bumpy-restaurant-1466
12/24/2019, 4:09 AMbright-orange-69401
12/24/2019, 10:16 AMpulumi-python
since a few weeks and although theoretically everything can be done in python, it turns out that the documentation as well as examples are heavily lacking, making any progress very difficult
I think pulumi has a lot of potential but even though I'm a heavy python fan I'm torn myself wether I should go back to Terraform until pulumi is more mature :/bumpy-restaurant-1466
12/24/2019, 6:30 PMfor_each
and yamldecode
. However it’s also clear that there are some bad design decisions behind these such as it being impossible to nest _for_each_ loops due to `each.key`/`each.value` being fixed for both loops.
All our new code for IAM policies, roles, users, and groups are written to import and parse YAML, which I’m planning to open source for others to use, however what would take a few minutes in Python took tens of hours to write for Terraform:
#####
# Roles - Extract & Transform
#####
locals {
# extract role data from files
role_file_paths = fileset(path.module, "config/roles/**/*.yaml")
role_configs = {
for x in flatten([
for file_path in local.role_file_paths : [
for role, obj in yamldecode(file(file_path)).user_roles : {
(role) = obj
}
]
]) : keys(x)[0] => values(x)[0]
}
# intermediate steps to work around the limitations of "for_each"
role_policies = { for k, v in local.role_configs : k => v.policies if lookup(v, "policies", []) != [] }
role_policy_pairs = flatten([
for role, policies in local.role_policies : [
for policy in policies : {
account = local.role_configs[role].account
role = role
policy = policy
}
]
])
# string => map(string)
role_policy_joins = {
for obj in local.role_policy_pairs :
replace("${obj.role}${obj.policy}", "/arn:aws:iam::|([[:punct:]]+)/", "_") => obj
}
}
clean-engineer-75963
12/26/2019, 5:35 PMsubprocess
and things like it (like pexpect
) don't work the way you think because Pulumi multiprocesses in weird places under the hood. Context managers (with
statements) are not respected during resource creation. You can't access pulumi attributes as primitive types except in extremely restrictive apply
functions; otherwise they're all of type pulumi.Output
, which you can't do anything with in plain Python. The claim on the "Why Pulumi" page that you get to manage your infrastructure without learning "yet another ... DSL dialect" is false, because Pulumi with Python is absolutely a DSL.bright-orange-69401
01/01/2020, 5:13 PMbumpy-restaurant-1466
01/06/2020, 6:39 PMbright-orange-69401
01/07/2020, 10:38 AMbumpy-restaurant-1466
01/07/2020, 6:37 PMbright-orange-69401
01/08/2020, 8:41 AMpulumi_aws
I end up looking at the Terraform provider's documentation and implementation : Pulumi is merely wrapping it so the documentation & logic are often times easier to understand in Terraform
I'm by no means a junior engineer, and even I find this circumvoluted process cumbersome... so I'd say that for now a junior has a better chance on Terraform
That's of course assuming that your project won't require Pulumi-specific concepts such as Dynamic Providers