pulumi-community #general

Join the conversation Join Slack

general

busy-umbrella-36067

09/27/2018, 9:58 PM

bummer, was hoping to start using this. project is awesome though Thanks for the info

broad-coat-71198

09/27/2018, 10:04 PM

it works w/ custom roles though

full-dress-10026

09/27/2018, 11:04 PM

Is there a way to pass a config via the CLI to merge in with the file config during an

update

full-dress-10026

09/27/2018, 11:11 PM

Also, is there a way to use the outputs of one stack in another stack? i.e. run stack A which produces Ouput1 and Output2. Run stack B which uses Output1 and Output2.

full-dress-10026

09/27/2018, 11:23 PM

How do I configure the IAM role for a

cloud.Service

via the API?

full-dress-10026

09/28/2018, 2:53 AM

If I require

cloud-aws:externalVpcId

in my code using `Config`:

let config = new pulumi.Config();

config.require("cloud-aws:externalVpcId");

and run

pulumi preview

, I get a message saying

Missing required configuration variable 'services-infra:cloud-aws:externalVpcId'

. Why is the configuration prefixed with my project's name when I already specified a namespace?

full-dress-10026

09/28/2018, 3:53 AM

Oh, I see - you need to use the

cloud-aws.config

package. That result from config.require is still a bit surprising though.

sparse-insurance-40223

09/28/2018, 9:07 AM

https://github.com/terraform-providers/terraform-provider-azurerm/pull/1820#pullrequestreview-159692623 damn so close

sparse-insurance-40223

09/28/2018, 5:14 PM

every other build npm uninstalls pulumi/azure. fun times.

tall-monitor-77779

09/28/2018, 6:51 PM

hey guys, my machine crashed while updating pulumi, now I get the following:

error: the current deployment has 1 resource(s) with pending operations:
  * urn:pulumi:poc-dev::poc::aws:lambda/function:Function::geoLookup, interrupted while updating

tall-monitor-77779

09/28/2018, 6:53 PM

it tells me to do a

pulumi stack export

and

pulumi stack import

but the latter fails to return

creamy-potato-29402

09/28/2018, 6:53 PM

tried

pulumi cancel

creamy-potato-29402

09/28/2018, 6:53 PM

@tall-monitor-77779

tall-monitor-77779

09/28/2018, 6:54 PM

just did, got the same error

tall-monitor-77779

09/28/2018, 6:54 PM

after running

pulumi up

incalculable-sundown-82514

09/28/2018, 6:55 PM

@tall-monitor-77779 How are you running

pulumi stack import

? You need to pipe the output of

pulumi stack export

pulumi stack import

, otherwise

pulumi stack import

waits forever on standard in.

incalculable-sundown-82514

09/28/2018, 6:55 PM

You can also use the

--file

argument to both of those commands to export/import to a file

tall-monitor-77779

09/28/2018, 6:55 PM

d'oh 😓

tall-monitor-77779

09/28/2018, 6:55 PM

lemmi try that

tall-monitor-77779

09/28/2018, 7:04 PM

ok so for the record, this works:

pulumi stack export > export.file
# remove items from pending_operations array
cat export.file | pulumi stack import

tall-monitor-77779

09/28/2018, 7:07 PM

I posted, the following the other day but it got missed, be great to get some direction https://pulumi-community.slack.com/archives/C84L4E3N1/p1537951470000100

full-dress-10026

09/28/2018, 8:59 PM

If I set

cloud-aws:computeIAMRolePolicyARNs

does my list override the defaults or merge with the defaults?

proud-tiger-5743

09/28/2018, 9:02 PM

I'm trying to map arns into an IAM policy but

update

keeps rejecting it. At the top of my code, I declare a bucket called

bucket

and an EC2 called

ec2

. But I'm trying to scope down User access to the bucket and the instance.

policy: JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Effect: "Allow",
        Action: [
          "iam:GenerateCredentialReport",
          "iam:GenerateServiceLastAccessedDetails",
          "iam:Get*",
          "iam:List*",
          "iam:CreateAccessKey",
          "iam:ChangePassword",
          "iam:SimulateCustomPolicy",
          "iam:SimulatePrincipalPolicy"
        ],
        Resource: "*"
      },
      {
        Action: ["s3:*"],
        Effect: "Allow",
        Resource: [bucket.arn]
      },
      {
        Effect: "Allow",
        Action: ["ec2:Describe*"],
        Resource: "*"
      },
      {
        Action: [
          "ec2:StartInstances",
          "ec2:StopInstances",
          "ec2:RebootInstances"
        ],
        Resource: [ec2.arn],
        Effect: "Allow"
      }
    ]
  })

proud-tiger-5743

09/28/2018, 9:03 PM

It fails with the arn in

[]

or without. It also fails with an apply statement

stocky-spoon-28903

09/28/2018, 9:03 PM

@proud-tiger-5743 you’ll definitely need an apply in there

stocky-spoon-28903

09/28/2018, 9:03 PM

but you’ll need to do this differently I think:

proud-tiger-5743

09/28/2018, 9:03 PM

@stocky-spoon-28903 The policy is valid with

"*"

stocky-spoon-28903

09/28/2018, 9:04 PM

policy: bucket.arn.apply(arn => JSON.stringify({...... Resource:[arn] ........}))

stocky-spoon-28903

09/28/2018, 9:04 PM

With

that makes sense, since there isn’t an output to need to wait on

proud-tiger-5743

09/28/2018, 9:05 PM

So how is it that Pulumi can track the dependency of a Policy Attachment to a User, but not a bucket or another resource?