Channels
#python
- n
nutritious-shampoo-16116
10/27/2020, 11:34 AMcan anybody tell me why the first version works and the second one doesn't?Copy codedef setup_s3_read_write_policy(buckets: List[pulumi.Output], project_name: str, instance_role: iam.Role): """ Create a policy to access a list of buckets in R/W mode """ def create_and_attach_policy(args: List) -> None: policy = json.dumps( { "Statement": [ { "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": [f"arn:aws:s3:::{arg}" for arg in args], }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": [f"arn:aws:s3:::{arg}/*" for arg in args], }, ], } ) S3_POLICY_NAME = create_unique_name(f'{project_name}-buckets-policy') s3_policy = iam.Policy(S3_POLICY_NAME, policy=policy) S3_ROLE_POLICY_ATTACHMENT = create_unique_name( f'{project_name}-buckets-role-policy-attachment' ) iam.RolePolicyAttachment( S3_ROLE_POLICY_ATTACHMENT, role=instance_role, policy_arn=s3_policy.arn ) pulumi.Output.all(*[bucket.id for bucket in buckets]).apply( lambda args: create_and_attach_policy(args) )Copy codedef setup_s3_read_write_policy(buckets: List[pulumi.Output], project_name: str, instance_role: iam.Role): """ Create a policy to access a list of buckets in R/W mode """ def create_and_attach_policy(args: List) -> None: policy = json.dumps( { "Statement": [ { "Effect": "Allow", "Action": ["s3:ListBucket"], "Resource": [f"arn:aws:s3:::{arg.id}" for arg in args], }, { "Effect": "Allow", "Action": "s3:GetObject", "Resource": [f"arn:aws:s3:::{arg.id}/*" for arg in args], }, ], } ) S3_POLICY_NAME = create_unique_name(f'{project_name}-buckets-policy') s3_policy = iam.Policy(S3_POLICY_NAME, policy=policy) S3_ROLE_POLICY_ATTACHMENT = create_unique_name( f'{project_name}-buckets-role-policy-attachment' ) iam.RolePolicyAttachment( S3_ROLE_POLICY_ATTACHMENT, role=instance_role, policy_arn=s3_policy.arn ) pulumi.Output.all(*[buckets]).apply( lambda args: create_and_attach_policy(args) ) - n
nutritious-shampoo-16116
10/27/2020, 11:35 AMI don't get why
works if I tell to wait explicitly for the id but not for the s3.Bucket objectpulumi.Output.allπ€ 1b- 2
- 3
- d
damp-elephant-82829
10/30/2020, 9:12 AMHello guys, I am trying to perform testing of custom components but I am still stucked see https://github.com/pulumi/pulumi/issues/5295 . Even if closed, I am not able to get the test pass and @faint-table-42725 explanation is not answering because I added a breakpoint with pdbf- 2
- 3
- d
damp-elephant-82829
10/30/2020, 9:13 AMand I didnβt see it occurring - g
gorgeous-spoon-23700
11/02/2020, 9:00 AMhi, I am looking for an easy way to get the current state of a deployment directly from python code. Right now I use a quick and dirty trick by running
command and extracting the relevant info from the JSON data:pulumi stack exportCopy code
Should I wait for the python implementation of the Automation API? πjq = local["/usr/local/bin/jq"] pulumi = local["pulumi"] chain = pulumi["stack", "export"] | jq['.deployment.resources[] | select(.type == "pulumi:pulumi:Stack") | .outputs.netcams'] netcams = json.loads(chain())r- 2
- 1
- r
red-glass-80261
11/02/2020, 11:29 AMHey everybody my firm is new to pulumi and I'm trying to do some simple stuff with it to get the hang of it. Im trying to push a container to ecr and then supply that container name to the task definition, which clearly requires a JSON serializable string. what is the best way to do that. everything i try is of type Output. Much thanks community!g- 2
- 3
- r
red-glass-80261
11/06/2020, 9:30 PMLooking for some help here. getting the following error message when i try to create a cognito user pool client resource on aws "error creating ELBv2 Listener: InvalidLoadBalancerAction: OAuth flows must be enabled in the user pool client" what arguement enables Oath flows, Im passing in the following for the explicit_auth_flows parameterΒ _explicit_auth_flows_=["ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]). any thing simple am i missing. thanks in advance! - c
clever-nest-47198
11/10/2020, 7:11 PMAre there any Python performance regression tests? On Kubernetes 1.18 clusters with the "serversideapply" feature gate set, we see pulumi-language-python-exec take 100% cpu for minutes as it appears to serialize every single f: managed field as an input. We're putting together a simpler repo now, but its because we do a .apply on a Deployment object, which causes the entire object to be converted into an input. Every single f: field is a nested input that has to be converted which takes a massive amount of time now.bbg- 4
- 5
- c
clever-nest-47198
11/10/2020, 7:12 PMWe disable serversideapply on our kubernetes cluster (or downgrade to 1.17) and suddenly pulumi no longer takes 35 minutes to run pulumi up. - a
average-school-38756
11/11/2020, 10:21 PMi'm looking for a way to create an AWS Lambda archive with dependencies, every time i run
. Is there a resource which will run a bash script or something, so thatpulumi up
could run after?pulumi.FileArchivel- 2
- 4
- p
purple-arm-63328
11/16/2020, 9:07 PMHi! I'm new to Pulumi and I'm having trouble with the sometimes Output, sometimes Awaitable situation.a- 2
- 21
- p
purple-arm-63328
11/16/2020, 9:09 PMWhen using
, how do I get the result? I tried toaws.ec2.getSubnetIds
the Awaitable but the loop is already running. Is there a way to have the main be an async function?run_until_completion - p
purple-arm-63328
11/16/2020, 9:12 PMAnother question, the documentation shows (https://www.pulumi.com/docs/intro/concepts/programming-model/#resource-get) I could do this:
but the signature of that very function takes agroup = aws.ec2.SecurityGroup.get('sg-0dfd33cdac25b1ec9')
and anresource_name
as positional arguments. What am I missing?id- 1
- 2
- c
clean-dentist-2515
11/16/2020, 9:17 PMI'm also new to Pulumi, but I think for
theaws.ec2.SecurityGroup.get
is a name that you choose (a label used to identify the resource in Pulumi) and theresource_name
is the actual security group id from EC2id - p
purple-arm-63328
11/16/2020, 9:18 PMBut when instantiated in this way, Pulumi will not manage the resource so why have a resource_name? - c
clean-dentist-2515
11/16/2020, 9:20 PMπ€·ββοΈ I guess it will show up in your app.pulumi.com control panel under that name... effectively you've "imported" a reference to it into Pulumi - p
purple-arm-63328
11/16/2020, 9:29 PMI do not want to import it. I understand that the
of a resource does not import. Am I wrong?getc- 2
- 2
- g
gentle-diamond-70147
11/16/2020, 9:30 PM
does not import the resource, only gets a reference to it. The resource name is still required for Pulumi to track its usage internally, but does not change or affect the real resource..get() - p
purple-arm-63328
11/16/2020, 9:31 PMOK, I could use some random string? - g
gentle-diamond-70147
11/16/2020, 9:32 PMSure. Or use the same name that you set as the variable name - e.g.my_sg = aws.ec2.SecurityGroup.get('my_sg', 'sg-0dfd33cdac25b1ec9')p- 2
- 2
- p
purple-arm-63328
11/16/2020, 9:32 PMThanks. - p
purple-arm-63328
11/16/2020, 9:32 PM@gentle-diamond-70147 could you look at my second question?gc- 3
- 17
- n
nutritious-shampoo-16116
11/17/2020, 9:46 AMis there anybody using pytest as a test framework? anybody who is mocking stack references also? would love to have some discussion about those, we have big issues with stack references in tests as PulumiMock doesn't seem to work with itπ 1 - n
nutritious-shampoo-16116
11/17/2020, 11:16 AMI made a repo with an example of what failure we have on stackreference => https://github.com/MattBlack85/pulumi_pytest any hint on this would be very much appreciated - p
powerful-art-3002
11/20/2020, 2:07 PM#aws how to create new stage/update old after update api gw?sb- 3
- 14
- d
dry-engine-17210
11/20/2020, 6:48 PMHello! Newcomer to Pulumi and running into a snag. I'm running...Copy code
and...pubsub_topic = pubsub.Topic( "{}-topic".format(PUBSUB_TOPIC_PREFIX) )Copy code
Pulumi fails with:logging_sink = logging.ProjectSink( resource_name="{}-sink".format(LOGGING_SINK_PREFIX), destination="<http://pubsub.googleapis.com/{}|pubsub.googleapis.com/{}>".format(pubsub_topic.id), filter='LOG_ID("<http://cloudaudit.googleapis.com/activity|cloudaudit.googleapis.com/activity>") OR LOG_ID("<http://externalaudit.googleapis.com/activity|externalaudit.googleapis.com/activity>") OR LOG_ID("<http://cloudaudit.googleapis.com/system_event|cloudaudit.googleapis.com/system_event>") OR LOG_ID("<http://externalaudit.googleapis.com/system_event|externalaudit.googleapis.com/system_event>") OR LOG_ID("<http://cloudaudit.googleapis.com/access_transparency|cloudaudit.googleapis.com/access_transparency>") OR LOG_ID("<http://externalaudit.googleapis.com/access_transparency|externalaudit.googleapis.com/access_transparency>")', opts=ResourceOptions( depends_on=[pubsub_topic] ), )Copy code
When I look at "details" view, I see this:gcp:logging:ProjectSink (dev-sink): error: 1 error occurred: * googleapi: Error 400: Cloud Pub/Sub URL is missing projects/[PROJECT_ID], badRequestCopy code
When I seepulumi:pulumi:Stack: (same) [urn=urn:pulumi:dev::infrastructure::pulumi:pulumi:Stack::infrastructure-dev] + gcp:logging/projectSink:ProjectSink: (create) [urn=urn:pulumi:dev::infrastructure::gcp:logging/projectSink:ProjectSink::dev-sink] [provider=urn:pulumi:dev::infrastructure::pulumi:providers:gcp::default_4_3_0::4d0f3a00-dc97-4725-b036-499ca6b7f522] destination : "<http://pubsub.googleapis.com/<pulumi.output.Output|pubsub.googleapis.com/<pulumi.output.Output> object at 0x112b44640>" filter : "LOG_ID(\"<http://cloudaudit.googleapis.com/activity\|cloudaudit.googleapis.com/activity\>") OR LOG_ID(\"<http://externalaudit.googleapis.com/activity\|externalaudit.googleapis.com/activity\>") OR LOG_ID(\"<http://cloudaudit.googleapis.com/system_event\|cloudaudit.googleapis.com/system_event\>") OR LOG_ID(\"<http://externalaudit.googleapis.com/system_event\|externalaudit.googleapis.com/system_event\>") OR LOG_ID(\"<http://cloudaudit.googleapis.com/access_transparency\|cloudaudit.googleapis.com/access_transparency\>") OR LOG_ID(\"<http://externalaudit.googleapis.com/access_transparency\|externalaudit.googleapis.com/access_transparency\>")" name : "dev-sink-bf1e116" uniqueWriterIdentity: false
in the<pulumi.output.Output object at 0x112b44640>
, it makes me think Pulumi hasn't deserialized the actual name, or there is some deferred evaluation that isn't happening? Any suggestions on how to troubleshoot?destination - d
dry-engine-17210
11/20/2020, 8:02 PMWow, wondering if I have fallen into this pit of despair. - d
dry-engine-17210
11/20/2020, 8:39 PMWelp, this seemed to do the trick.Copy codepubsub_topic = pubsub.Topic( "{}-topic".format(PUBSUB_TOPIC_PREFIX) ) pubsub_topic_url = pubsub_topic.id.apply( lambda id: "<http://pubsub.googleapis.com/|pubsub.googleapis.com/>" + id ) logging_sink = logging.ProjectSink( resource_name="{}-sink".format(LOGGING_SINK_PREFIX), destination=pubsub_topic_url, filter='LOG_ID("<http://cloudaudit.googleapis.com/activity|cloudaudit.googleapis.com/activity>") OR LOG_ID("<http://externalaudit.googleapis.com/activity|externalaudit.googleapis.com/activity>") OR LOG_ID("<http://cloudaudit.googleapis.com/system_event|cloudaudit.googleapis.com/system_event>") OR LOG_ID("<http://externalaudit.googleapis.com/system_event|externalaudit.googleapis.com/system_event>") OR LOG_ID("<http://cloudaudit.googleapis.com/access_transparency|cloudaudit.googleapis.com/access_transparency>") OR LOG_ID("<http://externalaudit.googleapis.com/access_transparency|externalaudit.googleapis.com/access_transparency>")' ) - d
dry-engine-17210
11/20/2020, 8:40 PM - d
dry-engine-17210
11/20/2020, 8:40 PMTiL....