great-sunset-355
02/15/2023, 12:07 PMinterface ResourceArgs {
[key: pulumi.Input<string>]: pulumi.Input<string>
}
because this is a problem: [key: pulumi.Input<string>]
when the value is an Output
bright-wall-79582
02/17/2023, 9:16 AMaloof-gigabyte-74853
02/17/2023, 5:04 PMexport const generateSigningJob = (
signingProfile: aws.signer.GetSigningProfileResult,
bucket: aws.s3.Bucket
) => {
const signingJob = new aws.signer.SigningJob("signing-job", {
source: {
s3: {
bucket: bucket.bucket,
key: "cove_fw.bin",
version: "ynjaE4qqt_.w7V0F_0OzuARKk2586Fuy",
},
},
destination: {
s3: {
bucket: bucket.bucket,
prefix: "SignedImages/",
},
},
profileName: "evcsigningprofile",
ignoreSigningJobFailure: false,
});
return signingJob;
};
I get a SIGSEGVcuddly-flower-91328
02/19/2023, 1:54 PMComponent Resource
I have created for the cluster autoscaler role. I want to pass a few args and use them within the IAM policy and role. I have it configured as below, but when I run a preview, the location where the string should be inserted is blank. I get no error and I've also tried using pulumi.interpolate
constructor(name: string, args: { clusterName: string, oidcArn: string, oidcUrl: string }, opts?: pulumi.ComponentResourceOptions) {
super("pkg:iam:clusterAutoscalerRole", name, args, opts);
this.policy = new aws.iam.Policy(name, {
path: "/",
description: "Amazon EKS - Cluster autoscaler policy",
policy: `{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/k8s.io/cluster-autoscaler/${args.clusterName}": "owned"
}
}
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeLaunchTemplateVersions",
"autoscaling:DescribeTags",
"autoscaling:DescribeLaunchConfigurations",
"ec2:DescribeInstanceTypes"
],
"Resource": "*"
}
]
}`
}, { parent: this });
great-sunset-355
02/20/2023, 2:42 PMgcp.types.input.cloudrunv2.JobTemplateTemplateVolume.secret
is not undefined and based on that create IAMMember, however the input type is pulumi.Input<pulumi.Input<gcp.types.input.cloudrunv2.JobTemplateTemplateVolume>[]>
.
Is it possible to check if secret === undefined
without using apply
? If not I will have to create IAMMember
in apply
because this is a chicken egg problemwooden-greece-50586
02/21/2023, 1:35 PMblue-mouse-93986
02/21/2023, 4:10 PMconst CloudWatch_CrossAccountSharingRole = new aws.iam.Role(
`MyEnv_CloudWatch-CrossAccountSharingRole`,
{
assumeRolePolicy: {
Statement: [
{
Action: 'sts:AssumeRole',
Effect: 'Allow',
Principal: { AWS: `arn:aws:iam::${MONITORING_ACCOUNT_ID}:root` },
},
],
Version: '2012-10-17',
},
managedPolicyArns: [
aws.iam.ManagedPolicy.CloudWatchReadOnlyAccess,
aws.iam.ManagedPolicy.CloudWatchAutomaticDashboardsAccess
],
name: `MyEnv_CloudWatch-CrossAccountSharingRole`,
}
)
As you can see the AWS Managed Policy Is there, but I'm getting an exception
are there any ways to get it?square-hair-965
02/22/2023, 1:01 AMInput<Region> | undefined
limitation when I try to dynamically create aws.Provider
?
I'm trying to do the following to get around another issue with default providers and using aws:profile
configs:
import { getConfig } from "@pulumi/pulumi/runtime/config";
const defaultProvider = new aws.Provider(`${stack}-peer-provider`, {
region: getConfig("aws:region"),
profile: "org_prod"
});
You get:
error TS2322: Type 'string | undefined' is not assignable to type 'Input<Region> | undefined'.
Type 'string' is not assignable to type 'Input<Region> | undefined'
So I would need to fudge that enum constant somehow but am kind of lost on how I would do that considering its expecting it to be an Input<>best-dog-72192
02/22/2023, 4:03 PMbest-summer-38252
02/22/2023, 11:52 PMconst appServiceAccount = new gcp.serviceaccount.Account(camelcase(APP_NAME + "-SA"), {
accountId: kebabcase(APP_NAME),
displayName: startcase(APP_NAME),
});
const appAuthz = gcp.organizations.getIAMPolicy({
bindings: [
{
role: "roles/workflows.invoker",
members: [`${appServiceAccount.email}`],
},
],
});
const appIAM = new gcp.serviceaccount.IAMPolicy("appSAIAM", {
serviceAccountId: appServiceAccount.name,
policyData: appAuthz.then((admin) => admin.policyData),
});
Ive tried, serviceAccountId: appServiceAccount.name.apply((n) => ${n}
) and ``${appServiceAccount.name}`` etc. What am I missing?cuddly-monkey-5560
02/24/2023, 12:08 AM* creating RDS Cluster (restore from snapshot) (temp-cluster): InvalidDBInstanceState: The server state is not yet available
. My implementation to create the cluster is:
const rdsCluster = new rds.Cluster('db-cluster', {
clusterIdentifier: `temp-cluster`,
engine: EngineType.AuroraPostgresql,
engineMode: EngineMode.Provisioned,
masterUsername: 'postgres',
masterPassword: 'postgres',
databaseName: 'postgres',
snapshotIdentifier: <clusterSnapshotIdentifier>,
vpcSecurityGroupIds: [vpcSecurityGroup.id],
});
ambitious-continent-10899
02/24/2023, 7:58 PMambitious-continent-10899
02/25/2023, 11:10 PMpulumi.StringMap{}
but I see no documentation of it.important-football-6131
02/26/2023, 8:14 PMambitious-continent-10899
02/26/2023, 10:20 PM403 HTTP error fetching plugin from
when attempting to access my plugin from an pulumi example file....ripe-vase-9728
02/27/2023, 4:54 PMpulumi up
, it says I have hundreds of Promises leaks.
When I change the VPC id used by the Security Group by any literal string though, all the leaks disappear.
Do you have any idea what could be the source of the leaks ? I find it very opaque and hard to debug the leaks and I am completely stuck.
I am pasting my Security Group code in the thread below.polite-umbrella-11196
02/27/2023, 7:26 PMalb.createTargetGroup('web-target', …)
?polite-umbrella-11196
02/27/2023, 8:27 PMsparse-intern-71089
02/28/2023, 10:07 PMfreezing-twilight-25806
03/01/2023, 10:02 AMDiagnostics:
aws:iam:Policy (doc-mgmt-dev):
error: 1 error occurred:
* creating IAM Policy doc-mgmt-dev-ef9a0e5: MalformedPolicyDocument: Partition "
1" is not valid for resource "arn:
1: o.apply(v => v.toJSON())
2: o.apply(v => JSON.stringify(v))
See <https://pulumi.io/help/outputs> for more details.
This function may throw in a future version of @pulumi/pulumi.:*".
Here is the code I use:
import * as pulumi from "@pulumi/pulumi";
import { Sqs } from './sqs';
import { IamPolicy } from './iamPolicy';
const stackName = pulumi.getStack();
const projectName = pulumi.getProject();
const tags = {
project: projectName,
environment: stackName,
}
const sqsQueue1 = new Sqs(`${projectName}-${stackName}`, {
createDlq: true,
tags: tags,
});
const iamLambdaPolicy = new IamPolicy(`${projectName}-${stackName}`, {
path: "/",
description: `${projectName}-${stackName}-Lambda-policies`,
listOfStatements: JSON.stringify({
Version: "2012-10-17",
Statement: [
{
Action: [
"sqs:*"
],
Effect: "Allow",
Resource: [
sqsQueue1.sqs.arn.apply(v => JSON.stringify(v)),
],
},
{
Action: [
"sqs:ReceiveMessage"
],
Effect: "Allow",
Resource: [
sqsQueue1.sqsDlq?.arn.apply(v => JSON.stringify(v)),
],
},
]
}),
tags: tags,
});
export const iamLambdaPoliciyArn = iamLambdaPolicy.policy.arn;
I tried to use pulumi.all([sqsQueue1.sqs.arn, sqsQueue1.sqsDlq?.arn]).apply(([sqs1Arn, sqs1DlqArn])...
it works, but with such approach I don't see the policy resource is going to be created during pulumi preview
cuddly-flower-91328
03/01/2023, 8:52 PMProperty 'getProvider' is missing in type 'OutputInstance<Deployment> & LiftedObject<Deployment, "id" | "apiVersion" | "kind" | "metadata" | "spec" | "status" | "urn">' but required typescript (2741) [308, 5]
great-sunset-355
03/05/2023, 12:35 PMtsc
my package also contains .ts
files. How can I exclude .ts
files from the artifact?
I tried to look at synced folder repo for example.
But I when I compile my code into the bin
folder it does not contain package.json
like here https://github.com/pulumi/pulumi-synced-folder/blob/main/.github/workflows/release.yaml#LL132C11-L132C69
what step am I missing to get the package.json inside bin
?few-postman-20852
03/07/2023, 9:17 AM@pulumi/azure-native
library? Looks like the library is too heavy for intellisense to load it in enough time.
Posted in #generalfew-postman-20852
03/07/2023, 12:47 PMsquare-hair-965
03/08/2023, 12:33 AM@pulumi/pulumi/automation
package and ran into something of a unique issue. The command is basically "disabling" an item in a map in the config but I'm having trouble updating the config with the new structure. Just piping the json object back into it using setConfig
doesnt work. I get object
strings. If I stringify as json, it ends up being a json string.
I ended up installing the yaml package to help me do this but I'm still running into an issure. Currently the code looks like this:
await projectStack.setConfig('regions', { secret: false, value: yaml.stringify(newConfig) });
melodic-rain-98270
03/09/2023, 1:26 PMfew-postman-20852
03/10/2023, 7:13 AMfreezing-twilight-25806
03/10/2023, 5:03 PMimport * as k8s from "@pulumi/kubernetes";
import { FileAsset } from "@pulumi/pulumi/asset";
import { project, stack } from "./globals";
export const release = new k8s.helm.v3.Release(`${project}-${stack}`, {
chart: "./nats",
atomic: true,
createNamespace: true,
namespace: `${project}-${stack}`,
valueYamlFiles: [new FileAsset(`./nats/${stack}-values.yaml`)],
values: {
Lb: true,
LbServiceAnnotations: {
"<http://service.beta.kubernetes.io/aws-load-balancer-name|service.beta.kubernetes.io/aws-load-balancer-name>": `${project}-${stack}`,
}
}
})
const nlb = aws.lb.getLoadBalancerOutput({
name: `${project}-${stack}`,
});
After pulumi preview
I got an error on NLB lookup, because it doesn't exist, obviously: reading ELBv2 Load Balancers: couldn't find resource
Inside the helm chart there is a logic to create NLB and I want to get NLB dns name just after creation to manage route53 records afterwards
Is it possible to add any dependency condition or kind of in such case?broad-parrot-2692
03/10/2023, 9:00 PMforEach
loop to setup my DNS zones in GCP, and I just realized that if I'm going to create DNS records in these zones, I need to actually work with the output. I need to somehow appropriately chain the resource dependencies so the order of operations are correct. I started going down the road of using eval
to dynamically declare the const, and that was when I realized I should probably consult with others and see if anyone has advice to give.
Thank you in advanced!rich-motorcycle-98689
03/10/2023, 9:43 PM@pulumi/kubernetes/helm
) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a Secret
and a MutatingWebhookConfiguration
).
The problem that I’m running into is that the helm chart deploys an empty Secret
and an empty value in the MutatingWebhookConfiguration
and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do pulumi up
after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?rich-motorcycle-98689
03/10/2023, 9:43 PM@pulumi/kubernetes/helm
) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a Secret
and a MutatingWebhookConfiguration
).
The problem that I’m running into is that the helm chart deploys an empty Secret
and an empty value in the MutatingWebhookConfiguration
and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do pulumi up
after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?billions-xylophone-85957
03/10/2023, 11:06 PMrich-motorcycle-98689
03/10/2023, 11:24 PMhelm.v3.Chart
in @pulumi/helm
to using k8s.helm.v3.Release
in @pulumi/kubernetes
and it fixed my problem.k8s.helm.v3.Release
is a bit more developed than helm.v3.Chart
, considering the latter doesn’t have hook support.great-sunset-355
03/13/2023, 10:27 PMv3.Release
resolves the most problems. I guess it would be good to have some information in the docs.limited-rainbow-51650
03/14/2023, 7:13 AMRelease
resource solved it for you. In case you want to use Chart
again in the future, @billions-xylophone-85957 was on the right track to propose the ignoreChanges
resource property. You can apply this to a Chart
resource using a resource transformation. See the Chart with Transformations
example here:
https://www.pulumi.com/registry/packages/kubernetes/api-docs/helm/v3/chart/#chart-with-transformationsrich-motorcycle-98689
03/17/2023, 2:21 PMignoreChanges
to a resource transformation in order to apply it to a specific resource. I guess in my case it would be as simple as applying it to all Secret
and MutatingWebhookConfiguration
resources (since I only had those resources that were causing a problem).Release
and the Chart
as the Release
being an OOTB helm solution, while the Chart
allows for extremely fine-grained configuration control? Because it seems like the Transformations
tool could be extremely powerful, esp for performing chart manipulation beyond what is configurable in the chart’s values.yaml
, and I don’t see an option for transformations in the Release
resource.