• o

    orange-wire-16250

    4 months ago
    To me, I see yml files as defining configuration for your various environments. Seems like you would want some "global" configuration defined at the root level, with maybe some project specific configuration defined at the project level.
    o
    a
    4 replies
    Copy to Clipboard
  • s

    strong-intern-84363

    4 months ago
    Hey lovely community ! Can someone help me to understand this ? Let’s imagine that I have a piece of code that creates a GCP service account, a custom role (both works fine) and a IAM Binding to assign this role to this service account (this one fails) Here is my IAM binding call
    sarolebinding = gcp.projects.IAMBinding(
                f"sa-role-binding-{self.projectName}-owner",
                role=self.role,
                project=self.project.name,
                members=[f"serviceAccount:{self.service_account.email}"],
            )
            return sarolebinding
    This fails with the following error
    Request `Set IAM Binding for role "projects/app-burger-nonprod-wzj/roles/projectOwner" on "project \"app-burger-nonprod-wzj\""` returned error: Error applying IAM policy for project "app-burger-nonprod-wzj": Error setting IAM policy for project "app-burger-nonprod-wzj": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7fbf29648640>)., badRequest
    Looks like the service_account.email field is wrong. How can I refer to the email of the newly created service account and use it as the value of the members arguments ? Thanks for reading, have a nice day.
  • e

    elegant-architect-38580

    4 months ago
    Hey! I'm checking out if the typescript component package provider boilerplate to see if it will work for my use case of internally creating a reusable infrastructure component in my Organization. My issue is that I am not able to make the make commands
    make install_provider
    and
    make generate
    create nodejs sdk which defines the package in "@<my org>/<package name>". The package.json always builds the package name like this: "name": "@pulumi/xyz" Is this boilerplate and component package provider in general only for publishing packages to the public registry or is there something I'm missing?
    e
    b
    6 replies
    Copy to Clipboard
  • f

    future-window-78560

    4 months ago
    Hey Team!How can we create a GCP project through pulumi with the same PROJECT_ID on GCP different accounts? It is really important for me to know this since the resources I am creating thru pulumi IAC are utilized in the CICD pipeline, therefore I really need to have fixed Project_ID to avoid any manual changes and smooth CICD deployment.
  • f

    few-yacht-11623

    4 months ago
    Hi everyone, I’m just getting started trying out Pulumi with some basic state. I have an S3 bucket and a EB Environment defined in a single
    index.ts
    file and I’m trying to refactor this into multiple files/directories. However, I’m getting inconsistent import behavior once I split these files into different directories.
    pulumi preview
    will sometime show 0 changes, sometimes it will try to delete my EB environment that’s a few layers of imports deep. I put log statements in my files and it looks like sometimes it doesn’t import the file it’s defined in. 1. Are there any articles/docs on refactoring pulumi programs I can read? 2. Do files need to have an export to be processed for pulumi state? My EB env is just declared as a
    const
    variable without exporting anything, and I’m wondering if that might be part of my issue. 3. Does pulumi cache my input program in any way?
    f
    s
    7 replies
    Copy to Clipboard
  • s

    sticky-answer-6826

    4 months ago
    Hi, have a basic question: how do I add an item to a list in the config using the CLI? I tried
    pulumi config set aws:allowedAccountIds [0000000]
    but I get an error of “zsh: no matches found: [000000]”
    pulumi config set aws:allowedAccountIds 000000
    works but adds it as a value.
    s
    l
    10 replies
    Copy to Clipboard
  • a

    acceptable-shoe-64654

    4 months ago
    Hi everyone, Do we have any work around to destroy the stack when the passphrase is lost?
    a
    b
    2 replies
    Copy to Clipboard
  • b

    boundless-queen-72669

    4 months ago
    Hi Everyone , Is it possible to set config locally instead of pushing everything to api.pulumi.com/organisation-name ? for example , i would like to keep the below configuration very local , just keep it within my local vault server probably ? pulumi config set vsphere:user "blahblah123" pulumi config set vsphere😛assword "passpass --secret pulumi config set vsphere:vsphereServer "some.server.goat.com"
  • b

    boundless-queen-72669

    4 months ago
    if it is possible , then how to achieve it ?
  • f

    fancy-eve-82724

    4 months ago
    @boundless-queen-72669 you can 'login' to pulumi to store your stack state in various backends. You can store the state on your local machine if you want using
    pulumi login file:///path/to/store
    or
    pulumi login --local
    . I use Amazon S3. See https://www.pulumi.com/docs/reference/cli/pulumi_login/
    f
    b
    2 replies
    Copy to Clipboard