pulumi-community #python

python

quick-telephone-15244

05/04/2022, 2:12 PM

this is the plan created from `pulumi preview --logtostderr`:

+   pulumi:pulumi:Stack                   
 +   ├─ aws:ec2:SecurityGroup             
 +   ├─ aws:kms:Key                       
 +   ├─ aws:iam:Role                      
 +   └─ eks:index:Cluster                 
 +      ├─ eks:index:ServiceRole          
 +      │  ├─ aws:iam:Role                 
 +      │  ├─ aws:iam:RolePolicyAttachment 
 +      │  ├─ aws:iam:RolePolicyAttachment 
 +      │  └─ aws:iam:RolePolicyAttachment 
 +      ├─ aws:eks:Cluster                 
 +      ├─ pulumi:providers:kubernetes     
 +      ├─ pulumi:providers:kubernetes     
 +      ├─ aws:ec2:SecurityGroup           
 +      ├─ eks:index:VpcCni                
 +      ├─ aws:ec2:SecurityGroupRule       
 +      ├─ aws:ec2:SecurityGroupRule       
 +      ├─ aws:ec2:SecurityGroupRule       
 +      ├─ aws:ec2:SecurityGroupRule       
 +      ├─ aws:ec2:SecurityGroupRule       
 +      ├─ aws:iam:OpenIdConnectProvider   
 +      └─ kubernetes:core/v1:ConfigMap

quick-telephone-15244

05/04/2022, 2:36 PM

the other thing that i'm kinda scratching my head about is even though i'm specifying

service_role

as a cluster creation arg. along with

skip_default_node_group=True

, those managed policies are still attempting to be attached.. shouldn't the

service_role=<aws.iam.Role obj.>

arg. prevent default role/managed policy attachment in favor of what was provided by

service_role

? Or am I misunderstanding

service_role

entirely?

brave-processor-54742

05/05/2022, 9:11 AM

Hi everyone! 👋 Would someone have an idea on how to call a bash script in the

user_data

parameter, instead of writing a long string inside the code? I would like to use this bash script to add key pairs to my instances, because writing those inside the code looks tidy. Thanks! 🤸‍♂️

great-sunset-355

05/06/2022, 7:22 AM

Hi I think I hit some weird bug with

rolePolicyAttachment:RolePolicyAttachment

I had a role assigned to 2 ECS tasks and it had 3 policy attachments

import pulumi_aws as aws

role = iam.Role("role")  # dummy role

for idx, arn in enumerate(
        [
            "arn:aws:iam::aws:policy/AmazonSESFullAccess",
            "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
            "arn:aws:iam::aws:policy/AmazonS3FullAccess",
        ]
    ):
        aws.iam.RolePolicyAttachment(
            f"{self._config.name}-{idx}-app-role-extension",
            args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
            opts=self._opts,
        )
        aws.iam.RolePolicyAttachment(
            f"{self._config.name}-{idx}-scheduler-role-extension",
            args=aws.iam.RolePolicyAttachmentArgs(
                policy_arn=arn, role=role.id
            ),
            opts=self._opts,
        )

Later on I decided to add 1 more Policy attachment and limit some Full access policies to necessary permissions.

import pulumi_aws as aws

role = iam.Role("role")  # dummy role
ses_policy = aws.iam.Policy("ses-pol")
s3_policy = aws.iam.Policy("s3-pol")
lambda_invoke_policy = aws.iam.Policy("lambda-pol")

for idx, arn in enumerate(
        [
            ses_policy.arn,
            lambda_invoke_policy.arn,
            "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
            s3_policy.arn,
        ]
    ):
        aws.iam.RolePolicyAttachment(
            f"{self._config.name}-{idx}-app-role-extension",
            args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
            opts=self._opts,
        )
        aws.iam.RolePolicyAttachment(
            f"{self._config.name}-{idx}-scheduler-role-extension",
            args=aws.iam.RolePolicyAttachmentArgs(
                policy_arn=arn, role=role.id
            ),
            opts=self._opts,
        )

This has caused a weird state, that Pulumi state shows that the

PolicyAttachment

"arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",

exists but the final IAM role did not have the policy. After changing the order to cause an update, IAM role gained the policy. And after deploying to another environment the problem was back. What is going on here? Am I being tricked by some async anomaly? Note:

pulumi up

is running in a CI pipeline, do I need to run

pulumi refresh

there as well?

brave-processor-54742

05/10/2022, 9:27 AM

Hi all! 👋 When doing pulumi up i am getting this error:

ImportError: dlopen(/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so, 0x0002): tried: '/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
    It looks like the Pulumi SDK has not been installed. Have you run pip install?
    If you are running in a virtualenv, you must run pip install -r requirements.txt from inside the virtualenv.

Someone experienced that also? Thanks a lot!

strong-intern-84363

05/13/2022, 11:14 PM

Hey lovely community ! Can someone help me to understand this ? Let’s imagine that I have a piece of code that creates a GCP service account, a custom role (both works fine) and a IAM Binding to assign this role to this service account (this one fails) Here is my IAM binding call

sarolebinding = gcp.projects.IAMBinding(
            f"sa-role-binding-{self.projectName}-owner",
            role=self.role,
            project=self.project.name,
            members=[f"serviceAccount:{self.service_account.email}"],
        )
        return sarolebinding

This fails with the following error

Request `Set IAM Binding for role "projects/app-burger-nonprod-wzj/roles/projectOwner" on "project \"app-burger-nonprod-wzj\""` returned error: Error applying IAM policy for project "app-burger-nonprod-wzj": Error setting IAM policy for project "app-burger-nonprod-wzj": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7fbf29648640>)., badRequest

Looks like the service_account.email field is wrong. How can I refer to the email of the newly created service account and use it as the value of the members arguments ? Thanks for reading, have a nice day.

able-oyster-47333

05/15/2022, 6:09 PM

hello, I used the for loop in pulumi-python's automation-api to define resources, and found that subnets can always only create one. Do I need to use special definitions to create multiple resources?

👀 1

hallowed-australia-10473

05/17/2022, 3:16 AM

I’m trying to use Python to instantiate some resources on DigitalOcean. The problem is that I’m using an M1 Mac. When I try to import pulumi, I get an error:

ImportError: dlopen(/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so, 0x0002): tried: '/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))

How do I get past this?

square-dress-80180

05/19/2022, 12:41 AM

I have had a couple times run into an issue where my call to

<stackname>.get_output('foo')

silently fails and I only find out when some resource mysteriously isn’t configured correctly. The root of the error is me doing something silly like misspelling the variable name and I usually find it in not too long, but it would certainly make it easier to catch if the failure wasn’t silent. What is the rationale for not throwing an error during preview to prevent these issues?

many-secretary-62073

05/23/2022, 7:10 PM

I am trying to follow along with the example here to create Azure Container Apps. My experience does not match with the expectation of that example. On line 24 a “type” parameter is specified, but the

KubeEnvironmentArgs

doesn’t actually allow that field. Additionally, there is no setter for the “type” property, so I cannot set the value after init either. In the end, I get this error response:

azure-native:web/v20210301:KubeEnvironment (env):
    error: Code="BadRequest" Message="KubeEnvironment is invalid.  Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'." Details=[{"Message":"KubeEnvironment is invalid.  Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"KubeEnvironment is invalid.  Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'.","MessageTemplate":"{0} is invalid.  {1}","Parameters":["KubeEnvironment","Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."]}}]

How can I provide this value?

mysterious-hamburger-19066

05/25/2022, 6:31 PM

Hello. How do I copy an entire directory from local machine to the VM created by pulumi? I see that there is a command plugin, but it only seems to allow you to copy a file.

quick-telephone-15244

05/26/2022, 6:38 PM

complete and utter shot in the dark--has anyone ever seen something similar to this error when creating an EKS cluster with ManagedNodeGroups

debug_error_string = "{"created":"@1653589486.232131000","description":"Error received from peer ipv4:127.0.0.1:64115","file":"src/core/lib/surface/call.cc","file_line":904,"grpc_message":"Cannot read properties of undefined (reading 'map')","grpc_status":2}"

quick-telephone-15244

05/26/2022, 6:40 PM

literally at

-v=9

for

up

and it's still not entirely clear how i'm getting to that/what the underlying issue is.

purple-architect-30534

05/27/2022, 7:40 PM

I'm getting this using pulumi in Github Actions and I'm not sure how to fix this

orange-crowd-9665

06/01/2022, 9:34 AM

Hello! On GCP, I'm creating PubSub Schemas (w/ gRPC), and then after PubSub topics with those schemas (w/ ResourceOptions depends_on parameter). A problem arises when I update my .proto files. I don't know the inners of Pulumi, but everytime I update a schema, the PubSub topics that rely on it will result in a "Deleted Schema" state. What are the best practices to update PubSub schemas?

crooked-sunset-90921

06/02/2022, 3:42 AM

having a brain block... if I have a function that returns a dict, how do I get just the one specific key from the function... it's obviously not myfunc().get("bla"), but something on those lines?

white-terabyte-21934

06/02/2022, 7:36 AM

Hello , Looking for an advice , I am trying pulumi with python and would like to know the better usage of Output . • Creating a resources let say r = xx.CreateResources(…) ==> r (A pulumi output object) • Would like to extract the raw value of a property ,let say r.http_url (which is again a type of

pulumi.output.Output object

. • Would like to print these values via a print statement (like terraform output format) ,what is the best way to fetch the value via Ouput() method ?

breezy-book-15761

06/02/2022, 9:43 AM

Hello, I'm trying to set up a gcp project from scratch, including enabling some APIs and I'm trying to set up some sort of dependency control to get it to work:

"""A Google Cloud Python Pulumi program"""

import pulumi
import pulumi_gcp as gcp

cloud_resource_manager_api = gcp.projects.Service('crm_api', service="<http://cloudresourcemanager.googleapis.com|cloudresourcemanager.googleapis.com>")
project = gcp.organizations.get_project_output(opts=pulumi.InvokeOptions(parent=cloud_resource_manager_api))
cloud_run_api = gcp.projects.Service('cloud_run_api', disable_dependent_services=True, disable_on_destroy=True, project=project.id.apply(lambda project_id: project_id), service="<http://run.googleapis.com|run.googleapis.com>")

salmon-art-25154

06/02/2022, 6:52 PM

hey all! i'm getting an error when running

pulumi update

and i've been trying to solve it since yesterday. the error is:

AttributeError: 'Service' object has no attribute 'status'

full stack trace (https://pastebin.com/jS2FZpPK) initially, i was experiencing the issue described here https://github.com/pulumi/pulumi/issues/9694, which i was able to fix by pinning protobuf v3.20.1 after that though, i began experiencing the error i pasted above. i've tried downgrading pulumi as well as upgrading python (this app uses 3.9.6), but i get the same error no matter what. anyone else experience the same issue or have any tips to help me further debug this?

salmon-art-25154

06/02/2022, 7:34 PM

my code looks like `

pulumi.export('api_url', cloud_run_api_output.status.url)

but when i look at the docs for gcp.cloudrun.Service, i only see output.statuses, so maybe that changed between versions. however when i try to access

cloud_run_api_output.statuses[0]

, i get a index out of range error.

salmon-art-25154

06/02/2022, 8:22 PM

well i did it again and statuses was not empty that time. not sure why it was empty the first, but ill take it!

microscopic-holiday-73461

06/04/2022, 5:20 AM

Hey, I just got around to trying out Pulumi for the first time, and I seem to have some issues with the Hetzner integration. Specifically, when I try to create a server bound to a placement group and a network, I get this:

Diagnostics:
  hcloud:index:Server (master-1):
    error: hcloud:index/server:Server resource 'master-1' has a problem: Attribute must be a whole number, got 47074. Examine values at 'Server.PlacementGroupId'.
    error: hcloud:index/server:Server resource 'master-1' has a problem: Attribute must be a whole number, got 1710474. Examine values at 'Server.Networks'.

Seems that the Server object expects IDs to come in as integers, but the objects provide IDs as strings. Here's the relevant parts form the code:

import pulumi_hcloud as hcloud

network = hcloud.Network("cluster-net",
  ip_range="10.0.1.0/24",
)
master_group = hcloud.PlacementGroup("masters", type="spread")

for i in range(3):
    node = hcloud.Server(
        f"master-{i+1}",
        backups=False,
        location="hel1",
        server_type="CX21",
        image="ubuntu-20.04",
        networks=[{
            "network_id": network.id,
        }],
        placement_group_id=master_group.id
    )
    hcloud.Rdns(
        f"master-{i+1}",
        server_id=node.id,
        ip_address=node.ipv4_address,
        dns_ptr=f"master-{i+1}.<http://kube.golyalpha.tk|kube.golyalpha.tk>"
    )

The network and placement group gets created just fine beforehand

mysterious-hamburger-19066

06/04/2022, 9:38 PM

Has anyone here set up a ray cluster with pulumi? https://www.ray.io/

crooked-sunset-90921

06/05/2022, 2:05 AM

Does anyone co-mingle pulumi code within other python project folders? Especially working within monorepos. Looking for some best practices how to structure folders

victorious-exabyte-70545

06/06/2022, 7:45 PM

Hi all, I am trying to ignore a helm chart version change.

victorious-exabyte-70545

06/06/2022, 7:46 PM

rabbitmq_chart = Chart(
    'rabbitmq-chart',
    ChartOpts(
        resource_prefix=stack_name,
        chart='rabbitmq',
        version="8.16.2",

victorious-exabyte-70545

06/06/2022, 7:46 PM

8.16.2 is not available at the moment so I simply want to ignore version in chartopts.

victorious-exabyte-70545

06/06/2022, 7:48 PM

I tried this transformation:

def transformation(args: ResourceTransformationArgs):
    if args.type_ == "kubernetes:helm:template":
        return ResourceTransformationResult(
            props=args.props,
            opts=ResourceOptions.merge(args.opts, ResourceOptions(
                ignore_changes=["ChartOpts"],
            )))

victorious-exabyte-70545

06/06/2022, 7:49 PM

But it still fails.

victorious-exabyte-70545

06/06/2022, 7:49 PM

Any ideas on how I can ignore version there

Title

victorious-exabyte-70545

06/06/2022, 7:49 PM

Any ideas on how I can ignore version there

billowy-army-68599

06/06/2022, 7:50 PM

@victorious-exabyte-70545 have you tried

ignoreChanges

? https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/

victorious-exabyte-70545

06/06/2022, 7:51 PM

I tried this but it did not work

ResourceOptions(provider=k8s_provider, ignore_changes=['version']

billowy-army-68599

06/06/2022, 7:51 PM

can you share the full code?

victorious-exabyte-70545

06/06/2022, 7:51 PM

I think chartopts is a child resource?

sure.

rabbitmq_chart = Chart(
    'rabbitmq-chart',
    ChartOpts(
        resource_prefix=stack_name,
        chart='rabbitmq',
        version="8.16.2",
        fetch_opts={'repo': '<https://charts.bitnami.com/bitnami>'},
        values={},
    ),
    ResourceOptions(provider=k8s_provider, ignore_changes=['version'])
)

Traceback (most recent call last):
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/concurrent/futures/_base.py", line 329, in _invoke_callbacks
        callback(self)
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/futures.py", line 398, in _call_set_state
        dest_loop.call_soon_threadsafe(_set_state, destination, source)
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 791, in call_soon_threadsafe
        self._check_closed()
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 510, in _check_closed
        raise RuntimeError('Event loop is closed')
    RuntimeError: Event loop is closed

    error: Program failed with an unhandled exception:
    error: Traceback (most recent call last):
      File "/usr/local/bin/pulumi-language-python-exec", line 107, in <module>
        loop.run_until_complete(coro)
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
        return future.result()
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 126, in run_in_stack
        await run_pulumi_func(lambda: Stack(func))
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
        await wait_for_rpcs()
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 73, in wait_for_rpcs
        await RPC_MANAGER.rpcs.pop()
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc_manager.py", line 68, in rpc_wrapper
        result = await rpc
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/resource.py", line 685, in do_register_resource_outputs
        serialized_props = await rpc.serialize_properties(outputs, {})
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 172, in serialize_properties
        result = await serialize_property(
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 343, in serialize_property
        value = await serialize_property(
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 326, in serialize_property
        future_return = await asyncio.ensure_future(awaitable)
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 169, in run
        value = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 123, in get_value
        val = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 206, in run
        return await transformed.future(with_unknowns=True)
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 123, in get_value
        val = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 169, in run
        value = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 194, in run
        transformed: Input[U] = func(value)
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi_kubernetes/helm/v3/helm.py", line 598, in <lambda>
        objects = json_opts.apply(lambda x: pulumi.runtime.invoke('kubernetes:helm:template',
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/invoke.py", line 166, in invoke
        raise invoke_error
    Exception: invoke of kubernetes:helm:template failed: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to pull chart: chart "rabbitmq" version "8.16.2" not found in <https://charts.bitnami.com/bitnami> repository
    error: an unhandled error occurred: Program exited with non-zero exit code: 1

    ../../config/keyvalue

billowy-army-68599

06/06/2022, 10:34 PM

@victorious-exabyte-70545 can you try ignoring

.config.version

View count: 3