pulumi-community #python

Docs

Join the conversation Join Slack

python

jolly-camera-35709

10/22/2020, 6:30 AM

"<pulumi.output.Output object at 0x7fb1d850a550>/myproject:202010191642\n"

jolly-camera-35709

10/22/2020, 6:31 AM

this is what I was trying to do but didn't work

jolly-camera-35709

10/22/2020, 6:31 AM

image='{}/{}-build:{}'.format(container_registry.login_server,
                                                                      project_name,
                                                                      get_image_tag_stdout),

strong-musician-98782

10/22/2020, 12:48 PM

Hey guys, so i'm working on a dynamic provider for dyndns and it seems to be working quite well.... my only issue is that i keep sending my dyndns username and password to pulumi as outputs even though they are only configured as inputs.... am i doing anything wrong? i've been using https://github.com/pulumi/examples/blob/master/aws-py-dynamicresource/mysql_dynamic_provider.py as an example, in this example what would i need to do in order to not send any of the variables as outputs to pulumi?

bland-lamp-16797

10/26/2020, 6:11 PM

I'm trying to use google_project_iam_member and there are 2 main arguments 1. role 2. member but when I look at python IAMMember there are 3 args that are important 1. role 2. member 3. service_account_id So far I've tried this:

serviceaccount.IAMMember('add data-engineering to roles',
                         member="serviceAccount:71157116@cloudbuild.gserviceaccount.com",
                         role='roles/datastore.importExportAdmin',
                         service_account_id='foo',
                         )

and I'm confused what service_account_id is if we have member as in terraform

bland-lamp-16797

10/26/2020, 6:14 PM

ohhh... I think I should use https://www.pulumi.com/docs/reference/pkg/gcp/projects/iammember/ and not https://www.pulumi.com/docs/reference/pkg/gcp/serviceaccount/iammember/

worried-plastic-45846

10/27/2020, 11:06 AM

Hello, My

pulumi up

fails using pulumi 2.12.1, but works using pulumi 2.11.2. I'm using pulumi-aws 3.6.1. How can I know which versions of pulumi and pulumi-aws are compatible please ?

bland-lamp-16797

10/27/2020, 11:17 AM

I think I found the bug, when I run:

pulumi_gcp.cloudscheduler.Job("what ever",
                              description="whatever",
                              schedule="5 4 * * *",
                              http_target={
                                  'uri': '<https://cloudbuild.googleapis.com/v1/projects/PROJECT_ID/triggers/TRIGGER_ID:run>',
                                  'body': '{}',
                                  'oauth_token': {
                                      'service_account_email': '<mailto:PROJECT_ID@appspot.gserviceaccount.com|PROJECT_ID@appspot.gserviceaccount.com>',
                                      'scope': '<https://www.googleapis.com/auth/cloud-platform>'
                                  }
                              }
                              )

whatever I put in

'body': '{}',

I get

Error creating Job: googleapi: Error 400: Invalid value at 'job.http_target.body' (TYPE_BYTES), Base64 decoding failed for "{}".

Should I open the bug for this or I'm totally missing what should be in body ? The body Regex should be

[a-zA-Z\d_-]{1,500}

nutritious-shampoo-16116

10/27/2020, 11:34 AM

can anybody tell me why the first version works and the second one doesn't?

def setup_s3_read_write_policy(buckets: List[pulumi.Output], project_name: str, instance_role: iam.Role):
    """
    Create a policy to access a list of buckets in R/W mode
    """
    def create_and_attach_policy(args: List) -> None:
        policy = json.dumps(
            {
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Action": ["s3:ListBucket"],
                        "Resource": [f"arn:aws:s3:::{arg}" for arg in args],
                    },
                    {
                        "Effect": "Allow",
                        "Action": "s3:GetObject",
                        "Resource": [f"arn:aws:s3:::{arg}/*" for arg in args],
                    },
                ],
            }
        )
        S3_POLICY_NAME = create_unique_name(f'{project_name}-buckets-policy')
        s3_policy = iam.Policy(S3_POLICY_NAME, policy=policy)
        S3_ROLE_POLICY_ATTACHMENT = create_unique_name(
            f'{project_name}-buckets-role-policy-attachment'
        )
        iam.RolePolicyAttachment(
            S3_ROLE_POLICY_ATTACHMENT, role=instance_role, policy_arn=s3_policy.arn
        )
    pulumi.Output.all(*[bucket.id for bucket in buckets]).apply(
        lambda args: create_and_attach_policy(args)
    )

def setup_s3_read_write_policy(buckets: List[pulumi.Output], project_name: str, instance_role: iam.Role):
    """
    Create a policy to access a list of buckets in R/W mode
    """
    def create_and_attach_policy(args: List) -> None:
        policy = json.dumps(
            {
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Action": ["s3:ListBucket"],
                        "Resource": [f"arn:aws:s3:::{arg.id}" for arg in args],
                    },
                    {
                        "Effect": "Allow",
                        "Action": "s3:GetObject",
                        "Resource": [f"arn:aws:s3:::{arg.id}/*" for arg in args],
                    },
                ],
            }
        )
        S3_POLICY_NAME = create_unique_name(f'{project_name}-buckets-policy')
        s3_policy = iam.Policy(S3_POLICY_NAME, policy=policy)
        S3_ROLE_POLICY_ATTACHMENT = create_unique_name(
            f'{project_name}-buckets-role-policy-attachment'
        )
        iam.RolePolicyAttachment(
            S3_ROLE_POLICY_ATTACHMENT, role=instance_role, policy_arn=s3_policy.arn
        )
    pulumi.Output.all(*[buckets]).apply(
        lambda args: create_and_attach_policy(args)
    )

nutritious-shampoo-16116

10/27/2020, 11:35 AM

I don't get why

pulumi.Output.all

works if I tell to wait explicitly for the id but not for the s3.Bucket object

🤔 1

damp-elephant-82829

10/30/2020, 9:12 AM

Hello guys, I am trying to perform testing of custom components but I am still stucked see https://github.com/pulumi/pulumi/issues/5295 . Even if closed, I am not able to get the test pass and @faint-table-42725 explanation is not answering because I added a breakpoint with pdb

damp-elephant-82829

10/30/2020, 9:13 AM

and I didn’t see it occurring

gorgeous-spoon-23700

11/02/2020, 9:00 AM

hi, I am looking for an easy way to get the current state of a deployment directly from python code. Right now I use a quick and dirty trick by running

pulumi stack export

command and extracting the relevant info from the JSON data:

jq = local["/usr/local/bin/jq"]
    pulumi = local["pulumi"]

    chain = pulumi["stack", "export"] | jq['.deployment.resources[] | select(.type == "pulumi:pulumi:Stack") | .outputs.netcams']
    netcams = json.loads(chain())

Should I wait for the python implementation of the Automation API? 😎

red-glass-80261

11/02/2020, 11:29 AM

Hey everybody my firm is new to pulumi and I'm trying to do some simple stuff with it to get the hang of it. Im trying to push a container to ecr and then supply that container name to the task definition, which clearly requires a JSON serializable string. what is the best way to do that. everything i try is of type Output. Much thanks community!

red-glass-80261

11/06/2020, 9:30 PM

Looking for some help here. getting the following error message when i try to create a cognito user pool client resource on aws "error creating ELBv2 Listener: InvalidLoadBalancerAction: OAuth flows must be enabled in the user pool client" what arguement enables Oath flows, Im passing in the following for the explicit_auth_flows parameter _explicit_auth_flows_=["ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]). any thing simple am i missing. thanks in advance!

clever-nest-47198

11/10/2020, 7:11 PM

Are there any Python performance regression tests? On Kubernetes 1.18 clusters with the "serversideapply" feature gate set, we see pulumi-language-python-exec take 100% cpu for minutes as it appears to serialize every single f: managed field as an input. We're putting together a simpler repo now, but its because we do a .apply on a Deployment object, which causes the entire object to be converted into an input. Every single f: field is a nested input that has to be converted which takes a massive amount of time now.

clever-nest-47198

11/10/2020, 7:12 PM

We disable serversideapply on our kubernetes cluster (or downgrade to 1.17) and suddenly pulumi no longer takes 35 minutes to run pulumi up.

average-school-38756

11/11/2020, 10:21 PM

i'm looking for a way to create an AWS Lambda archive with dependencies, every time i run

pulumi up

. Is there a resource which will run a bash script or something, so that

pulumi.FileArchive

could run after?

purple-arm-63328

11/16/2020, 9:07 PM

Hi! I'm new to Pulumi and I'm having trouble with the sometimes Output, sometimes Awaitable situation.

purple-arm-63328

11/16/2020, 9:09 PM

When using

aws.ec2.getSubnetIds

, how do I get the result? I tried to

run_until_completion

the Awaitable but the loop is already running. Is there a way to have the main be an async function?

purple-arm-63328

11/16/2020, 9:12 PM

Another question, the documentation shows (https://www.pulumi.com/docs/intro/concepts/programming-model/#resource-get) I could do this:

group = aws.ec2.SecurityGroup.get('sg-0dfd33cdac25b1ec9')

but the signature of that very function takes a

resource_name

and an

id

as positional arguments. What am I missing?

clean-dentist-2515

11/16/2020, 9:17 PM

I'm also new to Pulumi, but I think for

aws.ec2.SecurityGroup.get

the

resource_name

is a name that you choose (a label used to identify the resource in Pulumi) and the

id

is the actual security group id from EC2

purple-arm-63328

11/16/2020, 9:18 PM

But when instantiated in this way, Pulumi will not manage the resource so why have a resource_name?

clean-dentist-2515

11/16/2020, 9:20 PM

🤷‍♂️ I guess it will show up in your app.pulumi.com control panel under that name... effectively you've "imported" a reference to it into Pulumi

purple-arm-63328

11/16/2020, 9:29 PM

I do not want to import it. I understand that the

get

of a resource does not import. Am I wrong?

gentle-diamond-70147

11/16/2020, 9:30 PM

.get()

does not import the resource, only gets a reference to it. The resource name is still required for Pulumi to track its usage internally, but does not change or affect the real resource.

purple-arm-63328

11/16/2020, 9:31 PM

OK, I could use some random string?

gentle-diamond-70147

11/16/2020, 9:32 PM

Sure. Or use the same name that you set as the variable name - e.g.

my_sg = aws.ec2.SecurityGroup.get('my_sg', 'sg-0dfd33cdac25b1ec9')

purple-arm-63328

11/16/2020, 9:32 PM

Thanks.

purple-arm-63328

11/16/2020, 9:32 PM

@gentle-diamond-70147 could you look at my second question?

Title

purple-arm-63328

11/16/2020, 9:32 PM

@gentle-diamond-70147 could you look at my second question?

gentle-diamond-70147

11/16/2020, 9:33 PM

Which one was that?

purple-arm-63328

11/16/2020, 9:36 PM

Javier Ruere When using aws.ec2.getSubnetIds , how do I get the result? I tried to run_until_completion the Awaitable but the loop is already running. Is there a way to have the main be an async function?

gentle-diamond-70147

11/16/2020, 9:48 PM

I'm afraid that's beyond my familiarity with Python.

purple-arm-63328

11/16/2020, 9:54 PM

Thanks.

clean-dentist-2515

11/16/2020, 9:59 PM

most things return an

Output

which is like a future or promise the idiom I've seen elsewhere in the docs is:

real_value = some_output.apply(lambda val: val)

apply

gives you the chance to modify the returned value I'm not sure if there's a shortcut for when you just want the resolved value unchanged I don't think you have to interact with any async event loop stuff directly

purple-arm-63328

11/16/2020, 10:11 PM

This particular case does not.

clean-dentist-2515

11/16/2020, 10:14 PM

https://github.com/pulumi/pulumi-aws/blob/master/sdk/python/pulumi_aws/ec2/get_subnet_ids.py it returns a

AwaitableGetSubnetIdsResult

? if you try to access properties on that object like

.ids

do they return an

Output

purple-arm-63328

11/16/2020, 10:14 PM

No, it fails.

clean-dentist-2515

11/16/2020, 10:14 PM

oh 😞 I have no idea, sorry

purple-arm-63328

11/16/2020, 10:15 PM

🙏

clean-dentist-2515

11/16/2020, 10:30 PM

https://github.com/pulumi/pulumi/blob/78edb28590887593c91ffcb31baa52286150528f/sdk/python/lib/pulumi/output.py#L273 maybe...

output = Output.from_input(get_subnet_ids(...))
value = output.apply(lambda val: val)

...can work? 🤷‍♂️

purple-arm-63328

11/16/2020, 10:36 PM

I tried something like that but not exactly. It still didn't work. Eventually I need to iterate over the values anyway... I don't know what to do.

gentle-diamond-70147

11/16/2020, 11:35 PM

@purple-arm-63328 can you share more about what you're trying to achieve?

purple-arm-63328

11/16/2020, 11:47 PM

The particular test I'm running requires to get one VPC (not managed), get some subnets (not managed) and create a Spot Fleet in there configured to use the selected subnets. I need the IDs of the subnets for the LaunchConfiguration and I need to specify one subnet ID per LaunchConfiguration AFAICS.

gentle-diamond-70147

11/16/2020, 11:55 PM

Here's an example that might get you started down the right path.

__main__.py

purple-arm-63328

11/17/2020, 1:11 AM

Thank you. I'll give it a try.

Thanks for that. There was an additional problem where iterating over an Output would result in all memory being used. By inverting the iteration and using an

apply

, it started working. 🙏

👍 1

View count: 1