twingate-labs / pulumi-twingate Goto Github PK
View Code? Open in Web Editor NEWTwingate Pulumi provider
License: Other
Twingate Pulumi provider
License: Other
I've written up a long description of the behavior I'm seeing at https://forum.twingate.com/t/api-generated-connector-tokens-are-invalid/314 . In short, after generating more than a single token for a connector, the tokens get invalidated after 10 minutes; this implies that:
I can't find a way to view existing tokens attached to a connector to verify this is what's happening, but it seems to make sense from my blackbox view.
I see that the terraform provider does have a delete function for tokens. I don't know really anything about terraform so I can't verify that it is actually working, but that's why I decided to open this issue here instead of there, because it implies that maybe the problem is in the Pulumi overlay. I don't know though.
I'm also not sure how exactly this is intended to work on the backend. I could see a world where the automation doesn't delete old tokens (so a deploy is more graceful) and instead the Twingate backend does the auto-invalidation after ten minutes, but of the old token; if that's the intended experience, then it's a bug there instead of here.
If it would be helpful, I can modify https://github.com/Twingate-Labs/pulumi-twingate/blob/master/examples/connector-aws-ecs/__main__.py to create a reproduction example (I have a repository full of these for bugs in the aws-native provider). I think the main thing though is to do something that forces recreation of a token on a connector, and then wait 10 minutes and observe the newly-generated token is no longer valid.
I upgraded from 0.0.22
to 0.0.32
and noticed that the TwingateRemoteNetwork
now requires name
to be passed in. This becomes a problem when trying to replace the network with the same name because now we have to auto-generate the Pulumi suffix.
Ask is to have the name
be optional and follow Pulumi's Auto-name behavior.
Unfortunately the plugin doesn't seem to work properly yet. I have a Typescript based Pulumi project and trying to use the twingate plugin always results in the following error. I've tried with the current 0.0.14 down to 0.0.9 version of the plugin but it is always the same:
Diagnostics:
pulumi:providers:twingate (default_0_0_9_https_/github.com/Twingate-Labs/pulumi-twingate/releases/download/v__VERSION_):
error: could not read plugin [/root/.pulumi/plugins/resource-twingate-v0.0.9/pulumi-resource-twingate] stdout: EOF
pulumi:pulumi:Stack (environments-base-staging):
panic: strconv.ParseUint: parsing "": invalid syntax
goroutine 1 [running]:
github.com/pulumi/pulumi-terraform-bridge/v3/pkg/tfbridge.GetModuleMajorVersion(0x0, 0x0, 0x400053b9a0, 0x1)
/home/runner/go/pkg/mod/github.com/pulumi/pulumi-terraform-bridge/[email protected]/pkg/tfbridge/info.go:760 +0x140
github.com/Twingate/pulumi-twingate/provider.Provider(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ...)
/home/runner/work/pulumi-twingate/pulumi-twingate/provider/resources.go:105 +0x584
main.main()
/home/runner/work/pulumi-twingate/pulumi-twingate/provider/cmd/pulumi-resource-twingate/main.go:27 +0x28
It seems like sth is wrong with the plugin version string.
Our CI updated to pulumi-twingate-0.0.47 (Python) and we're now getting this error:
File "/home/runner/work/winfrastructure/winfrastructure/aws/./resources/twingate/twingate_com.py", line 74, in <module>
twingate.TwingateResource(
File "/home/runner/work/winfrastructure/winfrastructure/aws/venv/lib/python3.10/site-packages/pulumi_twingate/twingate_resource.py", line 429, in __init__
__self__._internal_init(resource_name, *args, **kwargs)
File "/home/runner/work/winfrastructure/winfrastructure/aws/venv/lib/python3.10/site-packages/pulumi_twingate/twingate_resource.py", line 470, in _internal_init
TwingateResourceProtocolsArgs._configure(_setter, **protocols)
TypeError: TwingateResourceProtocolsArgs._configure() missing 2 required positional arguments: 'tcp' and 'udp'
I think this is caused by 6b4ed27, but honestly I can't tell from reading the code what's going wrong there.
FWIW, this particular instance creation of TwingateResource
is one in which we're not specifying the protocols
field at all, just leaving it to the default. I haven't experimented to see if it also errors out when specified.
Not sure why this is happening, appears to only affect Remote Networks (not Resources).
Hey folks, this can be reproduced by attempting to add the pulumi plugin on an AMD64 arch computer.
pulumi plugin install resource twingate v0.0.22
You get the error
warning: Error downloading plugin: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-twingate-v0.0.22-linux-amd64.tar.gz
Will retry in 80ms [1/5]
warning: Error downloading plugin: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-twingate-v0.0.22-linux-amd64.tar.gz
Will retry in 160ms [2/5]
warning: Error downloading plugin: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-twingate-v0.0.22-linux-amd64.tar.gz
Will retry in 320ms [3/5]
warning: Error downloading plugin: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-twingate-v0.0.22-linux-amd64.tar.gz
Will retry in 640ms [4/5]
warning: Error downloading plugin: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-twingate-v0.0.22-linux-amd64.tar.gz
Will retry in 1.28s [5/5]
error: could not load plugin for twingate provider 'urn:pulumi:qa::arborxr::pulumi:providers:twingate::default_0_0_22': Could not automatically download and install resource plugin 'pulumi-resource-twingate'at version v0.0.22, install the plugin using `pulumi plugin install resource twingate v0.0.22`.
Underlying error: error downloading plugin twingate to file: failed to download plugin: twingate-0.0.22: 403 HTTP error fetching plugin from https://get.pulumi.com/releases/plugins/pulumi-resource-twingate-v0.0.22-linux-amd64.tar.gz```
Seems like the file is 403ing!
I can confirm that on my m1 mac, I am not experiencing this issue and its downloading and installing the plugin correctly.
Hey friends, looks like the docs on the Pulumi official docs show the incorrect name for the apiToken
. Just a heads up!
In the docs it shows
pulumi config set twingate:apiKey XXXXXX --secret
When it should be
pulumi config set twingate:apiToken XXXXXX --secret
https://www.pulumi.com/registry/packages/twingate/installation-configuration/
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.