pulumi-community #general

thousands-pizza-93362

10/25/2022, 11:49 PM

i cant seem to find it in the code even though there is an example for probes

astonishing-monitor-79630

10/26/2022, 6:17 AM

Hello Folks! We are using pulumi currently to manage Snowflake, and our idea in handling accesses has been to do this generally on a schema level, having two generic bundles of privileges: • Read privileges • Read/Write privileges ..and utilising constructs like:

Copy code

import pulumi_snowflake as snowflake


class Snowflake(ComponentResource):
    # Select privilege
    snowflake.TableGrant(
        f"{schema_name}_SCHEMA_TABLE_SELECT_GRANT",
        schema_name=schema_name,
        roles=all_roles,
        privilege="SELECT",
        on_future=True,
        database_name=database
    )
    # Update privilege
    snowflake.TableGrant(
        f"{schema_name}_SCHEMA_TABLE_UPDATE_GRANT",
        schema_name=schema_name,
        roles=read_write_role_names,
        privilege="UPDATE",
        on_future=True,
        database_name=database
    )

However, this poses a problem the future grants will only apply to objects (i.e. tables, views etc.) created after the deployment of the new infra, while existing schema-level objects are not affected. I am thinking the best approach would be to run SQL code like:

Copy code

import snowflake.connector as sfc
sf_conn = sfc.connect()

with sf_conn.cursor() as cursor:
    for role in all_roles:
        cursor.execute(f"grant select on all tables in {schema} to role {role})

Would it be possible to configure such “manual” “post-hooks” to be run on each
pulumi up
call?

famous-receptionist-48776

10/26/2022, 7:38 AM

Hello team: I just want create eks cluster on cn-north-1 region. But a error comes to me when create nodegroup:

Copy code

aws:eks:NodeGroup (default):
    error: 1 error occurred:
        * error creating EKS Node Group (dev-cnn1:default20221014114406636600000007): InvalidParameterException: Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trusionships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
    {
      RespMetadata: {
        StatusCode: 400,
        RequestID: "c8d401ae-bc7c-4039-9115-65d848c595d9"
      },
      ClusterName: "dev-cnn1",
      Message_: "Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trust relationships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
      NodegroupName: "default20221014114406636600000007"
    }

Will you please help to reveiw my PR to fix this ? https://github.com/pulumi/pulumi-eks/pull/801

fancy-xylophone-7581

10/26/2022, 1:01 PM

Repost my topic, could someone point out which API I should use in Pulumi to achieve following goals? We have a business requirement for following steps 1. List all EKS clusters existing on the AWS cloud, and get their name/id 2. Check the cluster status by passing the cluster name/id. 3. Get provider instance by passing the cluster name/id

helpful-memory-76476

10/26/2022, 1:22 PM

Hi everyone, I am facing a problem with an azure DevOps Pipeline job and Typescript: Preview failed: building auth config: obtain subscription() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1 I found this old thread which seems to cover my problem but the workarounds don't help from my pipeline. Stack works fine locally though. https://github.com/pulumi/pulumi-azure-native/discussions/1565 Does anyone know how to get a typescript deployment going in azure DevOps using Pulumi, my C# pipelines run fine so it is most likely typescript-related. Thanks and best regards, Robert P.S. destroying the stack after the failed up works

salmon-hairdresser-65532

10/26/2022, 1:34 PM

Hi everyone, I am trying to create an AWS Loadbalancer, Listener and Targetgroup using awsx. However, I cannot follow the instructions in the Crosswalk (Load Balancing EC2 Instance Targets) since

Copy code

alb.createListener("web-listener", port="80)

does not work in Python. How would the example look using Python? I also tried something like

Copy code

alb =  awsx.lb.ApplicationLoadBalancer("loadBalancer",
    name="internet-facing-alb",
    security_groups=[security_group_loadbalancer]
    listeners=[awsx.lb.ListenerArgs(port="80")]
    )

but somehow it seems to me that the Input "listeners" is not known (at least I get

Copy code

listeners=[awsx.lb.ListenerArgs(port="80")]
        ^
    SyntaxError: invalid syntax

as an error. I'm using version 1.0.0b11 of awsx.

flat-umbrella-41594

10/26/2022, 2:05 PM

Is there a way to debug a python pulumi program that is run via pulumi up? When I say debug I mean with breakpoints and not by printing

green-musician-49057

10/26/2022, 4:04 PM

Has anyone had issues using the Kafka provider to modify the configuration of RedPanda topics? We are able to use the provider to create and delete topics just fine, but updating the

cleanup.policy

via the

config

yields this error, with log verbosity set to 11:

Copy code

I1026 06:38:44.052086   38298 provider_plugin.go:1617] provider received rpc error `Unknown`: `updating urn:pulumi:stack::project::kafka:index/topic:Topic::my.topic.name: 1 error occurred:
	* Error waiting for topic (my.topic.name) to become ready: couldn't find resource (21 retries)

We know that the provider is able to communicate with the brokers, and crud operations on ACLs work fine.

broad-toddler-72261

10/26/2022, 5:58 PM

Has anyone upgraded Pulumi from v1 to v3? Were you required to upgrade to v2 first?? Any gotchas etc???

straight-arm-50771

10/26/2022, 6:02 PM

when is your

<https://get.pulumi.com/>

going to pull down

v3.44.2

? the

fatal error: concurrent map read and map write

has been driving me crazy

polite-ocean-13631

10/26/2022, 7:39 PM

Pulumi components have a parameter

remote

, which is described in the Python docstring as:

True if this is a remote component resource.

What does it mean for something to be a "remote component resource"? I wasn't able to find any Pulumi docs that mention this.

cuddly-magician-97620

10/26/2022, 7:45 PM

What is the latest stable version? Both, v3.44.1 and v3.44.2 (at least), are broken.

steep-toddler-94095

10/26/2022, 9:17 PM

I'm using the https://github.com/pulumi/pulumi-command package and am finding that on every

pulumi preview

it says there is an update, but then when I view the details there is nothing displayed (as expected because there's not actually any diff). Is this a bug or is this how this package is supposed to work when the` update` parameter is filled out?

wet-noon-14291

10/26/2022, 10:02 PM

Anyone that has experience

pulumi up

failing by being "killed", it happens my all the time now in one of our projects:

Copy code

➜  deploy git:(deps/minimist_1.2.7) ✗ pulumi up
View Live: https://.....

[1]    3433262 killed     pulumi up
➜  deploy git:(deps/minimist_1.2.7) ✗

clever-rose-11123

10/27/2022, 1:02 AM

Has anyone got any examples of writing native providers in python or js/ts? The native provider boilerplate from https://www.pulumi.com/docs/guides/pulumi-packages/how-to-author/ is only for go

proud-art-41399

10/27/2022, 7:54 AM

Hi, I'm using Pulumi with self-managed S3 backend to manage AWS resources. I have an

infra

stack which provides basic resources for the rest of the stacks. One example is an ACM certificate which is managed by the

infra

stack and used e.g. in an

api

stack. Now when I update the

infra

stack, it tries to replace the ACM certificate. It creates the new certificate but fails to delete the old one due to

ResourceInUseException

exception because the certificate is in use by the resources managed by the

api

stack (via a stack reference). I have to deploy the dependant stack so they use the new certificate and then re-redeploy the

infra

stack. Does this have any "standard" solution? I'm thinking of using an S3 bucket notifications which would trigger a Lambda function when the

infra

stack (backed by S3 bucket) is updated, which would re-deploy the dependant stacks and then retry the deployment of

infra

stack. But maybe there's a more elegant way.

bumpy-laptop-30846

10/27/2022, 10:00 AM

Hello, is it possible to know if a ressource actually exists when doing a preview? I am using typescript, but the question applies to all sdk’s I imagine.

damp-honey-93158

10/27/2022, 10:57 AM

general question about dependencies in pulumi - if I have a class derived from ComponentResource, lets call that the "Manager" class - and within the ctor of Manager I instantiate other resources using parent = this - will the stuff I'm instantiating in the ctor of Manager implicitly also depend on the same things that Manager is depending on (assuming its ComponentResourceOptions value has dependencies)?

fierce-engine-31599

10/27/2022, 1:15 PM

Hi! I wonder if it's possible to use different state backends with a runtime argument? Currently the only option I saw is to login to the backend and then every action is done against this backend

echoing-boots-57590

10/27/2022, 8:59 PM

is pulumi able to auto-detect drifts & auto-sync like crossplane?

damp-honey-93158

10/28/2022, 4:58 AM

I'm after some advice... I've got a few situations where we create our own ComponentResource - and it depends on something else that isn't an Output<string>, e.g. a component resource for our deployment of cert-manager (via a Release) depends on the re-injection of a Secret. In these cases I've written code that creates the dependant resource within an Apply() function - but I understand this isn't the best as preview won't see the creation of things within Apply(). What's the general patter to follow to avoid this?

orange-airport-64592

10/28/2022, 8:17 AM

Hi everyone, I have a problem that happens to manage multiple environments that belong to different accounts with pulumi. I want to ask everyone. I currently have a production environment on an AWS old account. It’s half created manually and half via pulumi. I plan to deploy another staging environment in a new AWS account dedicated to the tester for testing purposes. The staging and production environments belong to the Amazon cloud but are different accounts. My goal is to best manage both environments with the same pulumi codes. I envision doing this:

For those resources manually created in the production environment, I first generate the code through
pulumi import
. Then, I use the same code but a different state to create resources, and this new state is connected to my new staging environment.

I did some tests and had the following doubts and uncertainties:

I found that these import codes contain
ARN
attributes, and
ARN
is bound to account information, but even so, most resources can still be created successfully without making any changes, except for S3 buckets, for s3 buckets, I need to modify the bucket name property.

I’m not sure that for these import codes which attributes I can modify without affecting the original prod environment, and which attributes I mustn’t modify. (I want one set of code to fit both environments)

I have no idea. Is my plan suitable, and is there a better official one?

acceptable-xylophone-97331

10/28/2022, 1:21 PM

Hi,

acceptable-xylophone-97331

10/28/2022, 1:30 PM

I am trying to create a cloudbuild Trigger Filename that reacts to pull requests in GitHub. I am using Python with GCP classic. I get the error: Error creating Trigger: googleapi: Error 400: Repository mapping does not exist. My code is: """ _ = gcp.cloudbuild.Trigger( filename= "ci_cd/version.cloudbuild.yaml", name="my_resource_name", project="my_project_id", resource_name="my_resource_name", github=cloudbuild.TriggerGithubArgs( pull_request=cloudbuild.TriggerGithubPullRequestArgs( branch="^main$" ), ), ) """ Thanks for your help.

miniature-receptionist-24463

10/28/2022, 3:20 PM

Hello, I had "override_main_response_version" option enabled in the OpenSearch, even after removing it from index.ts, still Pulumi not deleting it from the stack. There is a diff between running stack and template. Any help. I see same problem was faced before but couldn't see the solution. https://pulumi-community.slack.com/archives/C84L4E3N1/p1632272442488400

kind-country-41992

10/28/2022, 4:34 PM

can help how to lable namespace of kubernets using pulumi. as i am trying to deploy istio on kubernets using pulumi python

curved-kitchen-23422

10/28/2022, 4:37 PM

Hi team, We have deployed elastic search in AWS using pulumi(python). Later we have upgraded with OpenSearch 1.3 engine version and working fine. We are trying to migrate data node EBS volume from gp2 to gp3. But got the error like below

error: Domain resource has a problem: expected ebs_ options

0.volume _type to be one of [stamdard gp2 io1], got gp3. Examine

values at

‘`Domain`.

EbsOptions

.`VolumeType`’. Based on AWS docs, r6g.large.search instance type is support to gp3 volume and using console we can able to view the gp3 option, but using pulumi got the error. Can any one help to resolve this issue and thanks for advance.

cuddly-magician-97620

10/28/2022, 9:50 PM

One of the recent

pulumi/aws

updates (somewhere between 4.0.0 and 5.18.0) has reversed the

skip_final_snapshot

implicit default. It is now

false

if not defined explicitly. At the same time,

finalSnapshotIdentifier

is not a required input for

aws.rds.Instance

resource. You are setting people up for trouble with this. Creating

aws.rds.Instance

resource with minimum required inputs results in

skipFinalSnapshot: false

and empty

finalSnapshotIdentifier

attribute. Try to destroy or replace such DB, and Pulumi barks

final_snapshot_identifier is required when skip_final_snapshot is false

. Fair enough, except it should be required at DB creation time, and is not.

rhythmic-tailor-1242

10/30/2022, 9:33 PM

Hi all, I created a new

auth0

stack and it added clientId and clientSecret in a hashed format as part of the CLI set up. How do I add more secrets in a hashed format to the yaml file?

powerful-noon-84115

10/31/2022, 3:39 AM

Hi team, I want to add Pulumi Tencent Cloud Provider to community package list, and I created the pull-request , hope the repo maintainer can notice and send me a feedback.