Channels
#typescript
- o
orange-kite-80991
11/21/2021, 7:35 AMHow do I convert an output to an input. I need to create an A-Record using the IP address of my postgresql LoadBalancer. I can acquire the LB-IP but Pulumi complains that 'Output<string>' is not assignable to type 'Input<Input<string>[]>'. The LB-IP values comes from postgresqlChart.getResource("v1/Service", "postgresql").status.loadBalancer.ingress[0].ipsm+3- 6
- 12
- p
proud-pizza-80589
11/21/2021, 3:31 PMFound a chicken and egg problem using pulumi on the CI (maybe due to using yarn 3). Clean machine, yarn install, shows the following error message. Which is logical since pulumi only gets installed a lot later in the build process using the github action. The pulumi run then fails since the plugins are not installed.o- 2
- 3
- w
witty-monitor-18849
11/22/2021, 7:14 PMIs there a way to get an
to work as an argument to a function like [getsubnetids](https://www.pulumi.com/registry/packages/aws/api-docs/ec2/getsubnetids/) where arguments are of typeOutput<string>
and notstring
? Such as:Input<string>Copy codeconst publicSubnets = ec2.getSubnetIds({ vpcId: vpc.id, // Correctly results in "Type Output<string> is not assignable to type 'string' tags: { type: "public", }, })g- 2
- 3
- m
magnificent-lifeguard-15082
11/25/2021, 12:16 PMIs there a way I could, at runtime, hook into (and override) a provider such as aws so that I can prevent its default actions? Essentially I'm trying to, completely isolated and offline, get all registered resources and their inputs. I don't care about resolved outputs and don't want it to hit any aws apis, I'm just wanting to check user input.gb- 3
- 13
- o
orange-kite-80991
11/28/2021, 9:09 PMWhat's the correct syntactic sugar for accessing Config variables that are not prefixed with <stackname>? I have the following config file contents:Copy code
A simple require() or get() can access the mystackname: prefixed values. What's the syntax for accessing the other variables?config: mystackname:SCHEMA: secure: qqqqq mystackname:SCHEMA_CONFIG: https:// azure-native:location: westus2 azure-native:subscriptionId: aaaaaa azure-native:tenantId: bbbbbb fluid:password: secure: ccccccc fluid:username: abc*<http://xyz.com|xyz.com>Copy codeconst config = new pulumi.Config() const schema = config.require( 'SCHEMA' ) // the following don't work const location = config.require( 'location' ) const location = config.require( 'azure-native:location' ) const location = config.require( 'azure-native.location' )l- 2
- 10
- m
magnificent-lifeguard-15082
11/28/2021, 10:32 PMIs there any way to make pulumi less greedy when it comes to collecting properties from exported objects? I understand why it would happen but it's not ideal that even
properties on classes (in ts) end up in output. I had hopedprivate
might give pulumi some more sense as to what should actually be exported but alas, it does not. Context: exporting reference to a ComponentResource instance.registerOutputslg- 3
- 7
- w
wonderful-twilight-70958
11/29/2021, 3:32 PMAny recommended patterns for sharing types across pulumi projects? (I'm new to TS, so maybe the answer is "the regular ts way!", but just thought I'd ask). Also is it an anti-pattern to be exporting complex objects from stacks? Or generally fine?fl- 3
- 2
- f
fast-easter-23401
11/29/2021, 3:40 PMHi everybody, We're migrating resources from TF to Pulumi. We've deployed both
controller andnginx-ingress
using helm. I was wondering if it is possible to import these resources usingcert-manager
. The TS API for helm Releases works like charm when it comes to create new resources, but fails to import existent resources. I manufactured a k8s provider (on GCP) to this end, but got consistently the same error while attempting to import a resource using the class constructor.kubernetes.helm.v3.ReleaseCopy code
And here's my code:kubernetes:<http://helm.sh/v3:Release|helm.sh/v3:Release> (cert-manager): error: Preview failed: failed to download "cert-manager" at version "v1.1.0"Copy code
I'm confident enough that this problem does not relate to the use of my provider (I used it to import successfully secrets, configMaps and some other k8s resources). Thanks for your help and time.const k8sProvider = getKubeconfig(projectId, { name: cluster.name, endpoint: cluster.endpoint, clusterCaCert: cluster.masterAuth.clusterCaCertificate, }); const certManager = new kubernetes.helm.v3.Release( 'cert-manager', { chart: 'cert-manager', version: 'v1.1.0', repositoryOpts: { repo: '<https://charts.jetstack.io>', }, values: { installCRDs: true }, }, { import: 'cert-manager', provider: k8sProvider, protect: true, } ); - w
wonderful-twilight-70958
11/29/2021, 3:49 PMfairly sure the version needs to omit thevff- 3
- 5
- w
wonderful-twilight-70958
11/29/2021, 3:50 PMversion: '1.1.0', - l
little-cartoon-10569
11/30/2021, 1:33 AMI occasionally see queries on how to build JSON using outputs. I'd solved the problem a few times, so it was time to make it re-usable. It's pretty dumb, but it's all I need right now. Simple builder pattern, add the properties you want in the JSON output, then call toJson().🎉 2- 1
- 2
- s
salmon-fish-42319
12/09/2021, 7:36 PMDoes anybody have any pointers on typescript code organization with Pulumi? I'm new to Pulumi in general, and working on building out a few environments containing infra and services. Most of the examples of Pulumi code just use a single index.ts file for defining everything, but I'd like to break it apart into multiple files at least, to try to keep things organized. Do people use components for making code more modular, or are there lighter-weight patterns that people rely on to be able to split up code?wl+2- 5
- 7
- a
able-hair-32695
12/10/2021, 11:35 PMHey there! I’m currently playing around with Pulumi and put together a small proof of concept for managing Github repositories as well as creating OIDC roles in AWS. I’m hoping somebody could take a look and possibly provide some feedback. I just want to be sure that I’m not going about things completely wrong. https://github.com/M1kep/pulumi-learning/tree/main/github-typescript-with-oidcb- 2
- 1
- a
able-hair-32695
12/11/2021, 12:02 AMWhen creating an AWS Role in a
block what’s the proper way to return the role to the caller?pulumi.Allbq- 3
- 5
- s
salmon-fish-42319
12/11/2021, 3:22 AMany pointers to troubleshooting this error?Copy codefailed with an unhandled exception: TypeError: undefined is not iterable (cannot read property Symbol(Symbol.iterator)) at <source path>/node_modules/@pulumi/cluster.ts:416:13 at <source path>/node_modules/@pulumi/output.ts:383:31b- 2
- 6
- o
orange-kite-80991
12/11/2021, 2:51 PMI would like to pull my Azure access params like azure-native:tenantId from the Environment. To be more explicit, I want to pass them in from my Github Action. Currently these params are in Pulumi Config and the azure-native library implicitly loads them:Copy code
What do I need to add to pull the Azure credentials from the Environment?const az_config = new pulumi.Config('azure-native')q- 2
- 3
- e
echoing-activity-32278
12/13/2021, 2:34 PMIn one of my js file, I created a k8s provider withCopy code
How can I reuse this provider in multiple js files? I’d expect someconst provider = new k8s.Provider("k8s", { kubeconfig: stack.getOutput("kubeconfig"), });
stuffpulumi.getResourceByNameb- 2
- 15
- i
important-vegetable-39003
12/15/2021, 12:15 PMHi folks, wanted to ask if it's possible to get and use user input at runtime with
?pulumi up- 1
- 1
- w
witty-monitor-18849
12/15/2021, 6:47 PMDoes anyone have any advice on debugging the following
? To work around it I replace the resource output ARN with a static string but this is not ideal.TypeError: Cannot read property 'arn' of undefinedwl- 3
- 14
- e
echoing-activity-32278
12/16/2021, 7:33 AMHi. How can I enable azure features? I tried this:Copy code
But it erred with:const subscriptionFeatureRegistration = new azure.features.SubscriptionFeatureRegistration( `${clusterName}-features`, { featureName: "EnablePodIdentityPreview", properties: {state: "Registered"}, providerNamespace: "Microsoft.ContainerService", } );Copy codeazure-native:features:SubscriptionFeatureRegistration (example-app2-qa-features): error: cannot create already existing resource '/subscriptions/xxxxxxyyyyyyzzzzzzz/providers/Microsoft.Features/featureProviders/Microsoft.ContainerService/subscriptionFeatureRegistrations/EnablePodIdentityPreview' - e
echoing-activity-32278
12/16/2021, 4:05 PMWhat’s this javascript syntax: pulumi.interpolate
, ? How does the${resources.resourceGroup.name}-nodes
work? This is ain’t a function call though.pulumi.interpolatewh- 3
- 4
- m
miniature-king-36473
12/16/2021, 4:07 PMmakes use of template literals - https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Template_literalsa- 2
- 2
- r
refined-terabyte-65361
12/17/2021, 6:33 PMHello I have a role in aws for which i am trying to attache multiple policies I tried writing it as function and calling it with argsCopy code
but i get errorfunction iam(IamPolicyName: string, IamPolicy: string) { new aws.iam.RolePolicyAttachment(IamPolicyName, { role: role.name, policyArn: IamPolicy, }); } const IamLambdaPolicy = iam( "lambdaFullAccess", `aws.iam.ManagedPolicy.lambdaFullAccess` ); const IamSqsPolicy = iam( "SQSFullAccess", `aws.iam.ManagedPolicy.AmazonSQSFullAccess` );Copy code
This works as expectedaws:iam:RolePolicyAttachment (lambdaFullAccess): error: 1 error occurred: * Error attaching policy aws.iam.ManagedPolicy.LambdaFullAccess to IAM Role lambdaRole-16d99f4: InvalidInput: ARN aws.iam.ManagedPolicy.LambdaFullAccess is not valid. status code: 400, request id: 8a1ea825-46fe-43c6-ab65-a6d23cb8f489 aws:iam:RolePolicyAttachment (SQSFullAccess): error: 1 error occurred: * Error attaching policy aws.iam.ManagedPolicy.AmazonSQSFullAccess to IAM Role lambdaRole-16d99f4: InvalidInput: ARN aws.iam.ManagedPolicy.AmazonSQSFullAccess is not valid. status code: 400, request id: 6755daf5-8485-4c0b-8ee8-5f08ef30353eCopy code
but this is not efficient since we have like 6 policies to attach to rolenew aws.iam.RolePolicyAttachment("lambdaFullAccess", { role: role.name, policyArn: aws.iam.ManagedPolicy.LambdaFullAccess, }); new aws.iam.RolePolicyAttachment("SQSFullAccess", { role: role.name, policyArn: aws.iam.ManagedPolicy.AmazonSQSFullAccess, });b- 2
- 2
- a
able-hair-32695
12/17/2021, 6:43 PMWhat would be the best way to have a function that can create AWS policy Documents and return them, while consuming outputs? I have the below code, but can’t figure out how to extract the strings from the outputs. Everything I’ve read seems to indicate that apply, all, etc still return an output rather than just a stringCopy codeexport function generateGithubOIDCAssumeRolePolicy(params: { githubOwner: Input<string>; repositoryName: Input<string>; oidcProviderArn: Input<string>; }): Promise<GetPolicyDocumentResult> { return getPolicyDocument({ statements: [ { actions: ['sts:AssumeRoleWithWebIdentity'], conditions: [ { test: 'StringLike', values: [`repo:${params.githubOwner}/${params.repositoryName}:*`], variable: '<http://token.actions.githubusercontent.com:sub|token.actions.githubusercontent.com:sub>', }, ], principals: [ { identifiers: [params.oidcProviderArn], type: 'Federated', }, ], }, ], }); }b- 2
- 2
- e
echoing-activity-32278
12/18/2021, 1:39 AMHow can I stop a running
process stuck in the retry process of a k8s resource? The current way is to wait for 10mins or so. From k8s logs, I can see the retry will fail in the end.pulumi upl- 2
- 1
- e
echoing-activity-32278
12/18/2021, 1:58 AMHi. Another question, how to see more information from pulumi. For example, I can only see some truncated message:al- 3
- 6
- e
echoing-activity-32278
12/19/2021, 3:20 PMI have project A that creates a dns zone on azure, and I have project B that needs to find out some specific records in the zone. How can I tell project B to achieve that (other than using stack reference)?l- 2
- 4
- b
broad-helmet-79436
12/21/2021, 11:30 AMHi! Is there any way I can make Pulumi automatically detect that resources have a
when I make them fields/properties of a ComponentResource class? E.g. here, I would really like to not have to explicitly specify `{ parent: this }`:parentCopy code
I think that setting a Pulumi resource as a field in a class that extends pulumi.ComponentResource like I do in the example (and in pretty much all of my code) is a pretty clear expression of intent for the resource to be a child of the component resource class. I do it this way so I can setclass A extends pulumi.ComponentResource { readonly id: random.RandomId; constructor(name: string, args: {}, opts: pulumi.ComponentResourceOptions) { super('martin:A', name, {}, opts); this.id = new random.RandomId( name, { byteLength: 42 }, { parent: this } ); } }
andproviders: [k8sProvider, gcpProvider]
on a single parent resource instead of passing the correct provider to every single resource. And the logical grouping in the diff output is nice too, but not enough that I’d bother to set a field on Every Single Resource. This is a source of continuous frustration as I keep forgetting about it when I add new resources to classes, and don’t always notice even when I runprotect: true
given that it’s completely valid to define a resource without a parent 😅pulumi upgl- 3
- 3
- b
broad-helmet-79436
12/21/2021, 11:36 AMIn case it helps, I use custom providers to not have the k8s provider default to whatever kubectl context I’ve currently selected, and to be able to fetch service account credentials for interacting with the GCP project from another stack 🤷 - b
broad-helmet-79436
12/21/2021, 11:39 AMThe problem will also get worse when I eventually switch to pretty much exclusively running Pulumi on a CI server, which is a goal to avoid simultaneous runs on multiple computers that end up causing issues with my stack