pulumi-community #python

python

abundant-book-94104

11/26/2021, 1:27 AM

I'm working on setting up private end points in Azure which require some private link code. It is complaining I can't add or configure the PrivateLinkService because private link service network policies enabled. I put a policy disabled in the VNet subnet, but that doesn't appear to be working. What's the secret sauce I'm missing?

important-magician-41327

11/29/2021, 8:56 AM

Dear Experts, I want to design a proper python class for a Pulumi AWS deployment, but I am struggling to find the right design. Can someone please help me and tell me what would be the best approach to design a pulumi class that has the following functionality. My design goal is to reuse as much as possible and modularise everything. Those are the Functions which needs to be nested into a Class or Classes:

Region:
+ VPC
+ IGW

Site
- VPC(region A)
- IGW (region A)
+ Subnet
+ Route Table

Site Type A
- VPC(region A)
- IGW (region A)
- Subnet (site 1)
- Route Table (site 1)
+ EC2

Site Type B
- VPC(region A)
- IGW (region A)
- Subnet (site 1)
- Route Table (site 1)
+ ECK

In the above example, resources in Region A is provisioned by the Region Class. The Site Class will import these resources and configure additional resources. Site Type A will import everything from Site 1 and configure some additional resources like EC2 or ECK. How should I structure this with Python Inheritance and Composition?

prehistoric-beach-79855

11/30/2021, 4:59 PM

Hello all, How can I get properties of a Repository? When I use: ruri=repo.get(resource_name=reponame, id=repoid) The result is: ruri : { + arn : “arn:aws:ecr:us-east-1:xxxx*:repository/my-repo*” + encryption_configurations : [ + [0]: { + encryption_type: “AES256" } ] + id : “my-repox” + image_scanning_configuration: { + scan_on_push: false } + image_tag_mutability : “MUTABLE” + name : “my-repo” + registry_id : “xxxxxx” + repository_url : “xxxxx.dkr.ecr.us-east-1.amazonaws.com/my-repo-xxxxx” + urn : “urn😛ulumi:dev::gurney-python::aws:ecr/repository:Repository::my-repo” Then I used ruri.apply(lambda r: r[“repository_url”]) but I got this message: TypeError: ‘Repository’ object is not subscriptable So, how should I get the repository_url ?

worried-xylophone-86184

12/01/2021, 7:13 PM

I am trying to tweak the token mentioned here (

xyz:index:StaticPage

) , to something like

company_name:module_name:resource_name

. But whenever I name it something apart from

index

I end up getting this stack trace mentioned in the thread. Can someone help me out with this? I might be missing something obvious

gorgeous-minister-41131

12/02/2021, 9:55 PM

is there a programatic way to get the current aws provider’s (or any AWS provider’s) current region code? like

use1

usw2

nutritious-shampoo-16116

12/03/2021, 1:30 PM

Anybody knows how this https://github.com/pulumi/pulumi/blob/master/sdk/python/lib/pulumi/runtime/config.py#L24 is cleaned between tests?

nutritious-shampoo-16116

12/03/2021, 1:37 PM

it seems to me that CONFIG is never cleaned between tests and this may leads to unexpected behaviors if one tests needs a specific config value that shouldn't be there for other test cases

gorgeous-minister-41131

12/03/2021, 8:54 PM

https://www.pulumi.com/registry/packages/aws/api-docs/ec2transitgateway/peeringattachment/ is there a peeringattachmentAcceptor equivalent for this?

miniature-oxygen-33318

12/06/2021, 11:24 AM

Hi where can I find a list of the pulumi automation functions? Getting quite lost on here, just want simple list of functions and what they do, I’m using python and aws https://www.pulumi.com/docs/guides/automation-api/

breezy-painter-29573

12/06/2021, 9:45 PM

Hi there! Could you guys please help me to understand why apply from the Output does not work as expected inside a loop?

def container_definition(image_name, service, env_variables):
    print("service:",service)
    print("env_vars:", env_variables)
    return json.dumps([{
        'name': 'server',
        'image': image_name,
        'networkMode': 'awsvpc',
        'readonlyRootFilesystem': False,
        'essential': True,
        'environment': env_variables,
        ..... Non relevant code continues
    }])

for service in config.common_config['services']:
    env_variables.append({'name': 'SERVICES', 'value': service})
    if service != 'frontend':
        env_variables.append({'name': 'TEMPORAL_CLI_ADDRESS',
            'value': f'{config.common_config["frontend"]["service_name"]}.{config.common_config["dns_namespace"]}'})
    task_definitions[service] = aws.ecs.TaskDefinition(config.common_config[service]['service_name'],
        family=config.common_config[service]['service_name'],
        cpu=config.common_config[service]['cpu'],
        memory=config.common_config[service]['memory'],
        network_mode='awsvpc',
        requires_compatibilities=['FARGATE'],
        execution_role_arn=ecs_task_role.arn,
        task_role_arn=ecs_task_role.arn,
        container_definitions=image.image_name.apply(
            lambda image_name: container_definition(image_name, service, env_variables)),
        tags={
            "Service": "temporal",
        },
        opts=ResourceOptions(depends_on=[log_group]))

When it is executed for the container_definitions in preview I am seeing env_variables with duplicates and

service

is set to the latest in the list of

config.common_config['services']

. I do believe it is somehow related to the nature of "Promised" Output, but not an expert in Python enough to catch and fix it. TIA! Everything worked properly in the loop until I needed to add image name for ECR 😄

✅ 1

future-daybreak-16512

12/07/2021, 7:35 AM

Hi All, Getting the following error while calling get functions from Pulumi Policy class using Python :

error: Exception calling application: There is no current event loop in thread 'ThreadPoolExecutor-0_0'.

The sample code :

from pprint import pprint
from pulumi_policy import (
  ReportViolation,
  ResourceValidationArgs,
)
import pulumi
import pulumi_aws as aws

config = pulumi.Config()

def ec2_validator(args: ResourceValidationArgs, report_violation: ReportViolation):

  if args.resource_type == "aws:ec2/instance:Instance":
    if args.props.get('vpcSecurityGroupIds'): 
      sg_id = aws.ec2.get_security_groups(tags={
        "key": "val",
        "key": "val",
      })

      pprint(vars(sg_id))

Any idea how to fix this error?

polite-mechanic-60124

12/07/2021, 9:15 PM

I'm running into a python pulumi oddity. I'm rendering a jinja template with variables that are pulumi secrets ie of type pulumi.Output[str] and base64ing it to be used by a user_data field.

user_data=pulumi.Output.all(
    {
        "cluster_size": cluster_size,
        "secret_id": secret_id,
    }
).apply(
    lambda args: render_user_data_output(
        templating_env(),
        "userdata-server.sh.jinja",
        *args,
    )
),

Now for the weird part. If render_user_data_output returns a string, I get a base64 encoded pulumi object address in memory. If it returns a pulumi Output, then it renders the base64 encoded secret. Both versions defined below

def render_user_data_output(
        env: Environment, template_name: str, kwargs: Mapping[str, Any]
) -> str:
    rendered_template = render_template_file(env, template_name, kwargs)
    return base64.b64encode(rendered_template.encode("utf-8")).decode("utf-8")

def render_user_data_output(
        env: Environment, template_name: str, kwargs: Mapping[str, Any]
) -> pulumi.Output:
    rendered_template = render_template_file(env, template_name, kwargs)
    return pulumi.Output.from_input(base64.b64encode(rendered_template.encode("utf-8")).decode("utf-8"))

Does anyone know what's going on here?

polite-mechanic-60124

12/07/2021, 9:18 PM

Even more mind-blowing, if I just change the type hint for the return to a pulumi.Output it works (but fails mypy since its a string)

def render_user_data_output(
        env: Environment, template_name: str, kwargs: Mapping[str, Any]
) -> pulumi.Output:
    rendered_template = render_template_file(env, template_name, kwargs)
    return base64.b64encode(rendered_template.encode("utf-8")).decode("utf-8")

It's kind of like python loses track of the coroutine and doesn't know to await

nutritious-shampoo-16116

12/13/2021, 5:39 PM

hey Pulumi team, we are being bitten again by silence swallowing of exceptions happening in futures. Is there a way to deal with this issue? I don't think swallowing exceptions, which effectively results in a given resource being not seen by Pulumi (and even worse, if the resource was already created , this leads to a destroy) is an option. How this can be reproduced: • Make some target groups • Export or pass them to ECSService in the

load_balancers_info

• Apply on the target groups and build the payload expected by AWS with a loop or something • Put an exception in the loop • Exception is not reraised • ECSService is not created or it is dropped

nutritious-shampoo-16116

12/13/2021, 5:41 PM

but really any exception raised in a callback silently passes

glamorous-kitchen-14786

12/15/2021, 3:43 PM

Can anyone point me in the direction of a good example project in Python where the resources have been broken up into different python modules? I've engineered a fairly complex project at this point where I've kept all of my resources discoverable to the pulumi cli by doing imports in the module level

__init__.py

files, but I'm running into some difficulty with circular dependencies that I'm not really sure how I would resolve at this point. Essentially I have a file creating secrets in AWS that depends on some infrastructure in another module, and that module would also like to be able to reference the secret values. I tried doing a

pulumi.export

on the secret value to get around this, but it seems I cannot actually reference my stack outputs in flight (either they aren't created until the end, or the resource creation ordering is "wrong" -- not sure which). Open to any advice on structuring a project that isn't all in one big

__main__.py

or any specific advice about this problem if I've explained it well enough. Sadly I cannot share the actual code, but if it would he helpful I could try to whip up a sample dummy project that replicates the issue without getting me in trouble.

rich-easter-89163

12/16/2021, 4:51 AM

Hi people! I'm having an strange issue with aws provider, i reduced my code to this:

from pulumi_aws import iam

iam.Policy('test', policy='{}')

It doesn't matter that this will produce an error due to missing fields on policy because I'm not getting an error because my stack just hangs (and sometimes when I interrupt it with ctrl+c it show an

transport is closing

error, but not always). The funny thing is that I wrote my code applied on one stack (lets say staging) then when trying to apply it to other stack (lets say production) is when it hangs, I'm using different aws profiles for each stack, but I verified that is properly configured (other stacks with other code but same profile works). Any clues on how to debug this issue? I think the issue is while triying to instanciate the default aws provider but even using very verbose logs I cant see anything that let me fix this.

glamorous-kitchen-14786

12/16/2021, 2:33 PM

Have you tried stepping through the execution with something like pdb?

glamorous-kitchen-14786

12/16/2021, 2:34 PM

This way you could see where the code is hanging, which might give you some clues.

rich-easter-89163

12/16/2021, 4:56 PM

I did something more rudimentary: commenting resources until stoped to hang, so I know that is everytime y try to create any aws resource

rich-easter-89163

12/16/2021, 5:31 PM

More news: all my stacks of the same AWS account are broken

quiet-plastic-34312

12/21/2021, 2:01 PM

Hi Folks there any way to run a python pulumi code as a python code to use debug line by line ... when i try run it i get a "pulumi.errors.RunError: Program run without the Pulumi engine available; re-run using the

pulumi

CLI"

dry-answer-66872

12/22/2021, 6:04 AM

Hi Team, https://www.pulumi.com/registry/packages/aws/api-docs/s3control/bucketlifecycleconfiguration/ when I try with this example, I am getting _*NameError: name 'aws_s3control_bucket' is not defined*_ Could anyone help in this regard? I am assuming here ''example' as - Lifecycle Name

bucket=aws_s3control_bucket["example"]["arn"],   --> Bucket ARN

great-sunset-355

12/22/2021, 9:37 AM

Is the only option to create VPC endpoints within

apply()

when using this code?

# vpc endpoints
        vpc_endpoints = ["s3", "ecr.dkr", "ecr.api", "logs"]
        region_output = self._config.aws_provider.region
        for endpoint in vpc_endpoints:
        
            service_name = region_output.apply(
                        lambda region: f"com.amazonaws.{region}.{endpoint}"  # endpoint here does not update from the loop variable
                    )
            pulumi_aws.ec2.VpcEndpoint(
                f"{self._config.name}-{endpoint}-vpc-endpoint",
                args=pulumi_aws.ec2.VpcEndpointArgs(
                    service_name=service_name,
                    vpc_id=self.vpc.id,
                    tags=self._config.tags,
                ),
                opts=self._opts,
            )

helpful-van-82564

12/22/2021, 1:18 PM

Hi, I'm deploying linkerd on a pulumi-provisioned cluster (gke) but need to set an annotation to the kube-system namespace to ensure linkerd never runs there. Since I dont own or maintain the namespace or any resources inside it, I dont really want to import it into pulumi; I just want to ensure an annotation exists. is there any straightforward way of doing this?

victorious-exabyte-70545

12/22/2021, 3:43 PM

Hi all, I am trying to write a unit test and am running into an issue with mocking azuread.get_group. In MyMocks I hav created the function "call" which is catching the token "azuread:index/getGroup:getGroup" and written to return a value (in this case object_id). The function runs (and should return something) but resource azure.authorization.Assignment receives a None value. This is strange because the mock works for these:

victorious-exabyte-70545

12/22/2021, 3:43 PM

azure:core/getSubscription:getSubscription
azure-native:network:getVirtualNetwork
azure-native:network:getSubnet
azure:keyvault/getKeyVault:getKeyVault
azure:containerservice/getRegistry:getRegistry
azure-native:compute:getSshPublicKey

victorious-exabyte-70545

12/22/2021, 3:43 PM

but not for

victorious-exabyte-70545

12/22/2021, 3:43 PM

azuread:index/getGroup:getGroup

victorious-exabyte-70545

12/22/2021, 3:47 PM

Any ideas?