https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
python
  • a

    abundant-book-94104

    11/26/2021, 1:27 AM
    I'm working on setting up private end points in Azure which require some private link code. It is complaining I can't add or configure the PrivateLinkService because private link service network policies enabled. I put a policy disabled in the VNet subnet, but that doesn't appear to be working. What's the secret sauce I'm missing?
    • 1
    • 1
  • i

    important-magician-41327

    11/29/2021, 8:56 AM
    Dear Experts, I want to design a proper python class for a Pulumi AWS deployment, but I am struggling to find the right design. Can someone please help me and tell me what would be the best approach to design a pulumi class that has the following functionality. My design goal is to reuse as much as possible and modularise everything. Those are the Functions which needs to be nested into a Class or Classes:
    Region:
    + VPC
    + IGW
    
    Site
    - VPC(region A)
    - IGW (region A)
    + Subnet
    + Route Table
    
    Site Type A
    - VPC(region A)
    - IGW (region A)
    - Subnet (site 1)
    - Route Table (site 1)
    + EC2
    
    Site Type B
    - VPC(region A)
    - IGW (region A)
    - Subnet (site 1)
    - Route Table (site 1)
    + ECK
    In the above example, resources in Region A is provisioned by the Region Class. The Site Class will import these resources and configure additional resources. Site Type A will import everything from Site 1 and configure some additional resources like EC2 or ECK. How should I structure this with Python Inheritance and Composition?
    p
    b
    • 3
    • 40
  • p

    prehistoric-beach-79855

    11/30/2021, 4:59 PM
    Hello all, How can I get properties of a Repository? When I use: ruri=repo.get(resource_name=reponame, id=repoid) The result is: ruri     : {    + arn             : “arn:aws:ecr:us-east-1:xxxx*:repository/my-repo*”    + encryption_configurations  : [    +   [0]: {        + encryption_type: “AES256"       }     ]    + id             : “my-repox”    + image_scanning_configuration: {      + scan_on_push: false     }    + image_tag_mutability    : “MUTABLE”    + name            : “my-repo”    + registry_id         : “xxxxxx”    + repository_url       : “xxxxx.dkr.ecr.us-east-1.amazonaws.com/my-repo-xxxxx”    + urn             : “urn😛ulumi:dev::gurney-python::aws:ecr/repository:Repository::my-repo” Then I used ruri.apply(lambda r: r[“repository_url”]) but I got this message: TypeError: ‘Repository’ object is not subscriptable So, how should I get the repository_url ?
    p
    s
    • 3
    • 4
  • w

    worried-xylophone-86184

    12/01/2021, 7:13 PM
    I am trying to tweak the token mentioned here (
    xyz:index:StaticPage
    ) , to something like
    company_name:module_name:resource_name
    . But whenever I name it something apart from
    index
    I end up getting this stack trace mentioned in the thread. Can someone help me out with this? I might be missing something obvious
    b
    p
    • 3
    • 13
  • g

    gorgeous-minister-41131

    12/02/2021, 9:55 PM
    is there a programatic way to get the current aws provider’s (or any AWS provider’s) current region code? like
    use1
    or
    usw2
    ?
    r
    • 2
    • 8
  • n

    nutritious-shampoo-16116

    12/03/2021, 1:30 PM
    Anybody knows how this https://github.com/pulumi/pulumi/blob/master/sdk/python/lib/pulumi/runtime/config.py#L24 is cleaned between tests?
  • n

    nutritious-shampoo-16116

    12/03/2021, 1:37 PM
    it seems to me that CONFIG is never cleaned between tests and this may leads to unexpected behaviors if one tests needs a specific config value that shouldn't be there for other test cases
  • g

    gorgeous-minister-41131

    12/03/2021, 8:54 PM
    https://www.pulumi.com/registry/packages/aws/api-docs/ec2transitgateway/peeringattachment/ is there a peeringattachmentAcceptor equivalent for this?
    b
    • 2
    • 6
  • m

    miniature-oxygen-33318

    12/06/2021, 11:24 AM
    Hi where can I find a list of the pulumi automation functions? Getting quite lost on here, just want simple list of functions and what they do, I’m using python and aws https://www.pulumi.com/docs/guides/automation-api/
    r
    • 2
    • 2
  • b

    breezy-painter-29573

    12/06/2021, 9:45 PM
    Hi there! Could you guys please help me to understand why apply from the Output does not work as expected inside a loop?
    def container_definition(image_name, service, env_variables):
        print("service:",service)
        print("env_vars:", env_variables)
        return json.dumps([{
            'name': 'server',
            'image': image_name,
            'networkMode': 'awsvpc',
            'readonlyRootFilesystem': False,
            'essential': True,
            'environment': env_variables,
            ..... Non relevant code continues
        }])
    
    for service in config.common_config['services']:
        env_variables.append({'name': 'SERVICES', 'value': service})
        if service != 'frontend':
            env_variables.append({'name': 'TEMPORAL_CLI_ADDRESS',
                'value': f'{config.common_config["frontend"]["service_name"]}.{config.common_config["dns_namespace"]}'})
        task_definitions[service] = aws.ecs.TaskDefinition(config.common_config[service]['service_name'],
            family=config.common_config[service]['service_name'],
            cpu=config.common_config[service]['cpu'],
            memory=config.common_config[service]['memory'],
            network_mode='awsvpc',
            requires_compatibilities=['FARGATE'],
            execution_role_arn=ecs_task_role.arn,
            task_role_arn=ecs_task_role.arn,
            container_definitions=image.image_name.apply(
                lambda image_name: container_definition(image_name, service, env_variables)),
            tags={
                "Service": "temporal",
            },
            opts=ResourceOptions(depends_on=[log_group]))
    When it is executed for the container_definitions in preview I am seeing env_variables with duplicates and
    service
    is set to the latest in the list of
    config.common_config['services']
    . I do believe it is somehow related to the nature of "Promised" Output, but not an expert in Python enough to catch and fix it. TIA! Everything worked properly in the loop until I needed to add image name for ECR 😄
    ✅ 1
    n
    • 2
    • 2
  • f

    future-daybreak-16512

    12/07/2021, 7:35 AM
    Hi All, Getting the following error while calling get functions from Pulumi Policy class using Python :
    error: Exception calling application: There is no current event loop in thread 'ThreadPoolExecutor-0_0'.
    The sample code :
    from pprint import pprint
    from pulumi_policy import (
      ReportViolation,
      ResourceValidationArgs,
    )
    import pulumi
    import pulumi_aws as aws
    
    config = pulumi.Config()
    
    def ec2_validator(args: ResourceValidationArgs, report_violation: ReportViolation):
    
      if args.resource_type == "aws:ec2/instance:Instance":
        if args.props.get('vpcSecurityGroupIds'): 
          sg_id = aws.ec2.get_security_groups(tags={
            "key": "val",
            "key": "val",
          })
    
          pprint(vars(sg_id))
    Any idea how to fix this error?
  • p

    polite-mechanic-60124

    12/07/2021, 9:15 PM
    I'm running into a python pulumi oddity. I'm rendering a jinja template with variables that are pulumi secrets ie of type pulumi.Output[str] and base64ing it to be used by a user_data field.
    user_data=pulumi.Output.all(
        {
            "cluster_size": cluster_size,
            "secret_id": secret_id,
        }
    ).apply(
        lambda args: render_user_data_output(
            templating_env(),
            "userdata-server.sh.jinja",
            *args,
        )
    ),
    Now for the weird part. If render_user_data_output returns a string, I get a base64 encoded pulumi object address in memory. If it returns a pulumi Output, then it renders the base64 encoded secret. Both versions defined below
    def render_user_data_output(
            env: Environment, template_name: str, kwargs: Mapping[str, Any]
    ) -> str:
        rendered_template = render_template_file(env, template_name, kwargs)
        return base64.b64encode(rendered_template.encode("utf-8")).decode("utf-8")
    def render_user_data_output(
            env: Environment, template_name: str, kwargs: Mapping[str, Any]
    ) -> pulumi.Output:
        rendered_template = render_template_file(env, template_name, kwargs)
        return pulumi.Output.from_input(base64.b64encode(rendered_template.encode("utf-8")).decode("utf-8"))
    Does anyone know what's going on here?
    p
    • 2
    • 7
  • p

    polite-mechanic-60124

    12/07/2021, 9:18 PM
    Even more mind-blowing, if I just change the type hint for the return to a pulumi.Output it works (but fails mypy since its a string)
    def render_user_data_output(
            env: Environment, template_name: str, kwargs: Mapping[str, Any]
    ) -> pulumi.Output:
        rendered_template = render_template_file(env, template_name, kwargs)
        return base64.b64encode(rendered_template.encode("utf-8")).decode("utf-8")
    It's kind of like python loses track of the coroutine and doesn't know to await
    s
    g
    • 3
    • 3
  • n

    nutritious-shampoo-16116

    12/13/2021, 5:39 PM
    hey Pulumi team, we are being bitten again by silence swallowing of exceptions happening in futures. Is there a way to deal with this issue? I don't think swallowing exceptions, which effectively results in a given resource being not seen by Pulumi (and even worse, if the resource was already created , this leads to a destroy) is an option. How this can be reproduced: • Make some target groups • Export or pass them to ECSService in the
    load_balancers_info
    • Apply on the target groups and build the payload expected by AWS with a loop or something • Put an exception in the loop • Exception is not reraised • ECSService is not created or it is dropped
    b
    • 2
    • 8
  • n

    nutritious-shampoo-16116

    12/13/2021, 5:41 PM
    but really any exception raised in a callback silently passes
  • g

    glamorous-kitchen-14786

    12/15/2021, 3:43 PM
    Can anyone point me in the direction of a good example project in Python where the resources have been broken up into different python modules? I've engineered a fairly complex project at this point where I've kept all of my resources discoverable to the pulumi cli by doing imports in the module level
    __init__.py
    files, but I'm running into some difficulty with circular dependencies that I'm not really sure how I would resolve at this point. Essentially I have a file creating secrets in AWS that depends on some infrastructure in another module, and that module would also like to be able to reference the secret values. I tried doing a
    pulumi.export
    on the secret value to get around this, but it seems I cannot actually reference my stack outputs in flight (either they aren't created until the end, or the resource creation ordering is "wrong" -- not sure which). Open to any advice on structuring a project that isn't all in one big
    __main__.py
    or any specific advice about this problem if I've explained it well enough. Sadly I cannot share the actual code, but if it would he helpful I could try to whip up a sample dummy project that replicates the issue without getting me in trouble.
    r
    • 2
    • 2
  • r

    rich-easter-89163

    12/16/2021, 4:51 AM
    Hi people! I'm having an strange issue with aws provider, i reduced my code to this:
    from pulumi_aws import iam
    
    iam.Policy('test', policy='{}')
    It doesn't matter that this will produce an error due to missing fields on policy because I'm not getting an error because my stack just hangs (and sometimes when I interrupt it with ctrl+c it show an
    transport is closing
    error, but not always). The funny thing is that I wrote my code applied on one stack (lets say staging) then when trying to apply it to other stack (lets say production) is when it hangs, I'm using different aws profiles for each stack, but I verified that is properly configured (other stacks with other code but same profile works). Any clues on how to debug this issue? I think the issue is while triying to instanciate the default aws provider but even using very verbose logs I cant see anything that let me fix this.
  • g

    glamorous-kitchen-14786

    12/16/2021, 2:33 PM
    Have you tried stepping through the execution with something like pdb?
  • g

    glamorous-kitchen-14786

    12/16/2021, 2:34 PM
    This way you could see where the code is hanging, which might give you some clues.
  • r

    rich-easter-89163

    12/16/2021, 4:56 PM
    I did something more rudimentary: commenting resources until stoped to hang, so I know that is everytime y try to create any aws resource
  • r

    rich-easter-89163

    12/16/2021, 5:31 PM
    More news: all my stacks of the same AWS account are broken
    b
    r
    • 3
    • 13
  • q

    quiet-plastic-34312

    12/21/2021, 2:01 PM
    Hi Folks there any way to run a python pulumi code as a python code to use debug line by line ... when i try run it i get a "pulumi.errors.RunError: Program run without the Pulumi engine available; re-run using the
    pulumi
    CLI"
    g
    • 2
    • 6
  • d

    dry-answer-66872

    12/22/2021, 6:04 AM
    Hi Team, https://www.pulumi.com/registry/packages/aws/api-docs/s3control/bucketlifecycleconfiguration/ when I try with this example, I am getting _*NameError: name 'aws_s3control_bucket' is not defined*_ Could anyone help in this regard? I am assuming here ''example' as - Lifecycle Name
    bucket=aws_s3control_bucket["example"]["arn"],   --> Bucket ARN
    p
    • 2
    • 2
  • g

    great-sunset-355

    12/22/2021, 9:37 AM
    Is the only option to create VPC endpoints within
    apply()
    when using this code?
    # vpc endpoints
            vpc_endpoints = ["s3", "ecr.dkr", "ecr.api", "logs"]
            region_output = self._config.aws_provider.region
            for endpoint in vpc_endpoints:
            
                service_name = region_output.apply(
                            lambda region: f"com.amazonaws.{region}.{endpoint}"  # endpoint here does not update from the loop variable
                        )
                pulumi_aws.ec2.VpcEndpoint(
                    f"{self._config.name}-{endpoint}-vpc-endpoint",
                    args=pulumi_aws.ec2.VpcEndpointArgs(
                        service_name=service_name,
                        vpc_id=self.vpc.id,
                        tags=self._config.tags,
                    ),
                    opts=self._opts,
                )
    b
    • 2
    • 7
  • h

    helpful-van-82564

    12/22/2021, 1:18 PM
    Hi, I'm deploying linkerd on a pulumi-provisioned cluster (gke) but need to set an annotation to the kube-system namespace to ensure linkerd never runs there. Since I dont own or maintain the namespace or any resources inside it, I dont really want to import it into pulumi; I just want to ensure an annotation exists. is there any straightforward way of doing this?
    b
    • 2
    • 4
  • v

    victorious-exabyte-70545

    12/22/2021, 3:43 PM
    Hi all, I am trying to write a unit test and am running into an issue with mocking azuread.get_group. In MyMocks I hav created the function "call" which is catching the token "azuread:index/getGroup:getGroup" and written to return a value (in this case object_id). The function runs (and should return something) but resource azure.authorization.Assignment receives a None value. This is strange because the mock works for these:
  • v

    victorious-exabyte-70545

    12/22/2021, 3:43 PM
    azure:core/getSubscription:getSubscription
    azure-native:network:getVirtualNetwork
    azure-native:network:getSubnet
    azure:keyvault/getKeyVault:getKeyVault
    azure:containerservice/getRegistry:getRegistry
    azure-native:compute:getSshPublicKey
  • v

    victorious-exabyte-70545

    12/22/2021, 3:43 PM
    but not for
  • v

    victorious-exabyte-70545

    12/22/2021, 3:43 PM
    azuread:index/getGroup:getGroup
    • 1
    • 1
  • v

    victorious-exabyte-70545

    12/22/2021, 3:47 PM
    Any ideas?
Powered by Linen
Title
v

victorious-exabyte-70545

12/22/2021, 3:47 PM
Any ideas?
View count: 2