pulumi-community #python

Docs

Join the conversation Join Slack

Channels

python

sparse-state-34229

03/16/2021, 7:42 AM

error is`... has a problem: ConflictsWith: "identifier": conflicts with identifier_prefix`

brave-knife-93369

03/18/2021, 10:50 AM

Hi all. I'd like to understand how to package my lambda functions (written in python) from pulumi (also using python). Am I expected to create a pulumi.Archive of my whole project, then pass that to aws.lambda.Function() ? Right now we build the zip manually, I'd like to switch to a cleaner way if that's an option

brave-knife-93369

03/19/2021, 2:35 PM

Hi again folks! I created a Dynamic custom Resource and relevant ResrouceProvider subclass. It works great and is surprisingly easy! One thing I didn't manage to get right however is to log from within the ResourceProvider for teh logs to show up on the resource: how do I get the current resource from e.g. the create() method? In other words: I use pulumi.log.info() successfully, but don't know how to get the second parameter from within the ResrouceProvider's create() call (or any other call for that matter). So the info() text appears for the stack instead of the currently-being-created resource

powerful-art-3002

03/23/2021, 6:59 AM

Hello I have few lambdas which using same code.. so I decided to move boilerplate to another directory and use symbolic link but pulumi thorws error. Is any workaround how to archive lambda "src" dir with files from outside?

few-tent-80031

03/24/2021, 5:04 PM

Hello everybody, I have a question about pulumi output. In my project, I am deploying infrastructure on AWS. I want to use "address" output from RDS instance, and use that as environment variable for ecs container definition. However, it seems that I cannot extract string from address output. I've tried something like this master.address.apply(lambda ad: "{ad}"), but that didn't work. I am using python. Can you guys help me?

square-dress-80180

03/24/2021, 10:19 PM

Hi - would really appreciate some insight into the following:

db_user = os.environ['DB_USER']

# Create Output[Mapping] for use with args[Input[Mapping[str,str]]]
gatheredDBOutput = pulumi.Output.all(
    db_host_address, 
    db_host_port, 
    db_name
)

def createBuildArgs(host_address, host_port, name, user):
    return json.dumps({
        "db_host_address": host_address,
        "db_host_port": host_port,
        "db_name": name,
        "db_user": user,
    })

buildArgs = gatheredDBOutput.apply(lambda args: 
    createBuildArgs(args[0], args[1], args[2], db_user)
)

flask_image = docker.Image("flask-dockerimage",
    image_name=app_ecr_repo_repository_url,
    build=docker.DockerBuild(
        context="./frontend",
        args=buildArgs
    ),
    skip_push=False,
    registry=app_registry
)

square-dress-80180

03/24/2021, 10:20 PM

This causes a

TypeError: Object of type Output is not JSON serializable

square-dress-80180

03/24/2021, 10:20 PM

I have tried many variations of

Output.all().apply()

with and without

json.dumps()

(which came from another help thread here.

square-dress-80180

03/24/2021, 10:22 PM

My understanding is that the

docker.Image()

should accept a type

Output

in the

build.args

based on the source code for

pulumi_docker

. This seems to not be a correct understanding though. I could also be misunderstanding what

pulumi.Input[Mapping[str, pulumi.Input[str]]]

means.

square-dress-80180

03/24/2021, 10:24 PM

I looked at this line is the source code as the guide: https://github.com/pulumi/pulumi-docker/blob/5da13f5d840f13639b6917e54b122d0c59cfffbf/sdk/python/pulumi_docker/docker.py#L85

square-dress-80180

03/24/2021, 10:35 PM

It is this line that causes the error: https://github.com/pulumi/pulumi-docker/blob/5da13f5d840f13639b6917e54b122d0c59cfffbf/sdk/python/pulumi_docker/docker.py#L421

hundreds-painter-6367

03/27/2021, 4:22 PM

Hello everyone, maybe someone can help me?, i’m trying to deploy a starter pulumi project, but i have an issue with this. i made the next steps: •

mkdir example-stack

•

pulumi new--dir example-stack

• i choosed

aws-python

•

cd example-stack

•

pulumi up

And the console showed me this: error: failed to load language plugin python: could not read plugin [/usr/local/bin/pulumi-language-python] stdout: EOF ¿Did someone know how to solve this error? I’m on Mac with python installed on version 3.8

agreeable-ram-97887

03/27/2021, 7:00 PM

Hi people, when generating "spec" and "metadata" inputs for kubernetes resources, how would you all suggest handling inputs that should be given as multi-line literals?

icy-dress-83371

03/29/2021, 7:06 PM

HI all, excuse my stupidity here, but I am trying to work off of an Azure example that is written in typescript (which I am not supoer competent in) wonder if anyone could help convert this pulumi block to python:

const resourceId = (resource: string) =>
  pulumi
    .all([resourceGroup.name, currentSubscription])
    .apply(
      ([resourceGroupName, subscription]) =>
        `/subscriptions/${subscription.subscriptionId}/resourceGroups/${resourceGroupName}/providers/Microsoft.Network/applicationGateways/${applicationGatewayName}/${resource}/${defaultName}`
    );

handsome-state-59775

03/29/2021, 8:01 PM

VM_SIZE = pulumi_azure_native.containerservice.ContainerServiceVMSizeTypes(
        config.require('vmSize'),
)

is there a pitfall here that i don't see yet?

handsome-state-59775

03/30/2021, 12:39 AM

w.r.t.

ResourceOptions

, if i mark resource A as a

parent

of resource B, does it also imply a B

dependsOn

A relationship?

✅ 1

icy-dress-83371

03/30/2021, 3:06 PM

Hi all, Been working through some output related issues in python, hopefully someone can point out my stupid mistake. I am trying to use some output in a block for idintities in azure application gatways. Below is my code block (and the associated function), which are all attempts to do the same thing, but the ONLY one that works is a hardcoded string (the last line, ***'s are real values in my code):

def get_appgw_id(gw_name):
    return Output.concat("/subscriptions/",subscription_id,"/resourceGroups/",resource_group.name,"/providers/Microsoft.ManagedIdentity/userAssignedIdentities/",gw_name)
...
...
identity=network.ManagedServiceIdentityArgs(
        type="UserAssigned",
        user_assigned_identities={
        str(Output.concat(gatewayId.id)): {},
        f"{gatewayId.id.apply(lambda id: id)}": {},
        f"{Output.concat('/subscriptions/',subscription_id,'/resourceGroups/',resource_group.name,'/providers/Microsoft.ManagedIdentity/userAssignedIdentities',gatewayId.name)}": {},
        f"/subscriptions/{subscription_id}/resourcegroups/{resource_group.name}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{gatewayId.name}": {},
        f"{get_appgw_id(gatewayId.name)}": {},
        f"/subscriptions/*****/resourcegroups/*****/providers/Microsoft.ManagedIdentity/userAssignedIdentities/*****": {},

        },
    ),

brave-knife-93369

03/31/2021, 9:37 AM

I'm trying to get an instance of pulumi.FileAsset to take an Output<str> as a parameter. This doesn't work, which is a bit frustrating. Is there a way to workaround the problem to get dynamic file contents? I found https://github.com/pulumi/pulumi/issues/3017 but maybe somebody has a trick on hand?

creamy-knife-53051

03/31/2021, 3:24 PM

Hi all. I have a code like this:

for i in range(replicas):
    vm_fqdn = dns_zone.apply(lambda a: f"couchbase{i + 1}-{db_name}.{a}")
    dns.RecordSet(f'couchbase{i + 1}-recordset-pubzone',
        managed_zone = dns_name,
        name = vm_fqdn,
        rrdatas=[replica.network_interfaces.apply(lambda a: a[0].get('networkIp'))],
        ttl = 300,
        type = "A",
        opts=pulumi.ResourceOptions(depends_on=[couch]))

I think that 'apply' inside a loop is evaluated only on the last step. Finally I have only one dns record. (maybe is related to future/promises) ? How can manage this situation?

astonishing-branch-30086

04/01/2021, 9:31 AM

What is the correct failure status/exception to return when a CRUD operation in a dynamic resource provider fails? I'm following the example here to build a dynamic resource provider in Python. The create() operation of my resource can fail as there a lot of status checks are involved. What status or exception should I return to get a clean failure status in the

pulumi up

output? In the best case I want to see a message that explains the reason of failure. Thanks!

handsome-state-59775

04/05/2021, 9:15 AM

Having issues using secrets from config:

CONFIG_PROJ = p.Config()
REGISTRY_USERNAME = CONFIG_PROJ.require('registryUsername')
REGISTRY_PASSWORD = CONFIG_PROJ.require_secret('registryPassword')

registry_credentials_encoded = base64.b64encode(
    f'{REGISTRY_USERNAME}:{REGISTRY_PASSWORD}'.encode(),
).decode()

When used to create a k8s secret, the decoded version shows the

REGISTRY_PASSWORD

section having the value

<pulumi.output.Output object at 0x152478cd0>

instead of the actual value. Tried

REGISTRY_PASSWORD.apply(lambda s: s)

and

pulumi.Output.all(REGISTRY_PASSWORD).apply(lambda s: s)

as well, with the same result (diff mem location of course). 1. What am I doing wrong here? 2. What's the idiomatic way of resolving the future of an

Output

with if no transformations are required?

✅ 1

adamant-cricket-25794

04/07/2021, 3:08 PM

hello guys. maybe someone here can give me a hand on this one ? I have some code to create service accounts in GCP and bind this accounts to some roles using IAMBindings my issue is that every time I run pulumi up, pulumi updates the service account rolebindings. I guess this is caused by the for loop I am using to create them ? this is my code:

serviceAccounts = [
    ("droneci", "droneci", "Drone Service Account", ["roles/storage.admin"]),
    (
        "spinnaker",
        "spinnaker",
        "Spinnaker Service Account",
        [
            "roles/container.admin",
            "roles/container.clusterAdmin",
            "roles/container.developer",
            "roles/storage.admin",
        ],
    )
]

def bindToRole(name: str, sa: Account, args: Optional[dict] = None):
    """Given a GCP IAM Service Account and a list of roles, create a IAMBinginh between them."""
    for i, role in enumerate(args["roles"]):
        IAMBinding(
            f"{name}-{i}",
            members=[sa.email.apply(lambda email: f"serviceAccount:{email}")],
            project=args["project"],
            role=role,
        )

for saName, saId, saDesc, saRoles in serviceAccounts:
    sa = Account(
        saName, project=conf.get("project"), account_id=saId, display_name=saDesc
    )
    bindToRole(
        f"{saName}-roleBinding", sa, {"project": conf.get("project"), "roles": saRoles}
    )
    saKey = util.createServiceAccountKey(f"{saName}-key", sa)
    export(name=f"{saName}-serviceAccount-key", value=saKey)
    export(name=f"{saName}-serviceAccount-secret", value=util.clientSecret(saKey))
    export(name=f"{saName}-serviceAccount-email", value=sa.email)

and this is an example of the changes it trys to make every time I run this:

~ gcp:projects/iAMBinding:IAMBinding: (refresh)
        [id=my-project/roles/storage.admin]
        [urn=urn:pulumi:dev::my-stack::gcp:projects/iAMBinding:IAMBinding::spinnaker-roleBinding-3]
        [provider=urn:pulumi:dev::my stack::pulumi:providers:gcp::default_4_17_0::620feff3-c68d-4f3f-b35d-715c080f8b7d]
        --outputs:--
      ~ etag     : "BwW/YsjdngI=" => "BwW/YucGdm0="
      ~ members  : [
          ~ [0]: "serviceAccount:spinnaker@my-project.iam.gserviceaccount.com" => "serviceAccount:droneci@my-project.iam.gserviceaccount.com"
        ]

any idea why this might be happening ?

strong-bird-34772

04/08/2021, 9:29 AM

§`34rd 44ss`SAs vf eC D§§

strong-bird-34772

04/08/2021, 9:29 AM

§1§§§§§§§§§§§§§§§

shy-sunset-67287

04/08/2021, 10:51 AM

I’ve just started getting an unhandled error from Pulumi. Worked totally fine on 2 other stacks and then blew up on production 🤦‍♂️ Is this a known issue anywhere or should I make a bug report?

Untitled

fierce-market-67222

04/08/2021, 12:18 PM

hello, i have an issue i want to create IAMMember and keep getting erros like this, the connection to GKE is done in the env and other objects work….

fierce-market-67222

04/08/2021, 12:18 PM

self.user_email_iam_role = iam.IAMMember(
            resource_name="gcp-default-account-iam",
            member=self.user_email,
            role="roles/iam.serviceAccountUser",
            service_account_id=<http://self.sa|self.sa>
        )

fierce-market-67222

04/08/2021, 12:19 PM

do i need something more?

fierce-market-67222

04/08/2021, 12:22 PM

<http://self.sa|self.sa> = iam.Account(
            resource_name="xx",
            project="xx",
            account_id="xx",
            display_name="xx"
        ),

fierce-market-67222

04/08/2021, 12:23 PM

Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xx., forbidden

Title

fierce-market-67222

04/08/2021, 12:23 PM

Error creating service account: googleapi: Error 403: Permission iam.serviceAccounts.create is required to perform this operation on project projects/xx., forbidden

View count: 1