Is there a reason s3 buckets that are moderately large take exponentially longer to delete than using the console? With some of our log s3 buckets it causes a timeout every time we run it and end up having to manually delete.

Hey folks, is there any documentation on the purpose of https://github.com/pulumi/pulumi/blob/994f60b319afdcdac3d81e940de7e875244b3cd1/sdk/nodejs/resource.ts#L853-L868 ? I'd like to refer to constructor args in subclass methods and I don't know what's the canonical way of preserving those args

Hi guys , is there a plan to use npm 7 instead of 6 in the pulumi docker image?

question: how do I flatten nested Outputs? background: I need to upload multiple blobs from locally generated resources (because I deploy multiple services). so I came up with this:

function uploadBinaries() {
    const storageAccount = new storage.StorageAccount("deployments", {
        resourceGroupName: resourceGroupName,
        kind: storage.Kind.StorageV2,
        sku: {
            name: storage.SkuName.Standard_LRS,
        },
    });
    const storageContainer = new storage.BlobContainer("binaries", {
        resourceGroupName: resourceGroupName,
        accountName: storageAccount.name,
        publicAccess: storage.PublicAccess.None,
    });

    const blobs= filesystem.readdirSync(cfg.require("PackagePath")).map(archive => new storage.Blob(archive, {
        resourceGroupName: resourceGroupName,
        accountName: storageAccount.name,
        containerName: storageContainer.name,
        source: new pulumi.asset.FileAsset(archive)
    }));


    const urls= pulumi.all(blobs).apply(bs => bs.map(b => getUrl(b)));

    function getUrl(blob: storage.Blob) : pulumi.Output<string> {
        return  pulumi.all(
            [storageAccount.name, storageContainer.name, resourceGroupName, blob.name, blob.id]).apply(
                ([accountName, containerName, rgName, blobName]) => getSASToken(accountName, containerName, rgName, blobName));
        
    }
    function getSASToken(storageAccountName: string, storageContainerName: string, resourceGroupName: string, blobName: string): pulumi.Output<string> {
        const blobSAS = storage.listStorageAccountServiceSAS({
            accountName: storageAccountName,
            protocols: storage.HttpProtocol.Https,
            sharedAccessStartTime: format(new Date()),
            sharedAccessExpiryTime: format(nextYear()),
            resource: storage.SignedResource.C,
            resourceGroupName: resourceGroupName,
            permissions: storage.Permissions.R,
            canonicalizedResource: "/blob/" + storageAccountName + "/" + storageContainerName,
            contentType: "application/json",
            cacheControl: "max-age=5",
            contentDisposition: "inline",
            contentEncoding: "deflate",
        });
        return pulumi.interpolate `https://${storageAccountName}.<http://blob.core.windows.net/${storageContainerName}/${blobName}?${blobSAS.then(x|blob.core.windows.net/${storageContainerName}/${blobName}?${blobSAS.then(x> => x.serviceSasToken)}`;

        function format(when: Date){
            const year= when.getFullYear();
            const month= 1+when.getMonth();
            const day= 1+when.getDay();
            return `${year}-${pad(month)}-${pad(day)}`;
        
            function pad(n: number){
                return n.toString().padStart(2, '0');
            }
        }
        function nextYear():Date {
            const result= new Date();
            result.setFullYear(result.getFullYear()+1);
            return result;
        }
    }
}

the problem is that

urls

is now of type

Output<Output<string>[]>

instead of

Output<string[]>

. How do I get there? related to that, I will actually need a mapping of archive=>sas-url. This I would create once I got the flattened output, but I thought to mention it in case it has any bearing.

101 question. I want to break up my index.ts file into logical grouping of components rather than have a massive monolith. Is there an example I can study? My attempts to do a module based on relative path so far is not working. Admittedly I'm still studying this typescript doc as ts is still new to me too.

hi all, is there a way to tell Pulumi that something is not a secret so

preview

renders it?

hey everyone - I’ve been using crosswalk as a reference while I write my own components, and everything was going swimmingly until I started work on my VPC component (my order of operations was mess, was trying to create nats before public subnets, etc). it appears that the arch of the vpc component is much different than that of the others, specifically calling typeof VpcData on the top level component resource. I restructured my own component to match, and it obviously works now, but I still cant exactly explain if that typeof call has anything to do with it (I noticed some other issues with my original code going through yall’s), or why it may be necessary in this case. can someone help me understand a bit better what’s going on there/why it’s important in relation to the pulumi engine? thanks!

Hi. I am trying to set up

k8s.helm.v3.Chart

with a subchart (kube-prometheus-stack in particular). I am struggling to pass values to a subchart (kube-state-metrics) that is named in kebab-case. As TS wouldn't accept this as a key I tried to pass it quoted, but this doesn't seen to work Is there a magic syntax I am missing here? Thanks!

'kube-state-metrics': {
  collectors: {
    certificatesigningrequests: false,
     mutatingwebhookconfigurations: false,
     }, 
}

Looks like

aws.lambda.CallbackFunction

on windows packages up the files with

\

as the directory separator, and that doesn't go down well with AWS Lambda. Is there a way to change the path separator?

I have another problem with

aws.lambda.CallbackFunction

I have a bit of code that uses a decorator, but the default transpiler can't handle it. Is there a way to use

tsc

or

babel

to do the transpiling correctly?

Hi, I'm looking for a good example on sharing code between microstacks with Pulumi TypeScript

Hello i am trying to creatre s3 bucket using pulumi typescript

const accessLogsBucket = new aws.s3.Bucket(`${project}-access-logs`);
const BucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock("BucketPublicAccessBlock", {
  bucket: accessLogsBucket.id,
  blockPublicAcls: true,
  blockPublicPolicy: true,
});

bucket gets created but its gets id attached to it like this dev-access-logs-cf9291d how to stop getting that id for bucket name

Has anyone had any problems with

LocalWorkspace.removeStack

? The typescript compiler thinks

Property 'removeStack' does not exist on type 'typeof LocalWorkspace'.ts(2339)

and when I run my automation I’m hitting the runtime error

TypeError: automation_1.LocalWorkspace.removeStack is not a function

Hi i am getting below error while trying to use bucket name

Calling [toString] on an [Output<T>] is not supported.

 o get the value of an Output<T> as an Output<string> consider

code :

const accessLogsBucket = new aws.s3.Bucket(dev-access-logs,{bucket:dev-access-logs});
    const accessbucketPolicy = new aws.s3.BucketPolicy(`${accessLogsBucket.id}`, {
      bucket: accessLogsBucket.bucket,
      policy: accessLogsBucket.bucket.apply(accessLogsBucketPolicy)
    })

Hi I usually don’t get this error in any of our pulumi projects but here it is:

error: 1 error occurred:
    	* error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
    
    Please see <https://registry.terraform.io/providers/hashicorp/aws>
    for more information about providing credentials.
    
    Error: NoCredentialProviders: no valid providers in chain. Deprecated.
    	For verbose messaging see aws.Config.CredentialsChainVerboseErrors

Some notes: 1. The

NoCredentialProviders

part is impossible since the state is pushed into an s3 bucket in the same account and everything works fine (was able to run

pulumi login

&

pulumi stack select

prior to the

pulumi preview

I’m currently trying to run) 2. The credentials are provided by a role annotation on a k8s runner who has access to the aws account 3. Tried downgrading AND upgrading libs (

@pulumi/pulumi

,

@pulumi/aws

&

@pulumi/awsx

) because of known past issues with aws providers 4. I tried configuring the provider the most explicit way possible and it still doesn’t work

new aws.Provider(name, {
    skipCredentialsValidation: false,
    skipMetadataApiCheck: false,
    skipGetEc2Platforms: false,
    skipRequestingAccountId: false,
    skipRegionValidation: false,
    region: this.region,
});

I don’t know where to look next to understand why this doesn’t work as expected. Thank you in advance for any feedback.

Hello Pulumi friends. I'm playing around with creating pulumi component providers using this example. and one of the properties of the component I am creating is an Azure App Service. The example uses an S3 bucket and has a

"$ref": "/aws/v4.0.0/schema.json#/resources/aws:s3%2Fbucket:Bucket"

that is in the

schema.json

Does anyone know where can I find the same reference but for the

azure-native:web:WebApp

?

Hi, I'm new to Pulumi and I'm trying to use pulumi with azure durable functions. the language I'm using is typescript. Can I have the guidance to start this or relevant tutorials or documentation to follow?

is there a way to debug (as in attach a debugger, hit breakpoints instead of just logging)? I'm using VS Code

how can I tell pulumi to generate an output from a function that is not in the resource dependency tree? in the example below, when I run pulumi up, deployedVersionCommit is never set. everything else runs fine. another similar function whose return value is used by a resource creation works fine, too. so I'm guessing it has to do with this function not being part of the dependency tree. Is there any way to do what I want?

my typescript-fu is weak 😳 how would I map

azure.types.input.web.NameValuePairArgs[]

to

pulumi.Input<{

        

[key: string]: pulumi.Input<string>;

    

}>

?

I am getting below error while creating s3 bucket policy

error: 1 error occurred:
        * Error putting S3 policy: OperationAborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
        status code: 409, request id: 06R8HNWN81YD21RA, host id: ALhssd0pVm6CT6jM9ge68cfGfY9yOmhSU/CTsogFNKxS4DyFsDgQj6yhcMO=

This is really a refinement of my earlier question. The refined form is: How can I use a pulumi.Input<> as a key in a dictionary? In the code-snippet, the indexer access in line 3 doesn't compile because it says that, understandably, the possible type variants of

nvp.Name

(

OutputInstance<string>

,

Promise<string>,

undefined

) "cannot be used as an index type".

if the name that I need to pass into

kubernetes.apps.v1.Deployment

comes from an

Output<string>

, how can I do that? it only accepts a

string

, not an

Output<string>

. I found this, but am unclear how to use it.

Hello i am trying to create below resources but i am getting error

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
import * as awsx from "@pulumi/awsx";

// Create an AWS resource (S3 Bucket)
const bucketName = "cent-serv-logs";
const accessLogsBucket = new aws.s3.Bucket(`${bucketName}`, {
  bucket: `${bucketName}`,
});

const accessBucketPublicAccessBlock = new aws.s3.BucketPublicAccessBlock(
  "accessBucketPublicAccessBlock",
  {
    bucket: accessLogsBucket.id,
    blockPublicAcls: true,
    blockPublicPolicy: true,
    ignorePublicAcls: true,
    restrictPublicBuckets: true,
  }
);

const accessbucketPolicy = new aws.s3.BucketPolicy(
  `central-server-access-logs-policy`,
  {
    bucket: accessLogsBucket.bucket,
    policy: accessLogsBucket.bucket.apply(accessLogsBucketPolicy),
  }
);

function accessLogsBucketPolicy(bucketName: string) {
  return JSON.stringify({
    Version: "2012-10-17",
    Id: "AWSConsole-AccessLogs-Policy-16287xxxx",
    Statement: [
      {
        Sid: "AWSConsoleStmt-16xxxx",
        Effect: "Allow",
        Principal: {
          AWS: "arn:aws:iam::79787xxx:root",
        },
        Action: "s3:PutObject",
        Resource: `arn:aws:s3:::${bucketName}/*`,
      },
      {
        Sid: "AWSLogDeliveryWrite",
        Effect: "Allow",
        Principal: {
          Service: "<http://delivery.logs.amazonaws.com|delivery.logs.amazonaws.com>",
        },
        Action: "s3:PutObject",
        Resource: `arn:aws:s3:::${bucketName}/*`,
        Condition: {
          StringEquals: {
            "s3:x-amz-acl": "bucket-owner-full-control",
          },
        },
      },
      {
        Sid: "AWSLogDeliveryAclCheck",
        Effect: "Allow",
        Principal: {
          Service: "<http://delivery.logs.amazonaws.com|delivery.logs.amazonaws.com>",
        },
        Action: "s3:GetBucketAcl",
        Resource: `arn:aws:s3:::${bucketName}`,
      },
    ],
  });
}

error:

error: 1 error occurred:
        * Error putting S3 policy: OperationAborted: A conflicting conditional operation is currently in progress against this resource. Please try again.
        status code: 409,

used example from here https://www.pulumi.com/docs/aws/s3/#create-an-aws-s3-resource-using-pulumiaws

Hi all, I’m trying to create a workaround for https://github.com/pulumi/pulumi/issues/2661 (yarn 2/3 workspaces). What are the exact requirements for

aws.lambda.CallbackFunction

?

Hi, I’m looking for a good example on sharing code between microstacks with Pulumi TypeScript. I can’t seem to find a typescript config that also works with how pulumi expects the file layout

Hi, having trouble implementing this interface to specify a security group id as the source.

export interface SecurityGroupRuleLocation {
    cidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
    ipv6CidrBlocks?: pulumi.Input<pulumi.Input<string>[]>;
    sourceSecurityGroupId?: pulumi.Input<string>;
}

awsx.ec2.SecurityGroupRule.ingress(
  'instance-sg',
  InstanceSg,
  InstanceSg.id, // Type 'Output ' has no properties in common with type 'SecurityGroupRuleLocation'.
  new awsx.ec2.TcpPorts(8080),
)

I am trying to create vpc endpoint service using pulumi example how to access arn of the service ? https://www.pulumi.com/docs/reference/pkg/aws/ec2/vpcendpointservice/#network-load-balancers

Hi, I’m working on building a Component Package that encapsulates our default set of k8s config for apps. I’m writing in TypeScript and currently also calling it from a TypeScript Pulumi program. I was hoping to be able to use resource transformations to allow for additional customization from calling program, but when I pass transformations in, my callback only happens for the top-level ComponentResource and none of the children. I found this issue so it seems like I’m probably just out of luck with using transformations with my multi-language package, but just figured I’d make sure I’m not missing anything dumb. I also tried passing my transformations down to individual resources inside the component but that also doesn’t work, presumably because it’s just not implemented. My assumption at this point is that the top-level resource gets called because it’s considered to be a “native” resource but the children aren’t?

Hello, I have a resource in aws which is not deployed by pulumi but i want to use the existing resource arn from aws in my current pulumi deployment (i think it is called import aws reources or something not sure)