM
    Hey guys. Is there a way how I can turn on canary deployments in ecs using pulumi python?
    e
    • 2
    • 2
  • r

    rhythmic-whale-48997

    09/26/2022, 6:44 AM
    Is there a way to programmatically delete a resource on the stack? For example, I want to spin up and EC2 instance, do some computation and delete this instance when I'm done.
    l
    e
    • 3
    • 8
  • a

    adamant-father-26302

    09/26/2022, 7:28 AM
    ive got a resource that depends on a s3-bucketobject, but when the s3 bucket object changes its content, the resource that depends on it doesnt update. is there a way of fixing that?
    e
    • 2
    • 19
  • p

    proud-art-41399

    09/26/2022, 9:30 AM
    Hi, I'm using Pulumi GitHub Actions during the CI workflow. Recently I wanted to debug an issue and found out that the action doesn't produce any output in the GHA workflow log (see the screenshot). The
    pulumi/actions@v3
    parameters are as follows:
    with:
        command: up
        refresh: true
        stack-name: ***
        work-dir: infra
        cloud-url: s3://***
        comment-on-pr: false
        github-token: ***
        parallel: 2147483647
        target-dependents: false
        upsert: false
        edit-pr-comment: true
        pulumi-version: ^3
        color: auto
      env:
        AWS_DEFAULT_REGION: ***
        AWS_REGION: ***
        AWS_ACCESS_KEY_ID: ***
        AWS_SECRET_ACCESS_KEY: ***
        AWS_SESSION_TOKEN: ***
        pythonLocation: /opt/hostedtoolcache/Python/3.8.13/x64
        PKG_CONFIG_PATH: /opt/hostedtoolcache/Python/3.8.13/x64/lib/pkgconfig
        Python_ROOT_DIR: /opt/hostedtoolcache/Python/3.8.13/x64
        Python2_ROOT_DIR: /opt/hostedtoolcache/Python/3.8.13/x64
        Python3_ROOT_DIR: /opt/hostedtoolcache/Python/3.8.13/x64
        LD_LIBRARY_PATH: /opt/hostedtoolcache/Python/3.8.13/x64/lib
        PULUMI_CONFIG_PASSPHRASE: ***
    I was able to track this down to happen somewhere between Pulumi CLI v3.39.1 (produces output) and v3.39.3 (doesn't produce output). I looked at release notes (https://github.com/pulumi/pulumi/releases) but couldn't find anything relevant. It happens both for Pulumi programs written in Python and TypeScript, if that is important. Anyone has a clue what to try next?
    b
    • 2
    • 3
  • g

    gorgeous-accountant-60580

    09/26/2022, 10:17 AM
    I’m seeing an issue where, if we get an error from upstream (Google Cloud Platform in this case), the resource we’re trying to create isn’t fully added to our stack. There’s a reference to the resource in the stack, but it seems incomplete, presumably because creation didn’t complete. We’re creating Cloud SQL instances, and we add a randomized suffix to the name to avoid collisions, and the effect that we’re seeing is that we create a new Cloud SQL instance on the next attempt at upping the stack. What’s the recommended way to deal with this error mode?
  • c

    colossal-vr-62639

    09/26/2022, 12:48 PM
    When issuing
    pulumi stack init
    on an existing stack, is there a way to ignore the fact that it already exists? Use case: Looking at a way to create stacks on the fly without needing to do a lookup of sorts before issuing an
    init
    .
    c
    s
    • 3
    • 6
  • l

    lively-crayon-44649

    09/26/2022, 12:57 PM
    Suppose I want to re-execute a
    local.Command
    every time a set of files on the local filesystem changes. I think this is the use of the
    triggers
    argument to
    local.Command
    , but am wondering what the best thing to pass here is. It is a hash of the files that I construct myself? I was hoping Pulumi would have something here, but the asset and archive classes for instance don't appear to expose any methods or paths in that vein. All suggestions welcome!
    e
    s
    • 3
    • 4
  • f

    future-window-78560

    09/26/2022, 5:25 PM
    Hello Team, 1. Can we use same bucket name in different accounts For eg#
    bucket01
    in
    <mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>
    and
    bucket01
    in
    <mailto:gcpacc22@gmail.com|gcpacc22@gmail.com>
    especially when
    <mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>
    is deleted I get this error so I have to change the bucket name in the script every time which is a manual step in the automation process and we need to avoid that
    googleapi: Error 409: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again., conflict
    ----------------------------------------------- Also, Team!! 2. We need to know if creating a new GCP project is possible without specifying any project_ID in the pulumi script? Our purpose is to have a console-free IAC which is possible through pulumi but we have to create a GCP project manually first because we need a project ID as input for creating a new GCP project.
    b
    • 2
    • 2
  • s

    steep-lock-88842

    09/26/2022, 9:33 PM
    hey guys, is there any way to get a reference of the user/serviceaccount that is running the pulumi command? I’m trying to create a
    GCP CloudRun
    service, but as specified in the docs, unless you specify a
    ServiceTemplateSpec serviceAccountName
    it will use the default cloud engine service account which has Editor permissions and therefore gets a permission denied on SecretManager resources for example. I’m setting my service account credentials in my stack config file through the
    gcp:credentials
    value. Any help or tips would be greatly appreciated!
    l
    • 2
    • 2
  • f

    future-barista-4090

    09/27/2022, 7:22 AM
    Hey everyone, I've been helping a startup in the developer-first security niche (JIT, workOS, skyflow), and I'm looking to talk to developers about product security. I won't take more than 10 minutes of your time, let me know what you need in return.
  • r

    rhythmic-branch-12845

    09/27/2022, 9:55 AM
    hi does anybody know why when I do a
    pulumi up -r
    , I keep seeing “diffs”, even if nothing has changed in the underlying infrastructure?
    Previewing update (dev)
    
    View Live: <https://app.pulumi.com/><redacted>/<proj>/dev/previews/<id>
    
         Type                       Name        Plan     Info
         pulumi:pulumi:Stack        proj-dev
         ├─ aws:ec2:LaunchTemplate  aaaaa                [diff: ~vpcSecurityGroupIds]
         ├─ aws:lb:TargetGroup      api
         ├─ aws:autoscaling:Group   aaaaa                [diff: ~launchTemplate,vpcZoneIdentifiers]
         ├─ aws:ec2:LaunchTemplate  api                  [diff: ~vpcSecurityGroupIds]
         ├─ aws:lb:TargetGroup      aaaaa
         └─ aws:autoscaling:Group   api                  [diff: ~launchTemplate,vpcZoneIdentifiers]
    
    Resources:
        7 unchanged
    When I select
    details
    , I get this:
    Do you want to perform this update? details
      pulumi:pulumi:Stack: (same)
        [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
    ~ pulumi:pulumi:Stack: (refresh)
        [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
        ~ aws:autoscaling/group:Group: (refresh)
            [id=api]
            [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::api]
            [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
        ~ aws:autoscaling/group:Group: (refresh)
            [id=aaaaa]
            [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::aaaaa]
            [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
        ~ aws:lb/targetGroup:TargetGroup: (refresh)
            [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/aaaaa/8e2bbbab0efedbad]
            [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::aaaaa]
            [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
        ~ aws:lb/targetGroup:TargetGroup: (refresh)
            [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/api/df555747b8eaeb92]
            [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::api]
            [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
        ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
            [id=lt-09afb8d3b2f6ae9ac]
            [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::aaaaa]
            [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
        ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
            [id=lt-0b38e76b0e7b3a1e9]
            [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::api]
            [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    l
    e
    • 3
    • 14
  • s

    swift-apple-16812

    09/27/2022, 11:42 AM
    Hi. (I've tried googling, but I felt I need to look for help here, so perhaps docs need to be clearer on this.) I have a (Python) program with a bunch of imported (AWS) resources, but my plan is to make this a template, so I can create and destroy these at will. The problem I have is that if I start with a clean slate, (no stack state file) then • I can't use
    pulumi stack import
    , because I don't have a stack state file like that, • I can't use
    pulumi up
    , because that wants to create things that already exist, • I can't use
    pulumi refresh
    , because it (apparently) doesn't care what I've declared, only what's in the stack state file. • I refuse to believe that the idea is to manually import each resource again, like a peasant. I should also point out that it would be nice if nomenclature and docs could be clearer on what's a resource in a program, in a stack state and with the actual cloud provider, at least two of these are very different, right?
    l
    e
    • 3
    • 44
  • c

    clean-football-9795

    09/27/2022, 11:57 AM
    Hi folks, can I use the pulumi-cloudflare SDK without using pulumi CLI? I.e.. can I call the SDK functions directly from app code?
    l
    • 2
    • 2
Powered by Linen
Title
c

clean-football-9795

09/27/2022, 11:57 AM
Hi folks, can I use the pulumi-cloudflare SDK without using pulumi CLI? I.e.. can I call the SDK functions directly from app code?
l

limited-rainbow-51650

09/27/2022, 12:05 PM
You can’t use our SDKs without our engine. If you look at our Architecture, our SDKs which run in the language host, talk to the engine to signal which resources need to be there. It is our engine which calculates if the resource was already created in a previous run or not. When not yet created, the engine talks to the providers to really create the resource(s). More on how these parts work together can be found in my blog article of last week. Still, that doesn’t prevent you from using Pulumi from our own app code. You can embed our Automation API inside your app, combined with an inline program. See the
Inline Program
examples here: https://github.com/pulumi/automation-api-examples
c

clean-football-9795

09/27/2022, 3:11 PM
Thanks. Super helpful Ringo!
View count: 2