• l

    lemon-processor-10785

    3 months ago
    When creating a vpc resource in AWS Crosswalk (awsx), is it possible to iterate over the output values in vpc.private_subnet_ids to create a custom route in each of the route tables? I've been trying a few different apply/lambda/Output iterations, and I can't get anything to actually create the new routes.
    def set_route_tables(subnetIds):
        for subnetId in subnetIds:
            # Get the current routeTable for the subnet. Pulumi creates a new table for each subnet via awsx in vpc creation
            routeTable=aws.ec2.get_route_table(subnet_id=subnetId)
            
            # Create the route to MongoDB Atlas
            mongoRoute=aws.ec2.Route(env + "-mongoroute-" + subnetId, 
                route_table_id=routeTable.id,
                destination_cidr_block=mongoContainer.results[0].atlasCidrBlock,
                vpc_peering_connection_id=mongoPeering.connectionId,
            )
    
    vpc.private_subnet_ids.apply(lambda subnetIds: set_route_tables(subnetIds))
  • c

    creamy-whale-55909

    3 months ago
    I have created a component resource that makes a call to
    get_caller_identity()
    in order to grab the current account id of the locally assumed aws role so it can be used to define an arn in a policy doc: (code snippet has been truncated to save space)
    import pulumi_aws as aws
    
    # gets account id
    current = aws.get_caller_identity()
    account_id = current.account_id
    
    # passes account id when defining policy
    self.lambda_policy = aws.iam.RolePolicy(
                "lambdaPolicy",
                role=self.lambda_role.name,
                policy=self.my_lambda.name.apply(
                    lambda physical_name: json.dumps(
                        {
                            "Version": "2012-10-17",
                            "Statement": [
                                {
                                    "Effect": "Allow",
                                    "Action": "logs:CreateLogGroup",
                                    "Resource": f"arn:aws:logs:us-east-1:{account_id}:*"
    
    ...
    When I instantiate this component resource in my project
    __main__.py
    , it works as expected. However, when I run
    pytest
    , I get the following error:
    ________________________________ ERROR collecting tests/test_ip_scan.py _________________________________
    tests/test_ip_scan.py:18: in <module>
        test_args = ip_scan.MonitorAvailableIpsArgs(
    <string>:9: in __init__
        ???
    components/ip_scan.py:28: in __post_init__
        account_id = aws.get_caller_identity().account_id
    .venv/lib/python3.10/site-packages/pulumi_aws/get_caller_identity.py:106: in get_caller_identity
        account_id=__ret__.account_id,
    E   AttributeError: 'NoneType' object has no attribute 'account_id'
    Any and all feedback is greatly appreciated!
    c
    1 replies
    Copy to Clipboard
  • b

    big-engineer-71075

    3 months ago
    Hi. I have a question about the difference between
    require
    and
    require_secret
    : I need to run a query against a database to determine what needs to be done in the rest of the pulumi script. I want to store the password for the database connection as a secret (
    pulumi config set --secret db_password ...
    ). I notice that if I set a config value with
    --secret
    and then retrieve it with
    require_secret
    , I can't use the returned object to connect to the database, I get a type error:
    TypeError: <pulumi.output.Output object at 0x10feb3df0> has type Output, but expected one of: bytes, unicode
    But if I retrieve the value using just
    require
    , then it works fine. So I'm a little confused about why I would use
    require_secret
    instead of
    require
    . What's the difference? What's going on here?
    b
    f
    4 replies
    Copy to Clipboard
  • a

    able-thailand-87943

    3 months ago
    Hello fellow Pulumi users, I have a rather weird problem, and probably my lack of experience with working with outputs. I am fetching a KeyVault from another stack using StackReference like this:
    source_stack_name = "foobar"
    stack_ref = pulumi.StackReference(f"{source_stack_name}")
    foobar_resource_group_name = foobar_resource_group.apply(lambda x : x["name"])
    foobar_keyvault = stack_ref.get_output(f"{source_stack_name}-kv")
    foobar_keyvault_name = foobar_keyvault.apply(lambda x : x['name'])
    foobar_keyvault_id = foobar_keyvault.apply(lambda x : x['id'])
    The name and ID are not outputs, and I can easily reference them to other objects which I can create like this:
    """ Create Managed Identity """
    barfoo_api_managed_identity = azure_native.managedidentity.UserAssignedIdentity(
        f"{name}-id",
        resource_group_name=foobar_resource_group_name,
    )
    However, I cannot seem to refer the Keyvault Name into Properties of other resources. such as:
    barfoo_app_settings = azure_native.web.WebAppApplicationSettings(
        f"{name}-app-settings",
        name=barfoo_api_app.name,
        properties={
            "QUICKFOXPASS": f"@Microsoft.KeyVault(VaultName={foobar_keyvault_name};SecretName=QUICKFOX-PASSWORD)"
        },
        resource_group_name=foobar_resource_group_name,
    )
    a
    2 replies
    Copy to Clipboard
  • b

    bitter-horse-93353

    3 months ago
    Hey folks, I created a RandomPassword for an RDS instance via https://www.pulumi.com/registry/packages/random/api-docs/randompassword/#example-usage and did
    pulumi.export("pass", password.result)
    . This resulted in the output
    [secret]
    . How can I get the value of the randomly generated password? Is this the correct usage of
    RandomPassword
    or should I be creating the password manually?
    b
    b
    3 replies
    Copy to Clipboard
  • a

    ambitious-father-68746

    3 months ago
    Hi, I have a list of Outputs, but I can't find a way to order it. The problem that I'm trying to solve is to guarantee consistency when running pulumi_aws.ec2.getNetworkInterfaces: https://www.pulumi.com/registry/packages/aws/api-docs/ec2/getnetworkinterfaces/ If I don't order the network interfaces, then they can come in any order and make my Pulumi runs different from one run to the next I've tried using
    .apply()
    , but Pulumi complains since it can't be used against a list.
    a
    w
    6 replies
    Copy to Clipboard
  • m

    mysterious-hamburger-19066

    3 months ago
    I’m getting hundreds of warnings like these:
    .../lib/python3.9/site-packages/pulumi_azure_native/windowsiot/v20180216preview/get_service.py:18: DeprecationWarning: Version v20180216preview will be removed in the next major version of the provider. Upgrade to version v20190601 or later.
      warnings.warn("""Version v20180216preview will be removed in the next major version of the provider. Upgrade to version v20190601 or later.""", DeprecationWarning)
    I’ve tried updating pulumi and the pulumi_azure_native python package, but it didn’t fix the issue. Could someone help me please?
    m
    b
    2 replies
    Copy to Clipboard
  • a

    average-france-9957

    3 months ago
    Hello! I'm attempting to use the automation API to set an array in my yaml config file. I have a python list of
    ['us-east-1', 'us-east-2', 'ap-northeast-1', ...etc...]
    and the end goal would be something like this in my config yaml
    aws:regions:
        - "ap-northeast-2"
        - "ap-northeast-3"
        - ...etc...
    My python snippet is
    stack.set_config(f"aws:regions", auto.ConfigValue(value=regions))
    but that throws
    TypeError: expected str, bytes or os.PathLike object, not list
    What is the best/correct way to set yaml arrays with the python automation API? Thanks you!
    a
    1 replies
    Copy to Clipboard
  • a

    able-thailand-87943

    3 months ago
    Hello all, We are running into some performance issues with even running a preview on stack with approx 125 resources in them. The preview triggers "resource registrations", and consumes approx 5GB memory with the process python, and it lasts approx 15 mins. We are working with
    Azure Resources
    , and
    python
    I0624 11:38:59.239243   31710 eventsink.go:59] Waiting for 734619 outstanding tasks to complete
    I0624 11:38:59.239316   31710 eventsink.go:62] eventSink::Debug(<{%reset%}>Waiting for 734619 outstanding tasks to complete<{%reset%}>)
    Is it really normal that all these resource registrations trigger so much of memory?
    a
    w
    +1
    4 replies
    Copy to Clipboard
  • f

    future-france-34957

    3 months ago
    Trying to define IAM Policy with dynamic resources. Here’s what I’m trying to do:
    POLICY = f"""{
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Action": [
                                "ssm:GetParameters"
                            ],
                            "Resource": [
                                "arn:aws:ssm:{aws_region}:{aws_account}:parameter/{env_stack}.api.config-location-s3"
                            ],
                            "Effect": "Allow"
                        }
                    ]
                }"""
    
            # Custom API-Tasks ECS Role Policy
            self.api_tasks_ecs_permissions = iam.RolePolicy(
                resource_name="api-tasks-ecs-permissions",
                role=self.api_tasks_ecs_role.id,
                policy=json.dumps(POLICY)
            )
    This fails with
    SyntaxError: f-string: expressions nested too deeply
    Anyone know how I can achieve this?
    f
    b
    9 replies
    Copy to Clipboard