Skip to content

Pulumi

see current state

# show urns of resources
pulumi state -u

# see state of stack
pulumi stack 
pulumi stack export

# not sure if this works
pulumi state -u -l

work with secrets

"By default, the encryption method uses automatic, per-stack encryption keys provided by Pulumi Cloud, but you can also use a provider of your own choosing instead."

# configure secret provider in new project
pulumi stack init dev --secrets-provider passphrase

# configure secret provider in existing project
# see https://www.pulumi.com/docs/cli/commands/pulumi_stack_change-secrets-provider/
pulumi stack change-secrets-provider TYPE

# your passphrase to unlock config/secrets
export PULUMI_CONFIG_PASSPHRASE="STACKPASSWORD"

login to cloud provider

azure

Pulumi runs against the default azure subscription. If you got authentifcation errors you might want to check if you selected the right subscription.

az login
az account list
az account set --subscription=<id>

pulumi print values

One option is to define output properties and then run pulumi stack output. You can define output in Typescript by exporting a variable like this export const someId = resource.id

string interpolation

Use pulumi.concat or pulumi.interpolate. For deails see

pulumi native vs. classic

In doubt use native because.

  • it exposes the full api of a provider (beware of breaking api changes)
  • in case of azure it only exposes the ARM api which is a (unified) subset of the rest api (see)
  • it allows to configure the location for the whole stack: pulumi config set azure-native:location WestUS2

The classic versions are based on the terraform providers.

Pulumi blog

pulumi flow for pulumi native

  • create in web ui
  • see template of ressource
  • azure: "Automation" > "Export template"
  • you can copy part of the stuff to pulumi

refresh state

If you got diff between pulumi state and actual state.

pulumi up --refresh
pulumi refresh

see diff

pulumi preview -diff or pulumi up -diff

use custom backend

  • setup with standard login. The initial project nearly setups an backend. Run pulumi up and then switch the backend to newly created resources.
  • otherwise here is a gist for creating the resources with a bash scripts
  • azure gist
  • gcp gist
  • Login to selfmanaged backend
  • azure:
    • set AZURE_STORAGE_KEY and STORAGE_ACCOUNT_NAME
    • run pulumi login azblob://<container-blob-name>
  • gcp:
    • set GOOGLE_PROJECT and GOOGLE_CREDENTIALS
    • run pulumi login gs://<my-pulumi-state-bucket>

access stack name within code

In doubt keep stacknames short and the same size when you want to add it to the resources. So you can be sure that length requirements of resource names are fullfilled in every stack and not just in a few.

let stack = pulumi.getStack();

Source: https://www.pulumi.com/docs/intro/concepts/stack/#getting-the-current-stack-programmatically

stack dependant variables

Add an entry under config in the config-.yaml in root.

let config = new pulumi.Config();
let name = config.require("name");

Source: Accessing Configuration from Code

see api of existing resource

azure

az resource.. list

az containerapp list
az containerapp env list
az monitor log-analytics workspace list