mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-09 05:44:23 +00:00
166 lines
8.8 KiB
Fish
166 lines
8.8 KiB
Fish
#!/usr/bin/env fish
|
|
|
|
brew install 'pulumi/tap/pulumi'
|
|
|
|
pulumi login
|
|
pulumi login 's3://some-bucket/with-prefix'
|
|
pulumi whoami -v
|
|
|
|
rm -r "$HOME/.pulumi"
|
|
|
|
source <(pulumi gen-completion 'zsh')
|
|
pulumi gen-completion 'fish' > "$HOME/.config/fish/completions/pulumi.fish"
|
|
|
|
docker run --rm --name 'pulumi-nodejs-3.127.0' -ti 'pulumi/pulumi-nodejs:3.127.0' --version
|
|
docker run --rm --name 'pulumi-nodejs-3.128.0' -ti --entrypoint 'bash' 'pulumi/pulumi-nodejs:3.128.0'
|
|
docker run --rm --name 'pulumi' \
|
|
--env 'AWS_DEFAULT_REGION' --env 'AWS_ACCESS_KEY_ID' --env 'AWS_SECRET_ACCESS_KEY' --env 'AWS_PROFILE' \
|
|
--env-file '.env' --env-file '.env.local' \
|
|
-v '${PWD}:/pulumi/projects' -v '${HOME}/.aws:/root/.aws:ro' \
|
|
'pulumi/pulumi-nodejs:3.148.0@sha256:2463ac69ec760635a9320b9aaca4e374a9c220f54a6c8badef35fd47c1da5976' \
|
|
pulumi preview --suppress-outputs --stack 'dev'
|
|
|
|
pulumi install
|
|
pulumi install --reinstall
|
|
|
|
pulumi pre
|
|
pulumi pre --cwd 'observability' --diff
|
|
pulumi up --suppress-outputs
|
|
|
|
# Get the URN (or other stuff) of resources that would be deleted
|
|
pulumi preview --json | jq -r '.steps[]|select(.op=="delete").urn' -
|
|
pulumi preview --json | jq -r '.steps[]|select(.op=="delete").oldState.id' -
|
|
|
|
# Remove from the state all resources that would be deleted
|
|
pulumi preview --json | jq -r '.steps[]|select(.op=="delete").urn' - | xargs -n1 pulumi state delete --force
|
|
|
|
pulumi config set 'boincAcctMgrUrl' 'https://bam.boincstats.com'
|
|
pulumi config set --secret 'boincGuiRpcPasswd' 'something-something-darkside'
|
|
pulumi config set --path 'outer.inner' 'value'
|
|
pulumi config set --path 'list[1]' 'value'
|
|
gpg --export 'smth@example.org' | pulumi config set 'smthTeam:pgpKey-public-raw' --type 'string'
|
|
cat "$HOME/.ssh/snowflake.key" | pulumi config set 'snowflake:privateKey' --secret
|
|
|
|
# Gitlab provider
|
|
# 'baseUrl' requires the ending slash
|
|
pulumi config set 'gitlab:baseUrl' 'https://private.gitlab.server/api/v4/'
|
|
pulumi config set 'gitlab:token' 'glpat-m-Va…zy' --secret
|
|
|
|
pulumi config get 'boincAcctMgrUrl'
|
|
pulumi config get 'boincGuiRpcPasswd'
|
|
pulumi config get --path outer.inner
|
|
pulumi config get --path 'list[1]'
|
|
|
|
pulumi plugin ls --project
|
|
pulumi plugin install --exact --reinstall
|
|
pulumi plugin rm --all --yes
|
|
pulumi plugin rm 'resource' 'aws' '6.20.1'
|
|
|
|
pulumi state unprotect 'urn:pulumi:dev::custom-images::aws:imagebuilder/infrastructureConfiguration:InfrastructureConfiguration::server-baseline'
|
|
pulumi state delete 'urn:pulumi:dev::custom-images::aws:imagebuilder/infrastructureConfiguration:InfrastructureConfiguration::server-baseline'
|
|
pulumi state rename -y 'urn:pulumi:dev::custom-images::aws:imagebuilder/imageRecipe:ImageRecipe::baselineServerImage-1.0.8' 'serverBaseline-1.0.8'
|
|
|
|
pulumi state edit
|
|
EDITOR='vim' pulumi state edit
|
|
|
|
find . -type f -name Pulumi.yaml -not -path "*/node_modules/*" -print | tee | xargs -n1 dirname | tee | xargs -n1 -tI '%%' pulumi -C '%%' install
|
|
|
|
find '.' -type f -name 'Pulumi.yaml' -not -path "*/node_modules/*" -print -exec yq '.backend.url' {} '+'
|
|
|
|
find '.' -type f -name 'Pulumi.yaml' -not -path "*/node_modules/*" -exec dirname {} + | xargs -pn '1' pulumi install --cwd
|
|
find '.' -type f -name 'Pulumi.yaml' -not -path "*/node_modules/*" -exec dirname {} + | xargs -pn '1' pulumi preview --parallel "$(nproc)" --suppress-outputs --cwd
|
|
find '.' -type f -name 'Pulumi.yaml' -not -path "*/node_modules/*" -exec dirname {} + | xargs -pn '1' pulumi refresh --parallel "$(nproc)" -s 'dev' --non-interactive -v '3' --cwd
|
|
|
|
# View the selected stack
|
|
pulumi stack --show-name
|
|
|
|
# Rename stacks
|
|
pulumi stack rename -s 'dev' 'staging'
|
|
# When the project name (and backend) changed
|
|
pulumi stack rename -s 'pulumicomuser/testproj/dev' 'organization/internal-services/dev'
|
|
|
|
# Get providers for resources
|
|
pulumi stack export | jq -r '.deployment.resources[]|{"urn":.urn,"provider":.provider}'
|
|
|
|
# Check providers are all of a specific version
|
|
pulumi stack export | jq -r '.deployment.resources[].provider' | grep -v 'aws::default_6_50_0'
|
|
|
|
# Get the AWS secret access key of an aws.iam.AccessKey resource
|
|
pulumi stack output 'someAccessKey' | jq -r '.encryptedSecret' - | base64 -d | gpg --decrypt
|
|
pulumi stack export \
|
|
| jq -r '
|
|
.deployment.resources[]
|
|
| select(.type=="aws:iam/accessKey:AccessKey" and .outputs.user=="someUserId")
|
|
| .outputs.encryptedSecret' \
|
|
| base64 -d | gpg -d
|
|
|
|
# Get the initial password created by an aws.iam.UserLoginProfile resource.
|
|
# If no encryption is set in the resource, it will be available in plaintext at runtime as the resource's
|
|
# 'encryptedPassword' attribute - just log it out.
|
|
# If a PGP key is set in the resource, it will be available as base64 cyphertext at runtime as the resource's
|
|
# 'encryptedPassword' attribute *and* it will also be available in the state for later reference.
|
|
pulumi stack output 'someUserLoginProfile' | jq -r '.encryptedPassword' - | base64 -d | gpg --decrypt
|
|
pulumi stack export \
|
|
| jq -r '
|
|
.deployment.resources[]
|
|
| select(.type=="aws:iam/userLoginProfile:UserLoginProfile" and .id=="someUserId")
|
|
| .outputs.encryptedPassword' \
|
|
| base64 -d | gpg -d
|
|
|
|
# Avoid permission errors when deleting clusters with charts and stuff.
|
|
PULUMI_K8S_DELETE_UNREACHABLE='true' pulumi destroy
|
|
|
|
# Move resources between stacks
|
|
pulumi state move --source 'organization/utils/dev' --dest 'organization/iam/dev' \
|
|
'urn:pulumi:dev::utils::aws:iam/role:Role::rdsToS3Exporter' \
|
|
'urn:pulumi:dev::utils::aws:iam/rolePolicy:RolePolicy::rdsToS3Exporter-allowExportingSnapshotsToS3'
|
|
|
|
# Upgrade providers' versions in projects' definition files.
|
|
jq '.dependencies."@pulumi/aws" |= "6.66.2"' 'package.json' | sponge 'package.json' \
|
|
&& pulumi install && pulumi update --suppress-outputs
|
|
|
|
# Update only resources with a specific provider version.
|
|
pulumi update --suppress-output ( \
|
|
pulumi stack export \
|
|
| jq -r '.deployment.resources[]|select(.provider)|select(.provider|test("6.80.0")).urn' \
|
|
| sed 's/^/-t /g' \
|
|
| xargs \
|
|
)
|
|
|
|
# Limit the update run to only execute the 'delete' operations.
|
|
pulumi pre --suppress-outputs --json \
|
|
| jq -r '.steps[]|select(.op=="delete").urn' - \
|
|
| sed 's/^/-t /g' \
|
|
| xargs -o pulumi update --suppress-outputs
|
|
|
|
# Enable patch force for target resources (k8s-helm only)
|
|
PULUMI_K8S_ENABLE_PATCH_FORCE='true' \
|
|
pulumi up --target 'urn:pulumi:someStack::someProj::kubernetes:helm.sh/v4:Chart$kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinition::awsLoadBalancerController:targetgroupbindings.elbv2.k8s.aws'
|
|
|
|
# Import resources
|
|
# Could use `--suppress-outputs --generate-code='false' --protect=false` for some
|
|
pulumi import --file 'import.json'
|
|
pulumi import 'aws:alb/listener:Listener' 'pihole' 'arn:aws:elasticloadbalancing:us-west-2:012345678901:listener/app/pihole/0123456789abcdef/0123456789abcdef'
|
|
pulumi import 'aws:chatbot/slackChannelConfiguration:SlackChannelConfiguration' 'alarms' 'arn:aws:chatbot::012345678901:chat-configuration/slack-channel/alarms'
|
|
pulumi import 'aws:cloudfront/distribution:Distribution' 'someWebsite' 'E74FTE3EXAMPLE'
|
|
pulumi import 'aws:cloudwatch/logGroup:LogGroup' 'vulcan' 'vulcan'
|
|
pulumi import 'aws:cloudwatch/metricAlarm:MetricAlarm' 'prometheus-ec2-CPUUtilization' 'prometheus-ec2-CPUUtilization-drc5644'
|
|
pulumi import 'aws:codedeploy/application:Application' 'my-app-prod' 'my-application-production'
|
|
pulumi import 'aws:ec2/eipAssociation:EipAssociation' 'gitlab-server' 'eipassoc-abcd1234'
|
|
pulumi import 'aws:ec2/instance:Instance' 'logstash' 'i-abcdef0123456789a'
|
|
pulumi import 'aws:ec2/securityGroup:SecurityGroup' 'internalOps' 'sg-0123456789abcdef0'
|
|
pulumi import 'aws:ec2/subnet:Subnet' 'public_subnet' 'subnet-9d4a7b6c'
|
|
pulumi import 'aws:ecs/cluster:Cluster' 'experiments' 'experiments'
|
|
pulumi import 'aws:ecs/service:Service' 'pihole' 'experiments/pihole'
|
|
pulumi import 'aws:ecs/taskDefinition:TaskDefinition' 'pihole' 'arn:aws:ecs:eu-west-1:012345678901:task-definition/pihole:27'
|
|
pulumi import 'aws:iam/instanceProfile:InstanceProfile' 'prometheus-instance-profile' 'PrometheusRole'
|
|
pulumi import 'aws:iam/user:User' 'jimmy' 'jimmy'
|
|
pulumi import 'aws:imagebuilder/component:Component' 'requiredPackages' 'arn:aws:imagebuilder:us-east-1:123456789012:component/project-alpha-required-packages/1.0.0/1'
|
|
pulumi import 'aws:imagebuilder/imagePipeline:ImagePipeline' 'serverBase' 'arn:aws:imagebuilder:us-east-1:123456789012:image-pipeline/server-base'
|
|
pulumi import 'aws:rds/instance:Instance' 'staging' 'odoo-staging-replica'
|
|
pulumi import 'aws:route53/record:Record' 'hoppscotch' 'ZGG4442BC3E8M_hoppscotch.example.org_A'
|
|
pulumi import 'aws:secretsmanager/secret:Secret' 'example' 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456'
|
|
pulumi import 'aws:secretsmanager/secretVersion:SecretVersion' 'example' 'arn:aws:secretsmanager:us-east-1:123456789012:secret:example-123456|ABCDEF01-2345-6789-ABCD-EF0123456789'
|
|
pulumi import 'aws:vpc/securityGroupEgressRule:SecurityGroupEgressRule' 'allowAll' 'sgr-02108b27edd666983'
|
|
pulumi import 'aws:vpc/securityGroupIngressRule:SecurityGroupIngressRule' 'allowAll' 'sgr-02108b27edd666984'
|