https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
python
  • s

    sparse-state-34229

    03/16/2021, 7:42 AM
    error is`... has a problem: ConflictsWith: "identifier": conflicts with identifier_prefix`
  • b

    brave-knife-93369

    03/18/2021, 10:50 AM
    Hi all. I'd like to understand how to package my lambda functions (written in python) from pulumi (also using python). Am I expected to create a pulumi.Archive of my whole project, then pass that to aws.lambda.Function() ? Right now we build the zip manually, I'd like to switch to a cleaner way if that's an option
    b
    • 2
    • 6
  • b

    brave-knife-93369

    03/19/2021, 2:35 PM
    Hi again folks! I created a Dynamic custom Resource and relevant ResrouceProvider subclass. It works great and is surprisingly easy! One thing I didn't manage to get right however is to log from within the ResourceProvider for teh logs to show up on the resource: how do I get the current resource from e.g. the create() method? In other words: I use pulumi.log.info() successfully, but don't know how to get the second parameter from within the ResrouceProvider's create() call (or any other call for that matter). So the info() text appears for the stack instead of the currently-being-created resource
  • p

    powerful-art-3002

    03/23/2021, 6:59 AM
    Hello I have few lambdas which using same code.. so I decided to move boilerplate to another directory and use symbolic link but pulumi thorws error. Is any workaround how to archive lambda "src" dir with files from outside?
  • f

    few-tent-80031

    03/24/2021, 5:04 PM
    Hello everybody, I have a question about pulumi output. In my project, I am deploying infrastructure on AWS. I want to use "address" output from RDS instance, and use that as environment variable for ecs container definition. However, it seems that I cannot extract string from address output. I've tried something like this master.address.apply(lambda ad: "{ad}"), but that didn't work. I am using python. Can you guys help me?
    w
    • 2
    • 1
  • s

    square-dress-80180

    03/24/2021, 10:19 PM
    Hi - would really appreciate some insight into the following:
    db_user = os.environ['DB_USER']
    
    # Create Output[Mapping] for use with args[Input[Mapping[str,str]]]
    gatheredDBOutput = pulumi.Output.all(
        db_host_address, 
        db_host_port, 
        db_name
    )
    
    def createBuildArgs(host_address, host_port, name, user):
        return json.dumps({
            "db_host_address": host_address,
            "db_host_port": host_port,
            "db_name": name,
            "db_user": user,
        })
    
    buildArgs = gatheredDBOutput.apply(lambda args: 
        createBuildArgs(args[0], args[1], args[2], db_user)
    )
    
    flask_image = docker.Image("flask-dockerimage",
        image_name=app_ecr_repo_repository_url,
        build=docker.DockerBuild(
            context="./frontend",
            args=buildArgs
        ),
        skip_push=False,
        registry=app_registry
    )
    r
    • 2
    • 5
  • s

    square-dress-80180

    03/24/2021, 10:20 PM
    This causes a
    TypeError: Object of type Output is not JSON serializable
  • s

    square-dress-80180

    03/24/2021, 10:20 PM
    I have tried many variations of
    Output.all().apply()
    with and without
    json.dumps()
    (which came from another help thread here.
  • s

    square-dress-80180

    03/24/2021, 10:22 PM
    My understanding is that the
    docker.Image()
    should accept a type
    Output
    in the
    build.args
    based on the source code for
    pulumi_docker
    . This seems to not be a correct understanding though. I could also be misunderstanding what
    pulumi.Input[Mapping[str, pulumi.Input[str]]]
    means.
    r
    • 2
    • 1
  • s

    square-dress-80180

    03/24/2021, 10:24 PM
    I looked at this line is the source code as the guide: https://github.com/pulumi/pulumi-docker/blob/5da13f5d840f13639b6917e54b122d0c59cfffbf/sdk/python/pulumi_docker/docker.py#L85
  • s

    square-dress-80180

    03/24/2021, 10:35 PM
    It is this line that causes the error: https://github.com/pulumi/pulumi-docker/blob/5da13f5d840f13639b6917e54b122d0c59cfffbf/sdk/python/pulumi_docker/docker.py#L421
    • 1
    • 2
  • h

    hundreds-painter-6367

    03/27/2021, 4:22 PM
    Hello everyone, maybe someone can help me?, i’m trying to deploy a starter pulumi project, but i have an issue with this. i made the next steps: •
    mkdir example-stack
    •
    pulumi new--dir example-stack
    • i choosed
    aws-python
    •
    cd example-stack
    •
    pulumi up
    And the console showed me this: error: failed to load language plugin python: could not read plugin [/usr/local/bin/pulumi-language-python] stdout: EOF ¿Did someone know how to solve this error? I’m on Mac with python installed on version 3.8
  • a

    agreeable-ram-97887

    03/27/2021, 7:00 PM
    Hi people, when generating "spec" and "metadata" inputs for kubernetes resources, how would you all suggest handling inputs that should be given as multi-line literals?
    b
    • 2
    • 13
  • i

    icy-dress-83371

    03/29/2021, 7:06 PM
    HI all, excuse my stupidity here, but I am trying to work off of an Azure example that is written in typescript (which I am not supoer competent in) wonder if anyone could help convert this pulumi block to python:
    const resourceId = (resource: string) =>
      pulumi
        .all([resourceGroup.name, currentSubscription])
        .apply(
          ([resourceGroupName, subscription]) =>
            `/subscriptions/${subscription.subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.Network/applicationGateways/${applicationGatewayName}/${resource}/${defaultName}`
        );
    h
    s
    • 3
    • 5
  • h

    handsome-state-59775

    03/29/2021, 8:01 PM
    VM_SIZE = pulumi_azure_native.containerservice.ContainerServiceVMSizeTypes(
            config.require('vmSize'),
    )
    is there a pitfall here that i don't see yet?
  • h

    handsome-state-59775

    03/30/2021, 12:39 AM
    w.r.t.
    ResourceOptions
    , if i mark resource A as a
    parent
    of resource B, does it also imply a B
    dependsOn
    A relationship?
    ✅ 1
    b
    • 2
    • 1
  • i

    icy-dress-83371

    03/30/2021, 3:06 PM
    Hi all, Been working through some output related issues in python, hopefully someone can point out my stupid mistake. I am trying to use some output in a block for idintities in azure application gatways. Below is my code block (and the associated function), which are all attempts to do the same thing, but the ONLY one that works is a hardcoded string (the last line, ***'s are real values in my code):
    def get_appgw_id(gw_name):
        return Output.concat("/subscriptions/",subscription_id,"/resourceGroups/",resource_group.name,"/providers/Microsoft.ManagedIdentity/userAssignedIdentities/",gw_name)
    ...
    ...
    identity=network.ManagedServiceIdentityArgs(
            type="UserAssigned",
            user_assigned_identities={
            str(Output.concat(gatewayId.id)): {},
            f"{gatewayId.id.apply(lambda id: id)}": {},
            f"{Output.concat('/subscriptions/',subscription_id,'/resourceGroups/',resource_group.name,'/providers/Microsoft.ManagedIdentity/userAssignedIdentities',gatewayId.name)}": {},
            f"/subscriptions/{subscription_id}/resourcegroups/{resource_group.name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{gatewayId.name}": {},
            f"{get_appgw_id(gatewayId.name)}": {},
            f"/subscriptions/*****/resourcegroups/*****/providers/Microsoft.ManagedIdentity/userAssignedIdentities/*****": {},
    
            },
        ),
    • 1
    • 1
  • b

    brave-knife-93369

    03/31/2021, 9:37 AM
    I'm trying to get an instance of pulumi.FileAsset to take an Output<str> as a parameter. This doesn't work, which is a bit frustrating. Is there a way to workaround the problem to get dynamic file contents? I found https://github.com/pulumi/pulumi/issues/3017 but maybe somebody has a trick on hand?
    • 1
    • 1
  • c

    creamy-knife-53051

    03/31/2021, 3:24 PM
    Hi all. I have a code like this:
    for i in range(replicas):
        vm_fqdn = dns_zone.apply(lambda a: f"couchbase{i + 1}-{db_name}.{a}")
        dns.RecordSet(f'couchbase{i + 1}-recordset-pubzone',
            managed_zone = dns_name,
            name = vm_fqdn,
            rrdatas=[replica.network_interfaces.apply(lambda a: a[0].get('networkIp'))],
            ttl = 300,
            type = "A",
            opts=pulumi.ResourceOptions(depends_on=[couch]))
    I think that 'apply' inside a loop is evaluated only on the last step. Finally I have only one dns record. (maybe is related to future/promises) ? How can manage this situation?
  • a

    astonishing-branch-30086

    04/01/2021, 9:31 AM
    What is the correct failure status/exception to return when a CRUD operation in a dynamic resource provider fails? I'm following the example here to build a dynamic resource provider in Python. The create() operation of my resource can fail as there a lot of status checks are involved. What status or exception should I return to get a clean failure status in the
    pulumi up
    output? In the best case I want to see a message that explains the reason of failure. Thanks!
    b
    • 2
    • 3
  • h

    handsome-state-59775

    04/05/2021, 9:15 AM
    Having issues using secrets from config:
    CONFIG_PROJ = p.Config()
    REGISTRY_USERNAME = CONFIG_PROJ.require('registryUsername')
    REGISTRY_PASSWORD = CONFIG_PROJ.require_secret('registryPassword')
    
    registry_credentials_encoded = base64.b64encode(
        f'{REGISTRY_USERNAME}:{REGISTRY_PASSWORD}'.encode(),
    ).decode()
    When used to create a k8s secret, the decoded version shows the
    REGISTRY_PASSWORD
    section having the value
    <pulumi.output.Output object at 0x152478cd0>
    instead of the actual value. Tried
    REGISTRY_PASSWORD.apply(lambda s: s)
    and
    pulumi.Output.all(REGISTRY_PASSWORD).apply(lambda s: s)
    as well, with the same result (diff mem location of course). 1. What am I doing wrong here? 2. What's the idiomatic way of resolving the future of an
    Output
    with if no transformations are required?
    ✅ 1
    • 1
    • 1
  • a

    adamant-cricket-25794

    04/07/2021, 3:08 PM
    hello guys. maybe someone here can give me a hand on this one ? I have some code to create service accounts in GCP and bind this accounts to some roles using IAMBindings my issue is that every time I run pulumi up, pulumi updates the service account rolebindings. I guess this is caused by the for loop I am using to create them ? this is my code:
    serviceAccounts = [
        ("droneci", "droneci", "Drone Service Account", ["roles/storage.admin"]),
        (
            "spinnaker",
            "spinnaker",
            "Spinnaker Service Account",
            [
                "roles/container.admin",
                "roles/container.clusterAdmin",
                "roles/container.developer",
                "roles/storage.admin",
            ],
        )
    ]
    
    def bindToRole(name: str, sa: Account, args: Optional[dict] = None):
        """Given a GCP IAM Service Account and a list of roles, create a IAMBinginh between them."""
        for i, role in enumerate(args["roles"]):
            IAMBinding(
                f"{name}-{i}",
                members=[sa.email.apply(lambda email: f"serviceAccount:{email}")],
                project=args["project"],
                role=role,
            )
    
    for saName, saId, saDesc, saRoles in serviceAccounts:
        sa = Account(
            saName, project=conf.get("project"), account_id=saId, display_name=saDesc
        )
        bindToRole(
            f"{saName}-roleBinding", sa, {"project": conf.get("project"), "roles": saRoles}
        )
        saKey = util.createServiceAccountKey(f"{saName}-key", sa)
        export(name=f"{saName}-serviceAccount-key", value=saKey)
        export(name=f"{saName}-serviceAccount-secret", value=util.clientSecret(saKey))
        export(name=f"{saName}-serviceAccount-email", value=sa.email)
    and this is an example of the changes it trys to make every time I run this:
    ~ gcp:projects/iAMBinding:IAMBinding: (refresh)
            [id=my-project/roles/storage.admin]
            [urn=urn:pulumi:dev::my-stack::gcp:projects/iAMBinding:IAMBinding::spinnaker-roleBinding-3]
            [provider=urn:pulumi:dev::my stack::pulumi:providers:gcp::default_4_17_0::620feff3-c68d-4f3f-b35d-715c080f8b7d]
            --outputs:--
          ~ etag     : "BwW/YsjdngI=" => "BwW/YucGdm0="
          ~ members  : [
              ~ [0]: "serviceAccount:spinnaker@my-project.iam.gserviceaccount.com" => "serviceAccount:droneci@my-project.iam.gserviceaccount.com"
            ]
    any idea why this might be happening ?
    s
    • 2
    • 3
  • s

    strong-bird-34772

    04/08/2021, 9:29 AM
    §`34rd 44ss`SAs vf eC D§§
  • s

    strong-bird-34772

    04/08/2021, 9:29 AM
    §1§§§§§§§§§§§§§§§
  • s

    shy-sunset-67287

    04/08/2021, 10:51 AM
    I’ve just started getting an unhandled error from Pulumi. Worked totally fine on 2 other stacks and then blew up on production 🤦‍♂️ Is this a known issue anywhere or should I make a bug report?
    Untitled
    • 1
    • 1
  • f

    fierce-market-67222

    04/08/2021, 12:18 PM
    hello, i have an issue i want to create IAMMember and keep getting erros like this, the connection to GKE is done in the env and other objects work….
  • f

    fierce-market-67222

    04/08/2021, 12:18 PM
    self.user_email_iam_role = iam.IAMMember(
                resource_name="gcp-default-account-iam",
                member=self.user_email,
                role="roles/iam.serviceAccountUser",
                service_account_id=<http://self.sa|self.sa>
            )
  • f

    fierce-market-67222

    04/08/2021, 12:19 PM
    do i need something more?
  • f

    fierce-market-67222

    04/08/2021, 12:22 PM
    <http://self.sa|self.sa> = iam.Account(
                resource_name="xx",
                project="xx",
                account_id="xx",
                display_name="xx"
            ),
  • f

    fierce-market-67222

    04/08/2021, 12:23 PM
    Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xx., forbidden
Powered by Linen
Title
f

fierce-market-67222

04/08/2021, 12:23 PM
Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xx., forbidden
View count: 1