https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
python
  • q

    quick-telephone-15244

    05/04/2022, 2:12 PM
    this is the plan created from `pulumi preview --logtostderr`:
    +   pulumi:pulumi:Stack                   
     +   ├─ aws:ec2:SecurityGroup             
     +   ├─ aws:kms:Key                       
     +   ├─ aws:iam:Role                      
     +   └─ eks:index:Cluster                 
     +      ├─ eks:index:ServiceRole          
     +      │  ├─ aws:iam:Role                 
     +      │  ├─ aws:iam:RolePolicyAttachment 
     +      │  ├─ aws:iam:RolePolicyAttachment 
     +      │  └─ aws:iam:RolePolicyAttachment 
     +      ├─ aws:eks:Cluster                 
     +      ├─ pulumi:providers:kubernetes     
     +      ├─ pulumi:providers:kubernetes     
     +      ├─ aws:ec2:SecurityGroup           
     +      ├─ eks:index:VpcCni                
     +      ├─ aws:ec2:SecurityGroupRule       
     +      ├─ aws:ec2:SecurityGroupRule       
     +      ├─ aws:ec2:SecurityGroupRule       
     +      ├─ aws:ec2:SecurityGroupRule       
     +      ├─ aws:ec2:SecurityGroupRule       
     +      ├─ aws:iam:OpenIdConnectProvider   
     +      └─ kubernetes:core/v1:ConfigMap
  • q

    quick-telephone-15244

    05/04/2022, 2:36 PM
    the other thing that i'm kinda scratching my head about is even though i'm specifying
    service_role
    as a cluster creation arg. along with
    skip_default_node_group=True
    , those managed policies are still attempting to be attached.. shouldn't the
    service_role=<aws.iam.Role obj.>
    arg. prevent default role/managed policy attachment in favor of what was provided by
    service_role
    ? Or am I misunderstanding
    service_role
    entirely?
  • b

    brave-processor-54742

    05/05/2022, 9:11 AM
    Hi everyone! 👋 Would someone have an idea on how to call a bash script in the
    user_data
    parameter, instead of writing a long string inside the code? I would like to use this bash script to add key pairs to my instances, because writing those inside the code looks tidy. Thanks! 🤸‍♂️
    b
    • 2
    • 2
  • g

    great-sunset-355

    05/06/2022, 7:22 AM
    Hi I think I hit some weird bug with
    rolePolicyAttachment:RolePolicyAttachment
    I had a role assigned to 2 ECS tasks and it had 3 policy attachments
    import pulumi_aws as aws
    
    role = iam.Role("role")  # dummy role
    
    for idx, arn in enumerate(
            [
                "arn:aws:iam::aws:policy/AmazonSESFullAccess",
                "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
                "arn:aws:iam::aws:policy/AmazonS3FullAccess",
            ]
        ):
            aws.iam.RolePolicyAttachment(
                f"{self._config.name}-{idx}-app-role-extension",
                args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
                opts=self._opts,
            )
            aws.iam.RolePolicyAttachment(
                f"{self._config.name}-{idx}-scheduler-role-extension",
                args=aws.iam.RolePolicyAttachmentArgs(
                    policy_arn=arn, role=role.id
                ),
                opts=self._opts,
            )
    Later on I decided to add 1 more Policy attachment and limit some Full access policies to necessary permissions.
    import pulumi_aws as aws
    
    role = iam.Role("role")  # dummy role
    ses_policy = aws.iam.Policy("ses-pol")
    s3_policy = aws.iam.Policy("s3-pol")
    lambda_invoke_policy = aws.iam.Policy("lambda-pol")
    
    for idx, arn in enumerate(
            [
                ses_policy.arn,
                lambda_invoke_policy.arn,
                "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
                s3_policy.arn,
            ]
        ):
            aws.iam.RolePolicyAttachment(
                f"{self._config.name}-{idx}-app-role-extension",
                args=aws.iam.RolePolicyAttachmentArgs(policy_arn=arn, role=role.id),
                opts=self._opts,
            )
            aws.iam.RolePolicyAttachment(
                f"{self._config.name}-{idx}-scheduler-role-extension",
                args=aws.iam.RolePolicyAttachmentArgs(
                    policy_arn=arn, role=role.id
                ),
                opts=self._opts,
            )
    This has caused a weird state, that Pulumi state shows that the
    PolicyAttachment
    of
    "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess",
    exists but the final IAM role did not have the policy. After changing the order to cause an update, IAM role gained the policy. And after deploying to another environment the problem was back. What is going on here? Am I being tricked by some async anomaly? Note:
    pulumi up
    is running in a CI pipeline, do I need to run
    pulumi refresh
    there as well?
    b
    • 2
    • 3
  • b

    brave-processor-54742

    05/10/2022, 9:27 AM
    Hi all! 👋 When doing pulumi up i am getting this error:
    ImportError: dlopen(/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so, 0x0002): tried: '/infrastructure/venv/lib/python3.10/site-packages/grpc/_cython/cygrpc.cpython-310-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
        It looks like the Pulumi SDK has not been installed. Have you run pip install?
        If you are running in a virtualenv, you must run pip install -r requirements.txt from inside the virtualenv.
    Someone experienced that also? Thanks a lot!
    q
    f
    g
    • 4
    • 7
  • s

    strong-intern-84363

    05/13/2022, 11:14 PM
    Hey lovely community ! Can someone help me to understand this ? Let’s imagine that I have a piece of code that creates a GCP service account, a custom role (both works fine) and a IAM Binding to assign this role to this service account (this one fails) Here is my IAM binding call
    sarolebinding = gcp.projects.IAMBinding(
                f"sa-role-binding-{self.projectName}-owner",
                role=self.role,
                project=self.project.name,
                members=[f"serviceAccount:{self.service_account.email}"],
            )
            return sarolebinding
    This fails with the following error
    Request `Set IAM Binding for role "projects/app-burger-nonprod-wzj/roles/projectOwner" on "project \"app-burger-nonprod-wzj\""` returned error: Error applying IAM policy for project "app-burger-nonprod-wzj": Error setting IAM policy for project "app-burger-nonprod-wzj": googleapi: Error 400: Invalid service account (<pulumi.output.Output object at 0x7fbf29648640>)., badRequest
    Looks like the service_account.email field is wrong. How can I refer to the email of the newly created service account and use it as the value of the members arguments ? Thanks for reading, have a nice day.
    b
    • 2
    • 8
  • a

    able-oyster-47333

    05/15/2022, 6:09 PM
    hello, I used the for loop in pulumi-python's automation-api to define resources, and found that subnets can always only create one. Do I need to use special definitions to create multiple resources?
    👀 1
  • h

    hallowed-australia-10473

    05/17/2022, 3:16 AM
    I’m trying to use Python to instantiate some resources on DigitalOcean. The problem is that I’m using an M1 Mac. When I try to import pulumi, I get an error:
    ImportError: dlopen(/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so, 0x0002): tried: '/blah/venv/lib/python3.9/site-packages/grpc/_cython/cygrpc.cpython-39-darwin.so' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e'))
    How do I get past this?
    b
    m
    • 3
    • 19
  • s

    square-dress-80180

    05/19/2022, 12:41 AM
    I have had a couple times run into an issue where my call to
    <stackname>.get_output('foo')
    silently fails and I only find out when some resource mysteriously isn’t configured correctly. The root of the error is me doing something silly like misspelling the variable name and I usually find it in not too long, but it would certainly make it easier to catch if the failure wasn’t silent. What is the rationale for not throwing an error during preview to prevent these issues?
    f
    • 2
    • 4
  • m

    many-secretary-62073

    05/23/2022, 7:10 PM
    I am trying to follow along with the example here to create Azure Container Apps. My experience does not match with the expectation of that example. On line 24 a “type” parameter is specified, but the
    KubeEnvironmentArgs
    doesn’t actually allow that field. Additionally, there is no setter for the “type” property, so I cannot set the value after init either. In the end, I get this error response:
    azure-native:web/v20210301:KubeEnvironment (env):
        error: Code="BadRequest" Message="KubeEnvironment is invalid.  Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'." Details=[{"Message":"KubeEnvironment is invalid.  Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"KubeEnvironment is invalid.  Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'.","MessageTemplate":"{0} is invalid.  {1}","Parameters":["KubeEnvironment","Must specify either AksResourceID or ArcConfiguration or 'type' must be 'Managed'."]}}]
    How can I provide this value?
  • m

    mysterious-hamburger-19066

    05/25/2022, 6:31 PM
    Hello. How do I copy an entire directory from local machine to the VM created by pulumi? I see that there is a command plugin, but it only seems to allow you to copy a file.
  • q

    quick-telephone-15244

    05/26/2022, 6:38 PM
    complete and utter shot in the dark--has anyone ever seen something similar to this error when creating an EKS cluster with ManagedNodeGroups
    debug_error_string = "{"created":"@1653589486.232131000","description":"Error received from peer ipv4:127.0.0.1:64115","file":"src/core/lib/surface/call.cc","file_line":904,"grpc_message":"Cannot read properties of undefined (reading 'map')","grpc_status":2}"
    w
    • 2
    • 2
  • q

    quick-telephone-15244

    05/26/2022, 6:40 PM
    literally at
    -v=9
    for
    up
    and it's still not entirely clear how i'm getting to that/what the underlying issue is.
  • p

    purple-architect-30534

    05/27/2022, 7:40 PM
    I'm getting this using pulumi in Github Actions and I'm not sure how to fix this
    s
    • 2
    • 2
  • o

    orange-crowd-9665

    06/01/2022, 9:34 AM
    Hello! On GCP, I'm creating PubSub Schemas (w/ gRPC), and then after PubSub topics with those schemas (w/ ResourceOptions depends_on parameter). A problem arises when I update my .proto files. I don't know the inners of Pulumi, but everytime I update a schema, the PubSub topics that rely on it will result in a "Deleted Schema" state. What are the best practices to update PubSub schemas?
  • c

    crooked-sunset-90921

    06/02/2022, 3:42 AM
    having a brain block... if I have a function that returns a dict, how do I get just the one specific key from the function... it's obviously not myfunc().get("bla"), but something on those lines?
    b
    • 2
    • 2
  • w

    white-terabyte-21934

    06/02/2022, 7:36 AM
    Hello , Looking for an advice , I am trying pulumi with python and would like to know the better usage of Output . • Creating a resources let say r = xx.CreateResources(…) ==> r (A pulumi output object) • Would like to extract the raw value of a property ,let say r.http_url (which is again a type of
    pulumi.output.Output object
    . • Would like to print these values via a print statement (like terraform output format) ,what is the best way to fetch the value via Ouput() method ?
    b
    • 2
    • 5
  • b

    breezy-book-15761

    06/02/2022, 9:43 AM
    Hello, I'm trying to set up a gcp project from scratch, including enabling some APIs and I'm trying to set up some sort of dependency control to get it to work:
    """A Google Cloud Python Pulumi program"""
    
    import pulumi
    import pulumi_gcp as gcp
    
    cloud_resource_manager_api = gcp.projects.Service('crm_api', service="<http://cloudresourcemanager.googleapis.com|cloudresourcemanager.googleapis.com>")
    project = gcp.organizations.get_project_output(opts=pulumi.InvokeOptions(parent=cloud_resource_manager_api))
    cloud_run_api = gcp.projects.Service('cloud_run_api', disable_dependent_services=True, disable_on_destroy=True, project=project.id.apply(lambda project_id: project_id), service="<http://run.googleapis.com|run.googleapis.com>")
    p
    • 2
    • 68
  • s

    salmon-art-25154

    06/02/2022, 6:52 PM
    hey all! i'm getting an error when running
    pulumi update
    and i've been trying to solve it since yesterday. the error is:
    AttributeError: 'Service' object has no attribute 'status'
    full stack trace (https://pastebin.com/jS2FZpPK) initially, i was experiencing the issue described here https://github.com/pulumi/pulumi/issues/9694, which i was able to fix by pinning protobuf v3.20.1 after that though, i began experiencing the error i pasted above. i've tried downgrading pulumi as well as upgrading python (this app uses 3.9.6), but i get the same error no matter what. anyone else experience the same issue or have any tips to help me further debug this?
  • s

    salmon-art-25154

    06/02/2022, 7:34 PM
    my code looks like `
    pulumi.export('api_url', cloud_run_api_output.status.url)
    but when i look at the docs for gcp.cloudrun.Service, i only see output.statuses, so maybe that changed between versions. however when i try to access
    cloud_run_api_output.statuses[0]
    , i get a index out of range error.
  • s

    salmon-art-25154

    06/02/2022, 8:22 PM
    well i did it again and statuses was not empty that time. not sure why it was empty the first, but ill take it!
    g
    • 2
    • 1
  • m

    microscopic-holiday-73461

    06/04/2022, 5:20 AM
    Hey, I just got around to trying out Pulumi for the first time, and I seem to have some issues with the Hetzner integration. Specifically, when I try to create a server bound to a placement group and a network, I get this:
    Diagnostics:
      hcloud:index:Server (master-1):
        error: hcloud:index/server:Server resource 'master-1' has a problem: Attribute must be a whole number, got 47074. Examine values at 'Server.PlacementGroupId'.
        error: hcloud:index/server:Server resource 'master-1' has a problem: Attribute must be a whole number, got 1710474. Examine values at 'Server.Networks'.
    Seems that the Server object expects IDs to come in as integers, but the objects provide IDs as strings. Here's the relevant parts form the code:
    import pulumi_hcloud as hcloud
    
    network = hcloud.Network("cluster-net",
      ip_range="10.0.1.0/24",
    )
    master_group = hcloud.PlacementGroup("masters", type="spread")
    
    for i in range(3):
        node = hcloud.Server(
            f"master-{i+1}",
            backups=False,
            location="hel1",
            server_type="CX21",
            image="ubuntu-20.04",
            networks=[{
                "network_id": network.id,
            }],
            placement_group_id=master_group.id
        )
        hcloud.Rdns(
            f"master-{i+1}",
            server_id=node.id,
            ip_address=node.ipv4_address,
            dns_ptr=f"master-{i+1}.<http://kube.golyalpha.tk|kube.golyalpha.tk>"
        )
    The network and placement group gets created just fine beforehand
    b
    • 2
    • 3
  • m

    mysterious-hamburger-19066

    06/04/2022, 9:38 PM
    Has anyone here set up a ray cluster with pulumi? https://www.ray.io/
  • c

    crooked-sunset-90921

    06/05/2022, 2:05 AM
    Does anyone co-mingle pulumi code within other python project folders? Especially working within monorepos. Looking for some best practices how to structure folders
    g
    • 2
    • 1
  • v

    victorious-exabyte-70545

    06/06/2022, 7:45 PM
    Hi all, I am trying to ignore a helm chart version change.
  • v

    victorious-exabyte-70545

    06/06/2022, 7:46 PM
    rabbitmq_chart = Chart(
        'rabbitmq-chart',
        ChartOpts(
            resource_prefix=stack_name,
            chart='rabbitmq',
            version="8.16.2",
  • v

    victorious-exabyte-70545

    06/06/2022, 7:46 PM
    8.16.2 is not available at the moment so I simply want to ignore version in chartopts.
  • v

    victorious-exabyte-70545

    06/06/2022, 7:48 PM
    I tried this transformation:
    def transformation(args: ResourceTransformationArgs):
        if args.type_ == "kubernetes:helm:template":
            return ResourceTransformationResult(
                props=args.props,
                opts=ResourceOptions.merge(args.opts, ResourceOptions(
                    ignore_changes=["ChartOpts"],
                )))
  • v

    victorious-exabyte-70545

    06/06/2022, 7:49 PM
    But it still fails.
  • v

    victorious-exabyte-70545

    06/06/2022, 7:49 PM
    Any ideas on how I can ignore version there
    b
    • 2
    • 9
Powered by Linen
Title
v

victorious-exabyte-70545

06/06/2022, 7:49 PM
Any ideas on how I can ignore version there
b

billowy-army-68599

06/06/2022, 7:50 PM
@victorious-exabyte-70545 have you tried
ignoreChanges
? https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/
v

victorious-exabyte-70545

06/06/2022, 7:51 PM
I tried this but it did not work
ResourceOptions(provider=k8s_provider, ignore_changes=['version']
b

billowy-army-68599

06/06/2022, 7:51 PM
can you share the full code?
v

victorious-exabyte-70545

06/06/2022, 7:51 PM
I think chartopts is a child resource?
sure.
rabbitmq_chart = Chart(
    'rabbitmq-chart',
    ChartOpts(
        resource_prefix=stack_name,
        chart='rabbitmq',
        version="8.16.2",
        fetch_opts={'repo': '<https://charts.bitnami.com/bitnami>'},
        values={},
    ),
    ResourceOptions(provider=k8s_provider, ignore_changes=['version'])
)
Traceback (most recent call last):
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/concurrent/futures/_base.py", line 329, in _invoke_callbacks
        callback(self)
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/futures.py", line 398, in _call_set_state
        dest_loop.call_soon_threadsafe(_set_state, destination, source)
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 791, in call_soon_threadsafe
        self._check_closed()
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 510, in _check_closed
        raise RuntimeError('Event loop is closed')
    RuntimeError: Event loop is closed

    error: Program failed with an unhandled exception:
    error: Traceback (most recent call last):
      File "/usr/local/bin/pulumi-language-python-exec", line 107, in <module>
        loop.run_until_complete(coro)
      File "/usr/local/Cellar/python@3.9/3.9.7/Frameworks/Python.framework/Versions/3.9/lib/python3.9/asyncio/base_events.py", line 642, in run_until_complete
        return future.result()
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 126, in run_in_stack
        await run_pulumi_func(lambda: Stack(func))
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 51, in run_pulumi_func
        await wait_for_rpcs()
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/stack.py", line 73, in wait_for_rpcs
        await RPC_MANAGER.rpcs.pop()
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc_manager.py", line 68, in rpc_wrapper
        result = await rpc
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/resource.py", line 685, in do_register_resource_outputs
        serialized_props = await rpc.serialize_properties(outputs, {})
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 172, in serialize_properties
        result = await serialize_property(
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 343, in serialize_property
        value = await serialize_property(
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/rpc.py", line 326, in serialize_property
        future_return = await asyncio.ensure_future(awaitable)
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 169, in run
        value = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 123, in get_value
        val = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 206, in run
        return await transformed.future(with_unknowns=True)
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 123, in get_value
        val = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 169, in run
        value = await self._future
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/output.py", line 194, in run
        transformed: Input[U] = func(value)
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi_kubernetes/helm/v3/helm.py", line 598, in <lambda>
        objects = json_opts.apply(lambda x: pulumi.runtime.invoke('kubernetes:helm:template',
      File "/Users/julian/virtuals/infrastructure/lib/python3.9/site-packages/pulumi/runtime/invoke.py", line 166, in invoke
        raise invoke_error
    Exception: invoke of kubernetes:helm:template failed: invocation of kubernetes:helm:template returned an error: failed to generate YAML for specified Helm chart: failed to pull chart: chart "rabbitmq" version "8.16.2" not found in <https://charts.bitnami.com/bitnami> repository
    error: an unhandled error occurred: Program exited with non-zero exit code: 1

    ../../config/keyvalue
b

billowy-army-68599

06/06/2022, 10:34 PM
@victorious-exabyte-70545 can you try ignoring
.config.version
?
View count: 3