pulumi-community #general

magnificent-sugar-64951

05/21/2023, 9:39 AM

and when use pulumi up, it's keep failing

magnificent-sugar-64951

05/21/2023, 9:39 AM

since it try to delete the subnet

refined-rose-1179

05/21/2023, 7:15 PM

Hello, Did anyone had a problem with creating a ForwardingRule?

Error creating ForwardingRule: googleapi: Error 400: Invalid value for field 'resource.target':

Invalid target type TARGET_HTTP_PROXY for forwarding rule in scope REGION, invalid

Copy code

`const proxy = new gcp.compute.TargetHttpProxy('backend-api-proxy', {
  urlMap: urlMap.selfLink,
  name: 'backend-api-proxy',
});

// // Create a forwarding rule
const forwardingRule = new gcp.compute.ForwardingRule(
  'backend-api-http-forwarding-rule',
  {
    name: 'backend-api-http-forwarding-rule',
    region: 'europe-west1',
    target: proxy.selfLink,
    ipAddress: '0.0.0.0',
    portRange: '80',
  }
);

better-activity-84090

05/22/2023, 1:27 PM

Hello guys, I’m having a strange issue, and wondering if anybody has any idea. I’ve recently updated my pulumi version to match latest, and since then, pulumi has been trying to update the random-hex characters at the end of my existing resources, something like this:

Copy code

name        : "my-stack-audit-d21bbd9" => "my-stack-audit-6494e4d"

I could not find any configuration explaining why that would happen, and downgrading back to an older version doesn’t seem to work Anybody had the same issue ? Or have an idea on how to debug it ? Thanks

quaint-river-59320

05/22/2023, 2:41 PM

Is anyone else having issues with policies? I started seeing these errors in my stack. “error: Error validating stack with policy access-keys-rotated:” I also tried to remove a policy from a policy group and see an error that says “Network Error Detected - Retrying Request”.

ambitious-father-68746

05/22/2023, 3:45 PM

Hi, I'm getting the following error when running pulumi with a `--replace`:

Copy code

error: update is marked constrained, but is not constrained to an update or a replace

I've never seen this before and I've been using Pulumi for a long time. What does this actually mean? Thanks

ambitious-father-68746

05/22/2023, 4:02 PM

Code was introduced two weeks ago, it seems: https://github.com/pulumi/pulumi/commit/56280ed75974f497e249cff04fbb12f714133e89

ambitious-father-68746

05/22/2023, 4:18 PM

OK, I get the error when using

--target

and

--replace

together. If I only use

--replace

I don't get the error, but it's only targeting those resources, not everything else in the stack. I think this is not correct.

elegant-laptop-80400

05/22/2023, 6:57 PM

any recommendations on splitting an existing stack into two separate ones ?

straight-cat-87033

05/23/2023, 12:14 AM

A question on importing existing resources into Pulumi using the

import

resource option: The docs state that:

The resulting Pulumi program, after the import is complete, will faithfully generate the same desired state as your existing infrastructure’s actual state.

Because of this, all properties need to be fully specified. If you forget to specify a property, or that property’s value is incorrect, you’ll first receive a warning during preview, and then an error during the actual import update.

But that isn’t matching the behavior that I’m seeing with regards to unspecified properties.

ambitious-father-68746

05/23/2023, 7:25 AM

Is there a way to check the version of Pulumi CLI at runtime?

modern-musician-3045

05/23/2023, 7:34 AM

pulumi version

also pulumi will tell you when it runs if it is not the latest version and suggest you update… well it does on the mac version anyway

enough-honey-14480

05/23/2023, 9:45 AM

Can we have Pulumi and Cloudflare workers in separate repository ? if Yes then how can i access cloudflare worker in Pulumi

enough-honey-14480

05/23/2023, 9:46 AM

Currently i am using this way because Pulumi and Cloudflare are in same repo. content: fs .readFileSync(__dirname + '/resources/cdn-*-*.js') .toString(),

adorable-advantage-6937

05/23/2023, 2:28 PM

Question: I’ve got a simple vpc with a rds db and a fargate service as long as an ALB. My objective is to create a listener that automatically redirect traffic from 80 to 443. Api docs are still not good since they refer to alb.createListener that isn’t present in the library. I’ve gotten to this point but failing to understand what targetGroup I should set in my default action for forwarding. I’ve removed other details like vpc creation etc… since they weren’t relevant to my problem.

const cluster = new aws.ecs.Cluster(envRelated('st-primary-ecs-cluster'));

const alb = new <http://awsx.lb|awsx.lb>.ApplicationLoadBalancer(

envRelated("stp-loadbalancer"), {subnetIds: vpc.publicSubnetIds,listeners: [{

port: 443,

protocol: "HTTPS",

certificateArn: certificateArn,

defaultActions: [{ type: "forward", targetGroupArn: ??? },],

} ,

port: 80,

protocol: "HTTP",

defaultActions: [

type: "redirect",

redirect: {

port: "443",

protocol: "HTTPS",

statusCode: "HTTP_301",

},

},

],

}]});

const repo = new awsx.ecr.Repository(envRelated("ecr-st-repo"), {

forceDelete: true,

});

const imgApi = new awsx.ecr.Image(envRelated('st-api'), { repositoryUrl: repo.url, path: "./api", target: 'production' });

const appServiceApi = new awsx.ecs.FargateService("st-api-svc", {

cluster: cluster.arn,

assignPublicIp: true,

taskDefinitionArgs: {

container: {

image: imgApi.imageUri,

cpu: 102 /*10% of 1024*/,

memory: 50 /*MB*/,

essential: true,

portMappings: [ {containerPort: containerPort , targetGroup: alb.defaultTargetGroup} ],

},

},

desiredCount: 1,

});

purple-train-14007

05/23/2023, 3:49 PM

Have you all thought about adding to your installation instructions an option for Winget? Winget is able to install Pulumi and it’s the official RPM for windows

purple-train-14007

05/23/2023, 3:54 PM

Has anyone else been getting this error with the latest build of Pulumi?

purple-train-14007

05/23/2023, 3:55 PM

Copy code

error: read ".pulumi\\meta.yaml": blob (key ".pulumi/meta.yaml") (code=Unknown): AccessDenied: Access Denied
        status code: 403, request id: CFMV7QGJSA2MJP27, host id: p2YUjMFtIJW5Npm50JU7A7IaTsJ2m8xznrnZf8lPrRno8H2WkOA6zpO8ZGeMpHz84/+z/svnWJ0=

clever-dog-35937

05/23/2023, 7:03 PM

I've had a PR in on

pulumi-aws-iam

for about three weeks now, is there some standard to notify for review that I'm missing? https://github.com/pulumi/pulumi-aws-iam/pull/12

damp-lock-9822

05/23/2023, 8:03 PM

Hi all, I’m trying to create an aws Ec2 instance using the aws-classic pulumi package. I defined an explicit provider in order to include the assumeRole credentials needed to make the instance in the target account. I’m facing a couple errors that have stumped me and any guidance would be much appreciated. Despite that the provider is both specified in my getAmi call and is defined properly, I am getting the error

Unhandled exception: Error: Invoke: Default provider for 'aws' disabled. 'aws:ec2/getAmi:getAmi' must use an explicit provider

adorable-analyst-27426

05/23/2023, 11:59 PM

I am getting below

error: .pulumi/stacks/nonprod.json: snapshot integrity failure; refusing to use it: resource urn:pulumi:nonprod::ai::azure:appservice:HttpEventSubscription$azure:appservice/functionApp:FunctionApp::api dependency  refers to missing resource

from AzureDevOps job using branch, it was runing OK until today. Nothing has change from and just want to add dummy data to the API, any advice

brief-car-60542

05/24/2023, 12:08 AM

How do you depensOn a resource that is in the array? such as:

Copy code

{
      dependsOn: [
        restApiPolicys[region]
      ],
      provider: config.providers[configEnvironment] as aws.Provider,
    },

aloof-leather-66267

05/24/2023, 2:19 AM

I have a stack that has thousands of resources. Recently, Pulumi decided that many of them need to be replaced because the

name

changed, but in reality, nothing has changed. Why is this, and how can I fix it?

hallowed-camera-71190

05/24/2023, 4:40 AM

Hey, bit of a random question about how Pulumi works. TLDR we have an existing stack with state stored in GCP and interacting with Gitlab. Pulumi had been working fine with creating repos etc. We recently refreshed the token used to authenticate to Gitlab, and now see 401 errors when trying to do any operation with a refresh. Playing around with config, I noticed that even when I changed all references to the host url, the refresh is failing with 401 against the old value. I'm wondering if Pulumi is storing the old config in state and trying to use that for the refresh instead of the updated local values?

fancy-pharmacist-39201

05/24/2023, 7:01 AM

I think I have exactly the same problem as immediately above (my creds rotated and there's stale state stuck in the providers), this time with the Cloudflare and DigitalOcean providers, but I can't fix it with

pulumi up

because Pulumi incorrectly thinks it needs to recreate all my resources. I tried

pulumi stack export

but I don't know with what to replace the

token

and

apiToken

input and output strings in the providers: when I replace them with the appropriate encrypted values from my

Pulumi.<stack>.yaml

file, I get "could not deserialize deployment: invalid character 'Y' after top-level value" on the import, so presumably they need to be somehow different between the state file and the stack config file. I also tried

pulumi refresh --target <urn of the provider>

, but that appears to have been a no-op; and

pulumi up --target <urn of the provider>

said there was no resource with that URN. How can I tell Pulumi to use the correct credentials in a refresh operation?

tall-computer-65747

05/24/2023, 9:26 AM

Hi all 👋 I've noticed recently that when running a

pulumi refresh

I'm seeing a lot of timeout errors around Kafka ACLs and service accounts. This wasn't an issue before but seems to correlate with onboarding more Kafka service accounts. If I retry the refresh multiple times it eventually persists, but this isn't ideal. I was wondering if anyone has encountered this before? Or if it is pulumi getting rate limited by the Confluent API? Thanks 🙂

gorgeous-monkey-78209

05/24/2023, 10:10 AM

Howdy folks! We're trying to update our AKS Cluster to enable a feature that's only available from

v2023-02-01

of the Azure API, which was available in the v1.99.0 Pulumi provider but we're running in to problems with Pulumi refusing to acknowledge the new AKS SKU name change that's mandatory from that version onwards. We thought we'd try a newer provider version and see if it had a newer API too but the latest API version available in v1.99.1 and up has dropped back to

v2023-01-01

. Would it be advisable to open an issue on GitHub or has anyone got any advice on if they've encountered similar issues with versioning? Thanks muchly!

adorable-analyst-27426

05/24/2023, 11:50 AM

Any can help out on https://pulumi-community.slack.com/archives/C84L4E3N1/p1684886383718459

red-airline-54646

05/24/2023, 12:29 PM

we have the ff in our azure pipeline. we are trying to authenticate using service principal. but preview throws an error saying

error: obtain subscription(***) from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.

any thoughts what's missing?

Copy code

- bash: |
      echo "Pulumi: $(pulumi version)"
      pulumi login <azblob://platform>
      pulumi stack select ${{ parameters.stack }}-${{ parameters.environment }}
    displayName: Login to Pulumi

  - bash: |
      # Configure azure-native provider.
      pulumi config set azure-native:tenantId $(tenant-id)
      pulumi config set azure-native:subscriptionId $(subscription-id)
      pulumi config set azure-native:clientId $(app-id)
      pulumi config set azure-native:clientSecret $(app-secret) --secret

      # Configure azuread provider.
      pulumi config set azuread:tenantId $(tenant-id)
      pulumi config set azuread:clientId $(app-id)
      pulumi config set azuread:clientSecret $(app-secret) --secret
    displayName: Configure Pulumi providers

cool-dress-96114

05/24/2023, 4:36 PM

Hi there, question about https://www.pulumi.com/docs/concepts/secrets/#available-encryption-providers. How does Pulumi handle AWS managed key rotations (once a year): https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-aws-managed-keys

Copy code

Note
In May 2022, AWS KMS changed the rotation schedule for AWS managed keys from every three years (approximately 1,095 days) to every year (approximately 365 days).

New AWS managed keys are automatically rotated one year after they are created, and approximately every year thereafter.

Existing AWS managed keys are automatically rotated one year after their most recent rotation, and every year thereafter.

Will this break our stacks / all of our secret configuration?