Channels
#aws
Title
# aws
s
salmon-musician-20405
03/02/2022, 5:38 PMNeed some help . I have installed new pulumi version pulumi 3.25.0. But have problem with providers.
Copy code
In the middle of building stack the provider assumes a different role ( or provider is switched to different account, Eg: below code
provider = Provider(
resource_name="different_account",
region="eu-west-1",
assume_role=ProviderAssumeRoleArgs(role_arn=role_arn),
)
BucketObject( resource_name=f"{name}-glue-job-script",
opts=ResourceOptions(depends_on=[self._rolePolicy], provider=provider),
bucket=destination_bucket.name,
key=f"glue-job-scripts/{glue_script.split('/')[-1]}",
source=FileAsset(glue_script))
Fails while doing above operation and following error occurs - Access denied error
aws:s3:BucketObject test-ab40dc-glue-job-script creating failed '
'Diagnostics:'
Error uploading object to S3 bucket (test-ab40dc-curated): '
'AccessDenied: Access Denied'g
great-queen-39697
03/02/2022, 7:56 PMTo confirm so I can help debug, you've downgraded to 3.22.1 and ran it without errors? Or was it working, then you updated, and now it's not working?
s
salmon-musician-20405
03/02/2022, 8:50 PMafter update to latest ,It not was working
@great-queen-39697 - good morning !. any lucky with suggestion. should i pass in extra parameters while creating new provider
g
great-queen-39697
03/03/2022, 3:39 PMCan you verify that the role is still in your AWS account and present in that region? I don't see anything in the code that would indicate that the upgrade would break the code. If you can verify that, would you open a bug report please at https://github.com/pulumi/pulumi/issues/new?assignees=&labels=kind%2Fbug&template=0-bug-report.md
s
salmon-musician-20405
03/03/2022, 4:52 PMHi Laura
The same code works for Pulumi=3.22.1
The role exists
Do i need to pass through profile as parameter
Also
Copy code
provider = Provider(
resource_name="test-provider",
assume_role="arn:aws:iam::********:role/test-role",
)
test_pipeline = TestPipeline(
name="test",
provider=provider,
)
> assert provider == test_pipeline._curatedBucket._providers["aws"]Is this something related to issue im having with assume role ?
@great-queen-39697
g
great-queen-39697
03/03/2022, 5:27 PMCan you put your entire code here, please, with anything private/confidential redacted? I can't tell what's wrong without more information.
s
salmon-musician-20405
03/03/2022, 5:48 PM Copy code
@pulumi.runtime.test
def test_provider_component(self):
raw_history_bucket = RawHistoryBucket(name="test", tagger=self.tagger)
provider = Provider(
resource_name="test-provider",
assume_role="arn:aws:iam::123456789012:role/test-role",
)
test_pipeline = RawHistoryToCuratedPipeline(
name="test",
raw_history_bucket=raw_history_bucket,
tagger=self.tagger,
provider=provider)
print(test_pipeline._curatedBucket._providers)
assert provider == test_pipeline._curatedBucket._providers["aws"]Tha above is unit test
output of the test_pipeline._curatedBucket._providers is as below
Copy code
{'data-engineering-pulumi-components': <pulumi_aws.provider.Provider object at 0x10ee14070>}so key is not 'aws' anymore
g
great-queen-39697
03/03/2022, 7:22 PMit's providing the output object; print won't dump the value as a string (see https://www.pulumi.com/docs/intro/concepts/inputs-outputs/)
I've found the following bug report (there's more past the issue-close line). Please see if this makes sense as part of the problem you're running into, and please note you can add to that data to help the team debug:
ā¢ https://github.com/pulumi/pulumi/issues/9024
s
salmon-musician-20405
03/03/2022, 7:36 PMIt was from my team and i added those bugs š but no response for it yet
I was unit testing the key
previously the key was 'aws' now its 'data-engineering-pulumi-components'
12 Views