sparse-state-34229
03/16/2021, 7:42 AMbrave-knife-93369
03/18/2021, 10:50 AMbrave-knife-93369
03/19/2021, 2:35 PMpowerful-art-3002
03/23/2021, 6:59 AMfew-tent-80031
03/24/2021, 5:04 PMsquare-dress-80180
03/24/2021, 10:19 PMdb_user = os.environ['DB_USER']
# Create Output[Mapping] for use with args[Input[Mapping[str,str]]]
gatheredDBOutput = pulumi.Output.all(
db_host_address,
db_host_port,
db_name
)
def createBuildArgs(host_address, host_port, name, user):
return json.dumps({
"db_host_address": host_address,
"db_host_port": host_port,
"db_name": name,
"db_user": user,
})
buildArgs = gatheredDBOutput.apply(lambda args:
createBuildArgs(args[0], args[1], args[2], db_user)
)
flask_image = docker.Image("flask-dockerimage",
image_name=app_ecr_repo_repository_url,
build=docker.DockerBuild(
context="./frontend",
args=buildArgs
),
skip_push=False,
registry=app_registry
)
square-dress-80180
03/24/2021, 10:20 PMTypeError: Object of type Output is not JSON serializable
square-dress-80180
03/24/2021, 10:20 PMOutput.all().apply()
with and without json.dumps()
(which came from another help thread here.square-dress-80180
03/24/2021, 10:22 PMdocker.Image()
should accept a type Output
in the build.args
based on the source code for pulumi_docker
. This seems to not be a correct understanding though. I could also be misunderstanding what pulumi.Input[Mapping[str, pulumi.Input[str]]]
means.square-dress-80180
03/24/2021, 10:24 PMsquare-dress-80180
03/24/2021, 10:35 PMhundreds-painter-6367
03/27/2021, 4:22 PMmkdir example-stack
• pulumi new--dir example-stack
• i choosed aws-python
• cd example-stack
• pulumi up
And the console showed me this:
error: failed to load language plugin python: could not read plugin [/usr/local/bin/pulumi-language-python] stdout: EOF
¿Did someone know how to solve this error?
I’m on Mac with python installed on version 3.8agreeable-ram-97887
03/27/2021, 7:00 PMicy-dress-83371
03/29/2021, 7:06 PMconst resourceId = (resource: string) =>
pulumi
.all([resourceGroup.name, currentSubscription])
.apply(
([resourceGroupName, subscription]) =>
`/subscriptions/${subscription.subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.Network/applicationGateways/${applicationGatewayName}/${resource}/${defaultName}`
);
handsome-state-59775
03/29/2021, 8:01 PMVM_SIZE = pulumi_azure_native.containerservice.ContainerServiceVMSizeTypes(
config.require('vmSize'),
)
is there a pitfall here that i don't see yet?handsome-state-59775
03/30/2021, 12:39 AMResourceOptions
, if i mark resource A as a parent
of resource B, does it also imply a B dependsOn
A relationship?icy-dress-83371
03/30/2021, 3:06 PMdef get_appgw_id(gw_name):
return Output.concat("/subscriptions/",subscription_id,"/resourceGroups/",resource_group.name,"/providers/Microsoft.ManagedIdentity/userAssignedIdentities/",gw_name)
...
...
identity=network.ManagedServiceIdentityArgs(
type="UserAssigned",
user_assigned_identities={
str(Output.concat(gatewayId.id)): {},
f"{gatewayId.id.apply(lambda id: id)}": {},
f"{Output.concat('/subscriptions/',subscription_id,'/resourceGroups/',resource_group.name,'/providers/Microsoft.ManagedIdentity/userAssignedIdentities',gatewayId.name)}": {},
f"/subscriptions/{subscription_id}/resourcegroups/{resource_group.name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{gatewayId.name}": {},
f"{get_appgw_id(gatewayId.name)}": {},
f"/subscriptions/*****/resourcegroups/*****/providers/Microsoft.ManagedIdentity/userAssignedIdentities/*****": {},
},
),
brave-knife-93369
03/31/2021, 9:37 AMcreamy-knife-53051
03/31/2021, 3:24 PMfor i in range(replicas):
vm_fqdn = dns_zone.apply(lambda a: f"couchbase{i + 1}-{db_name}.{a}")
dns.RecordSet(f'couchbase{i + 1}-recordset-pubzone',
managed_zone = dns_name,
name = vm_fqdn,
rrdatas=[replica.network_interfaces.apply(lambda a: a[0].get('networkIp'))],
ttl = 300,
type = "A",
opts=pulumi.ResourceOptions(depends_on=[couch]))
I think that 'apply' inside a loop is evaluated only on the last step. Finally I have only one dns record.
(maybe is related to future/promises) ?
How can manage this situation?astonishing-branch-30086
04/01/2021, 9:31 AMpulumi up
output? In the best case I want to see a message that explains the reason of failure. Thanks!handsome-state-59775
04/05/2021, 9:15 AMCONFIG_PROJ = p.Config()
REGISTRY_USERNAME = CONFIG_PROJ.require('registryUsername')
REGISTRY_PASSWORD = CONFIG_PROJ.require_secret('registryPassword')
registry_credentials_encoded = base64.b64encode(
f'{REGISTRY_USERNAME}:{REGISTRY_PASSWORD}'.encode(),
).decode()
When used to create a k8s secret, the decoded version shows the REGISTRY_PASSWORD
section having the value <pulumi.output.Output object at 0x152478cd0>
instead of the actual value. Tried REGISTRY_PASSWORD.apply(lambda s: s)
and pulumi.Output.all(REGISTRY_PASSWORD).apply(lambda s: s)
as well, with the same result (diff mem location of course).
1. What am I doing wrong here?
2. What's the idiomatic way of resolving the future of an Output
with if no transformations are required?adamant-cricket-25794
04/07/2021, 3:08 PMserviceAccounts = [
("droneci", "droneci", "Drone Service Account", ["roles/storage.admin"]),
(
"spinnaker",
"spinnaker",
"Spinnaker Service Account",
[
"roles/container.admin",
"roles/container.clusterAdmin",
"roles/container.developer",
"roles/storage.admin",
],
)
]
def bindToRole(name: str, sa: Account, args: Optional[dict] = None):
"""Given a GCP IAM Service Account and a list of roles, create a IAMBinginh between them."""
for i, role in enumerate(args["roles"]):
IAMBinding(
f"{name}-{i}",
members=[sa.email.apply(lambda email: f"serviceAccount:{email}")],
project=args["project"],
role=role,
)
for saName, saId, saDesc, saRoles in serviceAccounts:
sa = Account(
saName, project=conf.get("project"), account_id=saId, display_name=saDesc
)
bindToRole(
f"{saName}-roleBinding", sa, {"project": conf.get("project"), "roles": saRoles}
)
saKey = util.createServiceAccountKey(f"{saName}-key", sa)
export(name=f"{saName}-serviceAccount-key", value=saKey)
export(name=f"{saName}-serviceAccount-secret", value=util.clientSecret(saKey))
export(name=f"{saName}-serviceAccount-email", value=sa.email)
and this is an example of the changes it trys to make every time I run this:
~ gcp:projects/iAMBinding:IAMBinding: (refresh)
[id=my-project/roles/storage.admin]
[urn=urn:pulumi:dev::my-stack::gcp:projects/iAMBinding:IAMBinding::spinnaker-roleBinding-3]
[provider=urn:pulumi:dev::my stack::pulumi:providers:gcp::default_4_17_0::620feff3-c68d-4f3f-b35d-715c080f8b7d]
--outputs:--
~ etag : "BwW/YsjdngI=" => "BwW/YucGdm0="
~ members : [
~ [0]: "serviceAccount:spinnaker@my-project.iam.gserviceaccount.com" => "serviceAccount:droneci@my-project.iam.gserviceaccount.com"
]
any idea why this might be happening ?strong-bird-34772
04/08/2021, 9:29 AMstrong-bird-34772
04/08/2021, 9:29 AMshy-sunset-67287
04/08/2021, 10:51 AMfierce-market-67222
04/08/2021, 12:18 PMfierce-market-67222
04/08/2021, 12:18 PMself.user_email_iam_role = iam.IAMMember(
resource_name="gcp-default-account-iam",
member=self.user_email,
role="roles/iam.serviceAccountUser",
service_account_id=<http://self.sa|self.sa>
)
fierce-market-67222
04/08/2021, 12:19 PMfierce-market-67222
04/08/2021, 12:22 PM<http://self.sa|self.sa> = iam.Account(
resource_name="xx",
project="xx",
account_id="xx",
display_name="xx"
),
fierce-market-67222
04/08/2021, 12:23 PMError creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xx., forbidden
fierce-market-67222
04/08/2021, 12:23 PMError creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xx., forbidden