Hello Team, 1. Can we use same bucket name in different accounts For eg#

bucket01

in

<mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>

and

bucket01

in

<mailto:gcpacc22@gmail.com|gcpacc22@gmail.com>

especially when

<mailto:gcpacc11@gmail.com|gcpacc11@gmail.com>

is deleted I get this error so I have to change the bucket name in the script every time which is a manual step in the automation process and we need to avoid that

googleapi: Error 409: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again., conflict

----------------------------------------------- Also, Team!! 2. We need to know if creating a new GCP project is possible without specifying any project_ID in the pulumi script? Our purpose is to have a console-free IAC which is possible through pulumi but we have to create a GCP project manually first because we need a project ID as input for creating a new GCP project.

hey guys, is there any way to get a reference of the user/serviceaccount that is running the pulumi command? I’m trying to create a

GCP CloudRun

service, but as specified in the docs, unless you specify a

ServiceTemplateSpec serviceAccountName

it will use the default cloud engine service account which has Editor permissions and therefore gets a permission denied on SecretManager resources for example. I’m setting my service account credentials in my stack config file through the

gcp:credentials

value. Any help or tips would be greatly appreciated!

Hey everyone, I've been helping a startup in the developer-first security niche (JIT, workOS, skyflow), and I'm looking to talk to developers about product security. I won't take more than 10 minutes of your time, let me know what you need in return.

hi does anybody know why when I do a

pulumi up -r

, I keep seeing “diffs”, even if nothing has changed in the underlying infrastructure?

Previewing update (dev)

View Live: <https://app.pulumi.com/><redacted>/<proj>/dev/previews/<id>

     Type                       Name        Plan     Info
     pulumi:pulumi:Stack        proj-dev
     ├─ aws:ec2:LaunchTemplate  aaaaa                [diff: ~vpcSecurityGroupIds]
     ├─ aws:lb:TargetGroup      api
     ├─ aws:autoscaling:Group   aaaaa                [diff: ~launchTemplate,vpcZoneIdentifiers]
     ├─ aws:ec2:LaunchTemplate  api                  [diff: ~vpcSecurityGroupIds]
     ├─ aws:lb:TargetGroup      aaaaa
     └─ aws:autoscaling:Group   api                  [diff: ~launchTemplate,vpcZoneIdentifiers]

Resources:
    7 unchanged

When I select

details

, I get this:

Do you want to perform this update? details
  pulumi:pulumi:Stack: (same)
    [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
~ pulumi:pulumi:Stack: (refresh)
    [urn=urn:pulumi:dev::proj::pulumi:pulumi:Stack::proj-dev]
    ~ aws:autoscaling/group:Group: (refresh)
        [id=api]
        [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:autoscaling/group:Group: (refresh)
        [id=aaaaa]
        [urn=urn:pulumi:dev::proj::aws:autoscaling/group:Group::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:lb/targetGroup:TargetGroup: (refresh)
        [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/aaaaa/8e2bbbab0efedbad]
        [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:lb/targetGroup:TargetGroup: (refresh)
        [id=arn:aws:elasticloadbalancing:ap-southeast-1:<aws_id>:targetgroup/api/df555747b8eaeb92]
        [urn=urn:pulumi:dev::proj::aws:lb/targetGroup:TargetGroup::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
        [id=lt-09afb8d3b2f6ae9ac]
        [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::aaaaa]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]
    ~ aws:ec2/launchTemplate:LaunchTemplate: (refresh)
        [id=lt-0b38e76b0e7b3a1e9]
        [urn=urn:pulumi:dev::proj::aws:ec2/launchTemplate:LaunchTemplate::api]
        [provider=urn:pulumi:dev::proj::pulumi:providers:aws::default_5_10_0::ec8eab8a-ed6a-4102-ba45-8538c78b7cf8]

Hi. (I've tried googling, but I felt I need to look for help here, so perhaps docs need to be clearer on this.) I have a (Python) program with a bunch of imported (AWS) resources, but my plan is to make this a template, so I can create and destroy these at will. The problem I have is that if I start with a clean slate, (no stack state file) then • I can't use

pulumi stack import

, because I don't have a stack state file like that, • I can't use

pulumi up

, because that wants to create things that already exist, • I can't use

pulumi refresh

, because it (apparently) doesn't care what I've declared, only what's in the stack state file. • I refuse to believe that the idea is to manually import each resource again, like a peasant. I should also point out that it would be nice if nomenclature and docs could be clearer on what's a resource in a program, in a stack state and with the actual cloud provider, at least two of these are very different, right?

Hi folks, can I use the pulumi-cloudflare SDK without using pulumi CLI? I.e.. can I call the SDK functions directly from app code?

is it possible to delete the logs for an "activity"? I want a way to clean up potential secrets that might have been printed.

Hello, Could you please tell - is it possible to use async in custom provider written in python? Thank you

Based on this snippet it looks like it is not possible

Hey, when I upgraded to the new Pulumi, I started getting this error message - any ideas why?

> $ pulumi up                                                                    ⬡ 16.17.0 [±feature-new-pulumi-load-balancer ●▴]
error: could not get cloud url: could not load current project: 1 error occurred:
	* #/config: expected string or null, but got object

> $ pulumi logout                                                                ⬡ 16.17.0 [±feature-new-pulumi-load-balancer ●▴]
error: could not determine current cloud: could not load current project: 1 error occurred:
	* #/config: expected string or null, but got object

> $ pulumi login                                                                 ⬡ 16.17.0 [±feature-new-pulumi-load-balancer ●▴]
error: could not determine current cloud: could not load current project: 1 error occurred:
	* #/config: expected string or null, but got object

Question for the group, does anyone have an example of setting up cross-account with delegated DNS to child accounts? Main account has mydomain.com, dev account has dev.mydomain.com ?

I'm sure this comes up a lot: Anyone know a 1- or 2 liner I can use in typescript to verify an account id just before the plan runs? i'm already getting the account id via a getter/waiter in most of my index files?. There's been a few times now were I've created a few resources I have to go cleanup because I'm on the wrong aws cli profile 😓

const account = aws.getCallerIdentity({});
const accountId = pulumi.output(account).apply(acc => `${acc.accountId}`);

Seems like checking that account id against a config value would do it but it's not that straight forward with how pulumi plans

Is there any tooling available to help me visualise/understand the resource dependencies, resource provisioning time, and actual vs max parallelisation of a

pulumi up

? I'm looking to understand if there's potential improvements that could be made anywhere through the whole stack.

Is there an Azure Native way to get a role definition by name?

Could someone please explain the difference between calling pulumi.invokeOptions vs pulumi.resourceOptions on a given resource. They seem to be interchangeable but in some scenarios resourceOptions gives a merge exception. I’m not sure where one should be used over the other? thanks in advance 🙏

Hi i'm trying to import an existing Event hub Cluster in Azure. But geting allways same error imputs no match with the resource . Using the same program to create a new cluster works. and i see no diference in the ARM Templates for the 2 clusters. This is my program. Can someone help me understand this error and where it's not working.

def import_cluster(self) -> None:
        """
        Import an event hub cluster.
        Args:
        Returns:
          None
        """
        cluster_name = environment_variables.CLUSTER_NAME
        cluster_id_import = '/subscriptions/' + self.eh_subscription_id + '/resourceGroups/' + self.eh_rg + '/providers/Microsoft.EventHub/clusters/' + cluster_name
        azure_native.eventhub.Cluster(
            resource_name=cluster_name,
            cluster_name=cluster_name,
            location='West Europe',
            resource_group_name='streamming-pulumi-poc',
            sku=azure_native.eventhub.ClusterSkuArgs(
                capacity=1,
                name="Dedicated",
            ),
            tags={
            },
            opts=pulumi.ResourceOptions(import_=cluster_id_import)
        )

I'm getting an error running pulumi up

Error building AzureAD Client: Error populating Client ID from the Azure CLI: No Authorization Tokens were found - please ensure the Azure CLI is installed and then log-in with `az login`.

I have latest azure CLI and pulumi installed and have run az login. Any ideas what is going on here?

hi, i'm using

aws.glue.CatalogTableStorageDescriptorArgs

to manage Glue tables. i'm facing something strange - without changing code at all,

pulumi up

always tries to update the table.

pulumi preview --diff

does some something new.

is this a known issue or a bug?

hi, I'm a complete pulumi noob. my initial goal is to create just a vpc using a specific aws profile from my aws credentials file. I have so far: - created a new directory - run 'pulumi new' , and chosen aws-python - taken the following code from the 'setting up a new vpc' part of the pulumi getting started section of their website: import pulumi import pulumi_awsx as awsx vpc = awsx.ec2.Vpc("custom") pulumi.export("vpcId", vpc.vpc_id) pulumi.export("publicSubnetIds", vpc.public_subnet_ids) pulumi.export("privateSubnetIds", vpc.private_subnet_ids) - replaced the default code in the '__main__.py' file with the above code - added the following line to Pulumi.<stackname>.yaml: awsprofile dev-account When I try to run: 'pulumi up' I'm getting the error: ModuleNotFoundError: No module named 'pulumi_awsx' I then executed: 'pip install pulumi_awsx' This installed the module. When I tried to run 'pulumi up' again I experienced the same error What am I missing? (doing this on a windows machine btw)

@brash-restaurant-84207 you might try

./venv/bin/pip install ...

@lively-france-83054 does that assume I'm using virtual environment?

I feel I've come across this kind of deadlock issue before, in another project. Is there a way that Pulumi could surface circular dependencies that cause this kind of deadlock?

Can someone tell me how I can detect, in my index.ts file, whether it's being run as the first step or the second "yes'ed" step

I couldn't find how to get the user name (the name of the entity who executed the

pulumi up

command, namely the CLI identity..) I found

GetCallerIdentity.InvokeAsync().GetAwaiter().GetResult().UserId

, but couldn't find the actual user's name. I want to add a transformation that adds a

by

tag with the executor name. Any idea how to do so in C# and AWS?

Hi folks, I'm facing a problem with pulumi's kubernetes NamespacePatch resource. Whenever I'm using it to patch an existing namespace, pulumi will fail, telling me that this resource already exists. This seems to be the whole point of that resource, to be applied if the namespace does already exist. The namespace to be mutated is created by the same provider. If I use the NamespacePatch for a namespace name that does not exist already, this namespace is created by it. Maybe anybody got an idea what I'm doing wrong here?

the examples for AWS certification validations https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificatevalidation/ assume that only a single domain validation output is returned; however in practice AWS can return more than 1 (as described by https://pkg.go.dev/github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm#CertificateOutput.DomainValidationOptions) . so the example code here should be ranging over all of the outputs rather than assume there is only 1. I can't figure out how to get the length of the array without crashing. Example code is:

domainValidationOption := exampleCertificate.DomainValidationOptions.ApplyT(func(options []acm.CertificateDomainValidationOption) interface{} {
            return options[0]
        })

^ DomainValidationOptions type is CertificateDomainValidationOptionArrayOutput which has an Index() method but not an associated Len() method. If I use Index() that exceeds the length of the array I get a pulumi crash:

    goroutine 163 [running]:
    <http://github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm.CertificateDomainValidationOptionArrayOutput.Index.func1({0xc000068da0|github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm.CertificateDomainValidationOptionArrayOutput.Index.func1({0xc000068da0>?, 0xc000052710?, 0x1?})
        /tmp/7bdd55732174400744/vendor/github.com/pulumi/pulumi-aws/sdk/v5/go/aws/acm/pulumiTypes.go:133 +0x8e
    reflect.Value.call({0x123aa40?, 0x1675698?, 0x40efe5?}, {0x160ba84, 0x4}, {0xc000640648, 0x1, 0xc000452480?})
        /snap/go/9952/src/reflect/value.go:556 +0x845
    reflect.Value.Call({0x123aa40?, 0x1675698?, 0x4a75bc?}, {0xc000640648, 0x1, 0x1})
        /snap/go/9952/src/reflect/value.go:339 +0xbf
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.makeContextful.func1(|github.com/pulumi/pulumi/sdk/v3/go/pulumi.makeContextful.func1(>{0xc000640630?, 0x5?, 0x8?})
        /tmp/7bdd55732174400744/vendor/github.com/pulumi/pulumi/sdk/v3/go/pulumi/types.go:384 +0x56
    reflect.Value.call({0xc000401920?, 0xc00028a9c0?, 0x0?}, {0x160ba84, 0x4}, {0xc000404fa0, 0x2, 0x0?})
        /snap/go/9952/src/reflect/value.go:556 +0x845
    reflect.Value.Call({0xc000401920?, 0xc00028a9c0?, 0xc000122000?}, {0xc000404fa0, 0x2, 0x2})
        /snap/go/9952/src/reflect/value.go:339 +0xbf
    <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*OutputState).ApplyTWithContext.func1()|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*OutputState).ApplyTWithContext.func1()>
        /tmp/7bdd55732174400744/vendor/github.com/pulumi/pulumi/sdk/v3/go/pulumi/types.go:507 +0x2f0
    created by <http://github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*OutputState).ApplyTWithContext|github.com/pulumi/pulumi/sdk/v3/go/pulumi.(*OutputState).ApplyTWithContext>
        /tmp/7bdd55732174400744/vendor/github.com/pulumi/pulumi/sdk/v3/go/pulumi/types.go:495 +0x3fb
 
    error: an unhandled error occurred: program exited with non-zero exit code: 2

how are callers supposed to get the length of DomainValidationOptions? followup would be can pulumi update the referenced example code to include this?

Is there a way to determine what kind of operation pulumi is doing when it's running your code? I have an

index.ts

file that pulumi is running but when I do a

pulumi up

I want to know whether the current run of the code is because of

pulumi refresh

or

pulumi deploy

for example

Hi All

I am facing error while creating a deployment in kubernetes:

kubernetes:apps/v1:Deployment (deployment-game):
    error: 4 errors occurred:
    	* the Kubernetes API server reported that "web-infra-ns/deployment-game" failed to fully initialize or become live: 'deployment-game' timed out waiting to be Ready
    	* [MinimumReplicasUnavailable] Deployment does not have minimum availability.
    	* [ProgressDeadlineExceeded] ReplicaSet "deployment-game-589b4c95dd" has timed out progressing.
    	* Minimum number of live Pods was not attained