pulumi-community #typescript

cuddly-flower-91328

02/19/2023, 1:54 PM

When it comes to string interpolation vs me, string interpolation is undefeated 😅. I have a

Component Resource

I have created for the cluster autoscaler role. I want to pass a few args and use them within the IAM policy and role. I have it configured as below, but when I run a preview, the location where the string should be inserted is blank. I get no error and I've also tried using

pulumi.interpolate

Copy code

constructor(name: string, args: { clusterName: string, oidcArn: string, oidcUrl: string }, opts?: pulumi.ComponentResourceOptions) {
    super("pkg:iam:clusterAutoscalerRole", name, args, opts);
    
    this.policy = new aws.iam.Policy(name, {
      path: "/",
      description: "Amazon EKS - Cluster autoscaler policy",
      policy: `{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "autoscaling:SetDesiredCapacity",
                "autoscaling:TerminateInstanceInAutoScalingGroup"
            ],
            "Resource": "*",
            "Condition": {
                "StringEquals": {
                    "aws:ResourceTag/k8s.io/cluster-autoscaler/${args.clusterName}": "owned"
                }
            }
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "autoscaling:DescribeAutoScalingInstances",
                "autoscaling:DescribeAutoScalingGroups",
                "ec2:DescribeLaunchTemplateVersions",
                "autoscaling:DescribeTags",
                "autoscaling:DescribeLaunchConfigurations",
                "ec2:DescribeInstanceTypes"
            ],
            "Resource": "*"
        }
    ]
}`
    }, { parent: this });

great-sunset-355

02/20/2023, 2:42 PM

I need to check if

gcp.types.input.cloudrunv2.JobTemplateTemplateVolume.secret

is not undefined and based on that create IAMMember, however the input type is

pulumi.Input<pulumi.Input<gcp.types.input.cloudrunv2.JobTemplateTemplateVolume>[]>

. Is it possible to check if

secret === undefined

without using

apply

? If not I will have to create

IAMMember

apply

because this is a chicken egg problem

wooden-greece-50586

02/21/2023, 1:35 PM

Are there any examples of how to pull from GCP Artifact Registry?

blue-mouse-93986

02/21/2023, 4:10 PM

Hi I'm trying to create a role using 2 managed AWS policies

Copy code

const CloudWatch_CrossAccountSharingRole = new aws.iam.Role(
  `MyEnv_CloudWatch-CrossAccountSharingRole`,
  {
    assumeRolePolicy: {
      Statement: [
        {
          Action: 'sts:AssumeRole',
          Effect: 'Allow',
          Principal: { AWS: `arn:aws:iam::${MONITORING_ACCOUNT_ID}:root` },
        },
      ],
      Version: '2012-10-17',
    },
    managedPolicyArns: [
      aws.iam.ManagedPolicy.CloudWatchReadOnlyAccess,
      aws.iam.ManagedPolicy.CloudWatchAutomaticDashboardsAccess
    ],
    name: `MyEnv_CloudWatch-CrossAccountSharingRole`,
  }
)

As you can see the AWS Managed Policy Is there, but I'm getting an exception are there any ways to get it?

square-hair-965

02/22/2023, 1:01 AM

Someone who's more familiar with pulumi's typscript judo know of a way to work around the

Input<Region> | undefined

limitation when I try to dynamically create

aws.Provider

? I'm trying to do the following to get around another issue with default providers and using

aws:profile

configs:

Copy code

import { getConfig } from "@pulumi/pulumi/runtime/config";

    const defaultProvider = new aws.Provider(`${stack}-peer-provider`, {
        region: getConfig("aws:region"),
        profile: "org_prod"
    });

You get:

Copy code

error TS2322: Type 'string | undefined' is not assignable to type 'Input<Region> | undefined'.
      Type 'string' is not assignable to type 'Input<Region> | undefined'

So I would need to fudge that enum constant somehow but am kind of lost on how I would do that considering its expecting it to be an Input<>

best-dog-72192

02/22/2023, 4:03 PM

Howdy ya’ll, Question about doing things the proper pulumi way - What is the proper way to write a deployment library that can be used across the pulumi supported languages? (specifically want to write once if possible, and use in both C# and Typescript, preferably writing only in typescript) or do I need to write and maintain two deployment libraries?

best-summer-38252

02/22/2023, 11:52 PM

This example shows a gcp service account name (an Output<string>) being used directly. https://www.pulumi.com/registry/packages/gcp/api-docs/serviceaccount/iambinding/#google_service_account_iam_policy But in my use, I get `Error 400: The member Calling [toString] on an [Output<T>] is not supported.`on the appIAM's serviceAccountId.

Copy code

const appServiceAccount = new gcp.serviceaccount.Account(camelcase(APP_NAME + "-SA"), {
  accountId: kebabcase(APP_NAME),
  displayName: startcase(APP_NAME),
});

const appAuthz = gcp.organizations.getIAMPolicy({
  bindings: [
    {
      role: "roles/workflows.invoker",
      members: [`${appServiceAccount.email}`],
    },
  ],
});

const appIAM = new gcp.serviceaccount.IAMPolicy("appSAIAM", {
  serviceAccountId: appServiceAccount.name,
  policyData: appAuthz.then((admin) => admin.policyData),
});

Ive tried, serviceAccountId: appServiceAccount.name.apply((n) =>

${n}

) and ``${appServiceAccount.name}`` etc. What am I missing?

cuddly-monkey-5560

02/24/2023, 12:08 AM

Hi, I would like to create an RDS cluster from a snapshot, but am receiving an error:

* creating RDS Cluster (restore from snapshot) (temp-cluster): InvalidDBInstanceState: The server state is not yet available

. My implementation to create the cluster is:

Copy code

const rdsCluster = new rds.Cluster('db-cluster', {
      clusterIdentifier: `temp-cluster`,
      engine: EngineType.AuroraPostgresql,
      engineMode: EngineMode.Provisioned,
      masterUsername: 'postgres',
      masterPassword: 'postgres',
      databaseName: 'postgres',
      snapshotIdentifier: <clusterSnapshotIdentifier>,
      vpcSecurityGroupIds: [vpcSecurityGroup.id],
    });

ambitious-continent-10899

02/24/2023, 7:58 PM

Hello, would you have any examples, or article that explains how to access the outputs from a StackReference?

ambitious-continent-10899

02/25/2023, 11:10 PM

Does anyone know how to create a pulumi type map? I saw a video with example of

pulumi.StringMap{}

but I see no documentation of it.

important-football-6131

02/26/2023, 8:14 PM

anyone had any luck making ingress work with kubernetes in pulumi?

ambitious-continent-10899

02/26/2023, 10:20 PM

Has anyone tried to create Pulumi Packages with the typescript boilerplate? https://github.com/pulumi/pulumi-component-provider-ts-boilerplate I am getting a

403 HTTP error fetching plugin from

when attempting to access my plugin from an pulumi example file....

ripe-vase-9728

02/27/2023, 4:54 PM

Hello, I am starting with Pulumi and I am having a very beginner-ish issue for the past 3 days that drives me crazy. I want to deploy a Vpc on AWS and then a RDS database inside of it. I have two custom components: One for my Vpc, and one for my RDS database. In my RDS custom component I am creating a Security Group using the VPC id. Whenever I try to run

pulumi up

, it says I have hundreds of Promises leaks. When I change the VPC id used by the Security Group by any literal string though, all the leaks disappear. Do you have any idea what could be the source of the leaks ? I find it very opaque and hard to debug the leaks and I am completely stuck. I am pasting my Security Group code in the thread below.

polite-umbrella-11196

02/27/2023, 7:26 PM

Where’s the docs for

alb.createTargetGroup('web-target', …)

polite-umbrella-11196

02/27/2023, 8:27 PM

For that matter, https://www.pulumi.com/docs/guides/crosswalk/aws/elb/ refers to both createListener and createTargetGroup which doesn’t seem to be on the target/alb objects?

sparse-intern-71089

02/28/2023, 10:07 PM

This message was deleted.

freezing-twilight-25806

03/01/2023, 10:02 AM

Hi guys! I'm trying to manage some simple code and use output from resource1 (arn of aws sqs) as input for resource2 (iam policy), but with no luck... the error appears:

Copy code

Diagnostics:
  aws:iam:Policy (doc-mgmt-dev):
    error: 1 error occurred:
        * creating IAM Policy doc-mgmt-dev-ef9a0e5: MalformedPolicyDocument: Partition "
        1" is not valid for resource "arn:
        1: o.apply(v => v.toJSON())
        2: o.apply(v => JSON.stringify(v))

    See <https://pulumi.io/help/outputs> for more details.
    This function may throw in a future version of @pulumi/pulumi.:*".

Here is the code I use:

Copy code

import * as pulumi from "@pulumi/pulumi";
import { Sqs } from './sqs';
import { IamPolicy } from './iamPolicy';

const stackName = pulumi.getStack();
const projectName = pulumi.getProject();

const tags = {
    project: projectName,
    environment: stackName,
}

const sqsQueue1 = new Sqs(`${projectName}-${stackName}`, {
    createDlq: true,
    tags: tags,
});

const iamLambdaPolicy = new IamPolicy(`${projectName}-${stackName}`, {
    path: "/",
    description: `${projectName}-${stackName}-Lambda-policies`,
    listOfStatements: JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Action: [
                    "sqs:*"
                ],
                Effect: "Allow",
                Resource: [
                    sqsQueue1.sqs.arn.apply(v => JSON.stringify(v)),
                ],
            },
            {
                Action: [
                    "sqs:ReceiveMessage"
                ],
                Effect: "Allow",
                Resource: [
                    sqsQueue1.sqsDlq?.arn.apply(v => JSON.stringify(v)),
                ],
            },
        ]
    }),
    tags: tags,
});

export const iamLambdaPoliciyArn = iamLambdaPolicy.policy.arn;

I tried to use

pulumi.all([sqsQueue1.sqs.arn, sqsQueue1.sqsDlq?.arn]).apply(([sqs1Arn, sqs1DlqArn])...

it works, but with such approach I don't see the policy resource is going to be created during

pulumi preview

cuddly-flower-91328

03/01/2023, 8:52 PM

Every time I think I think I have this sorted out, I realize I don't.

Property 'getProvider' is missing in type 'OutputInstance<Deployment> & LiftedObject<Deployment, "id" | "apiVersion" | "kind" | "metadata" | "spec" | "status" | "urn">' but required  typescript (2741) [308, 5]

great-sunset-355

03/05/2023, 12:35 PM

Hi, I am trying to package my own library with component resources. However, after compiling the code with

tsc

my package also contains

.ts

files. How can I exclude

.ts

files from the artifact? I tried to look at synced folder repo for example. But I when I compile my code into the

bin

folder it does not contain

package.json

like here https://github.com/pulumi/pulumi-synced-folder/blob/main/.github/workflows/release.yaml#LL132C11-L132C69 what step am I missing to get the package.json inside

bin

few-postman-20852

03/07/2023, 9:17 AM

Hi! Anyone else experiencing issues with the TS server crashing in VScode when using the

@pulumi/azure-native

library? Looks like the library is too heavy for intellisense to load it in enough time. Posted in #general

few-postman-20852

03/07/2023, 12:47 PM

Just to post here, so far this is the best thing to do about the huge TS azure-native library https://github.com/pulumi/pulumi-azure-native/issues/932#issuecomment-1454217629

square-hair-965

03/08/2023, 12:33 AM

Hello all! I'm building a cli using the

@pulumi/pulumi/automation

package and ran into something of a unique issue. The command is basically "disabling" an item in a map in the config but I'm having trouble updating the config with the new structure. Just piping the json object back into it using

setConfig

doesnt work. I get

object

strings. If I stringify as json, it ends up being a json string. I ended up installing the yaml package to help me do this but I'm still running into an issure. Currently the code looks like this:

Copy code

await projectStack.setConfig('regions', { secret: false, value: yaml.stringify(newConfig) });

melodic-rain-98270

03/09/2023, 1:26 PM

I am attempting to provision a group to a GitLab, but getting a 403 Forbidden. I can provision a repository to my Userid, but when adding a group (with no linking or dependencies), it fails with a 403. I have been using an access token will full API access. The documentation, https://www.pulumi.com/registry/packages/gitlab/api-docs/group/, mentions this "On GitLab SaaS, you must use the GitLab UI to create groups without a parent group. You cannot use this provider nor the API to do this." - I assume this is only for the paid SaaS subscription, not the free tier. Does anyone know why this is happening?

few-postman-20852

03/10/2023, 7:13 AM

~~how do I get a list of all stacks from the project in typescript?~~ NVM wrong mental model 😓

freezing-twilight-25806

03/10/2023, 5:03 PM

Hi guys! I'm trying to figure out how can I manage dependencies here:

Copy code

import * as k8s from "@pulumi/kubernetes";
import { FileAsset } from "@pulumi/pulumi/asset";
import { project, stack } from "./globals";

export const release = new k8s.helm.v3.Release(`${project}-${stack}`, {
    chart: "./nats",
    atomic: true,
    createNamespace: true,
    namespace: `${project}-${stack}`,

    valueYamlFiles: [new FileAsset(`./nats/${stack}-values.yaml`)],
    values: {
        Lb: true,
        LbServiceAnnotations: {
            "<http://service.beta.kubernetes.io/aws-load-balancer-name|service.beta.kubernetes.io/aws-load-balancer-name>": `${project}-${stack}`,
        }
    }
})

const nlb = aws.lb.getLoadBalancerOutput({
    name: `${project}-${stack}`,
});

After

pulumi preview

I got an error on NLB lookup, because it doesn't exist, obviously:

reading ELBv2 Load Balancers: couldn't find resource

Inside the helm chart there is a logic to create NLB and I want to get NLB dns name just after creation to manage route53 records afterwards Is it possible to add any dependency condition or kind of in such case?

broad-parrot-2692

03/10/2023, 9:00 PM

Hello! I just finished writing this adorable little

forEach

loop to setup my DNS zones in GCP, and I just realized that if I'm going to create DNS records in these zones, I need to actually work with the output. I need to somehow appropriately chain the resource dependencies so the order of operations are correct. I started going down the road of using

eval

to dynamically declare the const, and that was when I realized I should probably consult with others and see if anyone has advice to give. Thank you in advanced!

Untitled.ts

rich-motorcycle-98689

03/10/2023, 9:43 PM

Hi all. I’m trying to deploy an application via Helm (i.e. using

@pulumi/kubernetes/helm

) and I want to detach 2 components from pulumi’s tracking after the initial deployment (specifically a

Secret

and a

MutatingWebhookConfiguration

). The problem that I’m running into is that the helm chart deploys an empty

Secret

and an empty value in the

MutatingWebhookConfiguration

and then the deployment goes into both resources and generates a TLS cert and key pair to use post deployment. The issue is that now, every time I do

pulumi up

after the initial deploy, pulumi tries to revert these changes which then breaks the webhook and I have to restart the deployment manually. Is there a good way to handle this behavior?

polite-umbrella-11196

03/11/2023, 10:52 PM

Is there a way to extrude types across

StackReference

boundaries? Or make sure that values are set w/o checking each one for ‘undefined’ after getting them via
getOutput
?

best-horse-36919

03/14/2023, 8:08 AM

I am new to pulumi, and I want to organize my codes as image. However, I do not know how to configure my

index.ts

, which acts as a main entrypoint for pulumi. Any help would be appreciated!

astonishing-dentist-11149

03/14/2023, 8:13 PM

okay y'all, I am not even sure if this one is possible. I have a base stack in this stack I am defining secrets that will be generate ssm objects. I have the same thing for environments so that I can capture environment specific variables. I do not like doing stack reference for both of the stacks on the receiving end, because of complications. I would like to have a way to return all the base variables with the environment variables when I am on the dev stack for instance. Is there a good way to pull pulumi configuration values across stacks? Or is this a pulumi cp config for every environment?