pulumi-community #general

Channels

general

thankful-coat-47937

10/21/2022, 4:44 PM

hi all, we're running into significant snags trying to serialize native functions using the lambda serializer. the issue on gitlab doesn't seem to have any specific workarounds.

error: Error serializing function 'checkForReports': lambda.ts(48,24)
    
    function 'checkForReports': lambda.ts(48,24): referenced
      '(env, project) => __awaiter(void 0,  ...': configs.js(409,24): which referenced
        function 'Config': configs.js(46,15): which referenced
          function 'getNewGasPrice': configs.js(131,18): which captured
            module './../../packages/contracts-api/dist/src/utils/logger.js' which indirectly referenced
              function '<anonymous>': create-logger.js(71,46): which captured
                variable 'logger' which indirectly referenced
                  function 'value': buffer_list.js(199,25): which referenced
                    function 'inspect': which captured
                      'ObjectKeys', a function defined at
                        function 'keys': which could not be serialized because
                          it was a native code function.

  Function code:
      function keys() { [native code] }
    
    Capturing modules can sometimes cause problems.
    Consider using import('./../../packages/contracts-api/dist/src/utils/logger.js') or require('./../../packages/contracts-api/dist/src/utils/logger.js') inside function 'getNewGasPrice': configs.js(131,18)

is there anything we can do to get this working without switching to the zip?

prehistoric-knife-34704

10/21/2022, 10:08 PM

hello! I'd like to be able to specify a mount point for an EBS volume as part of a VolumeAttachment or Instance creation, e.g.

opt

. Is that something the

device_name

argument can do?

lemon-intern-77136

10/21/2022, 10:56 PM

Is there any way to have

pulumi up

print out secrets when it prints the describe? I’m doing some modifications of a secret variable and I can’t debug it because I can’t see the output.

prehistoric-waitress-34998

10/22/2022, 8:49 AM

Hi folks, I’m new to Pulumi, and after a few days of reading the docs, watching various videos, and searching through slack, I’ve not been able to find what the best practice is for the location of the Pulumi projects. In my previous experience, IaC has been located in a separate repo (called something like infrastructure), but I have a feeling there’s a Pulumi way that doesn’t match this. I’ve got a few nodejs microservices (a main API, and a couple of util APIs), and a UI which all live in separate git repos. They’re all independent, and don’t share resources (like db etc), but I was wondering if having the networking side of things (VPC, Security groups etc) as shared. I’ll have 2 stacks for now,

dev

and

prod

but may add more later (test, staging etc). I’m likely to follow this kind of structure for the microservices. It feels like my options are: 1. Create an

infra

folder in each application repo, and manage them as separate entities, but not sure about how to manage shared resources like networking. 2. Create an

infrastructure

repo, and work out how to cross reference the resources in the build & deploy steps in my application repos. 3. Create a monorepo with all the applications in folders, and an

infra

folder to handle the build & deploy 4. Something else I’m missing? 🙂 Can anyone point me to some useful resources on this? Or nudge me in the right direction? Cheers

gifted-pizza-8238

10/23/2022, 9:28 AM

Hi, I’m pretty new to Pulumi. Wanted to know if there is a way of creating my own Abstract components which can be implemented by different resources on different cloud providers. For instance, I’d like to have an abstract “Account” resource that on AWS it is represented as an AWS account, but on GCP is represented as a Project. Then when I’m defining my infra I want to reference it as the abstract “Account” resource, and Pulumi would know what resources to create - AWS accounts or GCP projects, based on some kind of cloud provider argument

alert-midnight-11504

10/23/2022, 9:27 PM

👋 Hi everyone!

icy-controller-6092

10/24/2022, 3:19 AM

Hi all, is there a way to get a nested archive to work? e.g.

new AssetArchive({ 'inner.zip': new FileArchive('dist/folder') })

this should produce a top-level zip, with another zip inside of it… but when I check the zip file uploaded to S3,

inner.zip

is a directory not a zip archive

powerful-noon-84115

10/24/2022, 7:38 AM

Hi, I'm the contributor of TencentCloud Terraform Provider. I'm using the [pulumi-tf-provider-boilerplate](https://github.com/pulumi/pulumi-tf-provider-boilerplate) the bridge to build the [Pulumi Provider](https://github.com/tencentcloudstack/pulumi-tencentcloud), the progress working good so far, and now I ran into a small problem: After I run

make tfgen

, the

provider/cmd/pulumi-resource-tencentcloud/schema.json

is generated as expected, but in the

nodejs

language examples, I noticed the

description

field, the import statement imports is:

```typescript
import * as pulumi from "@pulumi/pulumi";

// Unexpeceted package name, expect `@tencentcloud_iac/pulumi` which I defined in resource `PackageName`
import * as tencentcloud from "@pulumi/tencentcloud"; 
```

careful-hairdresser-51000

10/24/2022, 2:25 PM

I’ve got this weird bug where a previously aliased resource keeps reappearing as the old name + breaks the

pulumi up

process even though I’ve deleted all references to it in the state file and imported it. I thought that the state file and the resources in the provider was a complete view of the state. Is there a cache somewhere? Does anyone know what could cause this?

salmon-hairdresser-65532

10/24/2022, 2:30 PM

Hello, I am following the Crosswalk for AWS to create a VPC. I would share this VPC within my organisation so I need to use RAM. To create the ResourceAssociation I will need the ARNs of the subnets, I guess. Is there a simple way to get them other than building it myself from AWS-Region, Account-ID and Subnet-ID (which is not really elegant in my opinion, see here)?

ripe-park-70944

10/24/2022, 5:13 PM

Hi folks are there any troubleshooting steps I can follow for the GitHub App not commenting on PRs? Our code is in GitHub and our CI is Azure Pipelines. We are using the Pulumi service. The GitHub app is installed for the (private) repo in question. The link to the PR shows up in the pulumi dashboard so theoretically the service knows about the PR, but it doesn't seem to trigger a comment. There's no sign of the Pulumi App in the Checks tab on the PR.

late-lock-17022

10/24/2022, 6:18 PM

Hey lovely people, I wanted to ask what is the state of the yandex-cloud provider right now. https://github.com/pulumi/pulumi-yandex It says it's in public archive. But there is absolutely no information as to why.

colossal-room-15708

10/24/2022, 11:24 PM

but the Pulumi backend documentation explains that only Pulumi Service supports transactional checkpointing (for fault tolerance and recovery), concurrent state locking (to prevent corrupting your infrastructure state in a team environment), and encrypted state in transit and at rest. In my opinion, without these features, it’s not practical to use Pulumi in any sort of production environment (i.e., with more than one developer), so if you’re going to use Pulumi, you more or less have to pay for Pulumi Service.

https://blog.gruntwork.io/why-we-use-terraform-and-not-chef-puppet-ansible-saltstack-or-cloudformation-7989dad2865c Is this all still accurate?

breezy-butcher-78604

10/25/2022, 4:32 AM

just upgraded my Pulumi CLI to v3.44.0 and am now getting the following fatal error on

pulumi up

. any ideas?

Untitled.cpp

flaky-arm-38472

10/25/2022, 9:58 AM

Hi, So, target group attachment resource (for target groups in load balancers) cannot be imported according to this. What is the reasoning behind that? What if a I want to import a LB+TargetGroup+Listeners+its attached resources?

fancy-xylophone-7581

10/25/2022, 12:54 PM

We have a business requirement for following steps 1. List all EKS clusters existing on the AWS cloud, and get their name/id 2. Check the cluster status by passing the cluster name/id. 3. Get provider instance by passing the cluster name/id Is there any existing example for these requirements?

red-scooter-62880

10/25/2022, 12:57 PM

Hi. I just want to follow up if it is now possible with Pulumi Automation API to get the SKU of a service when running Preview() method? Last time I asked it appeared it was not possible.

ripe-park-70944

10/25/2022, 1:04 PM

Does anyone know where to find the source code for the GitHub App? I've found the various CI platform actions/tasks but not the GitHub App (https://github.com/apps/pulumi)

agreeable-whale-35898

10/25/2022, 2:22 PM

Hi, I couldn't find anywhere how to specify a region for an AWS lambda. I have a CloudFront

Distribution

with I need to authenticate its calls with Lambda@Edge (I believe this is how it is called, anyway..). But Lambda@Edge must be located at

us-east-1

, while my entire stack is at

eu-central-1

. So how do I set the region of a

Pulumi.Aws.Lambda.Function

white-rain-67342

10/25/2022, 5:51 PM

I have a stack that has an RDS instance and some postgresql entities such as roles and stuff. The RDS instance was deleted manually now I am stuck in limbo because I cannot refresh the state since the postgresql provider can't connect to RDS. Any tips? When I run destroy I get:

postgresql:index:Grant (dev-kable_api_app-grant):
    error: deleting urn:pulumi:dev::kable-infrastructure::custom:resource:DB$postgresql:index/grant:Grant::dev-kable_api_app-grant: 1 error occurred:
        * error detecting capabilities: error PostgreSQL version: dial tcp: lookup <http://dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com|dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com> on 192.168.0.1:53: no such host

When I run refresh I get:

postgresql:index:Database (dev-kable_api-database):
    error: Preview failed: refreshing urn:pulumi:dev::kable-infrastructure::custom:resource:DB$postgresql:index/database:Database::dev-kable_api-database: 1 error occurred:
        * error detecting capabilities: error PostgreSQL version: dial tcp: lookup <http://dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com|dev-db-rds0775ab0.ce3zgd4y8bpu.us-east-1.rds.amazonaws.com> on 205.171.2.25:53: no such host

Is there a way to run a destroy while ignoring failed deletes?

cuddly-magician-97620

10/25/2022, 7:59 PM

Hi All, I have recently updated Pulumi packages from

"@pulumi/aws": "^4.0.0",
        "@pulumi/awsx": "^0.30.0",

"@pulumi/aws": "^5.0.0",
        "@pulumi/awsx": "^0.40.0",

Shortly after that, I have noticed a

skipDestroy

key being added to the ECS task definition outputs. I do not define this parameter anywhere in the code, it is added implicitly by Pulumi (or an upstream provider). Downgrading to the old aws/awsx packages does not help (the upstream provider is likely not downgraded with them). The key is not recognized by

aws-actions/amazon-ecs-deploy-task-definition

GitHub action and makes it fail:

Error: Failed to register task definition in ECS: Unexpected key 'skipDestroy' found in params
Error: Unexpected key 'skipDestroy' found in params

Has anyone seen this issue and/or can help?

fierce-ability-58936

10/25/2022, 8:45 PM

Is there a way to easily import resources created outside of Pulumi / code and then codified? Currently it's too annoying to try to figure out the right parent and import ID for every resource, whereas those should be already in the code. I've tried some

pulumi refresh --import-pending-creates

magic but it didn't work out (and frankly it looks like it's meant to be something else?). Ideally, there should be something like "pulumi up --import target"

wooden-tailor-35438

10/25/2022, 11:48 PM

This is frustrating documentation for Databricks, tells you to use the

databricks_group_member

for assigning users to groups... however, that resource doesn't exist (however, that is the exact resource used in terraform 🤔) and there actually is no resource for assigning users to group... which basically defeats the point of even managing users in pulumi https://www.pulumi.com/registry/packages/databricks/api-docs/user/

thousands-pizza-93362

10/25/2022, 11:49 PM

does anyone know how to set a health check in cloud run using the gcp provider?

thousands-pizza-93362

10/25/2022, 11:49 PM

i cant seem to find it in the code even though there is an example for probes

astonishing-monitor-79630

10/26/2022, 6:17 AM

Hello Folks! We are using pulumi currently to manage Snowflake, and our idea in handling accesses has been to do this generally on a schema level, having two generic bundles of privileges: • Read privileges • Read/Write privileges ..and utilising constructs like:

import pulumi_snowflake as snowflake


class Snowflake(ComponentResource):
    # Select privilege
    snowflake.TableGrant(
        f"{schema_name}_SCHEMA_TABLE_SELECT_GRANT",
        schema_name=schema_name,
        roles=all_roles,
        privilege="SELECT",
        on_future=True,
        database_name=database
    )
    # Update privilege
    snowflake.TableGrant(
        f"{schema_name}_SCHEMA_TABLE_UPDATE_GRANT",
        schema_name=schema_name,
        roles=read_write_role_names,
        privilege="UPDATE",
        on_future=True,
        database_name=database
    )

However, this poses a problem the future grants will only apply to objects (i.e. tables, views etc.) created after the deployment of the new infra, while existing schema-level objects are not affected. I am thinking the best approach would be to run SQL code like:

import snowflake.connector as sfc
sf_conn = sfc.connect()

with sf_conn.cursor() as cursor:
    for role in all_roles:
        cursor.execute(f"grant select on all tables in {schema} to role {role})

Would it be possible to configure such “manual” “post-hooks” to be run on each
pulumi up
call?

famous-receptionist-48776

10/26/2022, 7:38 AM

Hello team: I just want create eks cluster on cn-north-1 region. But a error comes to me when create nodegroup:

aws:eks:NodeGroup (default):
    error: 1 error occurred:
        * error creating EKS Node Group (dev-cnn1:default20221014114406636600000007): InvalidParameterException: Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trusionships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
    {
      RespMetadata: {
        StatusCode: 400,
        RequestID: "c8d401ae-bc7c-4039-9115-65d848c595d9"
      },
      ClusterName: "dev-cnn1",
      Message_: "Following required service principals [[<http://ec2.amazonaws.com.cn|ec2.amazonaws.com.cn> ](<https://console.amazonaws.cn/support/ec2.amazonaws.com.cn)>] were not found in the trust relationships of nodeRole arn:aws-cn:iam::888888888888:role/dev-cnn1-instanceRole-role-963e580
      NodegroupName: "default20221014114406636600000007"
    }

Will you please help to reveiw my PR to fix this ? https://github.com/pulumi/pulumi-eks/pull/801

fancy-xylophone-7581

10/26/2022, 1:01 PM

Repost my topic, could someone point out which API I should use in Pulumi to achieve following goals? We have a business requirement for following steps 1. List all EKS clusters existing on the AWS cloud, and get their name/id 2. Check the cluster status by passing the cluster name/id. 3. Get provider instance by passing the cluster name/id

helpful-memory-76476

10/26/2022, 1:22 PM

Hi everyone, I am facing a problem with an azure DevOps Pipeline job and Typescript: Preview failed: building auth config: obtain subscription() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1 I found this old thread which seems to cover my problem but the workarounds don't help from my pipeline. Stack works fine locally though. https://github.com/pulumi/pulumi-azure-native/discussions/1565 Does anyone know how to get a typescript deployment going in azure DevOps using Pulumi, my C# pipelines run fine so it is most likely typescript-related. Thanks and best regards, Robert P.S. destroying the stack after the failed up works

salmon-hairdresser-65532

10/26/2022, 1:34 PM

Hi everyone, I am trying to create an AWS Loadbalancer, Listener and Targetgroup using awsx. However, I cannot follow the instructions in the Crosswalk (Load Balancing EC2 Instance Targets) since

alb.createListener("web-listener", port="80)

does not work in Python. How would the example look using Python? I also tried something like

alb =  awsx.lb.ApplicationLoadBalancer("loadBalancer",
    name="internet-facing-alb",
    security_groups=[security_group_loadbalancer]
    listeners=[awsx.lb.ListenerArgs(port="80")]
    )

but somehow it seems to me that the Input "listeners" is not known (at least I get

listeners=[awsx.lb.ListenerArgs(port="80")]
        ^
    SyntaxError: invalid syntax

as an error. I'm using version 1.0.0b11 of awsx.

Title

salmon-hairdresser-65532

10/26/2022, 1:34 PM

Hi everyone, I am trying to create an AWS Loadbalancer, Listener and Targetgroup using awsx. However, I cannot follow the instructions in the Crosswalk (Load Balancing EC2 Instance Targets) since

alb.createListener("web-listener", port="80)

does not work in Python. How would the example look using Python? I also tried something like

alb =  awsx.lb.ApplicationLoadBalancer("loadBalancer",
    name="internet-facing-alb",
    security_groups=[security_group_loadbalancer]
    listeners=[awsx.lb.ListenerArgs(port="80")]
    )

but somehow it seems to me that the Input "listeners" is not known (at least I get

listeners=[awsx.lb.ListenerArgs(port="80")]
        ^
    SyntaxError: invalid syntax

as an error. I'm using version 1.0.0b11 of awsx.

View count: 1