using

docker.Image

to build an image and running into some weird behavior, it doesn't seem to be respecting the registry I passed to the image. with the typescript runtime:

const image = new docker.Image('app', {
  imageName: 'org/app:latest',
  build: {
    context: '...',
    dockerfile: '...',
  },
  registry: {
    server: '<http://ghcr.io|ghcr.io>',
    username: 'user',
    password: 'password',
  },
});

this logs: error: Error: ' docker push org/app:latest-3c7ccbb9189753d00babbc9390eee3fa9ae7594d2b8642241ea7b139898c695c' failed with exit code 1 The push refers to repository [docker.io/org/app] error: denied: requested access to the resource is denied it seems to me like the push is being attempted to the

<http://docker.io|docker.io>

registry when I've specified

<http://ghcr.io|ghcr.io>

as a registry

Hi. Um... this is me not really understanding TypeScript or not properly reading the API documentation, so please bare with me as it's most likely a PEBKAC issue. But at this point I really do appreciate any help. I am trying to attach a public static IP to an AKS loadbalancer created with azure native ManagedCluster constructor. This is how I create the IP, which I am sure it's all good:

const publicIPAddress = new azure_native.network.PublicIPAddress(`ipaddr-${environmentLabel}`, {
    idleTimeoutInMinutes: 10,
    publicIPAddressVersion: "IPv4",
    publicIPAllocationMethod: "Static",
    publicIpAddressName: `ip-lb-testaks-${environmentLabel}`,
    resourceGroupName: `mc_${managedClusterName}`,
    sku: {
        name: "Standard",
        tier: "Global",
    },
    dnsSettings: {
        //domainnamelabel.location.cloudapp.azure.com => <http://testaks.northcentralus.cloudapp.azure.com|testaks.northcentralus.cloudapp.azure.com>
        domainNameLabel: "testaks"
    }
});

This is how I try to inject the property in containerservice.ManagedCluster constructor:

networkProfile: {
		networkPlugin: "azure",
		serviceCidr: "10.10.0.0/24",
		dnsServiceIP: "10.10.0.10",
		dockerBridgeCidr: "172.17.0.1/16",
        loadBalancerProfile: {
            outboundIPs: {
                publicIPs: publicIPAddress.id
            } 
        },  
	},

Right out of the box I get the following error on the

publicIPs: publicIPAddress.id

line:

Type 'Output<string>' is not assignable to type 'Input<ResourceReferenceArgs>'.
  Type 'Output<string>' is not assignable to type 'OutputInstance<ResourceReferenceArgs>'.
    Types of property 'apply' are incompatible.
      Type '{ <U>(func: (t: string) => Promise<U>): Output<U>; <U>(func: (t: string) => OutputInstance<U>): Output<U>; <U>(func: (t: string) => U): Output<...>; }' is not assignable to type '{ <U>(func: (t: ResourceReferenceArgs) => Promise<U>): Output<U>; <U>(func: (t: ResourceReferenceArgs) => OutputInstance<U>): Output<...>; <U>(func: (t: ResourceReferenceArgs) => U): Output<...>; }'.
        Types of parameters 'func' and 'func' are incompatible.
          Types of parameters 't' and 't' are incompatible.
            Type 'string' has no properties in common with type 'ResourceReferenceArgs'.ts(2322)

Can anyone please provide me with some clarity what I'm doing wrong here?

Hello everyone, I have a weird question. I am using Pulumi for Snowflake management and I have created a series of resources that I want to apply to my Snowflake account. I want to create a Database and then a Schema that exist inside that database. Database code

db_prod = snowflake.Database(
    "MY_DB",
    name="MY_DB"
)

Schema code

schema = snowflake.Schema(
    f"{db_prod.name}|MY_SCHEMA",
    name="MY_SCHEMA",
    database=db_prod,
    is_managed=True
)

My problem is that I cannot get the name of my database based on the

db_prod

object. I know that the object has not been evaluated yet, but is there any way to extract the name of my database and use it in my schema? My naive solution is to assign the name of the database in a variable and then use the variable in both places.

Maybe i should have posted my question here 😄

Hello everyone! I have a project in mind... I want to offer a simple webui with 2-3 fields, an option to pick an "image" and an "OK" button, people can go to that webUI, make options and click ok. After that, I want to trigger pulumi to deploy an environment with these specific options. I would like to use pulumi-python maybe with django or flask, maybe my own restAPI later on. How would I start with this? I might see a way to prepare the basic python config and everything, but im struggling with with "pulumi up" ? And how can I make that one pulumi work with different stacks? Is there an example anywhere or a write down on how to approach that?

I think I found it here - https://github.com/pulumi/automation-api-examples/tree/main/python/pulumi_over_http ? Am I right?

any hint on how to format helm values in python ? specifically tuples ? ie. helm values type:

extraVolumes:
  - type: 'secret'
    name: 'creds'

It doesn't really fit the "dict" pattern. that the examples used on the website/github is referring to

Guys, a bit of ts help please. I don't understand what pulumi is expecting here as input. There is pulumi.input<pulumi.input twice of which the first is I guess an array?

interface ManagedClusterLoadBalancerProfileOutboundIPsArgs {
        /**
         * A list of public IP resources.
         */
        publicIPs?: pulumi.Input<pulumi.Input<inputs.containerservice.ResourceReferenceArgs>[]>;

so...

publicIPs: what_exactly

?? The following is clearly not correct:

{
   publicIPs: ipresource.id
}

Let's say I can't run pulumi on target clusters at the same time. Instead of building a multi provide plan I need to change the kubeconfig in a new run on a new agent. (Not using operator). Is Pulumi going to be "additive" if the logical urns are unique and just add new content to tracking or similar to terraform where if it doesn't exist in the current plan it's considered a destroy/remove? Dealing with some uncontrollable credentials that might require me to stop looping on cluster and instead run independently.

--- Can I pass normal go flags or just ENV vars to pulumi when executing? I want to write a little logic for flipping to a yaml render output, but store state locally as it's just for experimentation. Didn't know if I could add flags/parameters or I should use env variables instead.

Has anybody an example on setting up a mysql server on azure along with a few databases? I am trying to do that, but I keep getting an error like the following, and I have no idea where to look…

error: Could not connect to server: Error 9999: An internal error has occurred. Please retry or report your issues.

I just found a few resources explaining some SSL stuff… But even if I disable SSL I get the same error…

Hi there, I'm provisioning some SQS queue policies that are timing out when pulumi runs. I'm pretty sure this is an issue with the provider being slow because on subsequent runs more and more policies resolve. I've set a custom timeout on the resource however it still seems like the timeout is only two minutes when pulumi runs. Is this a bug? Or have I missed something in how custom timeouts are set? The creation code for the queue is this:

new QueuePolicy(
                $"policy-name",
                new QueuePolicyArgs
                {
                    QueueUrl = queue.Id,
                    Policy = policyJson
                },
                new CustomResourceOptions
                {
                    Provider = provider,
                    Protect = isQueueProtected,
                    DependsOn = queue,
                    CustomTimeouts = new CustomTimeouts 
                    { 
                       Create = TimeSpan.FromMinutes(30),
                       Update = TimeSpan.FromMinutes(30),
                    }
                }
            );

However the error message from the pulumi deploy is where the timeout is echoed as

2m0s

aws:sqs:QueuePolicy (policy-name):
    error: 1 error occurred:
    	* creating urn:pulumi:*******: 1 error occurred:
    	* error waiting for SQS Queue Policy (<https://sqs.us-west-1.amazonaws.com/*****>) to be set: timeout while waiting for state to become 'equal' (last state: 'notequal', timeout: 2m0s)

Really appreciate any advice on this. Thank you.

Hi there, I have two resources:

resource1

and

resource2

.

resource2

depends on

resource1

, but there's no explicit relationship. How can I ask Pulumi to deploy

resource1

first and

resource2

afterwards?

Is it possible to get config values from a default provider? I want to get the default project assigned to the GCP default provider. To work around I can add another config key for project, but it seems strange to have both

gcp:project

and

<namespace>:project

set in config

What's the proper way to set a value such as a sensitive database connection string as an exported value, yet it's a secret, so that it could be imported as a stack reference for another stack that needs to setup configs to this database. I'm using Go fyi.

how can I deploy something from Google's Kubernetes App Marketplace to a GCP GKE cluster with Pulumi? I struggled to find documentation for this https://console.cloud.google.com/kubernetes/application https://github.com/kubernetes-sigs/application/blob/master/README.md

Hi, Why if I set

parent=parent_id

to a resource Pulumi wants to delete this resource? Is that expected behaviour?

I'm stuck on a critical issue for readying a new pulumi prod deployment. I have to run azure service connections and kubernetes service connections. I know azure one is supported but I need to now deployment k8 deployment to kubernetes using k8 SVC role. Before I had secret kubeconfig embedded. Now I need to rely on service connection to kubernetes using SVC account credential. Is this possible with azure DevOps extension in Pulumi or is there another approach I should look at?

I’m trying to setup continuous deployment within my CI. So I created a GCP service account, in a global project, and I gave it select access rights to my environments projects so that it can only update what I think it should be able to.

// Define Semaphore SA access rights
["roles/run.developer"].map(
  (role) =>
    new gcp.projects.IAMMember(`semaphoreci-${role}`, {
      project: configs.gcp.project,
      role,
      member: pulumi.interpolate`serviceAccount:${configs.semaphore.serviceAccountEmail}`,
    })
);

It fails to deploy though when I try to get the project number this way:

gcp.organizations.getProject().then((project) => project.number)

I tried adding several roles to my service account so that it can execute that command but it keeps failing saying that I need to allow the Cloud Resource Manager API (it is already enabled). Anyone knows how to allow a service account from another project to be able to execute that command?

Good morning. Trying to generate a random password for an RDS database and then save the password as a secret to AWS Secret Manager. The secret gets created, but the password is always "{}". What am I doing wrong?

//Create RDS Secret
        var config = new Pulumi.Config();
        string dbUser = config.Get("rdsUser").ToString();

        var password = new Random.RandomPassword("chpm-rds-password", new Random.RandomPasswordArgs
        {
            Length = 16,
            Special = true
        });



        var rdsSecret = new AwsClassic.SecretsManager.Secret("CHPM-DB-Secret");
        var secretObject = new
        {
            UserName = dbUser,
            Password = password.Result,
            Endpoint = "test"
        };

is anyone wrote aws lambda canaries synthetics using Pulumi? I dont see anything in its CloudWatch sdk.

still having trouble creating resources with user-assigned identities:

var languageIdentity = new AzureNative.ManagedIdentity.UserAssignedIdentity(name, new AzureNative.ManagedIdentity.UserAssignedIdentityArgs
        {
            ResourceGroupName = _cognitiveRg.Name,
            ResourceName = name
        });
        languageIdentity.Id.Apply(id =>
        {
            var langStorageAssignment = new AzureNative.Authorization.RoleAssignment("lang-storage-assignment", new AzureNative.Authorization.RoleAssignmentArgs
            {
                PrincipalType = AzureNative.Authorization.PrincipalType.ServicePrincipal,
                PrincipalId = languageIdentity.PrincipalId,
                RoleDefinitionId = "/subscriptions/xxx/providers/Microsoft.Authorization/roleDefinitions/ba92f5b4-2d11-453d-a403-e96b0029c9fe", // storage blob data contributor
                Scope = _coreRef.GetOutput("StorageAccountId").Apply(sa => Convert.ToString(sa) ?? string.Empty)
            });
            var searchContributorAssignment = new AzureNative.Authorization.RoleAssignment("lang-search-contributor", new AzureNative.Authorization.RoleAssignmentArgs
            {
                PrincipalType = AzureNative.Authorization.PrincipalType.ServicePrincipal,
                PrincipalId = languageIdentity.PrincipalId,
                RoleDefinitionId = "/subscriptions/xxx/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
                Scope = _searchService?.Id ?? throw new Exception("Search Service not available")
            });
            language = new Account(name, new AccountArgs
            {
                Kind = "TextAnalytics",
                AccountName = name,
                Identity = new AzureNative.CognitiveServices.Inputs.IdentityArgs
                {
                    Type = AzureNative.CognitiveServices.IdentityType.UserAssigned,
                    UserAssignedIdentities =
                    {
                        { 
                            id,
                            new AzureNative.CognitiveServices.Inputs.UserAssignedIdentityArgs { PrincipalId = languageIdentity.PrincipalId } 
                        }
                    }
                },
// ...

the Identity section for

language

doesn't work, but it's the only way I can see that compiles

does someone have an example of (any) resource being created with user-assigned identity?

Hello, whats the currently recommended way to use existing ServiceCatalog/Cloudformation templates with pulumi and python? What i have tried so far: 1. The template converter (https://www.pulumi.com/cf2pulumi/) but that leads to a bug https://github.com/pulumi/pulumi-aws-native/issues/429 2. Importing (for example) IAM users with “pulumi import aws:iam/user:User…” but the resulting code is missing properties that are present/configurable in my existing template So how would i best go about using an existing IAMUser template, import it into pulumi and pass in the required variables to create different IAM users?

Hello. Completely new to this. I've inherited a

csproj

that looks like this. What do I do with it?

I downloaded something and added

C:\Users\Richard Barraclough\.pulumi\bin

to my

%PATH

but running the programme just says

System.InvalidOperationException: 'Program run without the Pulumi engine available; re-run using the

pulumi

CLI'

It can't possibly do anything in Azure because it has no credentials. I see there are two things in the pulumi website that seem to correspond to the two yml files, but again there are no credentials so I don't see how they're relevant

OK, so it's not actually a C# programme, it's just something for the

pulumi

command to read. And it needs AzureCLI installing So what about the yml files? Thre seems to be some information that's written in C# and some more information that's written in yml?