https://pulumi.com logo
#aws
Title
# aws
s

salmon-musician-20405

03/02/2022, 5:38 PM
Need some help . I have installed new pulumi version pulumi 3.25.0. But have problem with providers.
Copy code
In the middle of building stack the provider assumes a different role ( or provider is switched to different account, Eg: below code

provider = Provider(
        resource_name="different_account",
        region="eu-west-1",
        assume_role=ProviderAssumeRoleArgs(role_arn=role_arn),
    )
 BucketObject( resource_name=f"{name}-glue-job-script",
            opts=ResourceOptions(depends_on=[self._rolePolicy], provider=provider),
            bucket=destination_bucket.name,
            key=f"glue-job-scripts/{glue_script.split('/')[-1]}",
            source=FileAsset(glue_script))
Fails while doing above operation and following error occurs - Access denied error

aws:s3:BucketObject test-ab40dc-glue-job-script creating failed '
'Diagnostics:'
Error uploading object to S3 bucket (test-ab40dc-curated): '
'AccessDenied: Access Denied'
The same code works at 3.22.1 Provider assume role doesnt seem to work for latest code
g

great-queen-39697

03/02/2022, 7:56 PM
To confirm so I can help debug, you've downgraded to 3.22.1 and ran it without errors? Or was it working, then you updated, and now it's not working?
s

salmon-musician-20405

03/02/2022, 8:50 PM
after update to latest ,It not was working
@great-queen-39697 - good morning !. any lucky with suggestion. should i pass in extra parameters while creating new provider
g

great-queen-39697

03/03/2022, 3:39 PM
Can you verify that the role is still in your AWS account and present in that region? I don't see anything in the code that would indicate that the upgrade would break the code. If you can verify that, would you open a bug report please at https://github.com/pulumi/pulumi/issues/new?assignees=&labels=kind%2Fbug&template=0-bug-report.md
s

salmon-musician-20405

03/03/2022, 4:52 PM
Hi Laura
The same code works for Pulumi=3.22.1
The role exists
Do i need to pass through profile as parameter
Also
Copy code
provider = Provider(
            resource_name="test-provider",
            assume_role="arn:aws:iam::********:role/test-role",
        )
        test_pipeline = TestPipeline(
            name="test",
            provider=provider,
        )
    
>       assert provider == test_pipeline._curatedBucket._providers["aws"]
Error - KeyError: 'aws' . If i specify the package name instead of 'aws' then the unit test passes. It would be good to know the change happened related to providers
Is this something related to issue im having with assume role ?
@great-queen-39697
g

great-queen-39697

03/03/2022, 5:27 PM
Can you put your entire code here, please, with anything private/confidential redacted? I can't tell what's wrong without more information.
s

salmon-musician-20405

03/03/2022, 5:48 PM
Copy code
@pulumi.runtime.test
    def test_provider_component(self):
        raw_history_bucket = RawHistoryBucket(name="test", tagger=self.tagger)
        provider = Provider(
            resource_name="test-provider",
            assume_role="arn:aws:iam::123456789012:role/test-role",
        )

        test_pipeline = RawHistoryToCuratedPipeline(
            name="test",
            raw_history_bucket=raw_history_bucket,
            tagger=self.tagger,
            provider=provider)
        print(test_pipeline._curatedBucket._providers)
        assert provider == test_pipeline._curatedBucket._providers["aws"]
Tha above is unit test
output of the test_pipeline._curatedBucket._providers is as below
Copy code
{'data-engineering-pulumi-components': <pulumi_aws.provider.Provider object at 0x10ee14070>}
so key is not 'aws' anymore
g

great-queen-39697

03/03/2022, 7:22 PM
it's providing the output object; print won't dump the value as a string (see https://www.pulumi.com/docs/intro/concepts/inputs-outputs/)
I've found the following bug report (there's more past the issue-close line). Please see if this makes sense as part of the problem you're running into, and please note you can add to that data to help the team debug: ā€¢ https://github.com/pulumi/pulumi/issues/9024
s

salmon-musician-20405

03/03/2022, 7:36 PM
It was from my team and i added those bugs šŸ˜ž but no response for it yet
I was unit testing the key
previously the key was 'aws' now its 'data-engineering-pulumi-components'
12 Views