pulumi-community #typescript

few-dog-41530

05/15/2019, 5:29 PM

hey guys. I am trying to deploy a google cloud function

few-dog-41530

05/15/2019, 5:29 PM

however, I get the following error:

few-dog-41530

05/15/2019, 5:29 PM

Copy code

Diagnostics:
  pulumi:pulumi:Stack (calendribe-nestjs-auth0-mgmt-gcp-functions-test):
    error: update failed
 
  gcp:cloudfunctions:Function (hello):
    error: Plan apply failed: googleapi: Error 400: The request has errors, badRequest

few-dog-41530

05/15/2019, 5:30 PM

any idea as to how to troubleshoot this?

few-dog-41530

05/16/2019, 5:50 PM

So I’ve been struggling with figuring out what was wrong with my function. After much troubleshooting, I figured out that google cloud doesn’t allow to set

NODE_ENV

as an environment variable. However, it took me forever to figure out because pulumi gave me the unhelpful error

Error while updating cloudfunction configuration: googleapi: Error 400: The request has errors, badRequest

few-dog-41530

05/16/2019, 5:52 PM

However, running

gcloud functions deploy hello --update-env-vars NODE_ENV=production --trigger-http --runtime nodejs8

few-dog-41530

05/16/2019, 5:52 PM

gives the much more helpful output:

Copy code

ERROR: (gcloud.functions.deploy) ResponseError: status=[400], code=[Bad Request], message=[The request has errors
Problems:
environment variable name NODE_ENV is reserved by the system: it cannot be set by users
]

few-dog-41530

05/16/2019, 5:52 PM

is there a way for Pulumi to capture this?

few-dog-41530

05/16/2019, 5:58 PM

Opened new issue: https://github.com/pulumi/pulumi-gcp/issues/150

average-france-63073

05/17/2019, 12:22 PM

Hello, I'm making a mistake somewhere, probably something trivial... I'm trying to use an existing sec group, I've tried eksClusterSecuriytGroup: "group-name" nodeSecurityGroup: "group-name" I'm getting nowehere, also looked at vpcConfig, can't get that to work either, what works in clusteroptions: Object literal may only specify known properties, but 'eksClusterSecurityGroup' does not exist in type 'ClusterOptions'. Did you mean to write 'clusterSecurityGroupTags'?

average-france-63073

05/17/2019, 12:22 PM

help or docs pointers appreciated, total noob.

average-france-63073

05/17/2019, 12:42 PM

Essentially what i want to do is use some existing config, VPC, subnets, SecGroups, with a new EKS cluster.

cuddly-barista-79466

05/21/2019, 5:28 PM

Question here trying to use a get function to retrieve AWS ARN by name for an array of names to then be used in creating a policy document, but i am getting hung up on the pulumi output string type to string along with the callbacks not seemingly working effectively in the policydocument. Snippet of code that I am using here

Copy code

import * as pulumi from '@pulumi/pulumi';
import * as aws from '@pulumi/aws';
pulumi.getStack;

const sopsUsers = ['Role1', 'Role2', 'Admins'];

const getsopsUsersArns = sopsUsers.map(r => {
  const role: pulumi.Output<
    pulumi.UnwrappedObject<aws.iam.GetRoleResult>
  > = pulumi.output(
    aws.iam.getRole({
      name: r
    })
  );
  return role;
});

export const sopsUsersArns = getsopsUsersArns.map(i => i.apply(a => a.arn));
const keyPolicyDocument = pulumi.output(
  aws.iam.getPolicyDocument({
    statements: [
      {
        sid: 'Allow attachment of persistent resources',
        effect: 'Allow',
        principals: [
          {
            type: 'AWS',
            identifiers: getsopsUsersArns.map(i => i.apply(a => a.arn))
          }
        ],
        actions: ['kms:CreateGrant', 'kms:ListGrants', 'kms:RevokeGrant'],
        resources: ['*'],
        conditions: [
          {
            test: 'Bool',
            variable: 'kms:GrantIsForAWSResource',
            values: ['true']
          }
        ]
      }
    ]
  })
);

const key = new aws.kms.Key('sopsKey',
  {
    policy: keyPolicyDocument.json
  }
);

const alias = new aws.kms.Alias('alias/sopsKey',
  {
    targetKeyId: key.keyId
  }
);

export const kmsKeyName = alias.name;

lively-lifeguard-43619

05/30/2019, 1:54 PM

hello, wondering if anyone here has integrated their pulumi scripts to leverage hashicorp vault...looking for examples/ideas/direction? .... a little more context, I had previously setup my terraform scripts to pull gcloud credentials from vault + read/write secrets. looking to do the same with pulumi

stocky-spoon-28903

05/30/2019, 2:12 PM

Hi @lively-lifeguard-43619! Right now we don’t have a Vault provider, but because your program is actual code, there’s no reason you can’t use one of the javascript SDKs for vault to query values and configure them from there

lively-lifeguard-43619

05/30/2019, 2:15 PM

thanks @stocky-spoon-28903...would it make sense to use the terraform bridge with the terraform vault provider?

stocky-spoon-28903

05/30/2019, 2:17 PM

That really depends - the Terraform vault provider ends up with secret values stored in the state file

stocky-spoon-28903

05/30/2019, 2:17 PM

If that is acceptable to you we could pretty easily bridge the vault provider

lively-lifeguard-43619

05/30/2019, 2:39 PM

i wasn't too concerned about that because i was storing the state file in a google cloud bucket with limited access...i guess i'll try out some Javascript SDKs

billions-lock-80282

06/06/2019, 10:35 AM

Hi, I've created EKS and EFS resources in AWS but now want to update the nodeUserData property of the EKS cluster as a separate action. Can anyone please advise how to do this? Its a property of the ClusterOptions interface.

sticky-camera-42272

06/07/2019, 1:54 PM

Hello everyone. I am trying to use Pulumi to create an AWS codebuild resource, but the documentation is a little unclear on how to connect to a private GitHub repo. The projectArgs#source property docs (https://pulumi.io/reference/pkg/nodejs/pulumi/aws/codebuild/#ProjectArgs-source) say that the

Source blocks are documented below

but they don't actually seem to be documented anywhere. Are there any examples of how to do what I need?

square-bear-79319

06/12/2019, 3:36 PM

Hello everyone. Am trying to create unit tests for a Pulumi project which installs a specific version of istio on an existing cluster. The version of the istio is provided as part of the Pulumi.dev.yaml. When running the Unit tests, mu understanding is this has to be passed as part of the

PULUMI_CONFIG="{ \"aws:region\": \"us-east-1\", \"istio_version\": \"1.1.7\" }"

, but it does not seem to work. When i output the config values. it only has the value of the name which is part of

PULUMI_NODEJS_PROJECT="wawa-runtime-istio";

. In general, PULUMI_CONFIG does not seem to take the values provided and is not working as intended. Any help on this is much appreciated.

Copy code

Config { name: 'wawa-runtime-istio' }


Error: repo istio-undefined not found
Error: repo istio-undefined not found
(node:22548) UnhandledPromiseRejectionWarning: Error: Error: Command failed: helm fetch istio-undefined/istio-init --untar --version undefined --destination C:\Users\guptak1\AppData\Local\Temp\1\tmp-22548iGyXL4S208pz
Error: repo istio-undefined not found

jolly-egg-4894

06/13/2019, 2:24 PM

Copy code

const topic = new aws.sns.Topic("sns");

topic.onEvent("event", async (event) => {
	console.log(event);
});

error: Plan apply failed: deleting urn:pulumi:pulumi-peoplehr::pulimi-peoplehr::cloud:topic:Topic$aws:sns/topic:Topic::sns: InvalidParameter: Invalid parameter: TopicArn

cuddly-barista-79466

06/13/2019, 6:56 PM

How would I convert this Terraform to Typescript? This is part of the vsphere Clone/Customize when creating a new VM. Would like to be able to increment an IP Address while in a loop

ipv4_address    = "${cidrhost(var.vsphere_vm_int1_network_address, var.vsphere_vm_int1_network_address_start + count.index)}"

gray-manchester-37402

06/18/2019, 5:57 PM

Hi everyone. Is it possible to use a custom resource like Istio Gateway or any other custom kubernetes resources as YAML (or JSON-ified YAML)? I know it's a method available that can load from file, but then I end up with both a set of javascript/typescript files and a bunch of YAML files.

plain-businessperson-30883

06/19/2019, 3:18 PM

I’m having some trouble with

aws.iam.getPolicyDocument

. I need to set a KMS Key in the

resources

field, but I get an error

error TS2322: Type 'Output<string>' is not assignable to type 'string'.

. It seems the interface expects a string

resources?: string[];

. Is there a way to convert the

Output<string>

string

? The only thing I see is to not use the

aws.iam.getPolicyDocument

. I see other thread here with a similar issue, but no answer was given: https://pulumi-community.slack.com/archives/CJ909TL6P/p1558459714056300

white-balloon-205

06/19/2019, 3:19 PM

In general, you have to call

.getFoo

inside an

.apply

on the Output.

plain-businessperson-30883

06/19/2019, 3:19 PM

I tried, but the apply still returns an Output.

swift-postman-59572

06/22/2019, 12:16 AM

Hello! I was wondering if anyone has created an ECS cluster that is placed inside an existing security group. This is what I'm currently work with and it's complaining that I'm passing a string and not a type of awsx.ec2.securityGroupOrId[]

Copy code

const config = new pulumi.Config();
const existingSecurityGroup = config.require('existingSG');
const cluster = new awsx.ecs.Cluster(`app-${env}`, {
  securityGroups: [existingSecurityGroup],
  vpc: vpc,
  name: `app-${env}`
});

early-match-56268

06/22/2019, 9:27 PM

hi! Could someone help me figure out how to get resources registered with pulumi? my project is structured like

Copy code

pulumi
├── Pulumi.dev.yaml
├── Pulumi.yaml
├── README.md
├── gcp
│   ├── README.md
│   ├── index.ts
│   └── k8s.ts
├── index.ts
├── k8s
│   ├── index.ts
│   ├── namespace.ts
│   └── secret.ts
├── package-lock.json
├── package.json
└── tsconfig.json

and in the

pulumi/index.ts

Copy code

import * as gcp from './gcp'

export let devKubeconfig = gcp.devKubeconfig

My problem is that none of resources in the

pulumi/k8s/

dir are getting picked up by pulumi when i run

pulumi up

. If I import the resources and then export one of them in the

pulumi/index.ts

then they show up. Trying to figure out what I am doing wrong