https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
python
  • b

    bland-electrician-81799

    03/03/2022, 1:02 AM
    This question is for anyone using Pulumi in an Azure Devops pipeline with python. What are the ways you are dealing with installing pulumi_azure_native into the venv for each individual program in your pipeline? In our experience it is taking just over 2 minutes. So for example if you have 3 separate programs in a mono-repo that create a resource group, then create the necessary network pieces, then create an AKS cluster, the pipeline is spending over 6 minutes just installing dependencies not even counting the time it takes Pulumi to actually do anything.
    g
    • 2
    • 2
  • g

    great-sunset-355

    03/09/2022, 7:05 AM
    Is there a plan or an alternative to TS
    pulumi.interpolate
    in python?
    m
    b
    • 3
    • 5
  • p

    prehistoric-shoe-5168

    03/11/2022, 6:36 PM
    i work in python, so asking here as well:
  • r

    rough-oyster-77458

    03/11/2022, 9:21 PM
    Hi dear community, May I ask a question? I'm quite new to Pulumi, so I apologise if it might seem silly. I use
    pulumi.export()
    to export a variable in
    file1.py
    . I'm going to use this variable in
    file2.py
    Is there any way to get this variable in
    file2.py
    ? So far I have found how to import this variable in CLI only
    b
    a
    • 3
    • 3
  • h

    hallowed-animal-47023

    03/12/2022, 2:10 AM
    Hey everyone, anyone have an idea why I keep getting my route tables changing?
    primary_private_route_table = ec2.RouteTable(
                f'{environment}-primary-private-subnet-route-table',
                vpc_id=vpc.id,
                routes=[
                    ec2.RouteTableRouteArgs(
                        cidr_block="0.0.0.0/0",
                        gateway_id=nat_ids['primary_nat_id']
                    )
                ],
                tags={
                    "Name": f'{environment}-primary-private-subnets-route-table',
                    "Environment": f'{environment}'
                }
            )
    ~ routes: [
              ~ [0]: {
                      ~ cidrBlock   : "0.0.0.0/0" => "0.0.0.0/0"
                      + gatewayId   : "nat-08f9a3f32bfaaa09c"
                      - natGatewayId: "nat-08f9a3f32bfaaa09c"
                    }
            ]
    👀 1
  • f

    fast-spoon-69536

    03/14/2022, 5:45 PM
    create_app_role is a function i created within the ___main___.py._
    esa.create_app_role(example.endpoint.apply(lambda endpoint: f"{endpoint}"),admin_username,admin_password,app_role_payload,role_name)
    _The create_app_role function takes the following inputs._ endpoint - the endpoint is only available after the previous resource is deployed. _admin_username - username to log into the endpoint_ _admin_password - admin password_ _app_role_payload - a dictionary / REST payload_ _role_name - name of the role to create_ The basics of what I'm trying to do is. 1. deploy aws opensearch 2. call the opensearch internal API to create roles and users after it is deployed. endpoint needs to be a str, but it is a Output<str>. How can I get it to be a str? Or is there a better approach ?
    TypeError: can only concatenate str (not "Output") to str
    p
    • 2
    • 10
  • l

    little-photographer-14867

    03/16/2022, 12:06 AM
    Hi folks 👋 , I'm new to pulumi and trying to create a GCP artifact registry with an IAMBinding. Something like:
    read_sa = serviceaccount.Account(
        "read-sa",
        account_id="read-sa",
        display_name="Read Service Account"
    )
    py_repo = artifactregistry.Repository(
        "pypi-repo",
        location="us-west1",
        repository_id="pypi-repo",
        description="python pacakges.",
        format="PYTHON",
    )
    read_binding = artifactregistry.RepositoryIamBinding(
        "read-binding",
        project=py_repo.project,
        location=py_repo.location,
        repository=py_repo.name,
        role="roles/artifactregistry.reader",
        members=[
            f"serviceAccount:{read_sa.email}",
        ],
    )
    But I am getting errors:
    gcp:artifactregistry:RepositoryIamBinding (read-binding):
        error: 1 error occurred:
            * Error applying IAM policy for artifactregistry repository "projects/test-project/locations/us-west1/repositories/pypi-repo": Error setting IAM policy for artifactregistry repository "projects/test-project/locations/us-west1/repositories/pypi-repo": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7f7f53ff7f10>).
    Am I defining the
    members
    arg properly, or correct in using the service account email in an f-string? Mostly following this ts example.
    p
    • 2
    • 6
  • a

    average-article-76176

    03/16/2022, 5:28 PM
    (just figured this channel exists) Added a Python question 👇 , hopefully the audience is more targeted here: https://pulumi-community.slack.com/archives/C01PF3E1B8V/p1647451407628919
    p
    g
    • 3
    • 4
  • p

    purple-plumber-90981

    03/17/2022, 3:31 AM
    whats the right pulumi/python way to make a resource in pulumi_stack2 depend on the existance of a resource created in pulumi_stack1
    s
    • 2
    • 3
  • n

    nice-father-44210

    03/17/2022, 6:42 PM
    Hello! My team would love to create reusable
    ComponentResources
    that encode our best practices while allowing the calling code to override some aspects of the underlying AWS resources. We want to expose the available overrides as Pulumi’s
    Args
    objects. E.g.,:
    class SecureS3Bucket(pulumi.ComponentResource):
        def __init__(
            self,
            name: str,
            bucket_overrides: aws.s3.BucketArgs = aws.s3.BucketArgs(),
    Is there a convenient way to manipulate/merge
    BucketArgs
    objects? E.g., we might overlay required attribute values on top of the supplied
    bucket_overrides
    argument before passing the merged object into the
    Bucket(BucketArgs)
    constructor. One way we’ve found is using a combination of
    pulumi._types.input_type_to_dict(bucket_overrides)
    to turn
    BucketArgs
    into a
    dict
    and
    pulumi.set( args_object, "attribute", "value" )
    to apply
    dict
    entries to a
    BucketArgs
    object.
    g
    k
    • 3
    • 5
  • a

    agreeable-king-2755

    03/18/2022, 2:54 PM
    Hey folks, I'm about to port this to Python so I can run one-off tasks like database (Alembic) migrations against our RDS instance: https://github.com/sevenwestmedia-labs/pulumi/tree/master/packages/run-fargate-task But I was wondering if anyone already has a recipe for this somewhere? Cheers 👍
    • 1
    • 1
  • d

    dazzling-angle-45051

    03/23/2022, 8:19 PM
    Hey there! How can I make sure in a
    ComponentResource
    that another type of resource will always be created by Pulumi before? I can use
    depends_one
    , but it's quite verbose and I would like to find a better way for the end user. To clarify, the
    ComponentResource
    I'm writing is for deploying a bunch of Kubernetes resources, and I would like to make sure that
    pulumi_kubernetes.core.v1.Namespace
    are applied first. Thanks in advance! 🙏
  • d

    dazzling-angle-45051

    03/23/2022, 8:36 PM
    too bad Pulumi doesn't support context managers, something like this would have been awesome:
    with kubernetes.core.v1.Namespace(project):
        acme_corp.MyResource(f"{project}-{stack}-myresource")
    p
    • 2
    • 57
  • b

    breezy-painter-29573

    03/28/2022, 3:01 AM
    Hi everyone. With the code snippet below I am trying to achieve creation of aws subnets with specific CIDR addresses blocks in each available Availability Zone.
    for i, az in enumerate(azs):
                subnet = aws.ec2.Subnet(
                    resource_name=f"public-{i}",
                    vpc_id=vpc.id,
                    availability_zone=az,
                    cidr_block=vpc.cidr_block.apply(lambda cidr_block: ip_network(cidr_block).subnets(new_prefix=27)[i]),
                    tags=tags,
                )
                subnets.append(subnet)
    but it fails with the
    TypeError: 'generator' object is not subscriptable
    . Which, probably makes sense. I just can’t find a way to do it in a for loop. Thank you in advance! P.S.
    ip_network
    is a function for
    netaddr
    .
    m
    • 2
    • 2
  • i

    incalculable-whale-36468

    03/28/2022, 9:24 PM
    Hey guys! I need to use a secret inside a template string. For example:
    my_template = "my secret: {my_secret}"
    my_secret = config.require_secret('my_secret')
    foo = my_template.format(my_secret=my_secret)
    This will result in the following output:
    my secret: <pulumi.output.Output object at 0x7f02baf74b80>
    I tried using apply, and even Output.all, like follows:
    foo = my_template.format(my_secret=my_secret.apply(lambda current_secret: current_secret))
    But it will give me the same result. What am I missing here?
    b
    f
    • 3
    • 6
  • s

    stocky-xylophone-20575

    04/03/2022, 7:50 PM
    Hi all, need help in importing a rds parameter group and modifying it, currently i am trying to write a inline pulumi program, can you please help me in giving any pointers i am doing it like this
    parameter_group = aws.rds.ParameterGroup(parameter_group_name,
                                                 family=rds_family,
                                                 opts=ResourceOptions(import_=parameter_group_name))
    but coming out to
    inputs to import do not match the existing resource
    even though parameter group name is same i also tried to user
    aws.rds.ParameterGroup.get()
    but it is asking for id which is not present in case of parametergroups , we only have name for a parameter group
    g
    • 2
    • 4
  • a

    alert-raincoat-81485

    04/05/2022, 1:32 AM
    Hello team. I am trying to follow the example where i want to use
    args[FilsSystemArgs]
    but it seems not valid. Can someone guide me over? https://www.pulumi.com/registry/packages/aws/api-docs/efs/filesystem/
    foo = aws.efs.FileSystem(
        "efs_filesystem", 
        resource_name="efs",
        args=[aws.efs.FileSystemArgs()]
    })
    b
    b
    • 3
    • 22
  • a

    able-thailand-87943

    04/05/2022, 3:23 PM
    Hello Folks, I have a weird problem... I've written some tests for pytest, and when I execute the test with the file, it works fine...
    py.test -v tests/test_foobar.py
    But if I run it without explicit providing the file name, to make sure it runs all tests under
    tests
    , it bombs with the error: pulumi.errors.RunError: Program run without the Pulumi engine available; re-run using the
    pulumi
    CLI
    Does anyone have any suggestions to fix this?
    n
    • 2
    • 2
  • c

    curved-morning-41391

    04/05/2022, 10:09 PM
    Hey odd question, it would be really awesome if instead of
    pulumi up
    I could do this from within my python program like
    pulumi.up()
    anyone aware if there is a way to do that, or if folks have thought of this?
    r
    • 2
    • 2
  • a

    alert-raincoat-81485

    04/08/2022, 4:58 PM
    Hello Team, I am trying to add EFS DNS name to the parameter store but The value of the parameter store is registering as Pulumi object. Is there any way we can register actual dns name (str) instead pulumi object?
    efsFileSys = aws.efs.FileSystem( 
        resource_name=stackname+'-'+'efs',
        args=aws.efs.FileSystemArgs(
            encrypted='true',
            kms_key_id='<kms-arn>',
            performance_mode="maxIO",
            tags={
                    "Name": stackname + '-' + 'fs'
                },
        )
    )
    
    efsParame=aws.ssm.Parameter(
        str(stackname)+'-'+'efs_parameter',
        type='String',
        name="efs_parameter",
        value=str(efsFileSys.dns_name),
    )
    Output
    Parameter store value: 	<pulumi.output.Output object at 0x10xxxx>
    g
    • 2
    • 1
  • c

    calm-megabyte-11174

    04/11/2022, 2:18 AM
    I need some help here: My code snippet is below, from pulumi website:
    """A Python Pulumi program"""
    
    import pulumi
    from pulumi_azure_native import storage
    from pulumi_azure_native import resources
    
    resource_group = resources.ResourceGroup("aa-msdn-rg-pulumi")
    account = storage.StorageAccount('sa',
        resource_group_name = resource_group.name,
        sku = storage.SkuArgs(
            name = storage.SkuArgs.STANDARD_LRS,
            ),
            kind = storage.kind.STORAGE_V2)
    
    primary_key = storage.list_storage_account_keys_output(
        resource_group_name = resource_group.name,
        account_name = account.name
        ).accountKeys.keys[0].value
    
    pulumi.export("primary_storage_key",primary_keycdpu)
    I get error as below:
    File "C:\OnlyOnMyPC\my-training\awesomeazure\.\__main__.py", line 4, in <module>
            from pulumi_azure_native import storage
        ModuleNotFoundError: No module named 'pulumi_azure_native'
        error: an unhandled error occurred: Program exited with non-zero exit code: 1
    Yes and I have installed the package as well but still no luck ?
    PS C:\OnlyOnMyPC\my-training\awesomeazure> pip install pulumi_azure_native
    Defaulting to user installation because normal site-packages is not writeable
    Requirement already satisfied: pulumi_azure_native in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (1.62.0)
    Requirement already satisfied: parver>=0.2.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (0.3.1)
    Requirement already satisfied: pulumi<4.0.0,>=3.0.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (3.28.0)
    Requirement already satisfied: semver>=2.8.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (2.13.0)
    Requirement already satisfied: attrs>=19.2 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (21.4.0)
    Requirement already satisfied: six~=1.13 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (1.16.0)
    Requirement already satisfied: arpeggio~=1.7 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (1.10.2)
    Requirement already satisfied: pyyaml>=5.3.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (6.0)
    Requirement already satisfied: protobuf>=3.6.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (3.20.0)
    Requirement already satisfied: dill>=0.3.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (0.3.4)
    Requirement already satisfied: grpcio<1.44.0,>=1.33.2 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (1.43.0)
    My Python path is already in Environment variable: ``````
    b
    • 2
    • 5
  • c

    calm-megabyte-11174

    04/11/2022, 2:24 AM
  • f

    fast-spoon-69536

    04/22/2022, 2:13 PM
    Hello, I could use some help here. I'm not sure what is happening. The issue almost seems like a bug. I'm running latest pulumi version. The vpc in question does exist egress_vpc: vpc-03b6755e47c26a69f. I tried setting various combinations of the depends_on. But this doesn't seem to change the outcome.
    # failure if I exclude the local route
      egress_vpc_fw_public_subnet_rtb = aws.ec2.RouteTable(custom_tags['Name'],
            vpc_id=egress_vpc.id,
            routes=[
            aws.ec2.RouteTableRouteArgs(cidr_block="0.0.0.0/0",gateway_id=egress_igw.id)
            ],
           
            tags=custom_tags,
            opts=ResourceOptions(depends_on=[tgw, egress_igw],parent=egress_vpc)) 
    
    
    
     aws:ec2:RouteTable (egress_vpc_fw_public_subnet_us_east_2_rtb):
        error: 1 error occurred:
            * updating urn:pulumi:dev::transitgateway::aws:ec2/vpc:Vpc$aws:ec2/routeTable:RouteTable::egress_vpc_fw_public_subnet_us_east_2_rtb: 1 error occurred:
            * error deleting Route in Route Table (rtb-08121bf0496297bff) with destination (10.31.0.0/16): InvalidParameterValue: cannot remove local route 10.31.0.0/16 in route table rtb-08121bf0496297bff
            status code: 400, request id: fc0dcdd7-ce6f-4ec8-92e7-250c268c4933
    
    
    
    
    
    # failure if I add the local route
    
    egress_vpc_fw_public_subnet_rtb = aws.ec2.RouteTable(custom_tags['Name'],
            vpc_id=egress_vpc.id,
            routes=[
            aws.ec2.RouteTableRouteArgs(cidr_block="0.0.0.0/0",gateway_id=egress_igw.id),
    	aws.ec2.RouteTableRouteArgs(cidr_block=egress_vpc.cidr_block,local_gateway_id=egress_vpc.id)
            ],
           
            tags=custom_tags,
            opts=ResourceOptions(depends_on=[tgw, egress_igw],parent=egress_vpc))
    
    error: 1 error occurred:
            * updating urn:pulumi:dev::transitgateway::aws:ec2/vpc:Vpc$aws:ec2/routeTable:RouteTable::egress_vpc_fw_public_subnet_us_east_2_rtb: 1 error occurred:
            * error creating Route in Route Table (rtb-08121bf0496297bff) with destination (10.31.0.0/16): InvalidLocalGatewayID.Malformed: Invalid id: "vpc-03b6755e47c26a69f"
            status code: 400, request id: 3e59a09d-b7b7-4dfa-b46d-ae0caf214ee7
    • 1
    • 1
  • q

    quick-telephone-15244

    04/29/2022, 3:26 PM
    👋
  • q

    quick-telephone-15244

    04/29/2022, 3:27 PM
    I'm working to integrate mypy into my Pulumi codebase and I'm wondering if anyone can share/point me to some "Best Practices" MyPy configs specifically for Pulumi?
  • q

    quick-telephone-15244

    04/29/2022, 3:28 PM
    I think the
    disallow_any_*
    config options might be a bit much?
  • b

    bitter-horse-93353

    05/02/2022, 6:02 PM
    Question: do people import resources from pulumi stacks in scripts/code? I.e.
    # mypulumi/__main__.py
    bucket = aws.s3.Bucket("bucket")
    
    # myscript.py
    from mypulumi import bucket
    import boto3
    
    bucket = boto3.client('s3').Bucket(bucket.id)  # use the value from the pulumi stack script
    Trying to understand if this is a support/common use case and what the best practices around this are. It feels like one benefit of having the definitions in python would be accessing them in various places and knowing that the IDs/ARNs/etc. will always match correctly.
    m
    • 2
    • 8
  • w

    wide-xylophone-60952

    05/03/2022, 8:37 AM
    Hello All
    👋 1
  • q

    quick-telephone-15244

    05/04/2022, 2:08 PM
    Hi all, I'm running up against an issue using the AWS EKS package from the repo, specifically that I need to modify the policyArn of a
    aws:iam/rolePolicyAttachment:RolePolicyAttachment
    however when i attempt to apply a transformation at the stack level via
    pulumi.runtime.register_stack_transformation
    I'm not seeing the
    type_
    aws:iam/rolePolicyAttachment:RolePolicyAttachment
    within my transformation function?
    b
    • 2
    • 1
  • q

    quick-telephone-15244

    05/04/2022, 2:09 PM
    FWIW this is the
    <http://pulumi.info|pulumi.info>
    output of every
    type_
    I see within the function:
    TYPE: aws:ec2/securityGroup:SecurityGroup
        TYPE: aws:kms/key:Key
        TYPE: aws:iam/role:Role
        TYPE: eks:index:Cluster
        TYPE: aws:ec2/securityGroup:SecurityGroup
        TYPE: aws:eks/cluster:Cluster
        TYPE: kubernetes:core/v1:ConfigMap
        TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
        TYPE: aws:ec2/securityGroup:SecurityGroup
        TYPE: aws:ec2/securityGroup:SecurityGroup
        TYPE: pulumi:providers:kubernetes
        TYPE: aws:eks/cluster:Cluster
        TYPE: eks:index:VpcCni
        TYPE: aws:iam/openIdConnectProvider:OpenIdConnectProvider
        TYPE: aws:ec2/securityGroup:SecurityGroup
        TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
        TYPE: pulumi:providers:kubernetes
Powered by Linen
Title
q

quick-telephone-15244

05/04/2022, 2:09 PM
FWIW this is the
<http://pulumi.info|pulumi.info>
output of every
type_
I see within the function:
TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:kms/key:Key
    TYPE: aws:iam/role:Role
    TYPE: eks:index:Cluster
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:eks/cluster:Cluster
    TYPE: kubernetes:core/v1:ConfigMap
    TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: pulumi:providers:kubernetes
    TYPE: aws:eks/cluster:Cluster
    TYPE: eks:index:VpcCni
    TYPE: aws:iam/openIdConnectProvider:OpenIdConnectProvider
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
    TYPE: pulumi:providers:kubernetes
View count: 4