https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
python
  • j

    jolly-camera-35709

    10/22/2020, 6:30 AM
    "<pulumi.output.Output object at 0x7fb1d850a550>/myproject:202010191642\n"
  • j

    jolly-camera-35709

    10/22/2020, 6:31 AM
    this is what I was trying to do but didn't work
  • j

    jolly-camera-35709

    10/22/2020, 6:31 AM
    image='{}/{}-build:{}'.format(container_registry.login_server,
                                                                          project_name,
                                                                          get_image_tag_stdout),
    g
    • 2
    • 2
  • s

    strong-musician-98782

    10/22/2020, 12:48 PM
    Hey guys, so i'm working on a dynamic provider for dyndns and it seems to be working quite well.... my only issue is that i keep sending my dyndns username and password to pulumi as outputs even though they are only configured as inputs.... am i doing anything wrong? i've been using https://github.com/pulumi/examples/blob/master/aws-py-dynamicresource/mysql_dynamic_provider.py as an example, in this example what would i need to do in order to not send any of the variables as outputs to pulumi?
    c
    • 2
    • 3
  • b

    bland-lamp-16797

    10/26/2020, 6:11 PM
    I'm trying to use google_project_iam_member and there are 2 main arguments 1. role 2. member but when I look at python IAMMember there are 3 args that are important 1. role 2. member 3. service_account_id So far I've tried this:
    serviceaccount.IAMMember('add data-engineering to roles',
                             member="serviceAccount:71157116@cloudbuild.gserviceaccount.com",
                             role='roles/datastore.importExportAdmin',
                             service_account_id='foo',
                             )
    and I'm confused what service_account_id is if we have member as in terraform
    c
    • 2
    • 2
  • b

    bland-lamp-16797

    10/26/2020, 6:14 PM
    ohhh... I think I should use https://www.pulumi.com/docs/reference/pkg/gcp/projects/iammember/ and not https://www.pulumi.com/docs/reference/pkg/gcp/serviceaccount/iammember/
  • w

    worried-plastic-45846

    10/27/2020, 11:06 AM
    Hello, My
    pulumi up
    fails using pulumi 2.12.1, but works using pulumi 2.11.2. I'm using pulumi-aws 3.6.1. How can I know which versions of pulumi and pulumi-aws are compatible please ?
    c
    • 2
    • 2
  • b

    bland-lamp-16797

    10/27/2020, 11:17 AM
    I think I found the bug, when I run:
    pulumi_gcp.cloudscheduler.Job("what ever",
                                  description="whatever",
                                  schedule="5 4 * * *",
                                  http_target={
                                      'uri': '<https://cloudbuild.googleapis.com/v1/projects/PROJECT_ID/triggers/TRIGGER_ID:run>',
                                      'body': '{}',
                                      'oauth_token': {
                                          'service_account_email': '<mailto:PROJECT_ID@appspot.gserviceaccount.com|PROJECT_ID@appspot.gserviceaccount.com>',
                                          'scope': '<https://www.googleapis.com/auth/cloud-platform>'
                                      }
                                  }
                                  )
    whatever I put in
    'body': '{}',
    I get
    Error creating Job: googleapi: Error 400: Invalid value at 'job.http_target.body' (TYPE_BYTES), Base64 decoding failed for "{}".
    Should I open the bug for this or I'm totally missing what should be in body ? The body Regex should be
    [a-zA-Z\d_-]{1,500}
    e
    • 2
    • 4
  • n

    nutritious-shampoo-16116

    10/27/2020, 11:34 AM
    can anybody tell me why the first version works and the second one doesn't?
    def setup_s3_read_write_policy(buckets: List[pulumi.Output], project_name: str, instance_role: iam.Role):
        """
        Create a policy to access a list of buckets in R/W mode
        """
        def create_and_attach_policy(args: List) -> None:
            policy = json.dumps(
                {
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action": ["s3:ListBucket"],
                            "Resource": [f"arn:aws:s3:::{arg}" for arg in args],
                        },
                        {
                            "Effect": "Allow",
                            "Action": "s3:GetObject",
                            "Resource": [f"arn:aws:s3:::{arg}/*" for arg in args],
                        },
                    ],
                }
            )
            S3_POLICY_NAME = create_unique_name(f'{project_name}-buckets-policy')
            s3_policy = iam.Policy(S3_POLICY_NAME, policy=policy)
            S3_ROLE_POLICY_ATTACHMENT = create_unique_name(
                f'{project_name}-buckets-role-policy-attachment'
            )
            iam.RolePolicyAttachment(
                S3_ROLE_POLICY_ATTACHMENT, role=instance_role, policy_arn=s3_policy.arn
            )
        pulumi.Output.all(*[bucket.id for bucket in buckets]).apply(
            lambda args: create_and_attach_policy(args)
        )
    def setup_s3_read_write_policy(buckets: List[pulumi.Output], project_name: str, instance_role: iam.Role):
        """
        Create a policy to access a list of buckets in R/W mode
        """
        def create_and_attach_policy(args: List) -> None:
            policy = json.dumps(
                {
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action": ["s3:ListBucket"],
                            "Resource": [f"arn:aws:s3:::{arg.id}" for arg in args],
                        },
                        {
                            "Effect": "Allow",
                            "Action": "s3:GetObject",
                            "Resource": [f"arn:aws:s3:::{arg.id}/*" for arg in args],
                        },
                    ],
                }
            )
            S3_POLICY_NAME = create_unique_name(f'{project_name}-buckets-policy')
            s3_policy = iam.Policy(S3_POLICY_NAME, policy=policy)
            S3_ROLE_POLICY_ATTACHMENT = create_unique_name(
                f'{project_name}-buckets-role-policy-attachment'
            )
            iam.RolePolicyAttachment(
                S3_ROLE_POLICY_ATTACHMENT, role=instance_role, policy_arn=s3_policy.arn
            )
        pulumi.Output.all(*[buckets]).apply(
            lambda args: create_and_attach_policy(args)
        )
  • n

    nutritious-shampoo-16116

    10/27/2020, 11:35 AM
    I don't get why
    pulumi.Output.all
    works if I tell to wait explicitly for the id but not for the s3.Bucket object
    šŸ¤” 1
    b
    • 2
    • 3
  • d

    damp-elephant-82829

    10/30/2020, 9:12 AM
    Hello guys, I am trying to perform testing of custom components but I am still stucked see https://github.com/pulumi/pulumi/issues/5295 . Even if closed, I am not able to get the test pass and @faint-table-42725 explanation is not answering because I added a breakpoint with pdb
    f
    • 2
    • 3
  • d

    damp-elephant-82829

    10/30/2020, 9:13 AM
    and I didn’t see it occurring
  • g

    gorgeous-spoon-23700

    11/02/2020, 9:00 AM
    hi, I am looking for an easy way to get the current state of a deployment directly from python code. Right now I use a quick and dirty trick by running
    pulumi stack export
    command and extracting the relevant info from the JSON data:
    jq = local["/usr/local/bin/jq"]
        pulumi = local["pulumi"]
    
        chain = pulumi["stack", "export"] | jq['.deployment.resources[] | select(.type == "pulumi:pulumi:Stack") | .outputs.netcams']
        netcams = json.loads(chain())
    Should I wait for the python implementation of the Automation API? šŸ˜Ž
    r
    • 2
    • 1
  • r

    red-glass-80261

    11/02/2020, 11:29 AM
    Hey everybody my firm is new to pulumi and I'm trying to do some simple stuff with it to get the hang of it. Im trying to push a container to ecr and then supply that container name to the task definition, which clearly requires a JSON serializable string. what is the best way to do that. everything i try is of type Output. Much thanks community!
    g
    • 2
    • 3
  • r

    red-glass-80261

    11/06/2020, 9:30 PM
    Looking for some help here. getting the following error message when i try to create a cognito user pool client resource on aws "error creating ELBv2 Listener: InvalidLoadBalancerAction: OAuth flows must be enabled in the user pool client" what arguement enables Oath flows, Im passing in the following for the explicit_auth_flows parameterĀ _explicit_auth_flows_=["ALLOW_USER_PASSWORD_AUTH", "ALLOW_USER_SRP_AUTH", "ALLOW_REFRESH_TOKEN_AUTH"]). any thing simple am i missing. thanks in advance!
  • c

    clever-nest-47198

    11/10/2020, 7:11 PM
    Are there any Python performance regression tests? On Kubernetes 1.18 clusters with the "serversideapply" feature gate set, we see pulumi-language-python-exec take 100% cpu for minutes as it appears to serialize every single f: managed field as an input. We're putting together a simpler repo now, but its because we do a .apply on a Deployment object, which causes the entire object to be converted into an input. Every single f: field is a nested input that has to be converted which takes a massive amount of time now.
    b
    b
    g
    • 4
    • 5
  • c

    clever-nest-47198

    11/10/2020, 7:12 PM
    We disable serversideapply on our kubernetes cluster (or downgrade to 1.17) and suddenly pulumi no longer takes 35 minutes to run pulumi up.
  • a

    average-school-38756

    11/11/2020, 10:21 PM
    i'm looking for a way to create an AWS Lambda archive with dependencies, every time i run
    pulumi up
    . Is there a resource which will run a bash script or something, so that
    pulumi.FileArchive
    could run after?
    l
    • 2
    • 4
  • p

    purple-arm-63328

    11/16/2020, 9:07 PM
    Hi! I'm new to Pulumi and I'm having trouble with the sometimes Output, sometimes Awaitable situation.
    a
    • 2
    • 21
  • p

    purple-arm-63328

    11/16/2020, 9:09 PM
    When using
    aws.ec2.getSubnetIds
    , how do I get the result? I tried to
    run_until_completion
    the Awaitable but the loop is already running. Is there a way to have the main be an async function?
  • p

    purple-arm-63328

    11/16/2020, 9:12 PM
    Another question, the documentation shows (https://www.pulumi.com/docs/intro/concepts/programming-model/#resource-get) I could do this:
    group = aws.ec2.SecurityGroup.get('sg-0dfd33cdac25b1ec9')
    but the signature of that very function takes a
    resource_name
    and an
    id
    as positional arguments. What am I missing?
    • 1
    • 2
  • c

    clean-dentist-2515

    11/16/2020, 9:17 PM
    I'm also new to Pulumi, but I think for
    aws.ec2.SecurityGroup.get
    the
    resource_name
    is a name that you choose (a label used to identify the resource in Pulumi) and the
    id
    is the actual security group id from EC2
  • p

    purple-arm-63328

    11/16/2020, 9:18 PM
    But when instantiated in this way, Pulumi will not manage the resource so why have a resource_name?
  • c

    clean-dentist-2515

    11/16/2020, 9:20 PM
    šŸ¤·ā€ā™‚ļø I guess it will show up in your app.pulumi.com control panel under that name... effectively you've "imported" a reference to it into Pulumi
  • p

    purple-arm-63328

    11/16/2020, 9:29 PM
    I do not want to import it. I understand that the
    get
    of a resource does not import. Am I wrong?
    c
    • 2
    • 2
  • g

    gentle-diamond-70147

    11/16/2020, 9:30 PM
    .get()
    does not import the resource, only gets a reference to it. The resource name is still required for Pulumi to track its usage internally, but does not change or affect the real resource.
  • p

    purple-arm-63328

    11/16/2020, 9:31 PM
    OK, I could use some random string?
  • g

    gentle-diamond-70147

    11/16/2020, 9:32 PM
    Sure. Or use the same name that you set as the variable name - e.g.
    my_sg = aws.ec2.SecurityGroup.get('my_sg', 'sg-0dfd33cdac25b1ec9')
    p
    • 2
    • 2
  • p

    purple-arm-63328

    11/16/2020, 9:32 PM
    Thanks.
  • p

    purple-arm-63328

    11/16/2020, 9:32 PM
    @gentle-diamond-70147 could you look at my second question?
    g
    c
    • 3
    • 17
Powered by Linen
Title
p

purple-arm-63328

11/16/2020, 9:32 PM
@gentle-diamond-70147 could you look at my second question?
g

gentle-diamond-70147

11/16/2020, 9:33 PM
Which one was that?
p

purple-arm-63328

11/16/2020, 9:36 PM
Javier Ruere When using aws.ec2.getSubnetIds , how do I get the result? I tried to run_until_completion the Awaitable but the loop is already running. Is there a way to have the main be an async function?
g

gentle-diamond-70147

11/16/2020, 9:48 PM
I'm afraid that's beyond my familiarity with Python.
p

purple-arm-63328

11/16/2020, 9:54 PM
Thanks.
c

clean-dentist-2515

11/16/2020, 9:59 PM
most things return an
Output
which is like a future or promise the idiom I've seen elsewhere in the docs is:
real_value = some_output.apply(lambda val: val)
apply
gives you the chance to modify the returned value I'm not sure if there's a shortcut for when you just want the resolved value unchanged I don't think you have to interact with any async event loop stuff directly
p

purple-arm-63328

11/16/2020, 10:11 PM
This particular case does not.
c

clean-dentist-2515

11/16/2020, 10:14 PM
https://github.com/pulumi/pulumi-aws/blob/master/sdk/python/pulumi_aws/ec2/get_subnet_ids.py it returns a
AwaitableGetSubnetIdsResult
? if you try to access properties on that object like
.ids
do they return an
Output
?
p

purple-arm-63328

11/16/2020, 10:14 PM
No, it fails.
c

clean-dentist-2515

11/16/2020, 10:14 PM
oh šŸ˜ž I have no idea, sorry
p

purple-arm-63328

11/16/2020, 10:15 PM
šŸ™
c

clean-dentist-2515

11/16/2020, 10:30 PM
https://github.com/pulumi/pulumi/blob/78edb28590887593c91ffcb31baa52286150528f/sdk/python/lib/pulumi/output.py#L273 maybe...
output = Output.from_input(get_subnet_ids(...))
value = output.apply(lambda val: val)
...can work? šŸ¤·ā€ā™‚ļø
p

purple-arm-63328

11/16/2020, 10:36 PM
I tried something like that but not exactly. It still didn't work. Eventually I need to iterate over the values anyway... I don't know what to do.
g

gentle-diamond-70147

11/16/2020, 11:35 PM
@purple-arm-63328 can you share more about what you're trying to achieve?
p

purple-arm-63328

11/16/2020, 11:47 PM
The particular test I'm running requires to get one VPC (not managed), get some subnets (not managed) and create a Spot Fleet in there configured to use the selected subnets. I need the IDs of the subnets for the LaunchConfiguration and I need to specify one subnet ID per LaunchConfiguration AFAICS.
g

gentle-diamond-70147

11/16/2020, 11:55 PM
Here's an example that might get you started down the right path.
__main__.py
p

purple-arm-63328

11/17/2020, 1:11 AM
Thank you. I'll give it a try.
Thanks for that. There was an additional problem where iterating over an Output would result in all memory being used. By inverting the iteration and using an
apply
, it started working. šŸ™
šŸ‘ 1
View count: 1