pulumi-community #general

rhythmic-dentist-32021

03/16/2023, 10:14 AM

Hi! I have a question: I am currently using the automation API to run Pulumi stuff. But sometimes it will fail, which can happen because the Dockerfile wasn't right or the user didn't have the appropriate rights. This is okay but then when I want to re-run the code it fails with:

Copy code

oncurrentUpdateError: code: -2
 stdout:
 stderr: Command failed with exit code 255: pulumi refresh --yes --skip-preview --exec-kind auto.inline --stack pulumi-demo --non-interactive
warning: A new version of Pulumi is available. To upgrade from version '3.55.0' to '3.58.0', run
   $ brew upgrade pulumi
or visit <https://pulumi.com/docs/reference/install/> for manual instructions and release notes.
error: the stack is currently locked by 1 lock(s).

Then I have to manually fix this by running

pulumi cancel

. Is there a way to handle this in the code that when the pulumi operation fails to gracefully exit the process, so it doesn't stay locked?

straight-fireman-55591

03/16/2023, 12:18 PM

Hi, I'm trying to create gcp api gw with below yaml.

Copy code

name: Vega
runtime: yaml
resources:
  pulumi-api-gw-api:
    type: gcp:apigateway:Api
    properties:
      apiId: api-gw-dev-id
  pulumi-api-gw-service-account:
    type: gcp:serviceAccount:Account
    properties:
      accountId: pulumi-api-gw-service-account
      displayName: pulumi-api-gw-service-account
  pulumi-api-gw-config:
    type: gcp:apigateway:ApiConfig
    properties:
      api: ${pulumi-api-gw-api.id}
      apiConfigId: pulumi-api-gw-config1
      openapiDocuments:
        document:
          path: spec.yaml

• type: gcpapigatewayApi - is being created • type: gcpserviceAccountAccount - is being created • type: gcpapigatewayApiConfig - is not being created with below error:

Copy code

Diagnostics:
  pulumi:pulumi:Stack (Vega-dev):
    Error: gcp:apigateway/apiConfig:ApiConfig is not assignable from {api: string, apiConfigId: string, openapiDocuments: {document: {path: string}}}
      on Pulumi.yaml line 24:
      24:         document:
      25:           path: spec.yaml
    Cannot assign '{api: string, apiConfigId: string, openapiDocuments: {document: {path: string}}}' to 'gcp:apigateway/apiConfig:ApiConfig':
      openapiDocuments: Cannot assign '{document: {path: string}}' to 'List<gcp:apigateway/ApiConfigOpenapiDocument:ApiConfigOpenapiDocument>'

I'm confused of how to inject the api gw swagger here.

rough-quill-46540

03/16/2023, 1:58 PM

Hi, I just created a password using random.RandomPassword:

Copy code

password = random.RandomPassword(
  'my_password',
  length=18,
  special=False, 
 )

Is there any way to see the actual password in the pulumi app? I see no option for that.

salmon-hairdresser-65532

03/16/2023, 3:30 PM

Hi all, I have a problem with Pulumi and AWS Lambda destinations. Let me demonstrate it via a small example.

Copy code

import pulumi
import pulumi_aws as aws

service_function = aws.lambda_.Function(
    "lambda-service",
    runtime="python3.9",
    handler="handler.handler",
    memory_size=384,
    timeout=5,
    code=pulumi.FileArchive("/path/to/code"),
)

function_on_success = aws.lambda_.Function(
    "function_on_success",
    runtime="python3.9",
    handler="handler.handler",
    memory_size=384,
    timeout=5,
    code=pulumi.FileArchive("/path/to/code"),
)

success_destination = aws.lambda_.FunctionEventInvokeConfig(
    "success_destination",
    function_name=service_function.name,
    destination_config=aws.lambda_.FunctionEventInvokeConfigDestinationConfigArgs(
        on_success=aws.lambda_.FunctionEventInvokeConfigDestinationConfigOnSuccessArgs(
            destination=function_on_success.arn
        ),
    ),
)

pulumi.export("function-name", service_function.name)

I am using Localstack to test it locally and I would have expected that

Copy code

awslocal lambda list-function-event-invoke-configs --function-name function-name

would show me the created destination. However, I get a 404 error since there seems to be not destaination. Also testing the functionality shows that there is no destination that has been createt (I tried it by invoking the first Lambda via SQS from the CLI). I think it might be a Localstack problem, since also putting it through the CLI does not work. Does anyone have similar issues and/or know a solution? If more details are necessary, please tell me and I will provide them. Of course this minimal example is actually part of a larger project. EDIT: I thought it put-function-event-invoke-config via CLI worked but now I see that it does not. I suspect this is rather a Localstack problem.

careful-summer-45848

03/16/2023, 4:30 PM

Hi, a couple of quick questions about aws.lambda.LayerVersion. If I have zipped layer uploaded to S3, if I set the sourceCodeHash property when creating my layer, will this automatically update the layer on lambda (provided I make sure the hash is the new changed version) or does it still have to be triggered manually from the CLI? And what is the best way of generating this souceCodeHash? Is there a built in Pulumi property or method somewhere or do I have to use an external package?

mammoth-garden-53682

03/16/2023, 5:02 PM

Hi, I filed this issue in the

pulumi-docker

provider repo, but I’m a bit confused as to whether this is a bug or a limitation of the provider itself so asking here for redundancy. I have an issue where I cannot download private images using the

RemoteImage

resource because of permission errors ( docker CLI works fine) . I see no way to configure the resource to use explicit credentials (there’s configuration for pushing, though using the

Image

resource) — how are credentials supposed to be propagated to the provider? ie this does not work out of the box with an auth’d docker CLI

Copy code

airflow_image = RemoteImage(
        "airflow-2.3.0", 
        name="<http://docker.io/myorg/airflow:v0.0.4|docker.io/myorg/airflow:v0.0.4>", 
        )

   airflow_scheduler_container = Container(
        "airflow-scheduler",        
        image=airflow_image.image_id, 
        command=["scheduler"], 
        ports=[schedulerPorts], 
        name="airflow-scheduler", 
        envs=helpers.common_env(),
        restart="always",        
        logs=True,
   )
...

quiet-helmet-40109

03/16/2023, 8:50 PM

Hi everyone, Are you guys having issue with docker also?

FROM docker.io/library/build:latest:

------ ERROR: failed to solve: failed to load cache key: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

quiet-helmet-40109

03/16/2023, 8:50 PM

Copy code

#9 ERROR: pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed

quiet-helmet-40109

03/16/2023, 8:50 PM

node:18-slim image…

acceptable-plumber-31485

03/17/2023, 12:17 AM

Hi all. Got asked today from one of our directors. He asked me few questions • "How can we see the health of the nodes in a cluster after it's deployed by Pulumi? Currently, we can easily see the health status of our nodes in Spinnaker" • "How can we redeploy back or rollback to the previously deployed resources?" In Spinnaker, we can either "Restart pipeline of the previous known-good build" or "rollback to the sleeping ec2 instance, redblack deployment". I told him I'll do some research. What are you using for the monitoring of your nodes? How did you design your rollback strategy? Did you use any third party tool(s)?

polite-umbrella-11196

03/17/2023, 3:34 AM

Are

Pulumi.yaml

secure

secrets safe to check into a repository?

powerful-fall-86307

03/17/2023, 8:46 AM

Hey all. What's the best way to add a multiline secret to the stack config? The

value:

prompt from the CLI only takes the first line when I paste in the multiline value, and then executes the remaining lines in the shell 😄 (on Windows)

sticky-bear-14421

03/17/2023, 9:05 AM

Hi, I found an error in an older blog post on Pulumi.com, where can I report these (except here)? 🙂 https://www.pulumi.com/blog/aws-lambda-container-support/ The article contains an example for the usage of

awx.ecr.BuildAndPush()

. But this Function does not exist in the awsx.ecr packge anymore. There are only resources for ecr.Repository and ecr.Image and this one has a dockerfile and path property to build the image.

ambitious-father-68746

03/17/2023, 12:05 PM

Hi, I'm referencing values from one stack to another, but some of those values might not exist, which is fine. I know the difference between RequireOutput and GetOutput using StackReference, but there doesn't seem to be a way to actually check if the value exists or not using an

if

. GetOutput never fails, but returns

null

as an Output, which then translates to the boolean

true

. Is there any way around this?

sparse-gold-10561

03/17/2023, 2:06 PM

does pulumi make calls out to github for some reason? i've started to notice the following when running pulumi up or preview:

Copy code

Resources:
    + 1 to create
    14 unchanged
Updating (prod)
View Live: <https://app.pulumi.com/xxx/xxxx/prod/updates/5>
E0317 10:02:00.592311     166 log.go:84] GitHub rate limit exceeded, try again in 26m33.407697714s. You can set GITHUB_TOKEN to make an authenticated request with a higher rate limit.
E0317 10:02:00.597697     166 log.go:84] GitHub rate limit exceeded, try again in 26m33.402311854s. You can set GITHUB_TOKEN to make an authenticated request with a higher rate limit.

millions-train-91139

03/17/2023, 2:42 PM

When you’re trying to hack your way around Bulk Imports and shifting resources between Stacks:

careful-summer-45848

03/17/2023, 2:56 PM

Does anyone know how to set up dkim records using aws.sesv2? Or is it only possible using aws.ses?

narrow-ghost-95764

03/17/2023, 6:47 PM

I am attempting to use azure.appservice.Slot to create a new deployment slot for my Azure App Service via Pulumi. I am not able to find a way to create a deployment slot that clones the config of the parent App Service as you can via Azure portal. Does anyone have any advice when creating a deployment slot in Pulumi on best way to go about it and its capabilities? I've been following https://www.pulumi.com/registry/packages/azure/api-docs/appservice/slot/ and I know there's an option to import but the imports have been super messy in another Stack with config mis-matches even after copying/pasting import output, so trying to avoid any potentially messy imports

miniature-dentist-28288

03/18/2023, 12:53 AM

How do I ensure that a new CloudRun revision is created whenever an image is updated? I’m using CloudRunv2 and have the set up below.

Copy code

# Create a container image for the service.
image = docker.Image(
    "backend-image",
    image_name=f"{location}-docker.pkg.dev/{project}/{repo_id}/{image_name}",
    build=docker.DockerBuildArgs(
        context=".",
        dockerfile="Dockerfile",
    ),
    opts=pulumi.ResourceOptions(
        parent=backend_repo,
        depends_on=[backend_repo],
    ),
)

# Create a Cloud Run service definition.
service = cloudrun.Service(
    "service",
    opts=pulumi.ResourceOptions(
        parent=image,
        depends_on=[image],
    ),
    location=location,
    ingress="INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER",
    template=cloudrun.ServiceTemplateArgs(
        containers=[
            cloudrun.ServiceTemplateContainerArgs(
                image=image.image_name,
                resources=cloudrun.ServiceTemplateContainerResourcesArgs(
                    limits=dict(
                        memory=memory,
                        cpu=cpu,
                    ),
                ),
                ports=[
                    cloudrun.ServiceTemplateContainerPortArgs(
                        container_port=container_port,
                    ),
                ],
            ),
        ],
        scaling=cloudrun.ServiceTemplateScalingArgs(
            max_instance_count=5,
            min_instance_count=1,
        ),
    ),
)

millions-train-91139

03/18/2023, 9:52 AM

Is there a way to get the to-be-created urns of a non existing stack when I’m in its directory?

pulumi up

doesn’t have the

-u

flag I need it for filtering the state imports

melodic-island-51948

03/18/2023, 6:55 PM

Hello! Brand new to Pulumi, was able to get some EKS clusters stood up and some EC2 instances. Is it possible to use docker compose with Pulumi?

powerful-fall-86307

03/19/2023, 8:46 AM

I'm seeing some strange behavior around secrets and error logging from the

command:remote:CopyFile

in TypeScript. I provide a private key by reading it from a file, and then marking it as sensitive data by wrapping its content using

pulumi.secret(fileContent)

Copy code

const privateKey = pulumi.secret(fs.readFileSync(privateKeyFileName).toString())

Note how I don't keep the raw file content around for security purposes, and I've verified that this is the variable I'm passing directly as the connection options. But if the CopyFile command fails, e.g. the VM is not running, it still error logs the raw private key - which I don't want in the error logs. Weirdly the private key password that I get as a secret from the pulumi config is shown as the expected

[secret]

in the CopyFile error message. I'm thinking that the CopyFile may use the raw private key value for logging by mistake, but I couldn't locate the source code for the CopyFile command in GitHub (where is it??). Is this a bug in CopyFile? Edit: There appears to be different semantics for the error logging of

pulumi.secret()

vs secrets retrieved from config via

config.requireSecret()

. The former is logged as raw by CopyFile for privateKey, exposing the secret, the latter error logs as

[secret]

🤔

rapid-receptionist-28528

03/19/2023, 12:48 PM

Hey, I created a

pulumi

dynamic resource using

typescript

and Implemented all the needed functions (like and update and diff) Then exception was thrown (during some logic in my code) but

Pulumi

didn’t failed the operation (update) How can I let

Pulumi

understand that the operation was not succeed ? https://www.pulumi.com/docs/intro/concepts/resources/dynamic-providers/

crooked-raincoat-45073

03/19/2023, 8:24 PM

Calling str on an Output[T] is not supported This should be an easy one to solve, but I have somehow a hard time getting it working. {'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow', 'Principal': {'Federated': <pulumi.output.Output object at 0x10a205c90>}, 'Action': 'sts:AssumeRoleWithWebIdentity', 'Condition': {'StringEquals': {'*Calling str on an Output[T] is not supported*.\n\nTo get the value of an Output[T] as an Output[str] consider:\n1. o.apply(lambda v: f"prefix{v}suffix")\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of Pulumi.': 'sts.amazonaws.com'}}}]}

Copy code

policy_json = ({
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": eks_cluster.core.oidc_provider.arn
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {                    
                    f"{eks_cluster.core.oidc_provider.url.apply(lambda v: v)}": "<http://sts.amazonaws.com|sts.amazonaws.com>",                                    
                }
            }
        }
    ]
})

print(policy_json)

I tried all the different variations, but it seems I missed something obvious here

elegant-gigabyte-8733

03/19/2023, 10:18 PM

I’ve been using AWSx and deploying a Fargate service. As part of the TaskContainerDefinition you can set a value

name

that is supposed to be the name in the ECS task. Despite trying to set it, it’s always resulting in a

container

value for the name. Example

Copy code

{container: {family: "myfamily", image: "imageURL", name: "jowanzascontainer"}}

famous-answer-15051

03/20/2023, 1:53 AM

Hi guys. Anyone knows how to provide config vars when testing an application ? I searched on documentation and not find any solution =/

brainy-lion-38675

03/20/2023, 8:23 AM

Hi, Is there a way to refresh the stack at runtime after a resource has been created?

late-ram-37666

03/20/2023, 8:57 AM

Hi, I'm new to Pulumi . I have 3 micro pulumi projects in YAML language which create azure infrastructure. is there any way I can wrap all of them and run in one go? Basically, i want to run all three projects in a nested manner. project 1 , project 2 and project 3 something like project x will call all three projects?

cool-plastic-87476

03/20/2023, 9:05 AM

Good morning! I have some questions about how Pulumi responds to memory limits set in Kubernetes. First some context: In our project, we are currently using a node.js server together with pulumi automation to do a pulumi up on a specific api request. Our server is deployed using Kubernetes where we initially set a memory limit of 512Mi. However, when doing a pulumi up through our server, we received the following error:

error: an unhandled error occurred: Program exited with non-zero exit code: -1

. We’ve tried to obtain more logs, diagnostics, etc. with several commands, but nothing really provided more information about why pulumi errored out. Which, as you probably can guess, turned out to be quite a pain to debug. At some point, we started to take a look at the memory the server consumes while doing a request. It turned out that Pulumi consumes the memory it needs, until it almost reaches the limit set through k8s and then throws an error (which was just shared) when the limit seems to be lower than what it requires to complete. I upped the memory gradually, until it had enough memory (roughly 1.5 gigs) and it executed correctly without errors. My questions: Why is Pulumi currently configured to not crash a pod when it has a memory limit that is lower than the amount it requires? As a start, it would make sense to make the error message in this scenario more descriptive so that it is instantly clear that a memory limit was reached for pulumi. Next to that, would it make sense to change the config/code and let it just consume the memory it needs and crash the pod in a scenario where the limit was reached? Thank you for reading through and looking forward to answers! 🙂

colossal-vr-62639

03/20/2023, 10:01 AM

Is there any news on the ability to create dynamic providers using C#?