https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
general
  • t

    thankful-coat-47937

    10/21/2022, 4:44 PM
    hi all, we're running into significant snags trying to serialize native functions using the lambda serializer. the issue on gitlab doesn't seem to have any specific workarounds.
    error: Error serializing function 'checkForReports': lambda.ts(48,24)
        
        function 'checkForReports': lambda.ts(48,24): referenced
          '(env, project) => __awaiter(void 0,  ...': configs.js(409,24): which referenced
            function 'Config': configs.js(46,15): which referenced
              function 'getNewGasPrice': configs.js(131,18): which captured
                module './../../packages/contracts-api/dist/src/utils/logger.js' which indirectly referenced
                  function '<anonymous>': create-logger.js(71,46): which captured
                    variable 'logger' which indirectly referenced
                      function 'value': buffer_list.js(199,25): which referenced
                        function 'inspect': which captured
                          'ObjectKeys', a function defined at
                            function 'keys': which could not be serialized because
                              it was a native code function.
    
      Function code:
          function keys() { [native code] }
        
        Capturing modules can sometimes cause problems.
        Consider using import('./../../packages/contracts-api/dist/src/utils/logger.js') or require('./../../packages/contracts-api/dist/src/utils/logger.js') inside function 'getNewGasPrice': configs.js(131,18)
    is there anything we can do to get this working without switching to the zip?
  • p

    prehistoric-knife-34704

    10/21/2022, 10:08 PM
    hello! I'd like to be able to specify a mount point for an EBS volume as part of a VolumeAttachment or Instance creation, e.g.
    opt
    . Is that something the
    device_name
    argument can do?
  • l

    lemon-intern-77136

    10/21/2022, 10:56 PM
    Is there any way to have
    pulumi up
    print out secrets when it prints the describe? I’m doing some modifications of a secret variable and I can’t debug it because I can’t see the output.
    b
    • 2
    • 2
  • p

    prehistoric-waitress-34998

    10/22/2022, 8:49 AM
    Hi folks, I’m new to Pulumi, and after a few days of reading the docs, watching various videos, and searching through slack, I’ve not been able to find what the best practice is for the location of the Pulumi projects. In my previous experience, IaC has been located in a separate repo (called something like infrastructure), but I have a feeling there’s a Pulumi way that doesn’t match this. I’ve got a few nodejs microservices (a main API, and a couple of util APIs), and a UI which all live in separate git repos. They’re all independent, and don’t share resources (like db etc), but I was wondering if having the networking side of things (VPC, Security groups etc) as shared. I’ll have 2 stacks for now,
    dev
    and
    prod
    but may add more later (test, staging etc). I’m likely to follow this kind of structure for the microservices. It feels like my options are: 1. Create an
    infra
    folder in each application repo, and manage them as separate entities, but not sure about how to manage shared resources like networking. 2. Create an
    infrastructure
    repo, and work out how to cross reference the resources in the build & deploy steps in my application repos. 3. Create a monorepo with all the applications in folders, and an
    infra
    folder to handle the build & deploy 4. Something else I’m missing? 🙂 Can anyone point me to some useful resources on this? Or nudge me in the right direction? Cheers
    p
    • 2
    • 2
  • g

    gifted-pizza-8238

    10/23/2022, 9:28 AM
    Hi, I’m pretty new to Pulumi. Wanted to know if there is a way of creating my own Abstract components which can be implemented by different resources on different cloud providers. For instance, I’d like to have an abstract “Account” resource that on AWS it is represented as an AWS account, but on GCP is represented as a Project. Then when I’m defining my infra I want to reference it as the abstract “Account” resource, and Pulumi would know what resources to create - AWS accounts or GCP projects, based on some kind of cloud provider argument
    c
    b
    • 3
    • 3
  • a

    alert-midnight-11504

    10/23/2022, 9:27 PM
    👋 Hi everyone!
  • i

    icy-controller-6092

    10/24/2022, 3:19 AM
    Hi all, is there a way to get a nested archive to work? e.g.
    new AssetArchive({ 'inner.zip': new FileArchive('dist/folder') })
    this should produce a top-level zip, with another zip inside of it… but when I check the zip file uploaded to S3,
    inner.zip
    is a directory not a zip archive
    e
    • 2
    • 5
  • p

    powerful-noon-84115

    10/24/2022, 7:38 AM
    Hi, I'm the contributor of TencentCloud Terraform Provider. I'm using the [pulumi-tf-provider-boilerplate](https://github.com/pulumi/pulumi-tf-provider-boilerplate) the bridge to build the [Pulumi Provider](https://github.com/tencentcloudstack/pulumi-tencentcloud), the progress working good so far, and now I ran into a small problem: After I run
    make tfgen
    , the
    provider/cmd/pulumi-resource-tencentcloud/schema.json
    is generated as expected, but in the
    nodejs
    language examples, I noticed the
    description
    field, the import statement imports is:
    ```typescript
    import * as pulumi from "@pulumi/pulumi";
    
    // Unexpeceted package name, expect `@tencentcloud_iac/pulumi` which I defined in resource `PackageName`
    import * as tencentcloud from "@pulumi/tencentcloud"; 
    ```
    l
    • 2
    • 3
  • c

    careful-hairdresser-51000

    10/24/2022, 2:25 PM
    I’ve got this weird bug where a previously aliased resource keeps reappearing as the old name + breaks the
    pulumi up
    process even though I’ve deleted all references to it in the state file and imported it. I thought that the state file and the resources in the provider was a complete view of the state. Is there a cache somewhere? Does anyone know what could cause this?
    • 1
    • 1
  • s

    salmon-hairdresser-65532

    10/24/2022, 2:30 PM
    Hello, I am following the Crosswalk for AWS to create a VPC. I would share this VPC within my organisation so I need to use RAM. To create the ResourceAssociation I will need the ARNs of the subnets, I guess. Is there a simple way to get them other than building it myself from AWS-Region, Account-ID and Subnet-ID (which is not really elegant in my opinion, see here)?
  • r

    ripe-park-70944

    10/24/2022, 5:13 PM
    Hi folks are there any troubleshooting steps I can follow for the GitHub App not commenting on PRs? Our code is in GitHub and our CI is Azure Pipelines. We are using the Pulumi service. The GitHub app is installed for the (private) repo in question. The link to the PR shows up in the pulumi dashboard so theoretically the service knows about the PR, but it doesn't seem to trigger a comment. There's no sign of the Pulumi App in the Checks tab on the PR.
  • l

    late-lock-17022

    10/24/2022, 6:18 PM
    Hey lovely people, I wanted to ask what is the state of the yandex-cloud provider right now. https://github.com/pulumi/pulumi-yandex It says it's in public archive. But there is absolutely no information as to why.
    b
    • 2
    • 3
  • c

    colossal-room-15708

    10/24/2022, 11:24 PM
    but the Pulumi backend documentation explains that only Pulumi Service supports transactional checkpointing (for fault tolerance and recovery), concurrent state locking (to prevent corrupting your infrastructure state in a team environment), and encrypted state in transit and at rest. In my opinion, without these features, it’s not practical to use Pulumi in any sort of production environment (i.e., with more than one developer), so if you’re going to use Pulumi, you more or less have to pay for Pulumi Service.
    https://blog.gruntwork.io/why-we-use-terraform-and-not-chef-puppet-ansible-saltstack-or-cloudformation-7989dad2865c Is this all still accurate?
    b
    • 2
    • 4
  • b

    breezy-butcher-78604

    10/25/2022, 4:32 AM
    just upgraded my Pulumi CLI to v3.44.0 and am now getting the following fatal error on
    pulumi up
    . any ideas?
    Untitled.cpp
    b
    s
    • 3
    • 3
  • f

    flaky-arm-38472

    10/25/2022, 9:58 AM
    Hi, So, target group attachment resource (for target groups in load balancers) cannot be imported according to this. What is the reasoning behind that? What if a I want to import a LB+TargetGroup+Listeners+its attached resources?
  • f

    fancy-xylophone-7581

    10/25/2022, 12:54 PM
    We have a business requirement for following steps 1. List all EKS clusters existing on the AWS cloud, and get their name/id 2. Check the cluster status by passing the cluster name/id. 3. Get provider instance by passing the cluster name/id Is there any existing example for these requirements?
  • r

    red-scooter-62880

    10/25/2022, 12:57 PM
    Hi. I just want to follow up if it is now possible with Pulumi Automation API to get the SKU of a service when running Preview() method? Last time I asked it appeared it was not possible.
    e
    • 2
    • 29
  • r

    ripe-park-70944

    10/25/2022, 1:04 PM
    Does anyone know where to find the source code for the GitHub App? I've found the various CI platform actions/tasks but not the GitHub App (https://github.com/apps/pulumi)
    l
    e
    • 3
    • 4
  • a

    agreeable-whale-35898

    10/25/2022, 2:22 PM
    Hi, I couldn't find anywhere how to specify a region for an AWS lambda. I have a CloudFront
    Distribution
    with I need to authenticate its calls with Lambda@Edge (I believe this is how it is called, anyway..). But Lambda@Edge must be located at
    us-east-1
    , while my entire stack is at
    eu-central-1
    . So how do I set the region of a
    Pulumi.Aws.Lambda.Function
    ?
    b
    • 2
    • 2
  • w

    white-rain-67342

    10/25/2022, 5:51 PM
    I have a stack that has an RDS instance and some postgresql entities such as roles and stuff. The RDS instance was deleted manually now I am stuck in limbo because I cannot refresh the state since the postgresql provider can't connect to RDS. Any tips? When I run destroy I get:
    postgresql:index:Grant (dev-kable_api_app-grant):
        error: deleting urn:pulumi:dev::kable-infrastructure::custom:resource:DB$postgresql:index/grant:Grant::dev-kable_api_app-grant: 1 error occurred:
            * error detecting capabilities: error PostgreSQL version: dial tcp: lookup <http://dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com|dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com> on 192.168.0.1:53: no such host
    When I run refresh I get:
    postgresql:index:Database (dev-kable_api-database):
        error: Preview failed: refreshing urn:pulumi:dev::kable-infrastructure::custom:resource:DB$postgresql:index/database:Database::dev-kable_api-database: 1 error occurred:
            * error detecting capabilities: error PostgreSQL version: dial tcp: lookup <http://dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com|dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com> on 205.171.2.25:53: no such host
    Is there a way to run a destroy while ignoring failed deletes?
  • c

    cuddly-magician-97620

    10/25/2022, 7:59 PM
    Hi All, I have recently updated Pulumi packages from
    "@pulumi/aws": "^4.0.0",
            "@pulumi/awsx": "^0.30.0",
    to
    "@pulumi/aws": "^5.0.0",
            "@pulumi/awsx": "^0.40.0",
    Shortly after that, I have noticed a
    skipDestroy
    key being added to the ECS task definition outputs. I do not define this parameter anywhere in the code, it is added implicitly by Pulumi (or an upstream provider). Downgrading to the old aws/awsx packages does not help (the upstream provider is likely not downgraded with them). The key is not recognized by
    aws-actions/amazon-ecs-deploy-task-definition
    GitHub action and makes it fail:
    Error: Failed to register task definition in ECS: Unexpected key 'skipDestroy' found in params
    Error: Unexpected key 'skipDestroy' found in params
    Has anyone seen this issue and/or can help?
  • f

    fierce-ability-58936

    10/25/2022, 8:45 PM
    Is there a way to easily import resources created outside of Pulumi / code and then codified? Currently it's too annoying to try to figure out the right parent and import ID for every resource, whereas those should be already in the code. I've tried some
    pulumi refresh --import-pending-creates
    magic but it didn't work out (and frankly it looks like it's meant to be something else?). Ideally, there should be something like "pulumi up --import target"
    l
    • 2
    • 8
  • w

    wooden-tailor-35438

    10/25/2022, 11:48 PM
    This is frustrating documentation for Databricks, tells you to use the
    databricks_group_member
    for assigning users to groups... however, that resource doesn't exist (however, that is the exact resource used in terraform 🤔) and there actually is no resource for assigning users to group... which basically defeats the point of even managing users in pulumi https://www.pulumi.com/registry/packages/databricks/api-docs/user/
  • t

    thousands-pizza-93362

    10/25/2022, 11:49 PM
    does anyone know how to set a health check in cloud run using the gcp provider?
  • t

    thousands-pizza-93362

    10/25/2022, 11:49 PM
    i cant seem to find it in the code even though there is an example for probes
  • a

    astonishing-monitor-79630

    10/26/2022, 6:17 AM
    Hello Folks! We are using pulumi currently to manage Snowflake, and our idea in handling accesses has been to do this generally on a schema level, having two generic bundles of privileges: • Read privileges • Read/Write privileges ..and utilising constructs like:
    import pulumi_snowflake as snowflake
    
    
    class Snowflake(ComponentResource):
        # Select privilege
        snowflake.TableGrant(
            f"{schema_name}_SCHEMA_TABLE_SELECT_GRANT",
            schema_name=schema_name,
            roles=all_roles,
            privilege="SELECT",
            on_future=True,
            database_name=database
        )
        # Update privilege
        snowflake.TableGrant(
            f"{schema_name}_SCHEMA_TABLE_UPDATE_GRANT",
            schema_name=schema_name,
            roles=read_write_role_names,
            privilege="UPDATE",
            on_future=True,
            database_name=database
        )
    However, this poses a problem the future grants will only apply to objects (i.e. tables, views etc.) created after the deployment of the new infra, while existing schema-level objects are not affected. I am thinking the best approach would be to run SQL code like:
    import snowflake.connector as sfc
    sf_conn = sfc.connect()
    
    with sf_conn.cursor() as cursor:
        for role in all_roles:
            cursor.execute(f"grant select on all tables in {schema} to role {role})
    Would it be possible to configure such “manual” “post-hooks” to be run on each
    pulumi up
    call?
  • f

    famous-receptionist-48776

    10/26/2022, 7:38 AM
    Hello team: I just want create eks cluster on cn-north-1 region. But a error comes to me when create nodegroup:
    aws:eks:NodeGroup (default):
        error: 1 error occurred:
            * error creating EKS Node Group (dev-cnn1:default20221014114406636600000007): InvalidParameterException: Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trusionships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
        {
          RespMetadata: {
            StatusCode: 400,
            RequestID: "c8d401ae-bc7c-4039-9115-65d848c595d9"
          },
          ClusterName: "dev-cnn1",
          Message_: "Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trust relationships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
          NodegroupName: "default20221014114406636600000007"
        }
    Will you please help to reveiw my PR to fix this ? https://github.com/pulumi/pulumi-eks/pull/801
  • f

    fancy-xylophone-7581

    10/26/2022, 1:01 PM
    Repost my topic, could someone point out which API I should use in Pulumi to achieve following goals? We have a business requirement for following steps 1. List all EKS clusters existing on the AWS cloud, and get their name/id 2. Check the cluster status by passing the cluster name/id. 3. Get provider instance by passing the cluster name/id
    l
    • 2
    • 9
  • h

    helpful-memory-76476

    10/26/2022, 1:22 PM
    Hi everyone, I am facing a problem with an azure DevOps Pipeline job and Typescript: Preview failed: building auth config: obtain subscription() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1 I found this old thread which seems to cover my problem but the workarounds don't help from my pipeline. Stack works fine locally though. https://github.com/pulumi/pulumi-azure-native/discussions/1565 Does anyone know how to get a typescript deployment going in azure DevOps using Pulumi, my C# pipelines run fine so it is most likely typescript-related. Thanks and best regards, Robert P.S. destroying the stack after the failed up works
  • s

    salmon-hairdresser-65532

    10/26/2022, 1:34 PM
    Hi everyone, I am trying to create an AWS Loadbalancer, Listener and Targetgroup using awsx. However, I cannot follow the instructions in the Crosswalk (Load Balancing EC2 Instance Targets) since
    alb.createListener("web-listener", port="80)
    does not work in Python. How would the example look using Python? I also tried something like
    alb =  awsx.lb.ApplicationLoadBalancer("loadBalancer",
        name="internet-facing-alb",
        security_groups=[security_group_loadbalancer]
        listeners=[awsx.lb.ListenerArgs(port="80")]
        )
    but somehow it seems to me that the Input "listeners" is not known (at least I get
    listeners=[awsx.lb.ListenerArgs(port="80")]
            ^
        SyntaxError: invalid syntax
    as an error. I'm using version 1.0.0b11 of awsx.
Powered by Linen
Title
s

salmon-hairdresser-65532

10/26/2022, 1:34 PM
Hi everyone, I am trying to create an AWS Loadbalancer, Listener and Targetgroup using awsx. However, I cannot follow the instructions in the Crosswalk (Load Balancing EC2 Instance Targets) since
alb.createListener("web-listener", port="80)
does not work in Python. How would the example look using Python? I also tried something like
alb =  awsx.lb.ApplicationLoadBalancer("loadBalancer",
    name="internet-facing-alb",
    security_groups=[security_group_loadbalancer]
    listeners=[awsx.lb.ListenerArgs(port="80")]
    )
but somehow it seems to me that the Input "listeners" is not known (at least I get
listeners=[awsx.lb.ListenerArgs(port="80")]
        ^
    SyntaxError: invalid syntax
as an error. I'm using version 1.0.0b11 of awsx.
View count: 1