Is there a difference between doing

config set

on a key that a provider expects and one that you've made up yourself? I've have run

pulumi config set sendinblue:smtp <XXX> --secret

and it's not showing up in the config section of my stack whereas

hcloud:token

which was set in the same way is... I get this in my console when trying to do

cfg.requireSecret("sendinblue:smtp")

Diagnostics:
  pulumi:pulumi:Stack (infra-dev):
    error: Missing required configuration variable 'infra:sendinblue:smtp'
    	please set a value using the command `pulumi config set infra:sendinblue:smtp <value>`

Quick question on how to create pulumi stack for use with CLI when one is already deployed using other mechanism (Example automation API). I have a stack already deployed and can see that in the pulumi console and this was deployed using Q-cloud (automation API). i want to be able to export the properties using pulumi export for a k8 config map use case. i tried the few commands of creating the pulumi.yaml file and select stack and refresh BUT the select stack command gives an error suggesting no such stack

What is the correct way to use

pulumi.FileAsset

? Wanted to define an AWS policy in a

policy.json

and then reference that file the code below, but pulumi preview is throwing this error when trying that method

error: expected string or JSON map; got *resource.Asset

# Create a policy that allows the Lambda role to write to CloudWatch Logs
cloudwatch_policy = aws.iam.RolePolicy(
    resource_name='pulumi-lambda-test-policy',
    role=lambda_role.id,
    policy=pulumi.FileAsset('./policies/cloudwatch_policy.json')
)

Does anyone have the proper incantation for a

pulumi login

command using a DigitalOcean spaces s3 bucket?

Hi all, is there a way to add labels to gcp resources when they are created? busy going through the docs and coming up empty...

Hello! has anyone managed to get a Pulumi Preview to present nicely (ideally with colour) on Azure Pipelines?

hey Pulumi team, is there any update on releasing any of the features mentioned in the Exploring how to solve circular dependencies blog post?

Hi all, is there a way to use https://www.pulumi.com/docs/intro/concepts/resources/get/ with a resource that might not exist? I want to conditionally create a private endpoint on an internal load balancer thats created with Kubernetes, and due to the order of creation of resources, the first time the stack is created, the load balancer will not exist and I'd like it to just skip the part where it creates a private endpoint instead of failing.

Has anyone found a workaround for this? https://github.com/pulumi/pulumi-kubernetes/issues/807

is there an ongoing issue running pulumi in github actions? have been unable to run for a few hours now

error: could not load plugin for eks provider 'urn:pulumi:xxx::aws-eks::pulumi:providers:eks::default': Could not automatically download and install resource plugin 'pulumi-resource-eks', install the plugin using `pulumi plugin install resource eks`.
    Underlying error: 401 HTTP error fetching plugin from <https://api.github.com/repos/pulumi/pulumi-eks/releases/latest>

I have no idea if anyone uses this anymore, but since someone came along and created a package for this after I did and published it on the official registry (I was holding back doing that for reasons of “is it good enough?“). I recommend you move this his package instead of mine (I will keep this one updated when ever we need it internally as this is the one we will be continue using). Just a heads up if you are using https://github.com/scav/pulumi-flux now. And on an unrelated note, I find it kinda weird to not even get in touch with me before creating and publishing pretty much an identical package to mine.

Issues with Pulumi K8 provider related when used with automation api - I am getting this error when deploying a "deployment" using pulumi automation API. It seems like it is expecting the aws cli command. How can we use this with autoamtion api? Or is there another method (certs?). [background - i have an eks cluster already deployed using the automation api using iam roles etc.] Error--- + kubernetes:apps/v1:Deployment id3 creating failed error: configured Kubernetes cluster is unreachable: unable to load schema information from the API server: Get "https://xxxxxx.sk1.us-west-1.eks.amazonaws.com/openapi/v2?timeout=32s": getting credentials: exec: executable aws not found -------- This is the config part for users in kubeconfig users: - name: arn:aws:eks:us-west-1:XXXXXXXXXXXXXXX:cluster/eks-clu01a user: exec: apiVersion: client.authentication.k8s.io/v1beta1 args: - --region - us-west-1 - eks - get-token - --cluster-name - eks-clu01a command: aws

this is breaking my pipelines.. any way to get it to stop?

CommandError: code: 255
 stdout: Created stack '822de893-90b5-4671-9bde-10477ba88e6e'

 stderr: warning: A new version of Pulumi is available. To upgrade from version '3.39.3' to '3.46.0', run

A team member of mine is trying to rename a stack with

pulumi stack rename <newname>

and getting

[403] You do not have permission to perform this operation.

He is a Stack Admin and also created the stack in the first place. Is this expected? I do not see any other permissions available to give him.

Hello pulumi hive mind; I'm trying to export Audit Logs (JSON) via the API using an organization token. According to the docs, an organization token should have permission to perform that operation, but i'm getting

{"code":403,"message":"You do not have permission to perform this operation."}

The endpoint works when using a personal access token. Any ideas? 🙂 Also, the docs mention that the API is rate-limited, anyone know what that limit is?

We are getting spammed by Pulumi sales representatives cold emailing people at our company based on other peoples’ participation in this Slack channel.. This is not OK, and it is not building good will at our company towards this product.

Hi folks, I see a lot of docs around stack permissions, but is there a way to limit who can create a project within an org?

Is there a way to have pulumi wait during destroy operation? For instance, I want to wait for a chart to be completely removed before proceeding to delete node groups in an eks cluster.

Pulumi Automation API and Jenkins - are there any examples of a CD using jenkinsfile / plugins for interaction with Pulumi Automation API ? i see there is an example of using cli but cant seem to find one for api - if that's possible.

is there any way to remove the encryptionsalt: from being generated in a Pulumi config file?

does anyone know how to deploy two stacks of the same project in two diff aws accounts?

why reading output from other stacks is so slow? When I use

pulumi.StackReference

My backend used aws s3

Hi, classick examlple. I have some resources in Azure cloud that was deployed using Pulumi, but now I need to have these moved to another subscription and resources group. What is the best solution for this? a) move the resources manually in the Azure Portal and somehow refresh or update the stack afterwards to let it know the resources now have another new ID (and how to I do that, the pulumi refresh command does not do that) b) some magic pulumi command can move the resources on for me? c) any other suggestions Resources to move: Keyvault StorageAccount Azure function Azure App Service Plan Dependicy: App functions cannot by closed or delete and redeployed. It has to be these services that are already running.

Would be great if Pulumi could also provide arm based docker images... currently I can only see x86 versions in docker hub...

Hi! I’m a question about Providers. I have been using the default - with success - for months. I recently created a new (Azure) one so I could bridge two subscriptions. So I’ve got the “default” one, which I never instantiate - and one other. I’ve now got the problem that one of my existing calls to list storage account keys via ListStorageAccountKeys.Invoke() fails, and I can see it using the newly created (incorrect) provider. Why is the newly created provider being used for anything at all when I am not specifying that? Any hints appreciated - thank you!

Hey all, all examples about Function Serialization show callbacks on s3 buckets and lambda functions. Is there a list of the resources that can have callbacks? (I want to do it for a Kubernetes Namespace)

Hi everyone, I’m getting an access token error when running pulumi—but only within github actions

error: PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions

We’re using an S3 bucket for state, so it shouldn’t need the access token. According to the docs, pulumi “automatically perform a

pulumi login

command” when running in a CI service—I think this is what’s failing. However, we’re not using pulumi cloud—we’re using an S3 backend, listed in Pulumi.yaml:

backend:
  url: '<s3://pulumi-state.swmdigital.io>'

I’ve tried adding a

pulumi login

command to the workflow, but that fails with the same error

pulumi login --cloud-url <s3://pulumi-state.swmdigital.io>

Can anyone see what I’m doing wrong?

Hi Pulumiers, and good morning to you all! If I instantiate a cloud provider (in my case Azure), then I will have two providers - the first one is the default instance, the second one is my explicitly instantiated instance. In the case where I don’t specify a provider nor a parent for a resource, is it deterministic which provider instance is used? My experience in the last two days tells me it isn’t deterministic - thought I’d ask here. Background: Earlier this week I introduced a new provider instance (explicitly instantiated in addition to the existing default provider) to an existing project that has been working for months - the new code made use of an explicit provider that referenced a different subscription in Azure. All of a sudden a call to ListStorageAccountKeys.Invoke began to fail, complaining that it could not find the resource. In this case the error message was showing the subscription ID of the explicitly instantiated provider. I’m using C#. Thanks!

Hi folks, I’ve been getting a bit of a weird error happening - each time I do a pulumi up in my CI (gitlab), the first time it runs I get an error:

failure Setting LB Security Groups: ValidationError: A security group must be specified

If it run the task again without any changes it completes fine. I’m getting the security group ids from another stack, and passing them into the resource like this:

// Create load balancer to listen for HTTP traffic
    const alb = new awsx.lb.ApplicationLoadBalancer(
      `${name}-alb`,
      {
        securityGroups: args.apiSecurityGroupIds,
        subnets: args.subnetIds,
        vpc,
      },
      {
        parent: this,
      }
    )

Does anyone know why this might be happening? I’ve logged out the inputs and the ids are definitely there each time it runs…