thousands-pizza-93362
10/25/2022, 11:49 PMastonishing-monitor-79630
10/26/2022, 6:17 AMimport pulumi_snowflake as snowflake
class Snowflake(ComponentResource):
# Select privilege
snowflake.TableGrant(
f"{schema_name}_SCHEMA_TABLE_SELECT_GRANT",
schema_name=schema_name,
roles=all_roles,
privilege="SELECT",
on_future=True,
database_name=database
)
# Update privilege
snowflake.TableGrant(
f"{schema_name}_SCHEMA_TABLE_UPDATE_GRANT",
schema_name=schema_name,
roles=read_write_role_names,
privilege="UPDATE",
on_future=True,
database_name=database
)
However, this poses a problem the future grants will only apply to objects (i.e. tables, views etc.) created after the deployment of the new infra, while existing schema-level objects are not affected. I am thinking the best approach would be to run SQL code like:
import snowflake.connector as sfc
sf_conn = sfc.connect()
with sf_conn.cursor() as cursor:
for role in all_roles:
cursor.execute(f"grant select on all tables in {schema} to role {role})
Would it be possible to configure such “manual” “post-hooks” to be run on each pulumi up
call?famous-receptionist-48776
10/26/2022, 7:38 AMaws:eks:NodeGroup (default):
error: 1 error occurred:
* error creating EKS Node Group (dev-cnn1:default20221014114406636600000007): InvalidParameterException: Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trusionships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
{
RespMetadata: {
StatusCode: 400,
RequestID: "c8d401ae-bc7c-4039-9115-65d848c595d9"
},
ClusterName: "dev-cnn1",
Message_: "Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trust relationships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
NodegroupName: "default20221014114406636600000007"
}
Will you please help to reveiw my PR to fix this ?
https://github.com/pulumi/pulumi-eks/pull/801fancy-xylophone-7581
10/26/2022, 1:01 PMhelpful-memory-76476
10/26/2022, 1:22 PMsalmon-hairdresser-65532
10/26/2022, 1:34 PMalb.createListener("web-listener", port="80)
does not work in Python. How would the example look using Python?
I also tried something like
alb = awsx.lb.ApplicationLoadBalancer("loadBalancer",
name="internet-facing-alb",
security_groups=[security_group_loadbalancer]
listeners=[awsx.lb.ListenerArgs(port="80")]
)
but somehow it seems to me that the Input "listeners" is not known (at least I get
listeners=[awsx.lb.ListenerArgs(port="80")]
^
SyntaxError: invalid syntax
as an error. I'm using version 1.0.0b11 of awsx.flat-umbrella-41594
10/26/2022, 2:05 PMgreen-musician-49057
10/26/2022, 4:04 PMcleanup.policy
via the config
yields this error, with log verbosity set to 11:
I1026 06:38:44.052086 38298 provider_plugin.go:1617] provider received rpc error `Unknown`: `updating urn:pulumi:stack::project::kafka:index/topic:Topic::my.topic.name: 1 error occurred:
* Error waiting for topic (my.topic.name) to become ready: couldn't find resource (21 retries)
We know that the provider is able to communicate with the brokers, and crud operations on ACLs work fine.broad-toddler-72261
10/26/2022, 5:58 PMstraight-arm-50771
10/26/2022, 6:02 PM<https://get.pulumi.com/>
going to pull down v3.44.2
? the fatal error: concurrent map read and map write
has been driving me crazypolite-ocean-13631
10/26/2022, 7:39 PMremote
, which is described in the Python docstring as:
True if this is a remote component resource.What does it mean for something to be a "remote component resource"? I wasn't able to find any Pulumi docs that mention this.
cuddly-magician-97620
10/26/2022, 7:45 PMsteep-toddler-94095
10/26/2022, 9:17 PMpulumi preview
it says there is an update, but then when I view the details there is nothing displayed (as expected because there's not actually any diff). Is this a bug or is this how this package is supposed to work when the` update` parameter is filled out?wet-noon-14291
10/26/2022, 10:02 PMpulumi up
failing by being "killed", it happens my all the time now in one of our projects:
➜ deploy git:(deps/minimist_1.2.7) ✗ pulumi up
View Live: https://.....
[1] 3433262 killed pulumi up
➜ deploy git:(deps/minimist_1.2.7) ✗
clever-rose-11123
10/27/2022, 1:02 AMproud-art-41399
10/27/2022, 7:54 AMinfra
stack which provides basic resources for the rest of the stacks. One example is an ACM certificate which is managed by the infra
stack and used e.g. in an api
stack. Now when I update the infra
stack, it tries to replace the ACM certificate. It creates the new certificate but fails to delete the old one due to ResourceInUseException
exception because the certificate is in use by the resources managed by the api
stack (via a stack reference). I have to deploy the dependant stack so they use the new certificate and then re-redeploy the infra
stack.
Does this have any "standard" solution? I'm thinking of using an S3 bucket notifications which would trigger a Lambda function when the infra
stack (backed by S3 bucket) is updated, which would re-deploy the dependant stacks and then retry the deployment of infra
stack. But maybe there's a more elegant way.bumpy-laptop-30846
10/27/2022, 10:00 AMdamp-honey-93158
10/27/2022, 10:57 AMfierce-engine-31599
10/27/2022, 1:15 PMechoing-boots-57590
10/27/2022, 8:59 PMdamp-honey-93158
10/28/2022, 4:58 AMorange-airport-64592
10/28/2022, 8:17 AMFor those resources manually created in the production environment, I first generate the code throughI did some tests and had the following doubts and uncertainties:. Then, I use the same code but a different state to create resources, and this new state is connected to my new staging environment.pulumi import
I found that these import codes containattributes, andARN
is bound to account information, but even so, most resources can still be created successfully without making any changes, except for S3 buckets, for s3 buckets, I need to modify the bucket name property.ARN
I’m not sure that for these import codes which attributes I can modify without affecting the original prod environment, and which attributes I mustn’t modify. (I want one set of code to fit both environments)I have no idea. Is my plan suitable, and is there a better official one?
acceptable-xylophone-97331
10/28/2022, 1:21 PMacceptable-xylophone-97331
10/28/2022, 1:30 PMminiature-receptionist-24463
10/28/2022, 3:20 PMkind-country-41992
10/28/2022, 4:34 PMcurved-kitchen-23422
10/28/2022, 4:37 PMerror: Domain resource has a problem: expected ebs_ options
.0.volume _type to be one of [stamdard gp2 io1], got gp3. Examine
values at
‘`Domain`.EbsOptions
.`VolumeType`’. Based on AWS docs, r6g.large.search instance type is support to gp3 volume and using console we can able to view the gp3 option, but using pulumi got the error. Can any one help to resolve this issue and thanks for advance.cuddly-magician-97620
10/28/2022, 9:50 PMpulumi/aws
updates (somewhere between 4.0.0 and 5.18.0) has reversed the skip_final_snapshot
implicit default. It is now false
if not defined explicitly. At the same time, finalSnapshotIdentifier
is not a required input for aws.rds.Instance
resource.
You are setting people up for trouble with this. Creating aws.rds.Instance
resource with minimum required inputs results in skipFinalSnapshot: false
and empty finalSnapshotIdentifier
attribute. Try to destroy or replace such DB, and Pulumi barks final_snapshot_identifier is required when skip_final_snapshot is false
. Fair enough, except it should be required at DB creation time, and is not.rhythmic-tailor-1242
10/30/2022, 9:33 PMauth0
stack and it added clientId and clientSecret in a hashed format as part of the CLI set up.
How do I add more secrets in a hashed format to the yaml file?powerful-noon-84115
10/31/2022, 3:39 AM