Is there a way to convert kubernetes yaml configs with custom resources like gateway from istio into pulumi python code?

somewhat basic question, I’m having some issues with AWS Organization module. when I try to retrieve info I get

Error: invocation of aws:organizations/getOrganization:getOrganization returned an error: invoking aws:organizations/getOrganization:getOrganization: 1 error occurred:
    	* error listing AWS Organization (o-mbtpj7k2e5) accounts: AccessDeniedException: You don't have permissions to access this resource.

this happens even though I have

PowerUserAccess

and

AdministratorAccess

. Organization is enabled in my region (us-east-1) and

aws organizations describe-organization

runs fine. has anyone else run into this? src is just this one-liner

const organization = aws.organizations.getOrganization({});

Can anyone tell me why my AADB2C is not being created? https://pastebin.com/XSL6dx97

azure-native:azureactivedirectory:B2CTenant (ActiveDirectory):
    error: resource partially created but read failed autorest/azure: Service returned an error. Status=404 Code="NotFound" Message="Resource with ID '496bf099-0f68-467a-bf4c-5b69dedd74db/mrpmorrisdevuksouth/mrpmorrisdev' does not exist." Target="resource": autorest/azure: Service returned an error. Status=404 Code="NotFound" Message="Resource with ID '496bf099-0f68-467a-bf4c-5b69dedd74db/mrpmorrisdevuksouth/mrpmorrisdev' does not exist." Target="resource"

Hey all, I’m using the automation API and inline Go code instead of Pulumi CLI. I saw that Pulumi will auto-download required plugins/providers when needed, but I was wondering how it resolves versions? Will it just default to latest, or does it respect the plugin version in my

go.mod

file?

Hi everyone - a pleasure to join this forum. I'm currently working on Data Haiti (https://cloud.datapane.com/reports/E7yLZg3/data-haiti/). I joined this community to learn and connect with other data enthusiasts.

I am converting below plain vanilla python code to Pulumi:

def core_network_vpc_attachment_data_per_segment(core_network_segments, region):
    """
    Creates a dictionary of segments per vpc per subnets. these are consumed in the vpcattachment to core network
    """

    # Instantiate an ec2 client
    ec2_client = create_aws_client(service_name="ec2", region=region)

    # Parse the segment list
    segment_list = []
    vpc_corenetwork_attachment_data = {}

    for segment_data in core_network_segments:
        segment_list.append(segment_data["name"])

    # Parse VPCs by the segment
    for segment in segment_list:
        subnets_per_vpc_per_segment_list = []
        vpcs_by_tag = describe_vpcs_by_filter(
            ec2_client=ec2_client,
            filters=[{
                "Name": "tag:core_network_segment",
                "Values": [
                    segment
                ]
            }
            ]
        )

        if vpcs_by_tag["Vpcs"]:

            # Parse private subnets of a VPC
            for vpc in vpcs_by_tag["Vpcs"]:
                vpc_and_subnets_data = {}

                # vpc id
                vpc_id = vpc['VpcId']

                # calculating the VPC ARN
                vpc_arn = f"arn:aws:ec2:{region}:{vpc['OwnerId']}:vpc/{vpc_id}"
                # finding vpc name based on the Name tag
                for vpc_tags in vpc["Tags"]:
                    if vpc_tags["Key"] == "Name":
                        vpc_name = vpc_tags["Value"]

                # Looking for all the private subnets in a vpc. Core Network attachment will be created on these private
                # subnets till we get Core subnets in all the VPCs
                _subnets = describe_subnet_by_filter(ec2_client=ec2_client, filters=[
                    {
                        "Name": "vpc-id",
                        "Values": [vpc["VpcId"]]
                    },
                    {
                        "Name": "tag:Name",
                        "Values": ["*private*"]

                    }
                ])

                # Parsing subnet ARNs for a given VPC
                subnets_per_vpc_list = []
                for _subnet in _subnets["Subnets"]:
                    subnets_per_vpc_list.append(_subnet["SubnetArn"])

                vpc_and_subnets_data["vpc_name"] = vpc_name
                vpc_and_subnets_data["vpc_arn"] = vpc_arn
                vpc_and_subnets_data["vpc_id"] = vpc_id
                vpc_and_subnets_data["subnet_arn"] = subnets_per_vpc_list
                subnets_per_vpc_per_segment_list.append(vpc_and_subnets_data)

        if subnets_per_vpc_per_segment_list:
            vpc_corenetwork_attachment_data.update({segment: subnets_per_vpc_per_segment_list})

    return vpc_corenetwork_attachment_data

which will be used in https://www.pulumi.com/registry/packages/aws/api-docs/networkmanager/vpcattachment/ any help is appreciated.. I started with CDK for Terraform but gave up and now looking at Pulumi.

I'm trying to understand exactly how this change has effected my service managed stacks. Previously when I made a stack with

org/project/stack

, I could run

pulumi stack ls

and see all my stacks listed with

org/project/stack1

,

org/project/stack2

, etc. Additionally in the dashboard the stacks would all be grouped based on the project they were in. Now when I create a stack in an existing project with

org/project/stack

the

project

portion seems to be completely ignored. Running

pulumi stack ls

only shows

org/stack

, my starship module that reports the stack in my terminal prompt only shows

org/stack

, and the dashboard no longer groups the stacks by project. The only place I can actually see the project name is in the URL in the dashboard. This seems like the opposite of what this blog post is saying. Am I missing something or are projects just ignored now? (I understand that

org/stack

is a valid reference when in a directory for

project

, but that doesn't explain the dashboard portion.)

I feel like I'm always so negative when I post in here. I really do think Pulumi is an awesome tool! I'm thinking of managing all of our GitHub repositories with Pulumi at work. The final yearly price seemed crazy high. Does my estimate seem glaringly wrong?

For context, we make a lot of repositories, which is the reason we want to automate the process. We're a data engineering / data science team, so we'll often make new repos for new ML services, data transformations, etc.

We haven't officially adopted Pulumi at my work yet. Due to the high price here, I was thinking of creating an S3 bucket to manage the state of our GitHub repos. That could be a good gateway for Pulumi at BENlabs in general, and maybe we'd come back and get a paid plan for other projects. For example, we use AWS CDK for all things AWS, however we use NewRelic, Auth0, and PagerDuty for all of our (many) REST APIs. I could certainly see us using Pulumi to manage those. And since it's easier to call that "production usage", I could see it being an easier sell to pay money for the state management of those things.

Is it just me or loading https://app.pulumi.com takes even longer than it used to? After 1 minute it loaded with URL

<https://app.pulumi.com/signin?reason=401>

Hi there, I suggest we update the document of https://www.pulumi.com/registry/packages/cloudflare/api-docs/pagerule/#pageruleactionscachettlbystatus about

ttl

,currently it’s not really clear

Duration a resource lives in the Cloudflare cache.

positive number - cache for specified duration in seconds

in Terraform have better explain

ttl - (Required) Duration a resource lives in the Cloudflare cache.
positive number - cache for specified duration in seconds
0 - sets no-cache, saved to cache, but expired immediately (revalidate from origin every time)
-1 - sets no-store, never save to cache

like now, I use Cloudflare API and it return data with value

"actions": [
            {
                "id": "cache_ttl_by_statuses",
                "value": {
                    "302": "no-cache",
                    "404": "no-cache",
                    "500": "no-cache",
                    "522": "no-cache"
                }
            }
        ],

and I don’t know the

int

number of

no-cache

until I checked Terraform document

Hi, is there a pulumi equivalent of terraform's taint command?

Hi team, what’s the recommended method of retrieving stack reference via cue lang?

hi All, I would like to build pulumi state file from the pulumi history file. did any one attempted this? if so could you pl. share the steps. I know below are two commands to find out revision and export stack state to json. i) to know history -> pulumi stack history ( supposed to show the revision number but i am not seeing it when i run the cmd ) ii) to export the state -> pulumi stack export --revision <revision_number> > mystate.json how can I find out the revision number from pulumi stack history? Appreciate any help/pointers in this regard. Thankyou.

Is it possible to limit the amount of stack history Pulumi stores in the backend, or disable stack history storing entirely?

heya, I have a question about stack. If I have a stack that create several AWS resources, what will happen if during pulumi up, one of the resources fails to deploy? will it fail all of them? or some will succed? thanks

Another question is if I created a pulumi program which deploy • resource A • resource B • resource C I do a

pulumi up

and all three resources deployed successfully Now, I modify the pulumi program and it only have • resource A • resource B If I do

pulumi destroy

will it destroy all three resource or just the two and leave resource C un handled?

I’m having tons of problems with

pulumi-docker

4.x For one, it seems that Pulumi team created a hashing function that hashes all the Docker context (minus the .dockerignore) before actually running the build with docker’s engine : is there a way to disable this and instead let Docker build the image and compute the actual digest ? (source: https://github.com/pulumi/pulumi-docker/blob/1966f086164d1e1b87d96c9a9da81efef1167816/provider/provider.go#L162) In our case, we have a structure like this:

projects/
libs/

So we usually set the Docker context at

.

and use multi-stage builds to build our different projects : this way we can share the libs that are built at earlier stages in some of the projects Although the new docker provider does support the

target

argument, the

hashContext

function does not care for multi-stage builds : it calculates a single hash for the whole context... no matter which stage we actually intend to build The other -much more problematic- issue we’re having is that altering a file (such as adding a comment

# foo

somewhere) does not trigger an update when running

pulumi up

I can’t know for sure what’s happening, but I know for a fact that running

docker build

manually does pick up the change and update the digest of the image, whereas pulumi-docker’s pre-hash seems to block the docker engine from actually running This is preventing us from moving forward on our prod releases 😞 @limited-rainbow-51650 is there anybody at Pulumi that could chime in on this ?

Are there any packages that build OCI / Docker images without Docker? Can the Docker package be configured to use podman, buildah or anything else?

Hey guys, how are you? One simple question from my side: I just executed a "pulumi preview --diff", and although in the changes report that appears in the end of the command execution no resource is marked as "to delete" I can see a lot of lines marked with - in front. This is the output of the k8s.helm.v3.Release. 718 - allowNullValues : false 719 - apiVersion : <null> 720 + compat : "true" 721 - createNamespace : false 722 - dependencyUpdate : false 723 - description : "" 724 - devel : false 725 - disableCRDHooks : false 726 - disableOpenapiValidation: false 727 - disableWebhooks : false 728 - keyring : "" 729 - kind : <null> 730 - lint : false 731 - postrender : "" 732 - recreatePods : false 733 - renderSubchartNotes : false 734 - replace : false Interesting fact is that after the rollout of this into a testing environment the attributes listed above with "-" were not deleted from the resource, so what's the point?

Hi all, This is my first time dabbling in IaC, so sorry if this question seems newbie. I'm trying to bootstrap 4 environments: sandbox, dev, stage, prod. Apart from that I am bootstrapping an EC2 instance to become a GitHub Actions runner, that is supposed to act as my "infrastructure runner". Is there a way I can configure in my Pulumi code that I want to set up the GHA runner, maybe using the GitHub API, or do I manually have to set it up every time I want to bootstrap?

Hello, I changed the version used to create ManagedCluster with Azure (with using Pulumi.AzureNative.ContainerService.V20230101;). In my branch, I create a new cluster and the URN is looking like this: urnpulumidev-alussier:shared clusterakinoxakp-alussier-dev-alussierakskubernetes::akp-alussier-dev-alussier-kubernetes-aks But, when I go on the main branch (without merging my branch) and I try to update the same cluster (with using Pulumi.AzureNative.ContainerService;), Pulumi is changing the URN: urnpulumidev-alussier:shared clusterakinoxakp-alussier-dev-alussierakskubernetes*$azure-native:containerservice/v20230101*ManagedCluster:akp-alussier-dev-alussier-kubernetes-aks-cluster. This makes Pulumi trying to delete the cluster and create a new one. It is not even a replacement, because of the type of resource that is changed in the ManagedCluster class (see the image). So right now, if I merge my branch, all the existing clusters that are used in this ComponentResource will be deleted and a new one will be recreated. 😞 Is there a way to make Pulumi understand that it is the same resource and that it should not create a new one?

Somehow my Pulumi is looking for

.pulumi/meta.yaml

. but I am still using

Pulumi.yaml

How do I fix this issue?

error: read ".pulumi/meta.yaml": blob (key ".pulumi/meta.yaml") (code=Unknown): AccessDenied: Access Denied
	status code: 403, request id: 17HDP01KET7A1EEP, host id: 16PJgnCGLXKjxVBzYiqHdYwnrkKH8v3CBp/odlGS9LliZmPA2+rE/Q8xTa8l169CpmXt1MWttHs=

"github actions" question: If the files in the path to the pulumi program/project didn't change, we'd like to not run the pulumi step in our workflow job which handles applying those changes. (We know pulumi does the right thing, but this relates to dev process stuff - it's specifically about our cloud "development" environment, not any of our higher environments.) We've got that working. But our deployment job in the same workflow needs the output of the pulumi program so that it has the app service name to which to deploy (since the app service name has the pulumi-generated suffix). If we just skip the pulumi step in that job, then the output isn't available; and the github action fails. It looks like our best option might be to use the "expect-no-changes" option to the pulumi github action. I don't see any examples of specifically how to use that option - I'm guessing it's just another line in the yaml under "with:". Any thoughts on this?

Hi All. I'm having an issue with

resource complete event returned an error: failed to verify snapshot

on a resource and I can't seem to do anything about it. Any Advice? I'm not sure what change might have caused it, but I can't even remove the resource now

Docker BuildX support Currently, when I build an AWS Lambda container compatible with AWS Graviton (arm64) it works fine on my laptop but GitHub Actions doesn't seem to support building arm64 images natively. A few people on blogs & forums seem to suggest that the workaround is to use the docker buildx action to build images, but that's incompatible with using

pulumi-docker

as a build system for the containers. Are there plans to support buildx in

pulumi-docker

? 🙏 @orange-policeman-59119 @shy-arm-32391 Also, if anybody has feedback struggling with arm images with their CI I'm happy to discuss it in this thread 🙂

Hi folks, is it viable to replace ansible with pulumi? I know pulumi is mostly for cloud IaC, but with command and dynamic providers can I use it for config management too? Is there a way to get ansible style inventory management with pulumi?

Hey friends I have a quick question, me and my team are attempting to migrate from a self managed (gcp bucket) state to pulumi cloud. We're hoping to import current resources into pulumi cloud but it seems like this can't be done seamlessly? Let me know if anyone has any resources on this.

Hello, quick question about the pulumi state drift and sync - i created kubernetes cronjob with pulumi pytohn kuberentes, after that i changed cronjob manually with kubectl edit, but now pulumi up and pulumi preview did not detected the drift between the code and the actual state , seems like --refresh syncs the cronjob changes with the state file, which is not what i want, i want to run pulumi on a way that it will sync the applied resources with the code (to remove the drift), as terraform apply do, how can i make that? Thanks!