pulumi-community #python

python

bland-electrician-81799

03/03/2022, 1:02 AM

This question is for anyone using Pulumi in an Azure Devops pipeline with python. What are the ways you are dealing with installing pulumi_azure_native into the venv for each individual program in your pipeline? In our experience it is taking just over 2 minutes. So for example if you have 3 separate programs in a mono-repo that create a resource group, then create the necessary network pieces, then create an AKS cluster, the pipeline is spending over 6 minutes just installing dependencies not even counting the time it takes Pulumi to actually do anything.

great-sunset-355

03/09/2022, 7:05 AM

Is there a plan or an alternative to TS

pulumi.interpolate

in python?

prehistoric-shoe-5168

03/11/2022, 6:36 PM

i work in python, so asking here as well:

rough-oyster-77458

03/11/2022, 9:21 PM

Hi dear community, May I ask a question? I'm quite new to Pulumi, so I apologise if it might seem silly. I use

pulumi.export()

to export a variable in

file1.py

. I'm going to use this variable in

file2.py

Is there any way to get this variable in

file2.py

? So far I have found how to import this variable in CLI only

hallowed-animal-47023

03/12/2022, 2:10 AM

Hey everyone, anyone have an idea why I keep getting my route tables changing?

primary_private_route_table = ec2.RouteTable(
            f'{environment}-primary-private-subnet-route-table',
            vpc_id=vpc.id,
            routes=[
                ec2.RouteTableRouteArgs(
                    cidr_block="0.0.0.0/0",
                    gateway_id=nat_ids['primary_nat_id']
                )
            ],
            tags={
                "Name": f'{environment}-primary-private-subnets-route-table',
                "Environment": f'{environment}'
            }
        )

~ routes: [
          ~ [0]: {
                  ~ cidrBlock   : "0.0.0.0/0" => "0.0.0.0/0"
                  + gatewayId   : "nat-08f9a3f32bfaaa09c"
                  - natGatewayId: "nat-08f9a3f32bfaaa09c"
                }
        ]

👀 1

fast-spoon-69536

03/14/2022, 5:45 PM

create_app_role is a function i created within the ___main___.py._

esa.create_app_role(example.endpoint.apply(lambda endpoint: f"{endpoint}"),admin_username,admin_password,app_role_payload,role_name)

_The create_app_role function takes the following inputs._ endpoint - the endpoint is only available after the previous resource is deployed. _admin_username - username to log into the endpoint_ _admin_password - admin password_ _app_role_payload - a dictionary / REST payload_ _role_name - name of the role to create_ The basics of what I'm trying to do is. 1. deploy aws opensearch 2. call the opensearch internal API to create roles and users after it is deployed. endpoint needs to be a str, but it is a Output<str>. How can I get it to be a str? Or is there a better approach ?

TypeError: can only concatenate str (not "Output") to str

little-photographer-14867

03/16/2022, 12:06 AM

Hi folks 👋 , I'm new to pulumi and trying to create a GCP artifact registry with an IAMBinding. Something like:

read_sa = serviceaccount.Account(
    "read-sa",
    account_id="read-sa",
    display_name="Read Service Account"
)
py_repo = artifactregistry.Repository(
    "pypi-repo",
    location="us-west1",
    repository_id="pypi-repo",
    description="python pacakges.",
    format="PYTHON",
)
read_binding = artifactregistry.RepositoryIamBinding(
    "read-binding",
    project=py_repo.project,
    location=py_repo.location,
    repository=py_repo.name,
    role="roles/artifactregistry.reader",
    members=[
        f"serviceAccount:{read_sa.email}",
    ],
)

But I am getting errors:

gcp:artifactregistry:RepositoryIamBinding (read-binding):
    error: 1 error occurred:
        * Error applying IAM policy for artifactregistry repository "projects/test-project/locations/us-west1/repositories/pypi-repo": Error setting IAM policy for artifactregistry repository "projects/test-project/locations/us-west1/repositories/pypi-repo": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7f7f53ff7f10>).

Am I defining the

members

arg properly, or correct in using the service account email in an f-string? Mostly following this ts example.

average-article-76176

03/16/2022, 5:28 PM

(just figured this channel exists) Added a Python question 👇 , hopefully the audience is more targeted here: https://pulumi-community.slack.com/archives/C01PF3E1B8V/p1647451407628919

purple-plumber-90981

03/17/2022, 3:31 AM

whats the right pulumi/python way to make a resource in pulumi_stack2 depend on the existance of a resource created in pulumi_stack1

nice-father-44210

03/17/2022, 6:42 PM

Hello! My team would love to create reusable

ComponentResources

that encode our best practices while allowing the calling code to override some aspects of the underlying AWS resources. We want to expose the available overrides as Pulumi’s

Args

objects. E.g.,:

class SecureS3Bucket(pulumi.ComponentResource):
    def __init__(
        self,
        name: str,
        bucket_overrides: aws.s3.BucketArgs = aws.s3.BucketArgs(),

Is there a convenient way to manipulate/merge

BucketArgs

objects? E.g., we might overlay required attribute values on top of the supplied

bucket_overrides

argument before passing the merged object into the

Bucket(BucketArgs)

constructor. One way we’ve found is using a combination of

pulumi._types.input_type_to_dict(bucket_overrides)

to turn

BucketArgs

into a

dict

and

pulumi.set( args_object, "attribute", "value" )

to apply

dict

entries to a

BucketArgs

object.

agreeable-king-2755

03/18/2022, 2:54 PM

Hey folks, I'm about to port this to Python so I can run one-off tasks like database (Alembic) migrations against our RDS instance: https://github.com/sevenwestmedia-labs/pulumi/tree/master/packages/run-fargate-task But I was wondering if anyone already has a recipe for this somewhere? Cheers 👍

dazzling-angle-45051

03/23/2022, 8:19 PM

Hey there! How can I make sure in a

ComponentResource

that another type of resource will always be created by Pulumi before? I can use

depends_one

, but it's quite verbose and I would like to find a better way for the end user. To clarify, the

ComponentResource

I'm writing is for deploying a bunch of Kubernetes resources, and I would like to make sure that

pulumi_kubernetes.core.v1.Namespace

are applied first. Thanks in advance! 🙏

dazzling-angle-45051

03/23/2022, 8:36 PM

too bad Pulumi doesn't support context managers, something like this would have been awesome:

with kubernetes.core.v1.Namespace(project):
    acme_corp.MyResource(f"{project}-{stack}-myresource")

breezy-painter-29573

03/28/2022, 3:01 AM

Hi everyone. With the code snippet below I am trying to achieve creation of aws subnets with specific CIDR addresses blocks in each available Availability Zone.

for i, az in enumerate(azs):
            subnet = aws.ec2.Subnet(
                resource_name=f"public-{i}",
                vpc_id=vpc.id,
                availability_zone=az,
                cidr_block=vpc.cidr_block.apply(lambda cidr_block: ip_network(cidr_block).subnets(new_prefix=27)[i]),
                tags=tags,
            )
            subnets.append(subnet)

but it fails with the

TypeError: 'generator' object is not subscriptable

. Which, probably makes sense. I just can’t find a way to do it in a for loop. Thank you in advance! P.S.

ip_network

is a function for

netaddr

incalculable-whale-36468

03/28/2022, 9:24 PM

Hey guys! I need to use a secret inside a template string. For example:

my_template = "my secret: {my_secret}"
my_secret = config.require_secret('my_secret')
foo = my_template.format(my_secret=my_secret)

This will result in the following output:

my secret: <pulumi.output.Output object at 0x7f02baf74b80>

I tried using apply, and even Output.all, like follows:

foo = my_template.format(my_secret=my_secret.apply(lambda current_secret: current_secret))

But it will give me the same result. What am I missing here?

stocky-xylophone-20575

04/03/2022, 7:50 PM

Hi all, need help in importing a rds parameter group and modifying it, currently i am trying to write a inline pulumi program, can you please help me in giving any pointers i am doing it like this

parameter_group = aws.rds.ParameterGroup(parameter_group_name,
                                             family=rds_family,
                                             opts=ResourceOptions(import_=parameter_group_name))

but coming out to

inputs to import do not match the existing resource

even though parameter group name is same i also tried to user

aws.rds.ParameterGroup.get()

but it is asking for id which is not present in case of parametergroups , we only have name for a parameter group

alert-raincoat-81485

04/05/2022, 1:32 AM

Hello team. I am trying to follow the example where i want to use

args[FilsSystemArgs]

but it seems not valid. Can someone guide me over? https://www.pulumi.com/registry/packages/aws/api-docs/efs/filesystem/

foo = aws.efs.FileSystem(
    "efs_filesystem", 
    resource_name="efs",
    args=[aws.efs.FileSystemArgs()]
})

able-thailand-87943

04/05/2022, 3:23 PM

Hello Folks, I have a weird problem... I've written some tests for pytest, and when I execute the test with the file, it works fine...

py.test -v tests/test_foobar.py

But if I run it without explicit providing the file name, to make sure it runs all tests under

tests

, it bombs with the error: pulumi.errors.RunError: Program run without the Pulumi engine available; re-run using the
pulumi
CLI Does anyone have any suggestions to fix this?

curved-morning-41391

04/05/2022, 10:09 PM

Hey odd question, it would be really awesome if instead of

pulumi up

I could do this from within my python program like

pulumi.up()

anyone aware if there is a way to do that, or if folks have thought of this?

alert-raincoat-81485

04/08/2022, 4:58 PM

Hello Team, I am trying to add EFS DNS name to the parameter store but The value of the parameter store is registering as Pulumi object. Is there any way we can register actual dns name (str) instead pulumi object?

efsFileSys = aws.efs.FileSystem( 
    resource_name=stackname+'-'+'efs',
    args=aws.efs.FileSystemArgs(
        encrypted='true',
        kms_key_id='<kms-arn>',
        performance_mode="maxIO",
        tags={
                "Name": stackname + '-' + 'fs'
            },
    )
)

efsParame=aws.ssm.Parameter(
    str(stackname)+'-'+'efs_parameter',
    type='String',
    name="efs_parameter",
    value=str(efsFileSys.dns_name),
)

Output

Parameter store value: 	<pulumi.output.Output object at 0x10xxxx>

calm-megabyte-11174

04/11/2022, 2:18 AM

I need some help here: My code snippet is below, from pulumi website:

"""A Python Pulumi program"""

import pulumi
from pulumi_azure_native import storage
from pulumi_azure_native import resources

resource_group = resources.ResourceGroup("aa-msdn-rg-pulumi")
account = storage.StorageAccount('sa',
    resource_group_name = resource_group.name,
    sku = storage.SkuArgs(
        name = storage.SkuArgs.STANDARD_LRS,
        ),
        kind = storage.kind.STORAGE_V2)

primary_key = storage.list_storage_account_keys_output(
    resource_group_name = resource_group.name,
    account_name = account.name
    ).accountKeys.keys[0].value

pulumi.export("primary_storage_key",primary_keycdpu)

I get error as below:

File "C:\OnlyOnMyPC\my-training\awesomeazure\.\__main__.py", line 4, in <module>
        from pulumi_azure_native import storage
    ModuleNotFoundError: No module named 'pulumi_azure_native'
    error: an unhandled error occurred: Program exited with non-zero exit code: 1

Yes and I have installed the package as well but still no luck ?

PS C:\OnlyOnMyPC\my-training\awesomeazure> pip install pulumi_azure_native
Defaulting to user installation because normal site-packages is not writeable
Requirement already satisfied: pulumi_azure_native in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (1.62.0)
Requirement already satisfied: parver>=0.2.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (0.3.1)
Requirement already satisfied: pulumi<4.0.0,>=3.0.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (3.28.0)
Requirement already satisfied: semver>=2.8.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi_azure_native) (2.13.0)
Requirement already satisfied: attrs>=19.2 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (21.4.0)
Requirement already satisfied: six~=1.13 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (1.16.0)
Requirement already satisfied: arpeggio~=1.7 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from parver>=0.2.1->pulumi_azure_native) (1.10.2)
Requirement already satisfied: pyyaml>=5.3.1 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (6.0)
Requirement already satisfied: protobuf>=3.6.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (3.20.0)
Requirement already satisfied: dill>=0.3.0 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (0.3.4)
Requirement already satisfied: grpcio<1.44.0,>=1.33.2 in c:\users\aagashe002\appdata\roaming\python\python310\site-packages (from pulumi<4.0.0,>=3.0.0->pulumi_azure_native) (1.43.0)

My Python path is already in Environment variable: ``````

calm-megabyte-11174

04/11/2022, 2:24 AM

fast-spoon-69536

04/22/2022, 2:13 PM

Hello, I could use some help here. I'm not sure what is happening. The issue almost seems like a bug. I'm running latest pulumi version. The vpc in question does exist egress_vpc: vpc-03b6755e47c26a69f. I tried setting various combinations of the depends_on. But this doesn't seem to change the outcome.

# failure if I exclude the local route
  egress_vpc_fw_public_subnet_rtb = aws.ec2.RouteTable(custom_tags['Name'],
        vpc_id=egress_vpc.id,
        routes=[
        aws.ec2.RouteTableRouteArgs(cidr_block="0.0.0.0/0",gateway_id=egress_igw.id)
        ],
       
        tags=custom_tags,
        opts=ResourceOptions(depends_on=[tgw, egress_igw],parent=egress_vpc)) 



 aws:ec2:RouteTable (egress_vpc_fw_public_subnet_us_east_2_rtb):
    error: 1 error occurred:
        * updating urn:pulumi:dev::transitgateway::aws:ec2/vpc:Vpc$aws:ec2/routeTable:RouteTable::egress_vpc_fw_public_subnet_us_east_2_rtb: 1 error occurred:
        * error deleting Route in Route Table (rtb-08121bf0496297bff) with destination (10.31.0.0/16): InvalidParameterValue: cannot remove local route 10.31.0.0/16 in route table rtb-08121bf0496297bff
        status code: 400, request id: fc0dcdd7-ce6f-4ec8-92e7-250c268c4933





# failure if I add the local route

egress_vpc_fw_public_subnet_rtb = aws.ec2.RouteTable(custom_tags['Name'],
        vpc_id=egress_vpc.id,
        routes=[
        aws.ec2.RouteTableRouteArgs(cidr_block="0.0.0.0/0",gateway_id=egress_igw.id),
	aws.ec2.RouteTableRouteArgs(cidr_block=egress_vpc.cidr_block,local_gateway_id=egress_vpc.id)
        ],
       
        tags=custom_tags,
        opts=ResourceOptions(depends_on=[tgw, egress_igw],parent=egress_vpc))

error: 1 error occurred:
        * updating urn:pulumi:dev::transitgateway::aws:ec2/vpc:Vpc$aws:ec2/routeTable:RouteTable::egress_vpc_fw_public_subnet_us_east_2_rtb: 1 error occurred:
        * error creating Route in Route Table (rtb-08121bf0496297bff) with destination (10.31.0.0/16): InvalidLocalGatewayID.Malformed: Invalid id: "vpc-03b6755e47c26a69f"
        status code: 400, request id: 3e59a09d-b7b7-4dfa-b46d-ae0caf214ee7

quick-telephone-15244

04/29/2022, 3:26 PM

👋

quick-telephone-15244

04/29/2022, 3:27 PM

I'm working to integrate mypy into my Pulumi codebase and I'm wondering if anyone can share/point me to some "Best Practices" MyPy configs specifically for Pulumi?

quick-telephone-15244

04/29/2022, 3:28 PM

I think the

disallow_any_*

config options might be a bit much?

bitter-horse-93353

05/02/2022, 6:02 PM

Question: do people import resources from pulumi stacks in scripts/code? I.e.

# mypulumi/__main__.py
bucket = aws.s3.Bucket("bucket")

# myscript.py
from mypulumi import bucket
import boto3

bucket = boto3.client('s3').Bucket(bucket.id)  # use the value from the pulumi stack script

Trying to understand if this is a support/common use case and what the best practices around this are. It feels like one benefit of having the definitions in python would be accessing them in various places and knowing that the IDs/ARNs/etc. will always match correctly.

wide-xylophone-60952

05/03/2022, 8:37 AM

Hello All

👋 1

quick-telephone-15244

05/04/2022, 2:08 PM

Hi all, I'm running up against an issue using the AWS EKS package from the repo, specifically that I need to modify the policyArn of a

aws:iam/rolePolicyAttachment:RolePolicyAttachment

however when i attempt to apply a transformation at the stack level via

pulumi.runtime.register_stack_transformation

I'm not seeing the

type_

aws:iam/rolePolicyAttachment:RolePolicyAttachment

within my transformation function?

quick-telephone-15244

05/04/2022, 2:09 PM

FWIW this is the

<http://pulumi.info|pulumi.info>

output of every

type_

I see within the function:

TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:kms/key:Key
    TYPE: aws:iam/role:Role
    TYPE: eks:index:Cluster
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:eks/cluster:Cluster
    TYPE: kubernetes:core/v1:ConfigMap
    TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: pulumi:providers:kubernetes
    TYPE: aws:eks/cluster:Cluster
    TYPE: eks:index:VpcCni
    TYPE: aws:iam/openIdConnectProvider:OpenIdConnectProvider
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
    TYPE: pulumi:providers:kubernetes

Title

quick-telephone-15244

05/04/2022, 2:09 PM

FWIW this is the

<http://pulumi.info|pulumi.info>

output of every

type_

I see within the function:

TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:kms/key:Key
    TYPE: aws:iam/role:Role
    TYPE: eks:index:Cluster
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:eks/cluster:Cluster
    TYPE: kubernetes:core/v1:ConfigMap
    TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: pulumi:providers:kubernetes
    TYPE: aws:eks/cluster:Cluster
    TYPE: eks:index:VpcCni
    TYPE: aws:iam/openIdConnectProvider:OpenIdConnectProvider
    TYPE: aws:ec2/securityGroup:SecurityGroup
    TYPE: aws:ec2/securityGroupRule:SecurityGroupRule
    TYPE: pulumi:providers:kubernetes

View count: 4