https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
typescript
  • g

    great-sunset-355

    02/15/2023, 12:07 PM
    Is it possible to have an Input like this?
    interface ResourceArgs {
      [key: pulumi.Input<string>]: pulumi.Input<string>
    }
    because this is a problem:
    [key: pulumi.Input<string>]
    when the value is an
    Output
    e
    s
    • 3
    • 9
  • b

    bright-wall-79582

    02/17/2023, 9:16 AM
    I was wondering about AWS Lambda Function URLs, in this post https://www.pulumi.com/blog/lambda-urls-launch/ it says it’s that you need to use the function ID as part of the URL. What I’m looking to do is to have a Lambda w/Function URL and have some other service call it over HTTP and it will not know the function ID when starting. am I missing something here? if this was a public API, I’d use DNS for this… does this mean I have to use the SDK to invoke it or something like that?
    b
    • 2
    • 6
  • a

    aloof-gigabyte-74853

    02/17/2023, 5:04 PM
    Hi there! When executing this code:
    export const generateSigningJob = (
      signingProfile: aws.signer.GetSigningProfileResult,
      bucket: aws.s3.Bucket
    ) => {
      const signingJob = new aws.signer.SigningJob("signing-job", {
        source: {
          s3: {
            bucket: bucket.bucket,
            key: "cove_fw.bin",
            version: "ynjaE4qqt_.w7V0F_0OzuARKk2586Fuy",
          },
        },
        destination: {
          s3: {
            bucket: bucket.bucket,
            prefix: "SignedImages/",
          },
        },
        profileName: "evcsigningprofile",
        ignoreSigningJobFailure: false,
      });
      return signingJob;
    };
    I get a SIGSEGV
    b
    • 2
    • 3
  • c

    cuddly-flower-91328

    02/19/2023, 1:54 PM
    When it comes to string interpolation vs me, string interpolation is undefeated 😅. I have a
    Component Resource
    I have created for the cluster autoscaler role. I want to pass a few args and use them within the IAM policy and role. I have it configured as below, but when I run a preview, the location where the string should be inserted is blank. I get no error and I've also tried using
    pulumi.interpolate
    constructor(name: string, args: { clusterName: string, oidcArn: string, oidcUrl: string }, opts?: pulumi.ComponentResourceOptions) {
        super("pkg:iam:clusterAutoscalerRole", name, args, opts);
        
        this.policy = new aws.iam.Policy(name, {
          path: "/",
          description: "Amazon EKS - Cluster autoscaler policy",
          policy: `{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "autoscaling:SetDesiredCapacity",
                    "autoscaling:TerminateInstanceInAutoScalingGroup"
                ],
                "Resource": "*",
                "Condition": {
                    "StringEquals": {
                        "aws:ResourceTag/k8s.io/cluster-autoscaler/${args.clusterName}": "owned"
                    }
                }
            },
            {
                "Sid": "VisualEditor1",
                "Effect": "Allow",
                "Action": [
                    "autoscaling:DescribeAutoScalingInstances",
                    "autoscaling:DescribeAutoScalingGroups",
                    "ec2:DescribeLaunchTemplateVersions",
                    "autoscaling:DescribeTags",
                    "autoscaling:DescribeLaunchConfigurations",
                    "ec2:DescribeInstanceTypes"
                ],
                "Resource": "*"
            }
        ]
    }`
        }, { parent: this });
    b
    • 2
    • 11
  • g

    great-sunset-355

    02/20/2023, 2:42 PM
    I need to check if
    gcp.types.input.cloudrunv2.JobTemplateTemplateVolume.secret
    is not undefined and based on that create IAMMember, however the input type is
    pulumi.Input<pulumi.Input<gcp.types.input.cloudrunv2.JobTemplateTemplateVolume>[]>
    . Is it possible to check if
    secret === undefined
    without using
    apply
    ? If not I will have to create
    IAMMember
    in
    apply
    because this is a chicken egg problem
    s
    • 2
    • 2
  • w

    wooden-greece-50586

    02/21/2023, 1:35 PM
    Are there any examples of how to pull from GCP Artifact Registry?
    g
    e
    • 3
    • 3
  • b

    blue-mouse-93986

    02/21/2023, 4:10 PM
    Hi I'm trying to create a role using 2 managed AWS policies
    const CloudWatch_CrossAccountSharingRole = new aws.iam.Role(
      `MyEnv_CloudWatch-CrossAccountSharingRole`,
      {
        assumeRolePolicy: {
          Statement: [
            {
              Action: 'sts:AssumeRole',
              Effect: 'Allow',
              Principal: { AWS: `arn:aws:iam::${MONITORING_ACCOUNT_ID}:root` },
            },
          ],
          Version: '2012-10-17',
        },
        managedPolicyArns: [
          aws.iam.ManagedPolicy.CloudWatchReadOnlyAccess,
          aws.iam.ManagedPolicy.CloudWatchAutomaticDashboardsAccess
        ],
        name: `MyEnv_CloudWatch-CrossAccountSharingRole`,
      }
    )
    As you can see the AWS Managed Policy Is there, but I'm getting an exception are there any ways to get it?
    b
    • 2
    • 2
  • s

    square-hair-965

    02/22/2023, 1:01 AM
    Someone who's more familiar with pulumi's typscript judo know of a way to work around the
    Input<Region> | undefined
    limitation when I try to dynamically create
    aws.Provider
    ? I'm trying to do the following to get around another issue with default providers and using
    aws:profile
    configs:
    import { getConfig } from "@pulumi/pulumi/runtime/config";
    
        const defaultProvider = new aws.Provider(`${stack}-peer-provider`, {
            region: getConfig("aws:region"),
            profile: "org_prod"
        });
    You get:
    error TS2322: Type 'string | undefined' is not assignable to type 'Input<Region> | undefined'.
          Type 'string' is not assignable to type 'Input<Region> | undefined'
    So I would need to fudge that enum constant somehow but am kind of lost on how I would do that considering its expecting it to be an Input<>
    s
    • 2
    • 4
  • b

    best-dog-72192

    02/22/2023, 4:03 PM
    Howdy ya’ll, Question about doing things the proper pulumi way - What is the proper way to write a deployment library that can be used across the pulumi supported languages? (specifically want to write once if possible, and use in both C# and Typescript, preferably writing only in typescript) or do I need to write and maintain two deployment libraries?
    g
    • 2
    • 3
  • b

    best-summer-38252

    02/22/2023, 11:52 PM
    This example shows a gcp service account name (an Output<string>) being used directly. https://www.pulumi.com/registry/packages/gcp/api-docs/serviceaccount/iambinding/#google_service_account_iam_policy But in my use, I get `Error 400: The member Calling [toString] on an [Output<T>] is not supported.`on the appIAM's serviceAccountId.
    const appServiceAccount = new gcp.serviceaccount.Account(camelcase(APP_NAME + "-SA"), {
      accountId: kebabcase(APP_NAME),
      displayName: startcase(APP_NAME),
    });
    
    const appAuthz = gcp.organizations.getIAMPolicy({
      bindings: [
        {
          role: "roles/workflows.invoker",
          members: [`${appServiceAccount.email}`],
        },
      ],
    });
    
    const appIAM = new gcp.serviceaccount.IAMPolicy("appSAIAM", {
      serviceAccountId: appServiceAccount.name,
      policyData: appAuthz.then((admin) => admin.policyData),
    });
    Ive tried, serviceAccountId: appServiceAccount.name.apply((n) =>
    ${n}
    ) and ``${appServiceAccount.name}`` etc. What am I missing?
    l
    • 2
    • 19
  • c

    cuddly-monkey-5560

    02/24/2023, 12:08 AM
    Hi, I would like to create an RDS cluster from a snapshot, but am receiving an error:
    * creating RDS Cluster (restore from snapshot) (temp-cluster): InvalidDBInstanceState: The server state is not yet available
    . My implementation to create the cluster is:
    const rdsCluster = new rds.Cluster('db-cluster', {
          clusterIdentifier: `temp-cluster`,
          engine: EngineType.AuroraPostgresql,
          engineMode: EngineMode.Provisioned,
          masterUsername: 'postgres',
          masterPassword: 'postgres',
          databaseName: 'postgres',
          snapshotIdentifier: <clusterSnapshotIdentifier>,
          vpcSecurityGroupIds: [vpcSecurityGroup.id],
        });
  • a

    ambitious-continent-10899

    02/24/2023, 7:58 PM
    Hello, would you have any examples, or article that explains how to access the outputs from a StackReference?
    e
    • 2
    • 3
  • a

    ambitious-continent-10899

    02/25/2023, 11:10 PM
    Does anyone know how to create a pulumi type map? I saw a video with example of
    pulumi.StringMap{}
    but I see no documentation of it.
    c
    • 2
    • 1
  • i

    important-football-6131

    02/26/2023, 8:14 PM
    anyone had any luck making ingress work with kubernetes in pulumi?
    b
    • 2
    • 62
  • a

    ambitious-continent-10899

    02/26/2023, 10:20 PM
    Has anyone tried to create Pulumi Packages with the typescript boilerplate? https://github.com/pulumi/pulumi-component-provider-ts-boilerplate I am getting a
    403 HTTP error fetching plugin from
    when attempting to access my plugin from an pulumi example file....
    b
    g
    h
    • 4
    • 9
  • r

    ripe-vase-9728

    02/27/2023, 4:54 PM
    Hello, I am starting with Pulumi and I am having a very beginner-ish issue for the past 3 days that drives me crazy. I want to deploy a Vpc on AWS and then a RDS database inside of it. I have two custom components: One for my Vpc, and one for my RDS database. In my RDS custom component I am creating a Security Group using the VPC id. Whenever I try to run
    pulumi up
    , it says I have hundreds of Promises leaks. When I change the VPC id used by the Security Group by any literal string though, all the leaks disappear. Do you have any idea what could be the source of the leaks ? I find it very opaque and hard to debug the leaks and I am completely stuck. I am pasting my Security Group code in the thread below.
    m
    • 2
    • 22
  • p

    polite-umbrella-11196

    02/27/2023, 7:26 PM
    Where’s the docs for
    alb.createTargetGroup('web-target', …)
    ?
  • p

    polite-umbrella-11196

    02/27/2023, 8:27 PM
    For that matter, https://www.pulumi.com/docs/guides/crosswalk/aws/elb/ refers to both createListener and createTargetGroup which doesn’t seem to be on the target/alb objects?
    l
    • 2
    • 51
  • s

    sparse-intern-71089

    02/28/2023, 10:07 PM
    This message was deleted.
    b
    • 2
    • 1
  • f

    freezing-twilight-25806

    03/01/2023, 10:02 AM
    Hi guys! I'm trying to manage some simple code and use output from resource1 (arn of aws sqs) as input for resource2 (iam policy), but with no luck... the error appears:
    Diagnostics:
      aws:iam:Policy (doc-mgmt-dev):
        error: 1 error occurred:
            * creating IAM Policy doc-mgmt-dev-ef9a0e5: MalformedPolicyDocument: Partition "
            1" is not valid for resource "arn:
            1: o.apply(v => v.toJSON())
            2: o.apply(v => JSON.stringify(v))
    
        See <https://pulumi.io/help/outputs> for more details.
        This function may throw in a future version of @pulumi/pulumi.:*".
    Here is the code I use:
    import * as pulumi from "@pulumi/pulumi";
    import { Sqs } from './sqs';
    import { IamPolicy } from './iamPolicy';
    
    const stackName = pulumi.getStack();
    const projectName = pulumi.getProject();
    
    const tags = {
        project: projectName,
        environment: stackName,
    }
    
    const sqsQueue1 = new Sqs(`${projectName}-${stackName}`, {
        createDlq: true,
        tags: tags,
    });
    
    const iamLambdaPolicy = new IamPolicy(`${projectName}-${stackName}`, {
        path: "/",
        description: `${projectName}-${stackName}-Lambda-policies`,
        listOfStatements: JSON.stringify({
            Version: "2012-10-17",
            Statement: [
                {
                    Action: [
                        "sqs:*"
                    ],
                    Effect: "Allow",
                    Resource: [
                        sqsQueue1.sqs.arn.apply(v => JSON.stringify(v)),
                    ],
                },
                {
                    Action: [
                        "sqs:ReceiveMessage"
                    ],
                    Effect: "Allow",
                    Resource: [
                        sqsQueue1.sqsDlq?.arn.apply(v => JSON.stringify(v)),
                    ],
                },
            ]
        }),
        tags: tags,
    });
    
    export const iamLambdaPoliciyArn = iamLambdaPolicy.policy.arn;
    I tried to use
    pulumi.all([sqsQueue1.sqs.arn, sqsQueue1.sqsDlq?.arn]).apply(([sqs1Arn, sqs1DlqArn])...
    it works, but with such approach I don't see the policy resource is going to be created during
    pulumi preview
    e
    • 2
    • 8
  • c

    cuddly-flower-91328

    03/01/2023, 8:52 PM
    Every time I think I think I have this sorted out, I realize I don't.
    Property 'getProvider' is missing in type 'OutputInstance<Deployment> & LiftedObject<Deployment, "id" | "apiVersion" | "kind" | "metadata" | "spec" | "status" | "urn">' but required  typescript (2741) [308, 5]
    l
    l
    • 3
    • 16
  • g

    great-sunset-355

    03/05/2023, 12:35 PM
    Hi, I am trying to package my own library with component resources. However, after compiling the code with
    tsc
    my package also contains
    .ts
    files. How can I exclude
    .ts
    files from the artifact? I tried to look at synced folder repo for example. But I when I compile my code into the
    bin
    folder it does not contain
    package.json
    like here https://github.com/pulumi/pulumi-synced-folder/blob/main/.github/workflows/release.yaml#LL132C11-L132C69 what step am I missing to get the package.json inside
    bin
    ?
    l
    • 2
    • 5
  • f

    few-postman-20852

    03/07/2023, 9:17 AM
    Hi! Anyone else experiencing issues with the TS server crashing in VScode when using the
    @pulumi/azure-native
    library? Looks like the library is too heavy for intellisense to load it in enough time. Posted in #general
  • f

    few-postman-20852

    03/07/2023, 12:47 PM
    Just to post here, so far this is the best thing to do about the huge TS azure-native library https://github.com/pulumi/pulumi-azure-native/issues/932#issuecomment-1454217629
  • s

    square-hair-965

    03/08/2023, 12:33 AM
    Hello all! I'm building a cli using the
    @pulumi/pulumi/automation
    package and ran into something of a unique issue. The command is basically "disabling" an item in a map in the config but I'm having trouble updating the config with the new structure. Just piping the json object back into it using
    setConfig
    doesnt work. I get
    object
    strings. If I stringify as json, it ends up being a json string. I ended up installing the yaml package to help me do this but I'm still running into an issure. Currently the code looks like this:
    await projectStack.setConfig('regions', { secret: false, value: yaml.stringify(newConfig) });
    l
    • 2
    • 5
  • m

    melodic-rain-98270

    03/09/2023, 1:26 PM
    I am attempting to provision a group to a GitLab, but getting a 403 Forbidden. I can provision a repository to my Userid, but when adding a group (with no linking or dependencies), it fails with a 403. I have been using an access token will full API access. The documentation, https://www.pulumi.com/registry/packages/gitlab/api-docs/group/, mentions this "On GitLab SaaS, you must use the GitLab UI to create groups without a parent group. You cannot use this provider nor the API to do this." - I assume this is only for the paid SaaS subscription, not the free tier. Does anyone know why this is happening?
  • f

    few-postman-20852

    03/10/2023, 7:13 AM
    how do I get a list of all stacks from the project in typescript? NVM wrong mental model 😓
    e
    • 2
    • 1
  • f

    freezing-twilight-25806

    03/10/2023, 5:03 PM
    Hi guys! I'm trying to figure out how can I manage dependencies here:
    import * as k8s from "@pulumi/kubernetes";
    import { FileAsset } from "@pulumi/pulumi/asset";
    import { project, stack } from "./globals";
    
    export const release = new k8s.helm.v3.Release(`${project}-${stack}`, {
        chart: "./nats",
        atomic: true,
        createNamespace: true,
        namespace: `${project}-${stack}`,
    
        valueYamlFiles: [new FileAsset(`./nats/${stack}-values.yaml`)],
        values: {
            Lb: true,
            LbServiceAnnotations: {
                "<http://service.beta.kubernetes.io/aws-load-balancer-name|service.beta.kubernetes.io/aws-load-balancer-name>": `${project}-${stack}`,
            }
        }
    })
    
    const nlb = aws.lb.getLoadBalancerOutput({
        name: `${project}-${stack}`,
    });
    After
    pulumi preview
    I got an error on NLB lookup, because it doesn't exist, obviously:
    reading ELBv2 Load Balancers: couldn't find resource
    Inside the helm chart there is a logic to create NLB and I want to get NLB dns name just after creation to manage route53 records afterwards Is it possible to add any dependency condition or kind of in such case?
    b
    • 2
    • 4
  • b

    broad-parrot-2692

    03/10/2023, 9:00 PM
    Hello! I just finished writing this adorable little
    forEach
    loop to setup my DNS zones in GCP, and I just realized that if I'm going to create DNS records in these zones, I need to actually work with the output. I need to somehow appropriately chain the resource dependencies so the order of operations are correct. I started going down the road of using
    eval
    to dynamically declare the const, and that was when I realized I should probably consult with others and see if anyone has advice to give. Thank you in advanced!
    Untitled.ts
    b
    • 2
    • 20
  • r

    rich-motorcycle-98689

    03/10/2023, 9:43 PM
    Hi all. I’m trying to deploy an application via Helm (i.e. using
    @pulumi/kubernetes/helm
    ) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a
    Secret
    and a
    MutatingWebhookConfiguration
    ). The problem that I’m running into is that the helm chart deploys an empty
    Secret
    and an empty value in the
    MutatingWebhookConfiguration
    and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do
    pulumi up
    after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?
    b
    g
    l
    • 4
    • 8
Powered by Linen
Title
r

rich-motorcycle-98689

03/10/2023, 9:43 PM
Hi all. I’m trying to deploy an application via Helm (i.e. using
@pulumi/kubernetes/helm
) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a
Secret
and a
MutatingWebhookConfiguration
). The problem that I’m running into is that the helm chart deploys an empty
Secret
and an empty value in the
MutatingWebhookConfiguration
and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do
pulumi up
after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?
b

billions-xylophone-85957

03/10/2023, 11:06 PM
https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/ ?
r

rich-motorcycle-98689

03/10/2023, 11:24 PM
How would I apply that to a component of a chart resource? Are each sub-resource inside of a chart identifiable in a way?
I ended up switching from using
helm.v3.Chart
in
@pulumi/helm
to using
k8s.helm.v3.Release
in
@pulumi/kubernetes
and it fixed my problem.
Seems like generally
k8s.helm.v3.Release
is a bit more developed than
helm.v3.Chart
, considering the latter doesn’t have hook support.
g

great-sunset-355

03/13/2023, 10:27 PM
A pitty I saw this late, the similar question comes too often and
v3.Release
resolves the most problems. I guess it would be good to have some information in the docs.
l

limited-rainbow-51650

03/14/2023, 7:13 AM
@rich-motorcycle-98689 good to hear the
Release
resource solved it for you. In case you want to use
Chart
again in the future, @billions-xylophone-85957 was on the right track to propose the
ignoreChanges
resource property. You can apply this to a
Chart
resource using a resource transformation. See the
Chart with Transformations
example here: https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformations
r

rich-motorcycle-98689

03/17/2023, 2:21 PM
Ohhh, interesting. So you’d add the
ignoreChanges
to a resource transformation in order to apply it to a specific resource. I guess in my case it would be as simple as applying it to all
Secret
and
MutatingWebhookConfiguration
resources (since I only had those resources that were causing a problem).
Would it be fair to characterize the difference between the
Release
and the
Chart
as the
Release
being an OOTB helm solution, while the
Chart
allows for extremely fine-grained configuration control? Because it seems like the
Transformations
tool could be extremely powerful, esp for performing chart manipulation beyond what is configurable in the chart’s
values.yaml
, and I don’t see an option for transformations in the
Release
resource.
View count: 1