prehistoric-london-9917
06/15/2022, 4:24 AMpulumi_awsx
on a macOS (12.4) environment. Whenever I run pulumi up
I get the dialogue box attached. I don’t get this when I do a similar thing in Typescript. Any ideas what this is and is there a way to permanently accept it? It shows up in the Security & Privacy Firewall Options list, but I’m still prompted each time (multiple times) when running pulumi up.
big-engineer-71075
06/17/2022, 2:42 PMrequire
and require_secret
:
I need to run a query against a database to determine what needs to be done in the rest of the pulumi script. I want to store the password for the database connection as a secret (pulumi config set --secret db_password ...
). I notice that if I set a config value with --secret
and then retrieve it with require_secret
, I can't use the returned object to connect to the database, I get a type error:
TypeError: <pulumi.output.Output object at 0x10feb3df0> has type Output, but expected one of: bytes, unicode
But if I retrieve the value using just require
, then it works fine. So I'm a little confused about why I would use require_secret
instead of require
. What's the difference? What's going on here?able-thailand-87943
06/17/2022, 3:25 PMsource_stack_name = "foobar"
stack_ref = pulumi.StackReference(f"{source_stack_name}")
foobar_resource_group_name = foobar_resource_group.apply(lambda x : x["name"])
foobar_keyvault = stack_ref.get_output(f"{source_stack_name}-kv")
foobar_keyvault_name = foobar_keyvault.apply(lambda x : x['name'])
foobar_keyvault_id = foobar_keyvault.apply(lambda x : x['id'])
The name and ID are not outputs, and I can easily reference them to other objects which I can create like this:
""" Create Managed Identity """
barfoo_api_managed_identity = azure_native.managedidentity.UserAssignedIdentity(
f"{name}-id",
resource_group_name=foobar_resource_group_name,
)
However, I cannot seem to refer the Keyvault Name into Properties of other resources. such as:
barfoo_app_settings = azure_native.web.WebAppApplicationSettings(
f"{name}-app-settings",
name=barfoo_api_app.name,
properties={
"QUICKFOXPASS": f"@Microsoft.KeyVault(VaultName={foobar_keyvault_name};SecretName=QUICKFOX-PASSWORD)"
},
resource_group_name=foobar_resource_group_name,
)
bitter-horse-93353
06/19/2022, 3:01 AMpulumi.export("pass", password.result)
. This resulted in the output [secret]
. How can I get the value of the randomly generated password? Is this the correct usage of RandomPassword
or should I be creating the password manually?ambitious-father-68746
06/20/2022, 2:47 PM.apply()
, but Pulumi complains since it can't be used against a list.mysterious-hamburger-19066
06/22/2022, 12:11 PM.../lib/python3.9/site-packages/pulumi_azure_native/windowsiot/v20180216preview/get_service.py:18: DeprecationWarning: Version v20180216preview will be removed in the next major version of the provider. Upgrade to version v20190601 or later.
warnings.warn("""Version v20180216preview will be removed in the next major version of the provider. Upgrade to version v20190601 or later.""", DeprecationWarning)
I’ve tried updating pulumi and the pulumi_azure_native python package, but it didn’t fix the issue. Could someone help me please?average-france-9957
06/23/2022, 2:48 PM['us-east-1', 'us-east-2', 'ap-northeast-1', ...etc...]
and the end goal would be something like this in my config yaml
aws:regions:
- "ap-northeast-2"
- "ap-northeast-3"
- ...etc...
My python snippet is
stack.set_config(f"aws:regions", auto.ConfigValue(value=regions))
but that throws TypeError: expected str, bytes or os.PathLike object, not list
What is the best/correct way to set yaml arrays with the python automation API? Thanks you!able-thailand-87943
06/24/2022, 1:21 PMAzure Resources
, and python
I0624 11:38:59.239243 31710 eventsink.go:59] Waiting for 734619 outstanding tasks to complete
I0624 11:38:59.239316 31710 eventsink.go:62] eventSink::Debug(<{%reset%}>Waiting for 734619 outstanding tasks to complete<{%reset%}>)
Is it really normal that all these resource registrations trigger so much of memory?future-france-34957
06/24/2022, 10:03 PMPOLICY = f"""{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ssm:GetParameters"
],
"Resource": [
"arn:aws:ssm:{aws_region}:{aws_account}:parameter/{env_stack}.api.config-location-s3"
],
"Effect": "Allow"
}
]
}"""
# Custom API-Tasks ECS Role Policy
self.api_tasks_ecs_permissions = iam.RolePolicy(
resource_name="api-tasks-ecs-permissions",
role=self.api_tasks_ecs_role.id,
policy=json.dumps(POLICY)
)
This fails with SyntaxError: f-string: expressions nested too deeply
Anyone know how I can achieve this?aloof-tailor-28919
06/24/2022, 11:19 PMrds_certificate = acmpca.Certificate(
'my_rds_certificate',
certificate_authority_arn=certificate_authority.arn,
certificate_signing_request=certificate_authority.certificate_signing_request,
signing_algorithm=CERTIFICATE_SIGNING_ALGORITHM,
template_arn='arn:aws:acm-pca:::template/EndEntityCertificate/V1',
validity=acmpca.CertificateValidityArgs(type='YEARS', value=RDS_CERTIFICATE_VALIDITY_IN_YEARS),
opts=ResourceOptions(depends_on=[certificate_authority_certificate]),
)
As far as I can tell, step two works - I don't get any errors when running it.
My third step is to try to attach that rds_certificate to a ClusterInstance, which looks like this:
reporting_instance = ClusterInstance(
'clusterinstance-initial',
identifier='clusterinstance-initial',
cluster_identifier=reporting_cluster.id,
instance_class=REPORTING_WRITER_INSTANCE_CLASS,
engine=reporting_cluster.engine,
engine_version=reporting_cluster.engine_version,
performance_insights_enabled=PERFORMANCE_INSIGHTS_ENABLED,
apply_immediately=True,
ca_cert_identifier=rds_certificate.id,
)
That's where my code fails. I can create the ClusterInstance if I don't include the final parameter, ca_cert_identifier. When I try the above code, I get this error: "InvalidParameterValue: The parameter CertificateIdentifier is not a valid identifier because it is longer than 63 characters."
Now, the id value is definitely longer than 63 characters - in fact, it's 142 characters. That's not abnormal for an id value.
I am not sure whether I should be passing some other value instead of rds_certificate.id?
I tried the Certificate "name" property but that did not work, and neither did the "certificate" property. Everything I can find via searching the web refers to using this parameter in Terraform, where the id value is a value such as 'rds-ca-2017'. However, id values in Pulumi are not so short!
Has anyone used the ca_cert_identifier parameter successfully? I would love any advice. Thanks!kind-jelly-61624
06/27/2022, 7:56 PMgentle-account-13294
06/28/2022, 12:16 AMsnowflake
stack which is using the pulumi-snowflake
provider. Our dev
stack is working fine, but our prod
stack is giving out an error:
Diagnostics:
pulumi:pulumi:Stack (snowflake-config-prod):
time="2022-06-27T17:12:18-07:00" level=error msg="error: 002043 (02000): SQL compilation error:\nObject does not exist, or operation cannot be performed." func="gosnowflake.(*snowflakeConn).queryContextInternal" file="connection.go:356"
since we are almost prod ready but not there, i was debugging this with a colleague @melodic-policeman-1516 .. we actually ran pulumi down
on the prod
stack, then we deleted the prod
stack and re-created it from scratch and we are still seeing the same error…
The updates in image below for WarehouseGrant
are expected, please disregard those.
Any feedback would be much appreciated !!ambitious-agent-35343
06/29/2022, 1:17 PMpolite-mechanic-60124
07/02/2022, 3:34 PMpulumi.Output[str]
is there anyway to check the type at runtime of <pulumi.output.Output object at 0x7d5389558400>
?curved-motorcycle-96186
07/03/2022, 6:32 PMgorgeous-car-25108
07/07/2022, 6:57 PMmysterious-match-79429
07/09/2022, 6:03 PMmysterious-match-79429
07/09/2022, 7:16 PMgentle-advantage-80069
07/10/2022, 10:25 AMmagnificent-lifeguard-15082
07/12/2022, 11:58 AMdazzling-answer-16144
07/13/2022, 12:43 AMaws.ec2.get_subnets()
into the arguments of aws.ec2.get_subnet()
as the former returns an awaitable which is not accepted by the latter, am I missing anything? Sample (broken code):
subnet_ids = await aws.ec2.get_subnets(
filters=[
aws.ec2.GetSubnetsFilterArgs(
name="vpc-id",
values=[vpc_id],
)
]
)
subnet = aws.ec2.get_subnet(id=subnet_ids[0])
rhythmic-branch-12845
07/13/2022, 9:50 AMimport
?rhythmic-branch-12845
07/13/2022, 12:01 PMquick-wolf-8403
07/15/2022, 10:44 PMkind-jelly-61624
07/18/2022, 5:59 PM{
acceleration_status : [secret]
bucket : {
acceleration_status : "Suspended"
acl : "private"
.......
}
}
When I return the encrypted acceleration_status as it’s own output - it stays encrypted. But when I return it as a field within the bucket object - it gets decrypted.quiet-plastic-34312
07/21/2022, 9:01 PMnutritious-battery-42762
07/22/2022, 6:18 PMpulumi-python:dynamic:Resource (godaddy-record):
error: Exception calling application: Program run without the Pulumi engine available; re-run using the `pulumi` CLI
I found this issue but i still get the error even if the dynamic resource is defined inside __main__
https://github.com/pulumi/pulumi/issues/7453bored-vase-40478
07/25/2022, 6:48 PMfor subnet_id in private_subnets:
subnet = ec2.get_subnet(id=subnet_id)
az = subnet.availability_zone
### ENI
eni_name=...
eni=ec2.NetworkInterface(
resource_name=eni_name,
subnet_id=subnet_id,
...
)
my_ip=eni.private_ip.apply(lambda private_ip: f"my-{private_ip}")
print(my_ip)
bored-vase-40478
07/25/2022, 6:48 PMCalling __str__ on an Output[T] is not supported.
To get the value of an Output[T] as an Output[str] consider:
1. o.apply(lambda v => f"prefix{v}suffix")
See <https://pulumi.io/help/outputs> for more details.
This function may throw in a future version of Pulumi.
straight-restaurant-537
07/27/2022, 3:24 AM@pulumi.runtime.test
def test_policy_assignment_created(self):
available_assignments = AvailableAssignments(assignments_json=self.object_mother.get_assignments_json())
sut = PolicyAssignmentComponent(self.policy_assignments_model, available_assignments, self.opts)
def check_policy_assignment(args):
management_group_name, policy_assignment_objects = args
assert management_group_name == self.policy_assignments_model.management_group_name
assert len(policy_assignment_objects) == self.object_mother.get_assignments_json_count()
def assert_policy_properties(args):
id, enforcement_mode, location, policy_definition_id = args
expected_policy_assignment = self.object_mother.get_policy_assignment_by_policy_def_id(
policy_def_id=policy_definition_id
)
expected_id = f"{management_group_name}-{expected_policy_assignment.name}_id"
assert expected_id == id
assert enforcement_mode == expected_policy_assignment.enforcementMode
assert location == expected_policy_assignment.location
assert policy_definition_id == expected_policy_assignment.policy_definition_id
for policy_assignment_object in policy_assignment_objects:
pulumi.Output.all(
policy_assignment_object.id,
policy_assignment_object.enforcement_mode,
policy_assignment_object.location,
policy_assignment_object.policy_definition_id,
).apply(assert_policy_properties)
return pulumi.Output.all(sut.management_group_name, sut.policy_assignment_objects).apply(check_policy_assignment)