Is there a way to generate code for pulumi without modifying the stack?

pulumi import

by default updates the stack

hi, i'd like to renew a previously cancelled org subscription. is there anyone around here who can help with that? thanks in advance.

Hi, I am creating infrastructure with Pulumi and typescript in GCP (info for context). I see my stack configuration file growing with each new resource, and it is at a point where the config will be over 1000 lines, and it won't stop there. I was wondering is there a way to create other configuration files that you can access in code. I know Pulumi.yaml can be used for shared configuration between the stacks, but I would like to break it up even further, having different configuration stack for resource x, and for resource y etc. The reason I'm thinking about this is because I want to introduce defaults to the configuration to make it more manageable.

Hi team, when creating new auth0 action (

auth0.Action

) and providing a list of dependencies, the list seems to be re-ordered on each refresh - which causes us to update the resource on each run. Is this a known issue? any way to bypass it? Thanks!

Hi all. Is there a way to check a resource’s

ResourceOptions

via either the CLI or the Pulumi Cloud web UI? (Looking specifically for the ability to confirm whether a resource has retainOnDelete set, so if there’s a different way to do that, I’m all ears there too!)

One more question regarding retainOnDelete: https://www.pulumi.com/docs/intro/concepts/resources/options/retainondelete/:

The default is to inherit this value from the parent resource

Is this meant to imply that setting the option to true on an existing resource should cause the option to be set to true on its children, or is it something more nuanced like “those children won’t be deleted because the parent won’t be deleted, even if

pulumi preview

labels them

delete

rather than

delete[retain]

“? (As far as I can tell, neither of these is true—children seem to be “really” deleted even if their parent resource has the option set.)

Is it possible to import Postgres resources, like users and databases?. It does not say much on the Postgres provider https://www.pulumi.com/registry/packages/postgresql/api-docs/

It seems awsx.ec2.Vpc has issues with large subnets, using all AZs, and splitting it according to the defined awsx.ec2.SubnetSpecArgs.. Has anyone run into this and a way to fix it? for example:

vpc = awsx.ec2.Vpc(
    resource_name=vpc_name,
    cidr_block="10.210.0.0/16",
    number_of_availability_zones=6,
    subnet_specs=[
        awsx.ec2.SubnetSpecArgs(
            type=awsx.ec2.SubnetType.PRIVATE,
        ),
        awsx.ec2.SubnetSpecArgs(
            type=awsx.ec2.SubnetType.PUBLIC,
        ),
        awsx.ec2.SubnetSpecArgs(type=awsx.ec2.SubnetType.ISOLATED, cidr_mask=28, name="tgw"),
    ],
    nat_gateways=awsx.ec2.NatGatewayConfigurationArgs(strategy=awsx.ec2.NatGatewayStrategy.SINGLE),
    enable_dns_hostnames=True,
)

continues to receive

The following subnets overlap with at least one other subnet. Make the CIDR for the VPC larger....

Can someone confirm how this linking is performed so that the PRs and Commits in GitHub are updated with the rich previews? My assumption it is at least the

vcs.kind

,

vcs.owner

, and

vcs.repo

. But I am not clear on what other metadata it might use to make the Pulumi Github App update the PRs and Commits. Reason I am asking is that the code in Pulumi relies on there being a

.git

directory to fetch this data and I would like to potentially allow it to fall back to env vars for this information.

How does the Pulumi engine batch up resource provisioning operations for execution and then wait on them? I'm seeing some behaviour I wouldn't expect when doing some large deployments, that I suspect is blowing out the runtime for

pulumi up

(taking up to hours longer than I would expect). I'll see a number (say 20, but I haven't counted the exact number) resources being provisioned at once, 19 of which are quick to provision (e.g. s3 bucket) and one of which takes a long time (e.g. RDS instance). There are many other resources in the stack that need to be provisioned, which don't depend on the RDS instance in any way, and may or may not depend on the 19 s3 buckets. I would expect that at any given time I would have 20 provisioning operations running at once (as the dependency graph allows), and as the s3 buckets provision that the provisioning operation of another resource would take it's place. However what seems to happen is that the engine waits for all 20 resources in this batch to finish provisioning before starting a new batch of 20, regardless of what the dependency graph would allow. Is this expected? Is it due to how the engine runs and waits on resource creation?

Is there still no solution for looking up a resource that may not exist? I see a load of open issues regarding

<resource>.get(…)

and even when using

{ dependsOn: […] }

, these functions still explode if the resource doesn’t exist 😞 I want to be able to use a CRD inside a ComponentResource then wait for the resulting resources to exist and expose them as properties on the ComponentResource

When I run pulumi up against our azure webapp I see this:

~ siteConfig: {
    ~ appSettings: [
        ~ [18]: {
            ~ value: [secret] => [secret]
            }
        ~ [21]: {
            ~ value: [secret] => [secret]
            }
    ]
}

How can I find out what values are going to be changed? It would be good to at least know the appSettings keys, but there doesn't seem to be a way to get any more info than this.

Hi, I need help with Pulumi, C# and AzureNative: I'm creating "azure-native.resources.Deployment" (https://www.pulumi.com/registry/packages/azure-native/api-docs/resources/deployment/) Properties.Parameters in documentation are null. I need to pass some parameters, especially Output<string> var deloyment = new Deployment(deploymentName, new DeploymentArgs { DeploymentName = deploymentName, ResourceGroupName = resourceGroup.Name, Properties = new AzureResourcesDeployment.Inputs.DeploymentPropertiesArgs { Mode = AzureResourcesDeployment.DeploymentMode.Incremental, TemplateLink = new AzureResourcesDeployment.Inputs.TemplateLinkArgs { Id = templateSpecVersion.Id }, Parameters = new Dictionary<string, object> { { "storageAccountName", Output.Create("sadeployed1") } } } }); Here, for example I passed "StorageAccountName" parameter, its valur is Output<string>. However I'm getting following error: error: Code="InvalidRequestContent" Message="The request content was invalid and could not be deserialized: 'Error converting value \"sadeployed1\" to type 'Azure.Deployments.Core.Definitions.DeploymentParameterDefinition'. Path 'properties.parameters.storageAccountName', line 1, position 84.'."

Hi folks, I'm having a bit of trouble with Command. I have this to generate .env file which are deployed with ansible:

const renderEnvCmd = new command.local.Command(`${customer.subDomain}-env`, {
    create: `
      mkdir -p ansible/${customer.subDomain} && \
      cat ansible/env.tmpl | envsubst > ansible/${customer.subDomain}/.env`,
    environment: {
      ...secrets,
      ...postGres,
      BASE_PATH,
      anonJWT,
      serviceJWT,
      smtpPass: cfg.requireSecret("sendinblueSMTP"),
      fqdn: customerDNS,
    },
  });

I'm not sure why, but my .env files aren't being regenerated... Do I have to wire this up in any particular way to make sure the command is evaluated/exectued?

Greetings everyone. We're creating an

AWS.AppAutoScaling.Policy

for an ECS service. This generates a MetricAlarm in cloudwatch automatically. Is there a way to specify the Tags for the underlying MetricAlarm that is generated? There is no Tags property exposed for the Policy itself or any of the configuration properties. Using dotnet with Pulumi.Aws 5.18.0. Example code below of how the policy is configured for example:

var autoScalePolicy = new AutoScaling.Policy($"{resourceIdentityPrefix}-asp", new AutoScaling.PolicyArgs
{
    PolicyType = "TargetTrackingScaling",
    TargetTrackingScalingPolicyConfiguration = new AutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationArgs
    {
        PredefinedMetricSpecification = new AutoScaling.Inputs.PolicyTargetTrackingScalingPolicyConfigurationPredefinedMetricSpecificationArgs
        {
            PredefinedMetricType = "ECSServiceAverageCPUUtilization"
        },
        TargetValue = 65.0,
        ScaleInCooldown = 60,
        ScaleOutCooldown = 60
    },
    ScalableDimension = autoScaleTarget.ScalableDimension,
    ServiceNamespace = autoScaleTarget.ServiceNamespace,
    ResourceId = autoScaleTarget.ResourceId
    // How do we define Tags? There is no Tags property
});

Greetings! I am using a lot of the autonaming feature on Azure resources, but I would love if I could specify the naming algorithm in a more specific way, in my case just because of a single hyphen. If I use the auto naming feature on a resource group, for example, and I name it

rg-my-resourcegroup

it will become something like

rg-my-resourcegroupxxxxxxxx

(without an extra hyphen). So I need to name my resource

rg-my-resourcegroup-

, and I hate the extra hyphen in the pulumi names, specially because not all resources use a suffix, so the URNs become a mess. Using pulumi/random is not a solution, since I need a new name when something needs to be deleted/recreated and by design the random naming is persisted between runs (which is good for the library purposes, but bad for circumventing the issue here). Any tips on overriding this feature to achieve this?

Hi all 🙂 I’m using @pulumi/aws-static-website to deploy my react app, so far I’ve been using version

0.3.0

. When I destroy and re-create again, I started to get following error: 1 error occurred: * Error creating S3 bucket: InvalidBucketAclWithObjectOwnership: Bucket cannot have ACLs set with ObjectOwnership’s BucketOwnerEnforced setting status code: 400, When I update package to version

0.4.0

, all good but when page is redirected to some another page via react-router-dom, I’m getting :

<Code>AccessDenied</Code>
<Message>Access Denied</Message>
<RequestId>FG18GJN5BRXRSTYC</RequestId>
<HostId>8ue6Jq4q0jx3M5K5IkEVMCUr3kGvvz8gaYwJ7mzOXXKqpqqw5vxKlSBednksWU5Xkm2LN6m6Uk4=</HostId>
</Error>

Any idea how can I proceed to solve this problem? Thanks!

Hi all, I have a use case where i'm using random.NewRandomPassword to generate password for a Kafka user. Using this to avoid recreation.

password, err := random.NewRandomPassword(ctx, "password", &random.RandomPasswordArgs{
		Length:          <http://pulumi.Int|pulumi.Int>(PasswordLength),
		Special:         pulumi.Bool(true),
		OverrideSpecial: pulumi.String("!#$%&*()-_=+[]{}<>:?"),
	})

	if err != nil {
		return nil, err
	}
	args.Password = password.Result

	user, err := kafka.NewUserScramCredential(ctx, fmt.Sprintf("%s", args.Username), args, pulumi.Provider(provider))
	if err != nil {
		return nil, err
	}
	ctx.Export("id", user.ID())
	ctx.Export("updatedAt", pulumi.StringPtr(fmt.Sprintf("%d", time.Now().Unix())))
	ctx.Export("password", password.Result)

For our usecase, we want to export this to context. However, it seems the passowrd.Result is rendered as [secret] instead of the actual string. Is there a way to get the actual string? I also tried

password.Result.ApplyT(func(pwd string) error {
		ctx.Export("password", pulumi.String(pwd))
		return nil
	})

but this does not seem get executed at all

Hi! I'm trying to create a Cloudflare provider. So far, I've installed the pulumi plugin and I have also installed the package for cloudflare. I'm getting the following error when I try to initialize it:

error: fatal: failed to Init GRPC to register RPC handlers: failed to create resource provider: ProviderInfo needs a semver-compatible version string, got info.Version=""

  pulumi:providers:cloudflare (myCloudflare):
    error: could not read plugin [/home/myProfileName/.pulumi/plugins/resource-cloudflare-v5.1.0/pulumi-resource-cloudflare] stdout: EOF

Things I checked: • When I do pulumi

pulumi plugin ls

, I get:

NAME        KIND      VERSION  SIZE    INSTALLED     LAST USED
cloudflare  resource  5.1.0    45 MB   10 hours ago  10 hours ago
docker      resource  4.2.0    45 MB   2 days ago    2 days ago
gcp         resource  6.55.1   138 MB  18 hours ago  18 hours ago
kubernetes  resource  3.27.1   89 MB   18 hours ago  18 hours ago
random      resource  4.13.0   72 MB   2 days ago    2 days ago

• My

package.json

also seems to have the matching version for this file:

{
  "name": "infastructure",
  "scripts": {
    "format": "npx prettier --config ../.prettierrc.json --write ."
  },
  "devDependencies": {
    "@types/node": "^16",
    "prettier": "2.8.8"
  },
  "dependencies": {
    "@pulumi/cloud": "^0.30.1",
    "@pulumi/cloudflare": "5.1.0",
    "@pulumi/docker": "^4.2.0",
    "@pulumi/gcp": "^6.39.0",
    "@pulumi/kubernetes": "^3.26.0",
    "@pulumi/pulumi": "^3.0.0",
    "@pulumi/random": "^4.13.0",
    "typescript": "^4.0.0"
  }
}

• The file exists at the directory specified above • I also tried reinstalling the plugin, and attempting to override it in the Pulumi.yaml file • This is how I'm trying to create the provider:

import * as pulumi from '@pulumi/pulumi';
import * as cloudflare from '@pulumi/cloudflare';

	const cloudflareProvider = new cloudflare.Provider('myCloudflare', {
		email: [redacted, hardcoded string with email],
		apiKey: [redacted, hardcoded string with API key],
	});

Hello folks facing this issue, error: Could not automatically download and install resource plugin 'pulumi-resource-kubernetes' at version v1.1.16, install the plugin using `pulumi plugin install resource kubernetes v1.1.16`: error downloading provider kubernetes to file: failed to download plugin: kubernetes-1.1.16: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-kubernetes-v1.1.16-darwin-arm64.tar.gz Please let me know how to resolve this

Does anyone know how to handle the Azure quirk of Azure b2c/b2b setting up an entirely separate tenant, with no subscription, to contain your Azure b2c/b2b users? If you try to create an app registration after the b2c tenant, it gets created in your main tenant, not the b2c tenant and there is no apparent way to link them 😮 I'm aware of azure-native.Provider but I'm guessing the lack of subscription isn't letting it find the other tenant. I get a couple of errors with 0 google results when trying that with just a tenant id

ResourceError: Do not supply 'providers' option to a CustomResource. Did you mean 'provider' instead?

No, I actually meant

providers

, why would you have a problem with it? I have a component that creates resources from different providers, one of them is a non-default kubernetes provider. I don't want to create AWS resources with the kubernetes provider, nor Kubernetes resources with AWS provider... Isn't that what

providers

is for?

export interface ComponentResourceOptions extends ResourceOptions {

/**

* An optional set of providers to use for child resources. Either keyed by package name (e.g.

* "aws"), or just provided as an array. In the latter case, the package name will be retrieved

* from the provider itself.

*

* Note: only a list should be used. Mapping keys are not respected.

*/

providers?: Record<string, ProviderResource> | ProviderResource[];

For importing resources (Azure AD App) into existing stack,

CustomResourceOptions

specifies "_The inputs to the resource's constructor must align with the resource's current state_". A discrepancy here causes

error: inputs to import do not match the existing resource

. To achieve my goal, I need my Pulumi program to be the source of truth, applying and overriding any discrepancy that may exist. Can this be done through Pulumi at all, or would I have to for example use the MS Graph API to update the AD App before importing it? Thus avoiding the

do not match

. Thank you ❤️

I am trying to migrate from Pulumi Cloud to self-hosted in an s3 bucket and getting errors that seem related to serialization, has anyone experienced this? It seems to mainly happen with lambdas. I can get them working by changing them from the aws.lambda.CallbackFunction syntax to aws.lambda.Function, but it would be nice to keep the original syntax. Does s3 serialize differently and is there a better way to fix this? The Error:

error: Error serializing function 'customMessage': index.ts(192,22)
    
    function 'customMessage': index.ts(192,22): which could not be serialized because
      Could not find [[Scopes]] property
    
    Function code:
      function customMessage(event, context) {
          var _a, _b;
          return __awaiter(this, void 0, void 0, function* () {
              console.log('event', event);
              if (event.triggerSource === "CustomMessage_AdminCreateUser") {
      ...

The Original Code:

export const customMessageLambda = new aws.lambda.CallbackFunction(
    `customMessage-lambda-${stack}`, { callback: customMessage }
);

The Working Code:

export const customMessageLambda = new aws.lambda.Function(
  `customMessage-lambda-new`,
  {
    code: new pulumi.asset.FileArchive('./customMessage.zip'),
    role: 'arn:aws:iam::617706700270:role/lambdaRole-20db8e5',
    handler: 'customMessage.handler',
    runtime: 'nodejs12.x',
  }
);

Hey folks, I'm trying to run

pulumi stack rename

to rename a project (eg

pulumi stack rename org/new-name/dev

) and I'm getting an error

error: [403] You do not have permission to perform this operation.

I've tried

pulumi logout

and

pulumi login

and still getting the error. This is a project that I created on this machine a few hours ago. In the meantime I did have to remove homebrew and reinstall it, but not sure how that could be causing an issue as

pulumi up

is working fine. Adding

-v=

for verbose logging doesn't yield any additional output

Hello guys, I've been trying to create a GCP dns record set by using a dns_authorization data, with this code Trying to create the dns_authorization entries 'CNAME', fails with this error -

* Error creating DNS RecordSet: googleapi: Error 400: Invalid value for 'entity.change.additions[_<http://acme-challenge.gcp.foo.bar.io|acme-challenge.gcp.foo.bar.io>.][CNAME].name': '_<http://acme-challenge.gcp.foo.bar.io|acme-challenge.gcp.foo.bar.io>.', invalid

I redacted some data from the code but it should be pretty similar Did anyone encounter such issue before? Or knows what this means? Documentation about it is pretty bleak

Hi there, I'm just clearing up some stacks in pulumi, but I'm not allowed to rm them "You do not have permission to perform this operation.". How can I see who has created the stack? how can I remove a stack not created by anyone still in the team?

How to lock a pulumi provider to a specific version in go sdk?

Hi there! I've been studying Pulumi for my company for a couple of weeks now. I have a security question concerning the encryptionsalt when using the passphrase secret provider. ➡️ Is it safe to commit the encryptionsalt? I read a couple of articles and I think I kinda understood the concept of salt in cryptography. But if I understood correctly, concerning Pulumi there is only one salt generated per password? If so, doesn't it negate the benefit of using salt if it's committed to the config file? I would be happy to discuss this to understand it better 🙂 thanks!

I've been using the Pulumi AI https://www.pulumi.com/ai/ and whilst it is quite handy it does seem to make up stuff, i.e. produce code that is more wishful thinking than actually viable. The other day I asked it about base64 encoding of userData in an aws-native launchTemplate and it happily told me that I didn't need to base64 encode it, but on reading the docs I couldn't find a launchTemplate function in the aws-native provider, and the one in the aws provider needs the userData to be base64 encoded. Today I asked it how to add an instance role to a launch template, and it correctly told me I need to add an instance profile to the template, but the code it provided

// Create the launch template that uses the instance profile and IAM role
const launchTemplate = new aws.ec2.LaunchTemplate("launchTemplate", {
    imageId: "ami-0c94855ba95b798c7", // Replace with the desired AMI ID
    instanceType: "t2.micro", // Change to desired instance type
    instanceProfileName: instanceProfile.name,
    // Additional launch template settings can be added here, such as security groups
});

uses instanceProfileName, which the compiler complained about and the docs say doesn't exist. There is iamInstanceProfile which takes an arn, so I was able to make it work. I'm not complaining, I do find the AI to be useful, but it is worth noting that its code needs checking.