ambitious-father-68746
12/14/2023, 1:18 PMpulumi_aws.iam.get_policy_document
? I would love to be able to combine multiple policy documents, since resources like SQS and SQS can only have a single policy, but I don't see a way to be able to do that.
A particular example is if I have an SNS topic and two SQS queues, each with their own KMS key. SNS has to know everything about the queues and the keys beforehand, so that it can set the policy at the same time. This is not great on a dynamic environment.dry-keyboard-94795
12/14/2023, 1:42 PM_output
variant of functions.
This lets you use outputs from other resources.
https://www.pulumi.com/docs/concepts/inputs-outputs/ambitious-father-68746
12/14/2023, 2:04 PMambitious-father-68746
12/14/2023, 2:05 PMambitious-father-68746
12/14/2023, 2:05 PMambitious-father-68746
12/14/2023, 2:06 PMdry-keyboard-94795
12/14/2023, 2:07 PMambitious-father-68746
12/14/2023, 2:08 PMambitious-father-68746
12/14/2023, 2:10 PMambitious-father-68746
12/14/2023, 2:10 PMambitious-father-68746
12/14/2023, 2:11 PMdry-keyboard-94795
12/14/2023, 2:17 PMambitious-father-68746
12/14/2023, 2:18 PMambitious-father-68746
12/14/2023, 2:18 PMdry-keyboard-94795
12/14/2023, 2:18 PMambitious-father-68746
12/14/2023, 2:18 PMambitious-father-68746
12/14/2023, 2:19 PMambitious-father-68746
12/14/2023, 2:19 PMambitious-father-68746
12/14/2023, 2:21 PMdry-keyboard-94795
12/14/2023, 2:21 PMambitious-father-68746
12/14/2023, 2:23 PMdry-keyboard-94795
12/14/2023, 2:24 PM.apply
methods.
What I'm thinking is having an output that "finalises" when you call another method after you've finished defining all your sqs queuesdry-keyboard-94795
12/14/2023, 2:52 PMdry-keyboard-94795
12/14/2023, 3:06 PMimport pulumi
import pulumi_aws as aws
class QueueFactory:
def __init__(self, topic: aws.sns.Topic):
self._topic = topic
self._queues: dict[str, aws.sqs.Queue] = {}
def add(self, name: str, **other):
queue = self._queues[name] = aws.sqs.Queue(name, aws.sqs.QueueArgs(
policy="", # whatever this needs to be
))
return queue
def subscribe(self):
policy = aws.sns.TopicPolicy(self._topic._name, aws.sns.TopicPolicyArgs(
arn=self._topic.arn,
policy="", # build policy here based on self._queues
))
for qn, queue in self._queues.items():
aws.sns.TopicSubscription(qn, aws.sns.TopicSubscriptionArgs(
endpoint=queue.arn,
protocol="sqs",
topic=self._topic.arn,
), pulumi.ResourceOptions(depends_on=[policy]))
sns_topic = aws.sns.Topic("snsTopic")
qf = QueueFactory(sns_topic)
qf.add("queue1")
qf.add("queue2")
qf.subscribe()
ambitious-father-68746
12/30/2023, 11:53 PMSNS
class to create an SNS topic.
2. That SNS
class has a method subscribe
that allows a queue to subscribe to it.
3. The subscribe
method creates the subscription resource, but does not actually set a policy. Instead it will add that information to a variable that will be used in the future to create the policy resource. Let's call that variable policy_statements
. Eventually we will have many policy statements, but we can only create the actual policy at the very end.
4. On the SNS
class we also define a method create_policy
that will create a policy resource based on the policy statements in policy_statement
.
5. We use the atexit
Python package and register the create_policy
method with it.
6. The atexit
package guarantees that the create_policy
will run at the end of the Python program, which means the policy will be created with all the right information because now we have all the information.
I haven't tested this with Pulumi yet, but if it works it's a very simple solution for this family of problems and will make me very happy indeed. I'll post here when I have actually tested it.dry-keyboard-94795
12/31/2023, 12:02 PM.apply
methodambitious-father-68746
01/04/2024, 6:58 PM....
File "/usr/lib64/python3.11/asyncio/tasks.py", line 659, in ensure_future
return _ensure_future(coro_or_future, loop=loop)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/asyncio/tasks.py", line 680, in _ensure_future
return loop.create_task(coro_or_future)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.11/asyncio/base_events.py", line 434, in create_task
self._check_closed()
File "/usr/lib64/python3.11/asyncio/base_events.py", line 519, in _check_closed
raise RuntimeError('Event loop is closed')
RuntimeError: Event loop is closed
I believe this error happens because Pulumi's event loop is finished and has moved on, so if you try to do anything else it's already too late. What I needed was an atexit specific for Pulumi.ambitious-father-68746
01/04/2024, 6:58 PMdry-keyboard-94795
01/04/2024, 7:00 PM____main__.py
file