Hi! I’m a question about Providers. I have been using the default - with success - for months. I recently created a new (Azure) one so I could bridge two subscriptions. So I’ve got the “default” one, which I never instantiate - and one other. I’ve now got the problem that one of my existing calls to list storage account keys via ListStorageAccountKeys.Invoke() fails, and I can see it using the newly created (incorrect) provider. Why is the newly created provider being used for anything at all when I am not specifying that? Any hints appreciated - thank you!

Hey all, all examples about Function Serialization show callbacks on s3 buckets and lambda functions. Is there a list of the resources that can have callbacks? (I want to do it for a Kubernetes Namespace)

Hi everyone, I’m getting an access token error when running pulumi—but only within github actions

error: PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions

We’re using an S3 bucket for state, so it shouldn’t need the access token. According to the docs, pulumi “automatically perform a

pulumi login

command” when running in a CI service—I think this is what’s failing. However, we’re not using pulumi cloud—we’re using an S3 backend, listed in Pulumi.yaml:

backend:
  url: '<s3://pulumi-state.swmdigital.io>'

I’ve tried adding a

pulumi login

command to the workflow, but that fails with the same error

pulumi login --cloud-url <s3://pulumi-state.swmdigital.io>

Can anyone see what I’m doing wrong?

Hi Pulumiers, and good morning to you all! If I instantiate a cloud provider (in my case Azure), then I will have two providers - the first one is the default instance, the second one is my explicitly instantiated instance. In the case where I don’t specify a provider nor a parent for a resource, is it deterministic which provider instance is used? My experience in the last two days tells me it isn’t deterministic - thought I’d ask here. Background: Earlier this week I introduced a new provider instance (explicitly instantiated in addition to the existing default provider) to an existing project that has been working for months - the new code made use of an explicit provider that referenced a different subscription in Azure. All of a sudden a call to ListStorageAccountKeys.Invoke began to fail, complaining that it could not find the resource. In this case the error message was showing the subscription ID of the explicitly instantiated provider. I’m using C#. Thanks!

Hi folks, I’ve been getting a bit of a weird error happening - each time I do a pulumi up in my CI (gitlab), the first time it runs I get an error:

failure Setting LB Security Groups: ValidationError: A security group must be specified

If it run the task again without any changes it completes fine. I’m getting the security group ids from another stack, and passing them into the resource like this:

// Create load balancer to listen for HTTP traffic
    const alb = new awsx.lb.ApplicationLoadBalancer(
      `${name}-alb`,
      {
        securityGroups: args.apiSecurityGroupIds,
        subnets: args.subnetIds,
        vpc,
      },
      {
        parent: this,
      }
    )

Does anyone know why this might be happening? I’ve logged out the inputs and the ids are definitely there each time it runs…

Hey everyone, I was wondering, if there is a simple way to translate a CloudFormation AWS::Route53::RecordSetGroup to Pulumi Code. After some research at least I did not find a module for this. Thank you!

Am I correct in thinking that with the current project-level configuration (i.e., https://www.pulumi.com/blog/project-config-mvp) it is not possible to create a type specification for a configuration object, even though objects can definitely exist in a configuration file? The error message I'm getting (

value must be one of "string", "integer", "boolean", "array"

) suggests that's not allowed.

Hi! We're writing a native provider in Go. My team mate has a problem, how do you hook a debugger to the provider's executable?

Hey everyone, I was wondering, if you have a few example for SshPublicKey I need to create a SSH public key to connect with de VM on GCP but I have an error when I am creating the resource

const sshKey = new SshPublicKey('test', {
    expirationTimeUsec: '250000',
    key: '',
    project: 'example',
    user: '<mailto:----@univision.net|----@univision.net>',
});

The types for SshPublicKey is but the Args are not enough clear and I got Error creating SSHPublicKey: googleapi: Error 400: SSH key is expired.

/**
 * Create a SshPublicKey resource with the given unique name, arguments, and options.
 *
 * @param name The _unique_ name of the resource.
 * @param args The arguments to use to populate this resource's properties.
 * @param opts A bag of options that control this resource's behavior.
 */
constructor(name: string, args: SshPublicKeyArgs, opts?: pulumi.CustomResourceOptions);

Hi, reposting from #dotnet… When writing tests against a Pulumi stack that calls a Get or List Function, what are the names of the Output(s) I need to populate in order for an

Apply()

on the result to return a stubbed value? How do I go about finding this out, even? E.g. given a call in my stack like this, what do I need to stub out in my tests to make it work?

Output<string> connectionString = ListNamespaceKeys.Invoke(new ListNamespaceKeysInvokeArgs
{
    AuthorizationRuleName = authorisationRule.Name,
    NamespaceName = _eventHubNamespace.Name,
    ResourceGroupName = ResourceGroupName
}, _invokeOptions).Apply(o => Output.CreateSecret(o.PrimaryConnectionString));

Is it possible to merge stack-level configuration values into project-level configuration objects? Consider Pulumi.yaml:

config:
  obj1:
    value:
      prop1: val1
      prop2: val2

And Pulumi.stack.yaml

config:
  obj1:
    prop2: val20
    prop3: val3

I'm seeing all the stack level values in my stack, but prop1 is gone. I'm guessing it's just using the stack object, completely overwriting the default project-level object.

Hi everyone ! We are trying to apply gitops principles to Pulumi (with the pulumi kubernetes operator), and so far I am struggling with our code structure. At first we tried the following structure for our stacks :

├── myApp
│   ├── index.ts
│   ├── Pulumi.yaml
│   ├── Pulumi.staging.yaml
│   └── Pulumi.prod.yaml
└── ...

And we configured pulumi-kubernetes-operator to watch the myApp folder and deploy changes. So, we needed to create one branch per environment because we had only one folder for all environments. This is commonly known as an anti pattern when applied to gitops. Then we decided to try this other solution :

├── myApp
|   ├── staging
|       ├── Pulumi.yaml
│       └── Pulumi.staging.yaml
|   ├── prod
|       ├── Pulumi.yaml
│       └── Pulumi.prod.yaml
|   ├── pulumi-module
│       └── index.ts
└── ...

We have one folder per environment and we avoid code duplication by adding a dependency to the pulumi-module folder. But this structure is way more complicate to manage in local for our developments. Any thoughts about this 2 solutions ? Does someone manage to do it differently ?

Well, this was confusing for a while @billowy-army-68599

Hi everyone! We are trying to understand well how to structure pulumi project where I will have: • EKS cluster and VPC with private / public subnet • Load balancer in public subnet • Cloud application DNS pointing to public Load balancer • CI/CD written in helm charts yaml • if possible, have pulumi state backend I wonder if there is such example project how to put this piece together, because I think the structure will be quite different than how we organise terraform modules? • I need to support 3 different envs for my application cluster: staging, dev, prod. Any production grade pulumi example for full-fledge cluster will be very appreciated. Doesn't have to be in AWS.

Sometimes, I need to "resolve" Inputs / Outputs with Apply to do some checks that do not actually require me to return another value based on those Inputs / Outputs (like

x.Apply(x => $"https://{x}")

). Right now, to do this, I do something like the following, but it feels wrong. Is there a better way to do that?

Input<string> variableToResolve; // Just to show you the type, let's assume there's a value

_ = variableToResolve.Apply(x =>
{
  methodRequiringValueAsString(x);
  return true; // This feels hacky
});

Also, let's say I wanted to verify what the value of

x

is, would it be valid to throw an exception inside the Apply block?

Hi, question about Custom vs Component Resources. I'm creating wrapper classes that aggregate cloud resources, should I be using ComponentResource or CustomResource as my super class? The documentation seems to push me towards the ComponentResource - how does a weary programmer decide on such things? 🙂 Thank you!

I am currently using Pulumi to write my companies disaster recovery automation. I have everything set up in AWS using Pulumi (VPC, EKS, IAM, Kubernetes cluster configured). I now want to use Typescript to make several HTTP requests (to GitHub) to download some files locally during the

pulumi up

and apply these files as helm charts via the k8s.helm.v3.Chart resource. How can I make the Pulumi runtime honor my requests to GitHub, and then apply/track ~20 helm charts? Others have mentioned Dynamic Providers & Component Resources, but I have not yet got these to work successfully. Any ideas? P.S. almost to the point of writing a separate script that gets ran in my CI/CD that does this (but I would lose any tracking capabilities of Pulumi for these charts)

Is anyone around for support / help. I’m at my wits end trying to do basic things like provisioning our GCP workload identity pool / providers. Keep getting errors like

Error creating WorkloadIdentityPoolProvider: googleapi: Error 409: Requested entity already exists

. But if use Pulumi to

.get

a resource to check if it exists the CLI also throws an error.

Hey all–I’m running into strange protobuf-related issues stemming from

@pulumi/pulumi

– https://joeysharesthings.com/rTT3tZ

Hey everyone 🙂 I am running into an issue where I cannot create resources in a newly created account, see here. Any ideas? I figured out that setting skip_credentials_validation to True solves the problem. I am wondering whether this is a bug or to be expected? If not a bug, could someone explain why skipping the credentials validation here is mandatory?

Hey folks! I have been trying to get pulumi up and running for POC on Monday for my team. I have tried on my development windows 10 without luck, then deployed a brand new windows 11 vm in azure. I can't get past the grpcio installation phase on either. The logging is just terrible, does anyone have any suggestions so I can try to make this a success.

Hey, I'm playing around with the pulumi-github provider and trying to import a repository using

pulumi import github:repository:Repository p pulumi/pulumi

. sadly this results in

error: Preview failed: unrecognized resource type (Read): github:repository:Repository

An earlier attempt resulted in

error: import type "github:Repository" is not a valid resource type token. Type tokens must be of the format <package>:<module>:<type> - refer to the import section of the provider resource documentation.

That led me to look further at https://www.pulumi.com/registry/packages/github/api-docs/repository/, but I don't see info there on how to import, neither is there a module name being shown (in contrast to other some other - larger - providers such as for gcp which do are splitted up into different modules). So what is the correct invocation I need to import some existing github repository into my pulumi code?

I noticed a new feature EventBridge->scheduler (removing dependency of needing EventRules to schedule). Is this supported by pulumi?

Hello 👋 my team uses uses GitHub-Flow for branch management, with a single main branch which is sequentially deployed to the different pulumi stacks once feature branches are merged in. I’m investigating how to best implement feature flags. I couldn’t see any examples online so I created a demo repo using a very simple AWS python project consisting of only buckets. I was hoping for some feedback before I share with my team (and perhaps more widely if people think it would be helpful 🙂 )

Just shaving the yak. Wanted to create an ECS service on ec2. https://pkg.go.dev/github.com/pulumi/pulumi-awsx/sdk@v1.0.0-testplsignore.0/go/awsx/ecs#NewEC2Service easy, right? For some reason NetworkConfiguration is required, even though I passed NetworkMode: "bridge" to the task definition args. Oh well, let's do https://pkg.go.dev/github.com/pulumi/pulumi-awsx/sdk@v1.0.0-testplsignore.0/go/awsx/ecs#NewEC2TaskDefinition so that it takes care of the log group and iam roles and use plain ecs.NewService. No, it still creates a task definition with "awsvpc" network mode. Oh well: https://github.com/pulumi/pulumi-awsx/blob/master/awsx/ecs/ec2TaskDefinition.ts#L127 Ok, let's just transform that resource using pulumi.Transformations, and...it doesn't work https://github.com/pulumi/pulumi/issues/6948 Now is it easier to create my own component or fix awsx, or ask for it to be fixed? 🙂

hey! i'm using pulumi for some personal things to get a handle on it and I'm having a heck of a time in Go from converting various

Output

values to concrete values. everything I find online seems to call methods that don't exist for me or don't seem to work as the stuff I find online says. currently, I have an output named

projectName

on one stack, and I use a stack reference to get that value from from the other stack as a

pulumi.AnyOutput

and then use that with

.AsStringOutput()

to give me a

pulumi.StringOutput

(it's a string, this seems to work fine). however, i'm trying to take that value and pass it into a

digitalocean.LookupProject

where the

Name

arg expects

*string

. I've tried a bunch of iterations, including

ApplyT

with a

func(projName string) *string

, but I just can't seem to get the value the lookup expects. I'm also having a hard time taking

pulumi.StringOutput

to

string

at times as well. it sounds like it's supposed to be

ApplyT

, but that just returns an output that gets me back into the same

pulumi.StringOutput

. anyone have some tips for me?

With self hosted backends (e.g Azure blob storage) stack names are globally unique and not grouped under projects? Is that intentional?

Couldnt find an answer to this in the Pulumi docs - we have a Terraform provider for our Feature Flagging platform, and wanted to understand if there was an easy way to bring this into the Pulumi ecosystem without having a lift a bunch of code?

Does pulumi destroy use the index.ts file? I’m creating a certification validation and thinking about whether I have to guard it somehow.

Hey there, Using the

awsx.ec2.Vpc

with disabled default providers, I always get the error

Default provider for 'awsx' disabled. 'awsx:ec2:DefaultVpc' must use an explicit provider.

although I defined an explicit provider for the resource. An extremely simple example to reproduce the error (default providers are disabled in the config):

import pulumi
import pulumi_aws as aws
import pulumi_awsx as awsx

west = aws.Provider("provider", region="us-east-1")

awsx.ec2.Vpc("vpc", opts=pulumi.ResourceOptions(provider=west))

Does anyone have the same problem or know a solution? @elegant-window-55250