What's the general strategy for bringing an old pu...
# general
What's the general strategy for bringing an old pulumi app up to date again? It's been running untouched for a long time now and it's time to upgrade it. Typescript, aws, cloudflare.
bumping dependencies one small step at a time doesn't seem to work as I get stuck in npm hell
lots of things have changed in the api, so I can't bump to newest and build, and I can't really figure out what changes I have to make. Lots of things were implicit, like presumably using the default vpc, or
portMapping: [myLoadbalancer]
in fargate, etc
is setting up a fresh project and trying to get it to match the old deploy a good approach? can I do that in the same stack? will the plan be ruined by old providers needing to be updated, creating diffs?
it's super important that I can at least get the currently working setup back up again if the migration fails, and this is where I'm the most worried atm
What problems are you encountering? I'm not aware of any major API changes within the Pulumi libraries except for AWSX, and that can be resolved by changing your awsx imports to awsx.classic.
Or by locking your awsx dependency version to 0.40.1
awsx.classic was a huge missing puzzle piece, thanks @little-cartoon-10569! Now I'm down to one error and one warning:
Copy code
  pulumi:providers:cloudflare (default_5_5_0):
    error: pulumi:providers:cloudflare resource 'default_5_5_0' has a problem: could not validate provider configuration: Invalid or unknown key. Check `pulumi config get cloudflare:accountId`.
  pulumi:pulumi:Stack (backend-prod):
    warning: aws:ec2/getSubnetIds:getSubnetIds verification warning: The aws_subnet_ids data source has been deprecated and will be removed in a future version. Use the aws_subnets data source instead: <https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/subnets>
The first one looks easy. Remove cloudflare:accountId from your stack yaml file.
The second one looks like you're using aws.getSubnetIds() and that needs to be changed to aws.getSubnets(). That function will probably need different params and has a different return value.
we're not using
directly at least. Could it this?
Copy code
const dbSubnets = new aws.rds.SubnetGroup('dbsubnets', {
  subnetIds: vpc.publicSubnetIds,
No, that's RDS not EC2. Maybe it's inside awsx.. not sure.
it looks like it's previewing without errors otherwise šŸ˜®šŸ˜
It's only a warning. Maybe it can be ignored for now. Or you could search the Pulumi GitHub projects for issues with that error message.
there's this merged two weeks ago, so perhaps that's not released yet https://github.com/pulumi/pulumi-aws/pull/2557
no, that's in
and last release is
huge thanks for the help @little-cartoon-10569! I've spent over 20 hours trying to figure this out, and you solved it in like 2 minutes
Looks like it might fix the warning though. You'll just have to live with it for now.
I have no problems living with the warning, as long as
pulumi up
keeps working šŸ˜„
It's 10% experience, 50% internet searching, and 75% guessing.
well, I didn't even manage to find out that
existed in those 20+ hours šŸ™‚
Maybe 12% experience then :)
once again, huge thanks! I'll try releasing this in about 8-10 hours, after the load peak
the diffs are: ā€¢ lots of providers changed ā€¢ lots of new outputs ā€¢ subnet changed, as always, since it rotates around aws availability zones ā€¢ cloudflare record will be changed, as always
which to me looks like a clean preview and like this is going to work
Tried it out, got a credentials error, didn't change any Pulumi.prod.yaml config, just bumped versions and replaced
with `awsx.classic`:
Copy code
    pulumi:providers:aws (default_5_41_0):
      error: rpc error: code = Unknown desc = unable to validate AWS credentials.
      Details: failed to get shared config profile, backend-prod
      Make sure you have set your AWS region, e.g. `pulumi config set aws:region us-west-2`.
are set; nothing else under the
namespace. I can run previews locally, and I am using
for credentials The github actions job that's failing to auth is very similar to and based on the
task at https://www.pulumi.com/docs/using-pulumi/continuous-delivery/github-actions/ Any hints? :)
Did you commit a change to aws:profile which is using your computer's config? If this build (on GitHub?) is using one of the normal AWS auth actions (e.g. aws-actions/configure-aws-credentials) then it requires that the normal env vars are going to be used by your provider. If you're using the default AWS provider and you've set
, then it will use that, not the env vars.
If this is the problem, then just remove
from your stack file.
In order to use your AWS profile locally but not in your CI, you need to handle that yourself. Either via custom logic in a non-default provider, or locally by setting AWS_PROFILE instead of aws:profile.
I got it running now! Huge thanks for all the help!