pulumi-community #python

fast-hamburger-46413

10/08/2019, 6:06 PM

Copy code

import pulumi
import pulumi_aws as aws


my_key_pair = aws.ec2.KeyPair("mytest", 
    public_key="REDACTED"
)
size = 't2.micro'
ami = aws.get_ami(
    most_recent="true",
    owners=["679593333241"],
    filters=[
        {"name":"name","values":["CentOS Linux 7 x86_64 HVM EBS*"]},
        {"name":"architecture","values":["x86_64"]},
        {"name":"root-device-type","values":["ebs"]}
    ])

master_sg = aws.ec2.SecurityGroup('master_sg',
    description='Enable Salt master SSH access',
    egress=[
        { 'protocol': '-1', 'fromPort': 0, 'toPort': 0, 'cidrBlocks': [ "0.0.0.0/0" ] }
    ],
    ingress=[
        { 'protocol': 'tcp', 'from_port': 22, 'to_port': 22, 'cidr_blocks': ['0.0.0.0/0'] }
    ])

node2node_sg = aws.ec2.SecurityGroup('node2node_sg',
    description='Enable Salt node to node all access',
    ingress=[
        { 'protocol': '-1', 'from_port': 0, 'to_port': 0, 'self': True }
    ])

master_user_data = """#!/bin/bash -e
yum update -y
yum install -y <https://repo.saltstack.com/py3/redhat/salt-py3-repo-2019.2.el7.noarch.rpm>
yum install -y salt-master salt-ssh salt-cloud salt-api
sed -i "s|#auto_accept: False|auto_accept: True|g" /etc/salt/master
systemctl start salt-master
"""

master = aws.ec2.Instance('master',
    instance_type=size,
    security_groups=[master_sg.name, node2node_sg.name],
    ami=ami.id,
    key_name=my_key_pair,
    user_data=master_user_data)

master_public_ip = master.public_ip

minion_user_data = """#!/bin/bash -e
yum update -y
yum install -y <https://repo.saltstack.com/py3/redhat/salt-py3-repo-2019.2.el7.noarch.rpm>
yum install -y salt-minion salt-ssh salt-cloud salt-api
mkdir -p /etc/salt/minion.d
sed -i "s|#master: salt|master: %s|g" /etc/salt/minion
systemctl start salt-minion
""" % master.private_ip

minion = aws.ec2.Instance('minion',
    instance_type=size,
    security_groups=[master_sg.name, node2node_sg.name],
    ami=ami.id,
    key_name=my_key_pair,
    user_data=minion_user_data)

pulumi.export('sshLogin', "ssh -i ~/.ssh/id_rsa centos@%s" % master_public_ip)
pulumi.export('masterPrivateIp', master.private_ip)
pulumi.export('masterPublicHostName', master.public_dns)

fast-hamburger-46413

10/08/2019, 6:07 PM

Whereas

sshLogin

in the end of code always render as

ssh -i ~/.ssh/id_rsa centos@<pulumi.output.Output object at 0x10a8ed450>

fast-hamburger-46413

10/08/2019, 6:09 PM

Same as the master private IP address in minion_user_data.

fast-hamburger-46413

10/09/2019, 4:39 AM

This one resolved. See: https://github.com/pulumi/pulumi/issues/3311#issuecomment-539792869

stocky-spoon-28903

10/09/2019, 10:52 AM

you need an

apply

to interpolate in that way I believe @fast-hamburger-46413

👍 1

🙇‍♂️ 1

clever-nest-47198

10/10/2019, 9:56 PM

nvm figured it out, just do all my work inn apply

clever-nest-47198

10/10/2019, 9:58 PM

did it with ruamel.yaml instead

high-morning-18773

10/14/2019, 5:38 PM

Hello, Can some one please take a look at code and help me out. I am creating a simple vpc. I have a for loop that creates subnet route table association. ever time i run pulumi up. pulumi recreates the route table associations Here is the code

Copy code

private_subnet_ids = []

Copy code

private_subnet_2 = aws.ec2.Subnet(
    "app-subnet-2",
    vpc_id=vpc_id,
    availability_zone="us-west-2b",
    cidr_block="10.100.2.0/24",
    map_public_ip_on_launch = 'false',
    # Only assign public IP if we are exposing public subnets
    tags={
        "Name": "app-subnet-2",
    },)
private_subnet_ids.append(private_subnet_2)

Copy code

for psubnet in private_subnet_ids:
    passociationname = str(psubnet.id) + "route_table_association"
    passociationname = aws.ec2.RouteTableAssociation(
    passociationname,
    subnet_id = psubnet.id,
    route_table_id = private_route_table.id,
    )

high-morning-18773

10/14/2019, 5:41 PM

This is what i see when i run pulumi up

Copy code

Type                              Name                                                                 Plan
     pulumi:pulumi:Stack               mgmt-vpc-mgmt-vpc-prod
 +   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x1052d64d0>route_table_association  create
 +   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x1052bd890>route_table_association  create
 +   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x1052e9b90>route_table_association  create
 +   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x1052e9210>route_table_association  create
 -   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x105a8f190>route_table_association  delete
 -   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x105aa8350>route_table_association  delete
 -   ├─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x105a44650>route_table_association  delete
 -   └─ aws:ec2:RouteTableAssociation  <pulumi.output.Output object at 0x105aa87d0>route_table_association  delete

Outputs:
  + privatename     : "<pulumi.output.Output object at 0x1052bd890>route_table_association"

Resources:
    + 4 to create
    - 4 to delete
    8 changes. 18 unchanged

it recreates the routetable assodication.

high-morning-18773

10/14/2019, 6:03 PM

hmm i think i figured out the issue had to read up on pulumi outputs

Copy code

passociationname = psubnet.id.apply(lambda id: id + "route_table_association")

this works

👍 1

colossal-plastic-46140

10/15/2019, 3:13 PM

Hi, my team created a custom resource using the modeled after the pulumi-terraform bridge. After upgrading pulumi v1.3.1 and now I am getting this error when attempting to do pulumi preview

Copy code

fastly:index:Servicev1 (testing123):
    error: Preview failed: unrecognized resource type (Read): fastly:index/servicev1:Servicev1

bright-orange-69401

10/18/2019, 6:15 AM

Hello

pulumi_python

community, I was wondering if it would be possible to deploy Pulumi resources via a web interface (e.g. Django Admin) ? My use-case would be to deploy Github Buckets + AWS Cloud9 environments from a GUI and keep track of them in my Back Office. Does it make sense to use Pulumi for that ? @gentle-diamond-70147 @microscopic-florist-22719 what do you think ?

white-jewelry-95626

10/19/2019, 6:00 PM

Hi all, I am trying to create a kms resource and then add the kms key Id to a json policy. But since the result of the kms key resource is an output, and I am just string substituting the kmy key in the policy json file, I end up with an output result rather than the actual key. Anyone know how I could go about this? The intention is to automate infrastructure creation in one go. @gentle-diamond-70147 @high-translator-22614 any thoughts?

white-jewelry-95626

10/20/2019, 11:44 PM

This module create a kms key and exports it to the stack, as the same key is later imported into as an import into other resources which are in a different stack.

kms_module

white-jewelry-95626

10/20/2019, 11:47 PM

Untitled

white-jewelry-95626

10/20/2019, 11:49 PM

Thats the policy in a json file

json policy

white-jewelry-95626

10/20/2019, 11:50 PM

and the last bit the transformed policy gets attached to a role

white-jewelry-95626

10/20/2019, 11:50 PM

ecs_execution_role_policy = createIamRolePolicy( "ecs_execution_role_policy", ecs_execution_role_policy, ecs_task_execution_role )

white-jewelry-95626

10/20/2019, 11:54 PM

More info, my stacks are layered, for higher level stacks, they grab the kms_id from the base stack output but the kms module and the ecs module are on the same level, the ecs module requires the kms keys as an input but because in python this is just a string replacement. The kms key is substituted with a promise rather than actually the string value itself.

white-jewelry-95626

10/20/2019, 11:56 PM

And while I got your attention please send an example on how to create a component consisting of various resources. Thanks @gentle-diamond-70147

bland-eye-59969

10/21/2019, 5:45 PM

Does anyone have working example of pulumi Custom resources?

high-morning-18773

10/22/2019, 4:29 PM

@bland-eye-59969 take a look at this one https://github.com/pulumi/pulumi-awsx/tree/master/python/pulumi_aws_infra

👍 1

high-morning-18773

11/01/2019, 7:09 PM

i would like to know if there are plans to add more python resources in awsx anyone knows?

colossal-room-15708

11/03/2019, 10:44 PM

I'm running some docker commands (build image, login to ACR, push image) in my pulumi script and gotten over the fact that they don't show up as resources (which is fine for now). However, the login command for example needs the ACR repository name, user name and password, which are outputs from pulumi resources. The docker commands run during preview already which means the outputs have no value which causes the docker commands to fail. Is there any way to make this work?

high-morning-18773

11/05/2019, 11:05 PM

it seems like there is no way to specify source_version / branch name in codebuild module. in aws cli we can specify branch or tags etc

Copy code

"sourceVersion": "source-version",
  "secondarySourceVersions": {
    "sourceIdentifier": "secondary-source-identifier",
    "sourceVersion": "secondary-source-version"
  }, 
<https://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html#create-project-cli>

high-morning-18773

11/05/2019, 11:05 PM

anyone knows?

high-morning-18773

11/05/2019, 11:07 PM

should i be creating webhook with branch filter?

high-morning-18773

11/05/2019, 11:08 PM

looks like i need to create webhook

mysterious-egg-7415

11/06/2019, 2:40 AM

Hi all. I've been working on an integration testing framework for Pulumi code developed in Python: https://github.com/bincyber/pitfall. If you find this project useful, I would love to get your feedback on usability, any bugs encountered, or missing features that you'd like added (eg, support for StackReference).

🎉 2

🙌 2

💯 1

high-morning-18773

11/07/2019, 12:59 AM

Looks like when you add an attribute to a cognito pool the pool gets recreated ( all users get deleted this way) . is this how its supposed to work?