quick-telephone-15244
05/04/2022, 2:12 PM+ pulumi:pulumi:Stack
+ ├─ aws:ec2:SecurityGroup
+ ├─ aws:kms:Key
+ ├─ aws:iam:Role
+ └─ eks:index:Cluster
+ ├─ eks:index:ServiceRole
+ │ ├─ aws:iam:Role
+ │ ├─ aws:iam:RolePolicyAttachment
+ │ ├─ aws:iam:RolePolicyAttachment
+ │ └─ aws:iam:RolePolicyAttachment
+ ├─ aws:eks:Cluster
+ ├─ pulumi:providers:kubernetes
+ ├─ pulumi:providers:kubernetes
+ ├─ aws:ec2:SecurityGroup
+ ├─ eks:index:VpcCni
+ ├─ aws:ec2:SecurityGroupRule
+ ├─ aws:ec2:SecurityGroupRule
+ ├─ aws:ec2:SecurityGroupRule
+ ├─ aws:ec2:SecurityGroupRule
+ ├─ aws:ec2:SecurityGroupRule
+ ├─ aws:iam:OpenIdConnectProvider
+ └─ kubernetes:core/v1:ConfigMap
quick-telephone-15244
05/04/2022, 2:36 PMservice_role
as a cluster creation arg. along with skip_default_node_group=True
, those managed policies are still attempting to be attached.. shouldn't the service_role=<aws.iam.Role obj.>
arg. prevent default role/managed policy attachment in favor of what was provided by service_role
? Or am I misunderstanding service_role
entirely?brave-processor-54742
05/05/2022, 9:11 AMuser_data
parameter, instead of writing a long string inside the code?
I would like to use this bash script to add key pairs to my instances, because writing those inside the code looks tidy.
Thanks! 🤸♂️great-sunset-355
05/06/2022, 7:22 AMrolePolicyAttachment:RolePolicyAttachment
I had a role assigned to 2 ECS tasks and it had 3 policy attachments
import pulumi_aws as aws
role = iam.Role("role") # dummy role
for idx, arn in enumerate(
[
"arn:aws:iam::aws:policy/AmazonSESFullAccess",
"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
"arn:aws:iam::aws:policy/AmazonS3FullAccess",
]
):
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-app-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
opts=self._opts,
)
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-scheduler-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(
policy_arn=arn, role=role.id
),
opts=self._opts,
)
Later on I decided to add 1 more Policy attachment and limit some Full access policies to necessary permissions.
import pulumi_aws as aws
role = iam.Role("role") # dummy role
ses_policy = aws.iam.Policy("ses-pol")
s3_policy = aws.iam.Policy("s3-pol")
lambda_invoke_policy = aws.iam.Policy("lambda-pol")
for idx, arn in enumerate(
[
ses_policy.arn,
lambda_invoke_policy.arn,
"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
s3_policy.arn,
]
):
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-app-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
opts=self._opts,
)
aws.iam.RolePolicyAttachment(
f"{self._config.name}-{idx}-scheduler-role-extension",
args=aws.iam.RolePolicyAttachmentArgs(
policy_arn=arn, role=role.id
),
opts=self._opts,
)
This has caused a weird state, that Pulumi state shows that the PolicyAttachment
of "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
exists but the final IAM role did not have the policy.
After changing the order to cause an update, IAM role gained the policy. And after deploying to another environment the problem was back.
What is going on here? Am I being tricked by some async anomaly?
Note: pulumi up
is running in a CI pipeline, do I need to run pulumi refresh
there as well?brave-processor-54742
05/10/2022, 9:27 AMImportError: dlopen(/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so, 0x0002): tried: '/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
It looks like the Pulumi SDK has not been installed. Have you run pip install?
If you are running in a virtualenv, you must run pip install -r requirements.txt from inside the virtualenv.
Someone experienced that also?
Thanks a lot!strong-intern-84363
05/13/2022, 11:14 PMsarolebinding = gcp.projects.IAMBinding(
f"sa-role-binding-{self.projectName}-owner",
role=self.role,
project=self.project.name,
members=[f"serviceAccount:{self.service_account.email}"],
)
return sarolebinding
This fails with the following error
Request `Set IAM Binding for role "projects/app-burger-nonprod-wzj/roles/projectOwner" on "project \"app-burger-nonprod-wzj\""` returned error: Error applying IAM policy for project "app-burger-nonprod-wzj": Error setting IAM policy for project "app-burger-nonprod-wzj": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7fbf29648640>)., badRequest
Looks like the service_account.email field is wrong.
How can I refer to the email of the newly created service account and use it as the value of the members arguments ?
Thanks for reading, have a nice day.able-oyster-47333
05/15/2022, 6:09 PMhallowed-australia-10473
05/17/2022, 3:16 AMImportError: dlopen(/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so, 0x0002): tried: '/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
How do I get past this?square-dress-80180
05/19/2022, 12:41 AM<stackname>.get_output('foo')
silently fails and I only find out when some resource mysteriously isn’t configured correctly. The root of the error is me doing something silly like misspelling the variable name and I usually find it in not too long, but it would certainly make it easier to catch if the failure wasn’t silent. What is the rationale for not throwing an error during preview to prevent these issues?many-secretary-62073
05/23/2022, 7:10 PMKubeEnvironmentArgs
doesn’t actually allow that field. Additionally, there is no setter for the “type” property, so I cannot set the value after init either. In the end, I get this error response:
azure-native:web/v20210301:KubeEnvironment (env):
error: Code="BadRequest" Message="KubeEnvironment is invalid. Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'." Details=[{"Message":"KubeEnvironment is invalid. Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"KubeEnvironment is invalid. Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'.","MessageTemplate":"{0} is invalid. {1}","Parameters":["KubeEnvironment","Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."]}}]
How can I provide this value?mysterious-hamburger-19066
05/25/2022, 6:31 PMquick-telephone-15244
05/26/2022, 6:38 PMdebug_error_string = "{"created":"@1653589486.232131000","description":"Error received from peer ipv4:127.0.0.1:64115","file":"src/core/lib/surface/call.cc","file_line":904,"grpc_message":"Cannot read properties of undefined (reading 'map')","grpc_status":2}"
quick-telephone-15244
05/26/2022, 6:40 PM-v=9
for up
and it's still not entirely clear how i'm getting to that/what the underlying issue is.purple-architect-30534
05/27/2022, 7:40 PMorange-crowd-9665
06/01/2022, 9:34 AMcrooked-sunset-90921
06/02/2022, 3:42 AMwhite-terabyte-21934
06/02/2022, 7:36 AMpulumi.output.Output object
.
• Would like to print these values via a print statement (like terraform output format) ,what is the best way to fetch the value via Ouput() method ?breezy-book-15761
06/02/2022, 9:43 AM"""A Google Cloud Python Pulumi program"""
import pulumi
import pulumi_gcp as gcp
cloud_resource_manager_api = gcp.projects.Service('crm_api', service="<http://cloudresourcemanager.googleapis.com|cloudresourcemanager.googleapis.com>")
project = gcp.organizations.get_project_output(opts=pulumi.InvokeOptions(parent=cloud_resource_manager_api))
cloud_run_api = gcp.projects.Service('cloud_run_api', disable_dependent_services=True, disable_on_destroy=True, project=project.id.apply(lambda project_id: project_id), service="<http://run.googleapis.com|run.googleapis.com>")
salmon-art-25154
06/02/2022, 6:52 PMpulumi update
and i've been trying to solve it since yesterday. the error is:
AttributeError: 'Service' object has no attribute 'status'full stack trace (https://pastebin.com/jS2FZpPK) initially, i was experiencing the issue described here https://github.com/pulumi/pulumi/issues/9694, which i was able to fix by pinning protobuf v3.20.1 after that though, i began experiencing the error i pasted above. i've tried downgrading pulumi as well as upgrading python (this app uses 3.9.6), but i get the same error no matter what. anyone else experience the same issue or have any tips to help me further debug this?
salmon-art-25154
06/02/2022, 7:34 PMpulumi.export('api_url', cloud_run_api_output.status.url)
but when i look at the docs for gcp.cloudrun.Service, i only see output.statuses, so maybe that changed between versions.
however when i try to access cloud_run_api_output.statuses[0]
, i get a index out of range error.salmon-art-25154
06/02/2022, 8:22 PMmicroscopic-holiday-73461
06/04/2022, 5:20 AMDiagnostics:
hcloud:index:Server (master-1):
error: hcloud:index/server:Server resource 'master-1' has a problem: Attribute must be a whole number, got 47074. Examine values at 'Server.PlacementGroupId'.
error: hcloud:index/server:Server resource 'master-1' has a problem: Attribute must be a whole number, got 1710474. Examine values at 'Server.Networks'.
Seems that the Server object expects IDs to come in as integers, but the objects provide IDs as strings.
Here's the relevant parts form the code:
import pulumi_hcloud as hcloud
network = hcloud.Network("cluster-net",
ip_range="10.0.1.0/24",
)
master_group = hcloud.PlacementGroup("masters", type="spread")
for i in range(3):
node = hcloud.Server(
f"master-{i+1}",
backups=False,
location="hel1",
server_type="CX21",
image="ubuntu-20.04",
networks=[{
"network_id": network.id,
}],
placement_group_id=master_group.id
)
hcloud.Rdns(
f"master-{i+1}",
server_id=node.id,
ip_address=node.ipv4_address,
dns_ptr=f"master-{i+1}.<http://kube.golyalpha.tk|kube.golyalpha.tk>"
)
The network and placement group gets created just fine beforehandmysterious-hamburger-19066
06/04/2022, 9:38 PMcrooked-sunset-90921
06/05/2022, 2:05 AMvictorious-exabyte-70545
06/06/2022, 7:45 PMvictorious-exabyte-70545
06/06/2022, 7:46 PMrabbitmq_chart = Chart(
'rabbitmq-chart',
ChartOpts(
resource_prefix=stack_name,
chart='rabbitmq',
version="8.16.2",
victorious-exabyte-70545
06/06/2022, 7:46 PMvictorious-exabyte-70545
06/06/2022, 7:48 PMdef transformation(args: ResourceTransformationArgs):
if args.type_ == "kubernetes:helm:template":
return ResourceTransformationResult(
props=args.props,
opts=ResourceOptions.merge(args.opts, ResourceOptions(
ignore_changes=["ChartOpts"],
)))
victorious-exabyte-70545
06/06/2022, 7:49 PMvictorious-exabyte-70545
06/06/2022, 7:49 PMvictorious-exabyte-70545
06/06/2022, 7:49 PMbillowy-army-68599
06/06/2022, 7:50 PMignoreChanges
? https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/victorious-exabyte-70545
06/06/2022, 7:51 PMResourceOptions(provider=k8s_provider, ignore_changes=['version']
billowy-army-68599
06/06/2022, 7:51 PMvictorious-exabyte-70545
06/06/2022, 7:51 PMrabbitmq_chart = Chart(
'rabbitmq-chart',
ChartOpts(
resource_prefix=stack_name,
chart='rabbitmq',
version="8.16.2",
fetch_opts={'repo': '<https://charts.bitnami.com/bitnami>'},
values={},
),
ResourceOptions(provider=k8s_provider, ignore_changes=['version'])
)
Traceback (most recent call last):
File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/concurrent/futures/_base.py", line 329, in _invoke_callbacks
callback(self)
File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/futures.py", line 398, in _call_set_state
dest_loop.call_soon_threadsafe(_set_state, destination, source)
File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 791, in call_soon_threadsafe
self._check_closed()
File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 510, in _check_closed
raise RuntimeError('Event loop is closed')
RuntimeError: Event loop is closed
error: Program failed with an unhandled exception:
error: Traceback (most recent call last):
File "/usr/local/bin/pulumi-language-python-exec", line 107, in <module>
loop.run_until_complete(coro)
File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
return future.result()
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 126, in run_in_stack
await run_pulumi_func(lambda: Stack(func))
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
await wait_for_rpcs()
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 73, in wait_for_rpcs
await RPC_MANAGER.rpcs.pop()
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc_manager.py", line 68, in rpc_wrapper
result = await rpc
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/resource.py", line 685, in do_register_resource_outputs
serialized_props = await rpc.serialize_properties(outputs, {})
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 172, in serialize_properties
result = await serialize_property(
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 343, in serialize_property
value = await serialize_property(
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 326, in serialize_property
future_return = await asyncio.ensure_future(awaitable)
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 169, in run
value = await self._future
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 123, in get_value
val = await self._future
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 206, in run
return await transformed.future(with_unknowns=True)
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 123, in get_value
val = await self._future
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 169, in run
value = await self._future
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 194, in run
transformed: Input[U] = func(value)
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi_kubernetes/helm/v3/helm.py", line 598, in <lambda>
objects = json_opts.apply(lambda x: pulumi.runtime.invoke('kubernetes:helm:template',
File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/invoke.py", line 166, in invoke
raise invoke_error
Exception: invoke of kubernetes:helm:template failed: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to pull chart: chart "rabbitmq" version "8.16.2" not found in <https://charts.bitnami.com/bitnami> repository
error: an unhandled error occurred: Program exited with non-zero exit code: 1
../../config/keyvalue
billowy-army-68599
06/06/2022, 10:34 PM.config.version
?