pulumi-community #python

hallowed-animal-47023

02/10/2022, 12:58 PM

Copy code

This is the rules object value:
     {'ingress_rules': [<pulumi_aws.ec2._inputs.SecurityGroupIngressArgs object at 0x11093eeb0>], 'egress_rules': [<pulumi_aws.ec2._inputs.SecurityGroupEgressArgs object at 0x1109662e0>]}

    This is the ingress rules value:
     [<pulumi_aws.ec2._inputs.SecurityGroupIngressArgs object at 0x11093eeb0>]
    The ingress rules type is:
     <class 'list'>

    This is the egress rules value:
     [<pulumi_aws.ec2._inputs.SecurityGroupEgressArgs object at 0x1109662e0>]
    The egress rules type is:
     <class 'list'>

sparse-state-34229

02/12/2022, 1:26 AM

looks like you need https://www.pulumi.com/registry/packages/aws/api-docs/ec2/securitygrouprule/

👍 1

sparse-state-34229

02/12/2022, 1:27 AM

Copy code

for rule in ingress_rules:
        rules_objects['ingress_rules'].append(
            ec2.SecurityGroupRule(
                # ...

hallowed-animal-47023

02/12/2022, 12:42 PM

Will give it a try later today or tomorrow, thanks!

gorgeous-minister-41131

02/14/2022, 11:09 PM

Anyone have any python-specific implementations of using the ACM certificate w/ R53 + DNS validation…? https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificate/

gorgeous-minister-41131

02/14/2022, 11:09 PM

the recommendation is not to create resources in an apply, but there doesn’t seem to be a straight forward way to avoid iterating over the resource’s output without it…

gorgeous-minister-41131

02/14/2022, 11:10 PM

https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificate/#certificatedomainvalidationoption

gorgeous-minister-41131

02/14/2022, 11:10 PM

Copy code

TypeError: 'Output' object is not iterable, consider iterating the underlying value inside an 'apply'

sparse-gold-10561

02/15/2022, 5:22 PM

Is there a way for pulumi to check the version of python is at least 3.9 and print or show a warning if the stack is performing up or preview when its not?

dry-answer-66872

02/17/2022, 9:00 AM

Is there a way we can add/remove ingress/egress of the existing security group in AWS?

few-pillow-1133

02/17/2022, 9:04 AM

For EKS, is there a way to retrieve the

eks-cluster-sg-*

created by the cluster? Also, by default if

vpc_security_group_ids

isn't specified in the launch_template, the ``eks-cluster-sg-*` get used for each worker nodes. Is there a way to specify both the cluster generated security group and a custom security group for each node during creation?

hallowed-furniture-81921

02/19/2022, 12:46 AM

👋 Hey folks, this may be a trivial question but I haven't been able to find an answer or example online. Is it possible / how do I access a pulumi resources output from a different file in the same project? For example:

Copy code

❯ ls -la
drwxr-xr-x   9 wsheldon  staff    288 Jan 20 16:26 .
drwxr-xr-x  10 wsheldon  staff    320 Jan 20 16:30 ..
-rw-r--r--   1 wsheldon  staff  20709 Feb 18 15:46 __main__.py
drwxr-xr-x   3 wsheldon  staff     96 Feb 18 15:46 __pycache__
drwxr-xr-x   4 wsheldon  staff    128 Dec 29 08:56 docker
-rw-r--r--   1 wsheldon  staff    978 Jan 20 16:05 ecr.py
-rw-r--r--   1 wsheldon  staff   9516 Jan 20 16:05 iam.py
-rw-r--r--   1 wsheldon  staff   4368 Jan 20 15:51 s3.py
-rw-r--r--   1 wsheldon  staff   9944 Jan 20 16:05 vpc.py

How would one access

s3_bucket.id

in the

s3.py

file, from the

__main__.py

file

fierce-market-67222

02/21/2022, 1:21 PM

Hello i want to overwrite an env_var in a helm chart via transformations, the code is below, any ideea how can i get this done? Thank you

Copy code

def set_deployment_env_var(obj, opts):
    if obj["kind"] == "Deployment":
        obj["spec"]["template"]["spec"]["containers[0]"] = [
            {
                "env": [
                    {
                        "name": "RELEASE_DATE",
                        "value": "....."
                    },
                ]
            }
        ]

great-sunset-355

02/22/2022, 11:32 AM

I have questions about using

mypy

Code 1: How can I cast or at least tell that output is a type

Ouput[str]

and not

Output[any]

Copy code

r53_zone = aws.route53.get_zone(zone_id=SHARED_STACK_REF.require_output('hosted_zone_id'))

mypy output

Copy code

Argument "zone_id" to "get_zone" has incompatible type "Output[Any]"; expected "Optional[str]"

Code 2 Why do I get an error and how to prevent that? It looks like that

profile

attribute is dynamically created, correct?

Copy code

ec1_provider = aws.Provider(
    f"{PREFIX}-{ec1_region}", profile=aws.config.profile, region=ec1_region
)

mypy output:

Copy code

__main__.py:27: error: Module has no attribute "profile"

kind-napkin-54965

02/22/2022, 12:25 PM

Trying to learn pulumi. Whichever package (github, gitlab, auth0) I try to import, I get the same error:

Copy code

.virtualenvs/pulumi39/lib/python3.9/site-packages/pulumi_auth0/_utilities.py", line 15, in <module>
    import pulumi.runtime
ModuleNotFoundError: No module named 'pulumi.runtime'

Tried both py3.10 and py3.9, same. I am clearly missing something, can't figure out what exactly. Thanks for help!

worried-xylophone-86184

02/23/2022, 1:42 PM

Hi all ! I am trying to make a POST call using the requests library which requires the value of a Kubernetes cluster name and cluster URL but it dosent seem to be working. I am aware of the fact that Pulumi returns an Output class object and using the

apply

and

all

function the individual values are supposed to be accessed. This makes sense when the values are being passed on to another Cloud resource. Function calls and traceback are in the thread. What is supposed to be done when the values are supposed to extracted from the

Output

object and used for a non Pulumi operation like making POST calls? I found an alternative where the output is being written to file ~~and then being read from it.~~ https://www.leebriggs.co.uk/blog/2021/05/09/pulumi-apply.html Is this the only workaround available?

proud-daybreak-22469

02/23/2022, 11:13 PM

Hi! I’m learning Pulumi right now. I’m trying to get

spot_instance_id

Output from a

SpotInstanceRequest

and it always is returning None in the apply method I’m calling on it. What is the proper way to access this output? I’m trying to include the ARN of that instance as a resource in an AWS policy I’m sure this question has been asked 1001 times, and I took a look at the input and output documentation but it didn’t help solve the problem.

eager-jordan-39489

02/25/2022, 2:09 AM

Hi team, I'm trying to deploy a Lambda that should be triggered by an object creation in an S3 bucket. My stack is working on AWS, and so far it has been coded in Python. I've seen this post https://www.pulumi.com/docs/guides/crosswalk/aws/lambda/, is there any analogy for

onObjectCreated

in Python? I couldn't find it..

happy-alarm-59675

02/25/2022, 11:23 AM

Hi, I stumbled over a strange behavior when using the same class instances/object in the stack output: https://github.com/ederst/pulumi-in-a-pickle/tree/no-doubles-stack-output TL;DR: Same class instances do not show up twice in the output. I tried to find something about it in the docs and on GH but failed (might be lack of time on my side). Anyhow, before I file an issue I wanted to know if somebody here knows if this is the expected behavior, an already known issue, or a bug.

victorious-exabyte-70545

03/01/2022, 10:40 PM

Is it possible to stack exports and imports with the pulumi SDK?

bland-electrician-81799

03/03/2022, 1:02 AM

This question is for anyone using Pulumi in an Azure Devops pipeline with python. What are the ways you are dealing with installing pulumi_azure_native into the venv for each individual program in your pipeline? In our experience it is taking just over 2 minutes. So for example if you have 3 separate programs in a mono-repo that create a resource group, then create the necessary network pieces, then create an AKS cluster, the pipeline is spending over 6 minutes just installing dependencies not even counting the time it takes Pulumi to actually do anything.

great-sunset-355

03/09/2022, 7:05 AM

Is there a plan or an alternative to TS

pulumi.interpolate

in python?

prehistoric-shoe-5168

03/11/2022, 6:36 PM

i work in python, so asking here as well:

rough-oyster-77458

03/11/2022, 9:21 PM

Hi dear community, May I ask a question? I'm quite new to Pulumi, so I apologise if it might seem silly. I use

pulumi.export()

to export a variable in

file1.py

. I'm going to use this variable in

file2.py

Is there any way to get this variable in

file2.py

? So far I have found how to import this variable in CLI only

hallowed-animal-47023

03/12/2022, 2:10 AM

Hey everyone, anyone have an idea why I keep getting my route tables changing?

Copy code

primary_private_route_table = ec2.RouteTable(
            f'{environment}-primary-private-subnet-route-table',
            vpc_id=vpc.id,
            routes=[
                ec2.RouteTableRouteArgs(
                    cidr_block="0.0.0.0/0",
                    gateway_id=nat_ids['primary_nat_id']
                )
            ],
            tags={
                "Name": f'{environment}-primary-private-subnets-route-table',
                "Environment": f'{environment}'
            }
        )

Copy code

~ routes: [
          ~ [0]: {
                  ~ cidrBlock   : "0.0.0.0/0" => "0.0.0.0/0"
                  + gatewayId   : "nat-08f9a3f32bfaaa09c"
                  - natGatewayId: "nat-08f9a3f32bfaaa09c"
                }
        ]

👀 1

fast-spoon-69536

03/14/2022, 5:45 PM

create_app_role is a function i created within the ___main___.py._

Copy code

esa.create_app_role(example.endpoint.apply(lambda endpoint: f"{endpoint}"),admin_username,admin_password,app_role_payload,role_name)

_The create_app_role function takes the following inputs._ endpoint - the endpoint is only available after the previous resource is deployed. _admin_username - username to log into the endpoint_ _admin_password - admin password_ _app_role_payload - a dictionary / REST payload_ _role_name - name of the role to create_ The basics of what I'm trying to do is. 1. deploy aws opensearch 2. call the opensearch internal API to create roles and users after it is deployed. endpoint needs to be a str, but it is a Output<str>. How can I get it to be a str? Or is there a better approach ?

Copy code

TypeError: can only concatenate str (not "Output") to str

little-photographer-14867

03/16/2022, 12:06 AM

Hi folks 👋 , I'm new to pulumi and trying to create a GCP artifact registry with an IAMBinding. Something like:

Copy code

read_sa = serviceaccount.Account(
    "read-sa",
    account_id="read-sa",
    display_name="Read Service Account"
)
py_repo = artifactregistry.Repository(
    "pypi-repo",
    location="us-west1",
    repository_id="pypi-repo",
    description="python pacakges.",
    format="PYTHON",
)
read_binding = artifactregistry.RepositoryIamBinding(
    "read-binding",
    project=py_repo.project,
    location=py_repo.location,
    repository=py_repo.name,
    role="roles/artifactregistry.reader",
    members=[
        f"serviceAccount:{read_sa.email}",
    ],
)

But I am getting errors:

Copy code

gcp:artifactregistry:RepositoryIamBinding (read-binding):
    error: 1 error occurred:
        * Error applying IAM policy for artifactregistry repository "projects/test-project/locations/us-west1/repositories/pypi-repo": Error setting IAM policy for artifactregistry repository "projects/test-project/locations/us-west1/repositories/pypi-repo": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7f7f53ff7f10>).

Am I defining the

members

arg properly, or correct in using the service account email in an f-string? Mostly following this ts example.

average-article-76176

03/16/2022, 5:28 PM

(just figured this channel exists) Added a Python question 👇 , hopefully the audience is more targeted here: https://pulumi-community.slack.com/archives/C01PF3E1B8V/p1647451407628919

purple-plumber-90981

03/17/2022, 3:31 AM

whats the right pulumi/python way to make a resource in pulumi_stack2 depend on the existance of a resource created in pulumi_stack1

nice-father-44210

03/17/2022, 6:42 PM

Hello! My team would love to create reusable

ComponentResources

that encode our best practices while allowing the calling code to override some aspects of the underlying AWS resources. We want to expose the available overrides as Pulumi’s

Args

objects. E.g.,:

Copy code

class SecureS3Bucket(pulumi.ComponentResource):
    def __init__(
        self,
        name: str,
        bucket_overrides: aws.s3.BucketArgs = aws.s3.BucketArgs(),

Is there a convenient way to manipulate/merge

BucketArgs

objects? E.g., we might overlay required attribute values on top of the supplied

bucket_overrides

argument before passing the merged object into the

Bucket(BucketArgs)

constructor. One way we’ve found is using a combination of

pulumi._types.input_type_to_dict(bucket_overrides)

to turn

BucketArgs

into a

dict

and

pulumi.set( args_object, "attribute", "value" )

to apply

dict

entries to a

BucketArgs

object.