https://pulumi.com logo
Join Slack
Powered by
Hi, I have the following use case. In the Pulumi p...
# general
p
Hi, I have the following use case. In the Pulumi program, I first provision an S3 bucket (with website hosting enabled) and a user who has permissions to access it. The bucket policy denies other access. Then I need to build a frontend web application and provide the user's access and secret key as env varibles for the build process. The web app is bundled as a single HTML file which servers as a bucket's index document. I'd like to provision this 
index.html
(frontend web app build artifact) as a bucket object in the Pulumi program. How to achieve this? I'm thinking of running the build process with Command provider but I'm not sure if that's the right way. The two other alternatives I thought of: • Run a process (I'm using Python) in the Pulumi program but I'm not sure how to wait for the result before provisioning the bucket object. • Export the user's credentials as Pulumi outputs, run the build after Pulumi provision step and finally use AWS CLI to upload the 
index.html
. Being able to do it all in Pulumi program seems like the most elegant way, though. Any ideas?
e
From the sounds of it I think using the Command provider is probably the right way to do this.
p
OK thanks, I'll give it a stab and report result 👍
Using 
local.Command
seems the be the way to go. However, I encountered an issue which I'm not sure is a bug or my bad. Here's the relevant part of Pulumi program:
Copy code
# Build the web application.
build_command = command.local.Command(
    "app-build-command",
    create=(
        "echo '<!DOCTYPE html><html><body>XXX</body></html>' > /tmp/index.html"
    ),
    environment=pulumi.Output.all(
        access_key_id=user_access_key.id,
        secret_access_key=user_access_key.secret,
        bucket=bucket.id,
    ).apply(
        lambda args: {
            "AWS_REGION": aws.config.region,
            "AWS_ACCESS_KEY_ID": args["access_key_id"],
            "AWS_SECRET_ACCESS_KEY": args["secret_access_key"],
            "BUCKET_NAME": args["bucket"],
        }
    ),
    triggers=[uuid.uuid4().hex],  # XXX: enforce running the command
)

# Create a bucket object for the index document.
aws.s3.BucketObject(
    "bucket-index-document",
    key="index.html",
    bucket=bucket.id,
    source=build_command.id.apply(lambda x: pulumi.FileAsset("/tmp/index.html")),
    content_type="text/html",
    opts=pulumi.ResourceOptions(depends_on=[build_command]),
)
Notice the use of 
apply
when creating the bucket object. If I leave it out, I get an error that 
/tmp/index.html
doesn't exist. It seems that specifying 
depends_on
the command is not enough. Or am I doing something wrong here? As a side note, I'm also not sure about the usage of 
triggers
. There's no documentation and looking into the code didn't make me any smarter. But the common sense tells me that if I want the command to always run, I need to supply something that changes every time.
e
Notice the use of 
apply
 when creating the bucket object. If I leave it out, I get an error that 
/tmp/index.html
 doesn't exist. It seems that specifying 
depends_on
 the command is not enough. Or am I doing something wrong here?
I think that's because it tries to make the FileAsset before the file exists, but because of this you don't need the depends_on=[build_command].
As a side note, I'm also not sure about the usage of 
triggers
. There's no documentation and looking into the code didn't make me any smarter. But the common sense tells me that if I want the command to always run, I need to supply something that changes every time.
Your common sense is correct. Triggers is just any value which when changed will trigger the command to run again.
p
Awesome, thanks for clarification
4 Views
Open in Slack
PreviousNext
Powered by