I have one weird type conversion when using Pulumi stack references. An example with some anonymization of the code: In stack A I have:

const a_secrets: pulumi.Output<pulumi.Output<string>[]>

...and:

pulumi stack output --stack A/infra/kari --show-secrets --json | jq '.a_secrets'
[
  "this-is-secret-from-a-8929c229"
]

So,

a_secrets

is of type (I'm using Typescript):

const a_secrets: *pulumi*.*Output*<*pulumi*.*Output*<string>[]>

Then I use stack A in stack B:

const a_secrets = stackA.requireOutput("a_secrets") as pulumi.Output<pulumi.Output<string>[]>;

a_secrets.apply(a => {
  console.log(`****************************`);
  console.log(`typeof: ${typeof(a)}`);
  console.log(`json: ${JSON.stringify(a)}`);
})

=> output:

****************************
typeof: object
json: {"XXXXXXXX93072939515e22adb298388d":"XXXXXXXX64138c4ac30d75fd1eb44270","value":["this-is-secret-from-a-8929c229"]}

So, what I would expect in the stack B side for the type of

a_secrets

to be is the same

pulumi.Output<pulumi.Output<string>[]>

, but the type is

{string: string, "value": [string]}

and therefore I need to do this clumsy type conversion later on when I want to use that array:

type a_type = {string: string, "value": [string]};
...
  secrets: a_secrets.apply(a => {
    // NOTE: Ugly! Why cannot we use the type that the stack A is supposed to return?
    const secrets_array = a as unknown as pulumi.Output<a_type>;
    return secrets_array["value"];
  }),

When running

pulumi up

I see in the output:

a_secrets: [secret]

. Perhaps this has something to do with this weird type conversion? I have dependency

"@pulumi/pulumi": "^3.42.0"

in my Pulumi / Typescript and I'm using

Pulumi cli v3.42.0

on Ubuntu 2022, and the infrastructure gets created in GCP and we are using Pulumi Service to store the stacks. Any idea if I'm missing something here? Any help would be appreciated (🧵).

Hello, I'm looking at authoring a package. In CDK I have to write it in TypeScript, if I want all the other languages to make use of it. Is there a similar concept in Pulumi or do Packages (component resources right now) have to exist in all the languages that want to use it?

my suspicion here is that the coredns deployment never starts because it’s not tolerating the fargate nodes

Hi, Trying to create a Snowflake table with clustering and getting an error:

Table(resource_name=name,
                 name=name,
                 database=schema.database,
                 schema=schema.name,
                 comment=comment,
                 cluster_bies=[to_date("dw_created_at)"],
                 data_retention_days=schema.data_retention_days,
                 change_tracking=False,
                 columns=[
                     snowflake.TableColumnArgs(
                         name="data",
                         type="VARIANT",
                         nullable=False,
                     ),
                     snowflake.TableColumnArgs(
                         name="dw_created_at",
                         type="TIMESTAMP_LTZ",
                         nullable=False,
                         default=TableColumnDefaultArgs(expression="current_timestamp()")
                     ),
                 ],
                 opts=ResourceOptions(provider=provider))

error:

000904 (42000): SQL compilation error: error line 1 at position 65
    invalid identifier 'DW_CREATED_AT'

This is what I’m seeing in query history:

ALTER TABLE "DEV_DB"."STAGING"."gu" CLUSTER BY LINEAR(dw_created_at)

Anybody seen this error?

Hey everyone, I’m trying to build a strongDM terraform-bridge by using the boilerplate template. I’m getting the following error when I try to run

go mod tidy

go: finding module for package <http://github.com/hashicorp/terraform-exec/tfinstall|github.com/hashicorp/terraform-exec/tfinstall>
<http://github.com/myorg/pulumi-sdm/provider|github.com/myorg/pulumi-sdm/provider> imports
        <http://github.com/strongdm/terraform-provider-sdm/sdm|github.com/strongdm/terraform-provider-sdm/sdm> tested by
        <http://github.com/strongdm/terraform-provider-sdm/sdm.test|github.com/strongdm/terraform-provider-sdm/sdm.test> imports
        <http://github.com/hashicorp/terraform-plugin-sdk/helper/resource|github.com/hashicorp/terraform-plugin-sdk/helper/resource> imports
        <http://github.com/hashicorp/terraform-plugin-test/v2|github.com/hashicorp/terraform-plugin-test/v2> imports
        <http://github.com/hashicorp/terraform-exec/tfinstall|github.com/hashicorp/terraform-exec/tfinstall>: module <http://github.com/hashicorp/terraform-exec@latest|github.com/hashicorp/terraform-exec@latest> found (v0.17.3), but does not contain package <http://github.com/hashicorp/terraform-exec/tfinstall|github.com/hashicorp/terraform-exec/tfinstall>

I went through some of the old PRs and re-added this line to

go.mod

<http://github.com/hashicorp/terraform-exec|github.com/hashicorp/terraform-exec> => <http://github.com/hashicorp/terraform-exec|github.com/hashicorp/terraform-exec> v0.15.0

and then

go mod tidy

works. Although, after doing that, I tried to run

make tfgen

and it fails with

no required module provides package <http://github.com/myorg/pulumi-sdm/provider/cmd/pulumi-tfgen-sdm;|github.com/myorg/pulumi-sdm/provider/cmd/pulumi-tfgen-sdm;> to add it:
        go get <http://github.com/myorg/pulumi-sdm/provider/cmd/pulumi-tfgen-sdm|github.com/myorg/pulumi-sdm/provider/cmd/pulumi-tfgen-sdm>

This is probably a mixture of misunderstanding on my part and a dependency issue. I’d love some help/input if anyone has any ideas.

Is there a way to reproduce the behaviour of Random for my own custom resources? I have a generated value that i later store in Vault but that i never want to regenerate. So how do i prevent

generateValue

to run on next runs?

export class Example extends ComponentResource {

  constructor(name: string, opts?: ComponentResourceOptions) {
    super('example', name, {}, opts);

    const generated = somelib.generateValue();

    new Secret(
      name,
      {
        path: `somepath/${name}`,
        dataJson: 
          JSON.stringify(generated)
        
      },
      { parent: this, ignoreChanges: ['*'], protect: true }
    );
  }
}

Hi people. How do you do when you create a Security Group and then a Kubernetes service of type load balancer?. The service usually appends some rules to the security group on AWS therefore the state will change and once we want to run

pulumi up

it will diff from previous state and try to replace the new rules appended by the kubernetes service. How do you deal with that?

Hey, I guess I'm doing something wrong. 1. I create an eks cluster

LOL ... and that's the mistake 🙂

(second try) I'm trying to deploy a chart to a cluster I created in the same stack. pulumi doesn't use the provider or at least I would expect that telling

k8s.helm.v3.Chart

about the provider being the one I create it uses the kubeconfig from that provider. Is that way off?

import * as k8s from "@pulumi/kubernetes";

const k8sProvider = new k8s.Provider('k8s-cluster',
    {
        cluster: pulumi.interpolate`${cluster}`,
        // kubeconfig: cluster.kubeconfig,
    },
    {
        parent: cluster
    })
const karpenterNamespace = new k8s.core.v1.Namespace('karpenter', {},
    {
        parent: k8sProvider
    })

const nginxIngress = new k8s.helm.v3.Chart("nginx-ingress",
    {
        path: "./vendor/karpenter/charts/karpenter",

        namespace: pulumi.interpolate`${karpenterNamespace}`,
        values: {
            controller: {
                env: [
                    {
                        name: "AWS_REGION",
                        value: "eu-west-1",
                    }
                ]
            }
        }
    },
    {
        provider: k8sProvider,
        parent: karpenterNamespace
    });

But this bails out + there are a million other resource definitions from the chart that complain, rightly so -- my local kubeconfig doesn't even know about the cluster and I don't see a reason why it should:

Diagnostics:
  pulumi:pulumi:Stack (pulumi-eks-karpenter-dev):
    error: update failed
    error: Running program 'C:\Users\marti\src\pulumi-eks-karpenter' failed with an unhandled exception:
    Error: invocation of aws:ssm/getParameter:getParameter returned an error: error reading from server: read tcp 127.0.0.1:55120->127.0.0.1:55117: use of closed network connection
        at Object.callback (C:\Users\marti\src\pulumi-eks-karpenter\node_modules\@pulumi\runtime\invoke.ts:159:33)
        at Object.onReceiveStatus (C:\Users\marti\src\pulumi-eks-karpenter\node_modules\@grpc\grpc-js\src\client.ts:338:26)
        at Object.onReceiveStatus (C:\Users\marti\src\pulumi-eks-karpenter\node_modules\@grpc\grpc-js\src\client-interceptors.ts:426:34)
        at Object.onReceiveStatus (C:\Users\marti\src\pulumi-eks-karpenter\node_modules\@grpc\grpc-js\src\client-interceptors.ts:389:48)
        at C:\Users\marti\src\pulumi-eks-karpenter\node_modules\@grpc\grpc-js\src\call-stream.ts:276:24
        at processTicksAndRejections (node:internal/process/task_queues:78:11)

  kubernetes:<http://rbac.authorization.k8s.io/v1:ClusterRole|rbac.authorization.k8s.io/v1:ClusterRole> (nginx-ingress-karpenter-admin):
    error: configured Kubernetes cluster is unreachable: unable to load Kubernetes client configuration from kubeconfig file. Make sure you have:

         ΓÇó set up the provider as per <https://www.pulumi.com/registry/packages/kubernetes/installation-configuration/>

     cluster "[object Object]" does not exist

Hey guys , I am using pulumi service as a backend in my gitlab CI/CD pipeline. I can see resources on pulumi website and but on aws console they not appearing. please help if you have any idea.

Hey guys I am tring to refresh a stack that is hosted in pulumi service using my cli. I keep logging in using

pulumi login

and then paste my Access token , but when I list the stacks nothing shows up. Even after doing this is a folder with a Pulumi.yaml file, I can't refresh my remote stack

Hi folks, I am having this issue: (Pulumi can't access VPN URLs) https://github.com/pulumi/pulumi/issues/4739. VPN DNS resolution problem on MacOSX. Is anyone else dealing with this. Any suggestions on workarounds?

Good day everyone! I personally find yandex-cloud provider (last published Feb 2022) a little bit outdated, namely, missing OneToOneNat resource (found in terraform counterpart). Is this going to be updated anytime soon? Or how may I help this (though being a beginner in Pulumi)? Thanks in advance!

Is there a wait to make

<http://pulumi.com/skipAwait|pulumi.com/skipAwait>

to

True

as the default in all kubernetes resources?

Hey hope you all doing well. Looking for some guidance regarding error handling. So far my experience is that there is no easy way to do

try ...catch

or

promis.catch()

What are the options? The goals that I am chasing => have clean granular exception messages.

Hello. I'm trying to add a Lifecycle Rule to a S3 bucket that includes a minimum file size directive. I've review this doc, but don't see what the param name would be. Is minimum object even supported?

Is there a way to constrain the organization(s) to which a stack may be deployed? We want to prevent leaking of company secrets into developers' accounts.

Hello there, Anyone else struggle with same problem as https://github.com/pulumi/pulumi-mysql/issues/98#issuecomment-1023148644 ? When you use

mysqlProvider, err := mysql.NewProvider(ctx, "mysql", &mysql.ProviderArgs{
	Endpoint: mysqlCfg.Host,
	Username: mysqlCfg.User,
	Password: mysqlCfg.Password,
})
if err != nil {
	return err
}

_, err = mysql.NewDatabase(ctx, "test", &mysql.DatabaseArgs{
	Name: pulumi.String("test"),
}, pulumi.Provider(mysqlProvider))
if err != nil {
	return err
}

pulumi output is

error: could not validate provider configuration: 1 error occurred:
    	* invalid value for proxy (The proxy URL is not a valid socks url.)

Hey guys, I'm trying to write a native provider for Pulumi, but when running through the README I'm running into an issue with it finding the plugin locally, I've created an issue here https://github.com/pulumi/pulumi-provider-boilerplate/issues/45

Hello Team, I'm building a Pulumi provider using the Terraform boilerplate, and got everything working so far except for the docs. The documentation is in the terraform porvider's docs folder in github (under docs/resources/resource_name.md, just like most other terraform providers), but I get this mapping error for all of my resources: "warning: could not find docs for resource "resource_name''. Override the Docs property in the data source mapping. See type tfbridge.DocInfo for details." Any ideas on what I'm missing here and/or what could I do to fix this? I have tried adding the following to the DocInfo mapping: Docs: &tfbridge.DocInfo{Source: ""}, however I have no clue what the format of the source string should be here and what should it contain.

How do I get more information what's actually wrong than this?

error: could not validate provider configuration: 1 error occurred:
  	* Invalid or unknown key
...
debug: AWS Auth provider used: "StaticProvider"
debug: registering resource: ty=pulumi:pulumi:Stack, name=saas-python-local, custom=False, remote=False
warning: provider config warning: Argument is deprecated
...
error Command failed with exit code 255.

Running

pulumi up -d -v 3

but it gives me no information what attribute is deprecated or what key is invalid

Hey, I have problem with update docker in ECS Fargate. I keep docker images in github registry, my fargate definitions

return new awsx.ecs.FargateService(`${getConfigValue(config, 'name')}-service`, {
        cluster: cluster,
        securityGroups: cluster.securityGroups,
        forceNewDeployment: true,
        assignPublicIp: false,
        taskDefinitionArgs: {
            containers: {
                migrations: {
                    image: containerImage,
                    essential: false,
                    memory: 512,
                    cpu: 1024,
                    environment: environment,
                    repositoryCredentials: {
                        credentialsParameter: credentialsParameter
                    },
                    command: [
                        'npm',
                        'run',
                        'migrate:deploy'
                    ]
                },
                seed: {
                    dependsOn: [ {
                        containerName: 'migrations',
                        condition: 'SUCCESS'
                    }],
                    image: containerImage,
                    essential: false,
                    memory: 512,
                    cpu: 1024,
                    environment: environment,
                    repositoryCredentials: {
                        credentialsParameter: credentialsParameter
                    },
                    command: [
                        'npm',
                        'run',
                        'prisma:seed'
                    ]
                },
                application: {
                    dependsOn: [ {
                        containerName: 'seed',
                        condition: 'SUCCESS'
                    }],
                    image: containerImage,
                    memory: parseInt(getConfigValue(config, 'aws-fargate-memory')),
                    cpu: parseInt(getConfigValue(config, 'aws-fargate-cpu')),
                    environment: environment,
                    portMappings: [ applicationListener ],
                    repositoryCredentials: {
                        credentialsParameter: credentialsParameter
                    },
                },
            },
            executionRole: createSercretCredientialsForGithubRegistry(config)
        },
        desiredCount: 1,
        deploymentMinimumHealthyPercent: 50,
        deploymentMaximumPercent: 200
    });

but, when i trying make "pulumi up" to deploy new service, pulumi dont do anything

Previewing update (xxxx)

View Live: ....

     Type                 Name                     Plan
     pulumi:pulumi:Stack  XXX-api-stage

Resources:
    77 unchanged

Do you want to perform this update?  [Use arrows to move, enter to select, type to filter]
  yes
> no
  details

hi folks, I’m looking to lint my stack yamls to ensure any configuration option added to a stack yaml also exists in the main project yaml, this is so future stacks don’t forget to include that configuration option has such a tool exists already? is anyone else following the same (somewhat pedantic) procedure? 🙂

I am making a stack of vpc then eks cluster then install helm charts. It messed up at some point, i manually deleted some resources and now pulumi destroy doesn't work, pulumi up doesn't work, i don't understand how pulumi state edit works - it seems to be a tangled mess of dependencies that are impossible to navigate. What should I do? The infra is not in production so I can delete anything

here's some output

Do you want to perform this destroy? yes Destroying (dev) View Live: https://app.pulumi.com/vorsprung/infrak8/dev/updates/50 Type Name Status Info pulumi😛ulumi:Stack infrak8-dev failed 1 error - └─ kubernetes:core/v1:ConfigMap ja-cluster-nodeAccess deleting failed 1 error Diagnostics: kubernetes:core/v1:ConfigMap (ja-cluster-nodeAccess): error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp: lookup 9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com on 192.168.178.1:53: no such host If the cluster has been deleted, you can edit the pulumi state to remove this resource pulumi😛ulumi:Stack (infrak8-dev): error: update failed Resources: Duration: 3s jamess-MBP:pulumi jamesandrews$

and here's an attempt to "edit the pulumi state to remove this resource"

jamess-MBP:pulumi jamesandrews$ pulumi state delete 'urn😛ulumi:dev::infrak8::eks:index:Cluster$aws:eks/cluster:Cluster::ja-cluster-eksCluster' warning: This command will edit your stack's state directly. Confirm? Yes error: This resource can't be safely deleted because the following resources depend on it: * "ja-cluster-eks-k8s" (urn😛ulumi:dev::infrak8::eks:index:Cluster$pulumi😛roviders:kubernetes::ja-cluster-eks-k8s) * "ja-cluster-nodeAccess" (urn😛ulumi:dev::infrak8::eks:index:Cluster$kubernetes:core/v1:ConfigMap::ja-cluster-nodeAccess) Delete those resources first before deleting this one. jamess-MBP:pulumi jamesandrews$ pulumi destroy -t 'urn😛ulumi:dev::infrak8::eks:index:Cluster$pulumi😛roviders:kubernetes::ja-cluster-eks-k8s' -t 'urn😛ulumi:dev::infrak8::eks:index:Cluster$kubernetes:core/v1:ConfigMap::ja-cluster-nodeAccess' Previewing destroy (dev) View Live: https://app.pulumi.com/vorsprung/infrak8/dev/previews/46a872a4-03f0-4181-8e55-77c919d2b6e9 Type Name Plan pulumi😛ulumi:Stack infrak8-dev - ├─ kubernetes:core/v1:ConfigMap ja-cluster-nodeAccess delete - └─ pulumi😛roviders:kubernetes ja-cluster-eks-k8s delete Resources: - 2 to delete Do you want to perform this destroy? yes Destroying (dev) View Live: https://app.pulumi.com/vorsprung/infrak8/dev/updates/51 Type Name Status Info pulumi😛ulumi:Stack infrak8-dev failed 1 error - └─ kubernetes:core/v1:ConfigMap ja-cluster-nodeAccess deleting failed 1 error Diagnostics: pulumi😛ulumi:Stack (infrak8-dev): error: update failed kubernetes:core/v1:ConfigMap (ja-cluster-nodeAccess): error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com/openapi/v2?timeout=32s": dial tcp: lookup 9CA4A885172974CEB5079C793D4A07AD.gr7.us-east-1.eks.amazonaws.com on 192.168.178.1:53: no such host If the cluster has been deleted, you can edit the pulumi state to remove this resource Resources: