Jan. releases: Pulumi Packages support for plugins hosted anywhere and Pulumi Service 3rd party audit for secrets decryption
Over the holidays we have been releasing new features and improvements. Read on to learn about what’s new in this release!
- Cloud Providers and Packages
- Pulumi CLI and core technologies
- Pulumi Service
Cloud Providers and Packages
As part of creating or updating infrastructure, it is often necessary to run scripts and/or commands. In order to improve this experience we released a new Pulumi Command package in the Pulumi Registry which enables users to run scripts locally or remotely on a target VM as part of the Pulumi resource lifecycle.
This new package is supported in all Pulumi languages.
The Command package supports quite a few common patterns involving local and remote scripts execution, such as:
- A simple local resource (random)
- Remote provisioning of an EC2 instance
- Invoking a Lambda during a Pulumi deployment
- Using local.Command with curl to manage an external REST API
- Graceful cleanup of workloads in a Kubernetes cluster
Learn more in the Command package GitHub issue
pulumi import for Kubernetes CRDs
We have added
pulumi import support for Kubernetes CustomResourceDefiniton (CRD). Now the spec of a CRD will be imported during
pulumi import. The same fix improves input generation for other Kubernetes resources as well, providing significantly better fidelity in covering inputs for existing resources.
Various improvements to Helm
This milestone we spent some time making improvements to the Helm
Release support. Of particular note are the ability to import existing Helm releases installed via the Helm command line into Pulumi and the ability to supply Helm values through YAML files. In addition, we have made a variety of bug fixes this iteration to make Helm Release a more robust option to use for your Kubernetes environment.
Learn more in these GitHub issues:
Pulumi CLI and core technologies
Support using native ES modules as Pulumi scripts
Native ECMAScript module (ESM) support has been added for the Node.js SDK. Pulumi users can now use Pulumi in projects with “type”: “module” configured. In addition, we can now support top-level
await in Node.js within Pulumi programs.
Learn more in these GitHub issue:
Support packages with plugins hosted in any third-party location
Pulumi Packages can now host their plugins anywhere (like GitHub releases) instead of needing to be published by Pulumi. We now detect any dependency that contains pulumi-plugin.json and treat it as a Pulumi Package, automatically downloading associated plugins as needed. To support this, the freshly generated Multi-Language Component (MLC) plugin will now include
pulumi-plugin.json by default.
Learn more in the following GitHub issues:
- Check for
pulumiplugin.jsonon package lookup
- Check for
- Check for
pulumiplugin.jsonin package lookup
pulumiplugin.jsonas part of codegen
State locking default enabled
We previously added support for self-managed backend state locking behind the PULUMI_SELF_MANAGED_STATE_LOCKING=1 flag. After positive feedback from users on this feature, we are making this the default when using a local or cloud backend such as Amazon S3, Google Cloud Storage and Azure Blob Storage.
Pulumi Service & Pulumi.com
Audit logging for third-party secrets managers
Previously secret decryption Audit Log events were only logged for users using the Pulumi Service secrets provider. Now users who use the Pulumi Service for their state but a third-party secrets provider (AWS KMS, Azure KeyVault, HashiCorp Vault, etc.) will have a log of these events.