agreeable-king-2755
03/18/2022, 2:54 PMdazzling-angle-45051
03/23/2022, 8:19 PMComponentResource
that another type of resource will always be created by Pulumi before? I can use depends_one
, but it's quite verbose and I would like to find a better way for the end user.
To clarify, the ComponentResource
I'm writing is for deploying a bunch of Kubernetes resources, and I would like to make sure that pulumi_kubernetes.core.v1.Namespace
are applied first.
Thanks in advance! πdazzling-angle-45051
03/23/2022, 8:36 PMwith kubernetes.core.v1.Namespace(project):
acme_corp.MyResource(f"{project}-{stack}-myresource")
breezy-painter-29573
03/28/2022, 3:01 AMfor i, az in enumerate(azs):
subnet = aws.ec2.Subnet(
resource_name=f"public-{i}",
vpc_id=vpc.id,
availability_zone=az,
cidr_block=vpc.cidr_block.apply(lambda cidr_block: ip_network(cidr_block).subnets(new_prefix=27)[i]),
tags=tags,
)
subnets.append(subnet)
but it fails with the TypeError: 'generator' object is not subscriptable
. Which, probably makes sense. I just canβt find a way to do it in a for loop.
Thank you in advance!
P.S. ip_network
is a function for netaddr
.incalculable-whale-36468
03/28/2022, 9:24 PMmy_template = "my secret: {my_secret}"
my_secret = config.require_secret('my_secret')
foo = my_template.format(my_secret=my_secret)
This will result in the following output:
my secret: <pulumi.output.Output object at 0x7f02baf74b80>
I tried using apply, and even Output.all, like follows:
foo = my_template.format(my_secret=my_secret.apply(lambda current_secret: current_secret))
But it will give me the same result.
What am I missing here?stocky-xylophone-20575
04/03/2022, 7:50 PMparameter_group = aws.rds.ParameterGroup(parameter_group_name,
family=rds_family,
opts=ResourceOptions(import_=parameter_group_name))
but coming out to inputs to import do not match the existing resource
even though parameter group name is same
i also tried to user aws.rds.ParameterGroup.get()
but it is asking for id which is not present in case of parametergroups , we only have name for a parameter groupalert-raincoat-81485
04/05/2022, 1:32 AMargs[FilsSystemArgs]
but it seems not valid.
Can someone guide me over?
https://www.pulumi.com/registry/packages/aws/api-docs/efs/filesystem/
foo = aws.efs.FileSystem(
"efs_filesystem",
resource_name="efs",
args=[aws.efs.FileSystemArgs()]
})
able-thailand-87943
04/05/2022, 3:23 PMpy.test -v tests/test_foobar.py
But if I run it without explicit providing the file name, to make sure it runs all tests under tests
, it bombs with the error:
pulumi.errors.RunError: Program run without the Pulumi engine available; re-run using the pulumi
CLI
Does anyone have any suggestions to fix this?curved-morning-41391
04/05/2022, 10:09 PMpulumi up
I could do this from within my python program like pulumi.up()
anyone aware if there is a way to do that, or if folks have thought of this?alert-raincoat-81485
04/08/2022, 4:58 PMefsFileSys = aws.efs.FileSystem(
resource_name=stackname+'-'+'efs',
args=aws.efs.FileSystemArgs(
encrypted='true',
kms_key_id='<kms-arn>',
performance_mode="maxIO",
tags={
"Name": stackname + '-' + 'fs'
},
)
)
efsParame=aws.ssm.Parameter(
str(stackname)+'-'+'efs_parameter',
type='String',
name="efs_parameter",
value=str(efsFileSys.dns_name),
)
Output
Parameter store value: <pulumi.output.Output object at 0x10xxxx>
calm-megabyte-11174
04/11/2022, 2:18 AM"""A Python Pulumi program"""
import pulumi
from pulumi_azure_native import storage
from pulumi_azure_native import resources
resource_group = resources.ResourceGroup("aa-msdn-rg-pulumi")
account = storage.StorageAccount('sa',
resource_group_name = resource_group.name,
sku = storage.SkuArgs(
name = storage.SkuArgs.STANDARD_LRS,
),
kind = storage.kind.STORAGE_V2)
primary_key = storage.list_storage_account_keys_output(
resource_group_name = resource_group.name,
account_name = account.name
).accountKeys.keys[0].value
pulumi.export("primary_storage_key",primary_keycdpu)
I get error as below:
File "C:\OnlyOnMyPC\my-training\awesomeazure\.\__main__.py", line 4, in <module>
from pulumi_azure_native import storage
ModuleNotFoundError: No module named 'pulumi_azure_native'
error: an unhandled error occurred: Program exited with non-zero exit code: 1
Yes and I have installed the package as well but still no luck ?
PS C:\OnlyOnMyPC\my-training\awesomeazure> pip install pulumi_azure_native
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pulumi_azure_native in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (1.62.0)
Requirement already satisfied: parver>=0.2.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (0.3.1)
Requirement already satisfied: pulumi<4.0.0,>=3.0.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (3.28.0)
Requirement already satisfied: semver>=2.8.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (2.13.0)
Requirement already satisfied: attrs>=19.2 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (21.4.0)
Requirement already satisfied: six~=1.13 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (1.16.0)
Requirement already satisfied: arpeggio~=1.7 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (1.10.2)
Requirement already satisfied: pyyaml>=5.3.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (6.0)
Requirement already satisfied: protobuf>=3.6.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (3.20.0)
Requirement already satisfied: dill>=0.3.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (0.3.4)
Requirement already satisfied: grpcio<1.44.0,>=1.33.2 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (1.43.0)
My Python path is already in Environment variable:
``````calm-megabyte-11174
04/11/2022, 2:24 AMfast-spoon-69536
04/22/2022, 2:13 PM# failure if I exclude the local route
egress_vpc_fw_public_subnet_rtb = aws.ec2.RouteTable(custom_tags['Name'],
vpc_id=egress_vpc.id,
routes=[
aws.ec2.RouteTableRouteArgs(cidr_block="0.0.0.0/0",gateway_id=egress_igw.id)
],
tags=custom_tags,
opts=ResourceOptions(depends_on=[tgw, egress_igw],parent=egress_vpc))
aws:ec2:RouteTable (egress_vpc_fw_public_subnet_us_east_2_rtb):
error: 1 error occurred:
* updating urn:pulumi:dev::transitgateway::aws:ec2/vpc:Vpc$aws:ec2/routeTable:RouteTable::egress_vpc_fw_public_subnet_us_east_2_rtb: 1 error occurred:
* error deleting Route in Route Table (rtb-08121bf0496297bff) with destination (10.31.0.0/16): InvalidParameterValue: cannot remove local route 10.31.0.0/16 in route table rtb-08121bf0496297bff
status code: 400, request id: fc0dcdd7-ce6f-4ec8-92e7-250c268c4933
# failure if I add the local route
egress_vpc_fw_public_subnet_rtb = aws.ec2.RouteTable(custom_tags['Name'],
vpc_id=egress_vpc.id,
routes=[
aws.ec2.RouteTableRouteArgs(cidr_block="0.0.0.0/0",gateway_id=egress_igw.id),
aws.ec2.RouteTableRouteArgs(cidr_block=egress_vpc.cidr_block,local_gateway_id=egress_vpc.id)
],
tags=custom_tags,
opts=ResourceOptions(depends_on=[tgw, egress_igw],parent=egress_vpc))
error: 1 error occurred:
* updating urn:pulumi:dev::transitgateway::aws:ec2/vpc:Vpc$aws:ec2/routeTable:RouteTable::egress_vpc_fw_public_subnet_us_east_2_rtb: 1 error occurred:
* error creating Route in Route Table (rtb-08121bf0496297bff) with destination (10.31.0.0/16): InvalidLocalGatewayID.Malformed: Invalid id: "vpc-03b6755e47c26a69f"
status code: 400, request id: 3e59a09d-b7b7-4dfa-b46d-ae0caf214ee7
quick-telephone-15244
04/29/2022, 3:26 PMquick-telephone-15244
04/29/2022, 3:27 PMquick-telephone-15244
04/29/2022, 3:28 PMdisallow_any_*
config options might be a bit much?bitter-horse-93353
05/02/2022, 6:02 PM# mypulumi/__main__.py
bucket = aws.s3.Bucket("bucket")
# myscript.py
from mypulumi import bucket
import boto3
bucket = boto3.client('s3').Bucket(bucket.id) # use the value from the pulumi stack script
Trying to understand if this is a support/common use case and what the best practices around this are. It feels like one benefit of having the definitions in python would be accessing them in various places and knowing that the IDs/ARNs/etc. will always match correctly.wide-xylophone-60952
05/03/2022, 8:37 AMquick-telephone-15244
05/04/2022, 2:08 PMaws:iam/rolePolicyAttachment:RolePolicyAttachment
however when i attempt to apply a transformation at the stack level via pulumi.runtime.register_stack_transformation
I'm not seeing the type_
aws:iam/rolePolicyAttachment:RolePolicyAttachment
within my transformation function?quick-telephone-15244
05/04/2022, 2:09 PM<http://pulumi.info|pulumi.info>
output of every type_
I see within the function:
TYPE: aws:ec2/securityGroup:SecurityGroup
TYPE: aws:kms/key:Key
TYPE: aws:iam/role:Role
TYPE: eks:index:Cluster
TYPE: aws:ec2/securityGroup:SecurityGroup
TYPE: aws:eks/cluster:Cluster
TYPE: kubernetes:core/v1:ConfigMap
TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
TYPE: aws:ec2/securityGroup:SecurityGroup
TYPE: aws:ec2/securityGroup:SecurityGroup
TYPE: pulumi:providers:kubernetes
TYPE: aws:eks/cluster:Cluster
TYPE: eks:index:VpcCni
TYPE: aws:iam/openIdConnectProvider:OpenIdConnectProvider
TYPE: aws:ec2/securityGroup:SecurityGroup
TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
TYPE: pulumi:providers:kubernetes
quick-telephone-15244
05/04/2022, 2:12 PM+ pulumi:pulumi:Stack
+ ββ aws:ec2:SecurityGroup
+ ββ aws:kms:Key
+ ββ aws:iam:Role
+ ββ eks:index:Cluster
+ ββ eks:index:ServiceRole
+ β ββ aws:iam:Role
+ β ββ aws:iam:RolePolicyAttachment
+ β ββ aws:iam:RolePolicyAttachment
+ β ββ aws:iam:RolePolicyAttachment
+ ββ aws:eks:Cluster
+ ββ pulumi:providers:kubernetes
+ ββ pulumi:providers:kubernetes
+ ββ aws:ec2:SecurityGroup
+ ββ eks:index:VpcCni
+ ββ aws:ec2:SecurityGroupRule
+ ββ aws:ec2:SecurityGroupRule
+ ββ aws:ec2:SecurityGroupRule
+ ββ aws:ec2:SecurityGroupRule
+ ββ aws:ec2:SecurityGroupRule
+ ββ aws:iam:OpenIdConnectProvider
+ ββ kubernetes:core/v1:ConfigMap
quick-telephone-15244
05/04/2022, 2:36 PMservice_role
as a cluster creation arg. along with skip_default_node_group=True
, those managed policies are still attempting to be attached.. shouldn't the service_role=<aws.iam.Role obj.>
arg. prevent default role/managed policy attachment in favor of what was provided by service_role
? Or am I misunderstanding service_role
entirely?brave-processor-54742
05/05/2022, 9:11 AMuser_data
parameter, instead of writing a long string inside the code?
I would like to use this bash script to add key pairs to my instances, because writing those inside the code looks tidy.
Thanks! π€ΈββοΈgreat-sunset-355
05/06/2022, 7:22 AMrolePolicyAttachment:RolePolicyAttachment
I had a role assigned to 2 ECS tasks and it had 3 policy attachments
import pulumi_aws as aws
role = iam.Role("role") # dummy role
for idx, arn in enumerate(
[
"arn:aws:iam::aws:policy/AmazonSESFullAccess",
"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
]
):
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-app-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
opts=self._opts,
)
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-scheduler-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(
policy_arn=arn, role=role.id
),
opts=self._opts,
)
Later on I decided to add 1 more Policy attachment and limit some Full access policies to necessary permissions.
import pulumi_aws as aws
role = iam.Role("role") # dummy role
ses_policy = aws.iam.Policy("ses-pol")
s3_policy = aws.iam.Policy("s3-pol")
lambda_invoke_policy = aws.iam.Policy("lambda-pol")
for idx, arn in enumerate(
[
ses_policy.arn,
lambda_invoke_policy.arn,
"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
s3_policy.arn,
]
):
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-app-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
opts=self._opts,
)
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-scheduler-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(
policy_arn=arn, role=role.id
),
opts=self._opts,
)
This has caused a weird state, that Pulumi state shows that the PolicyAttachment
of "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
exists but the final IAM role did not have the policy.
After changing the order to cause an update, IAM role gained the policy. And after deploying to another environment the problem was back.
What is going on here? Am I being tricked by some async anomaly?
Note: pulumi up
is running in a CI pipeline, do I need to run pulumi refresh
there as well?brave-processor-54742
05/10/2022, 9:27 AMImportError: dlopen(/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so, 0x0002): tried: '/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
It looks like the Pulumi SDK has not been installed. Have you run pip install?
If you are running in a virtualenv, you must run pip install -r requirements.txt from inside the virtualenv.
Someone experienced that also?
Thanks a lot!strong-intern-84363
05/13/2022, 11:14 PMsarolebinding = gcp.projects.IAMBinding(
f"sa-role-binding-{self.projectName}-owner",
role=self.role,
project=self.project.name,
members=[f"serviceAccount:{self.service_account.email}"],
)
return sarolebinding
This fails with the following error
Request `Set IAM Binding for role "projects/app-burger-nonprod-wzj/roles/projectOwner" on "project \"app-burger-nonprod-wzj\""` returned error: Error applying IAM policy for project "app-burger-nonprod-wzj": Error setting IAM policy for project "app-burger-nonprod-wzj": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7fbf29648640>)., badRequest
Looks like the service_account.email field is wrong.
How can I refer to the email of the newly created service account and use it as the value of the members arguments ?
Thanks for reading, have a nice day.able-oyster-47333
05/15/2022, 6:09 PMhallowed-australia-10473
05/17/2022, 3:16 AMImportError: dlopen(/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so, 0x0002): tried: '/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
How do I get past this?square-dress-80180
05/19/2022, 12:41 AM<stackname>.get_output('foo')
silently fails and I only find out when some resource mysteriously isnβt configured correctly. The root of the error is me doing something silly like misspelling the variable name and I usually find it in not too long, but it would certainly make it easier to catch if the failure wasnβt silent. What is the rationale for not throwing an error during preview to prevent these issues?many-secretary-62073
05/23/2022, 7:10 PMKubeEnvironmentArgs
doesnβt actually allow that field. Additionally, there is no setter for the βtypeβ property, so I cannot set the value after init either. In the end, I get this error response:
azure-native:web/v20210301:KubeEnvironment (env):
error: Code="BadRequest" Message="KubeEnvironment is invalid. Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'." Details=[{"Message":"KubeEnvironment is invalid. Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"KubeEnvironment is invalid. Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'.","MessageTemplate":"{0} is invalid. {1}","Parameters":["KubeEnvironment","Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."]}}]
How can I provide this value?