https://pulumi.com logo
Title
k

kind-jelly-61624

02/28/2023, 11:45 PM
I noticed some weird behaviour where the preview shows it’s going to create 10 resources, but the pulumi up only creates 6. Does anyone know why this could be?
b

billowy-army-68599

02/28/2023, 11:47 PM
the screenshot isn’t super clear I’m afraid, can you show this in another way?
k

kind-jelly-61624

02/28/2023, 11:52 PM
image.png
is that better @billowy-army-68599?
b

billowy-army-68599

02/28/2023, 11:52 PM
Much better. Can you share your code?
k

kind-jelly-61624

02/28/2023, 11:53 PM
sure thing. So I first create an instance, and then I have a resource method that can attach an ALB to that instance
b

billowy-army-68599

02/28/2023, 11:54 PM
are you able to paste the code?
this is pretty unusual, i’ve never seen this behaviour before
k

kind-jelly-61624

02/28/2023, 11:55 PM
yeah just give me 5 seconds to try to remove sensitive stuff from it
def attachALB(__self__, attach_alb_args):

    if attach_alb_args.inputs.alb_logs_bucket is not None:
        bucket = pulumi_aws.s3.get_bucket(bucket=attach_alb_args.inputs.alb_logs_bucket)
        rcb.components.s3.BucketPolicy(
            component_name="enable-alb-access-logs",
            resource_type="rcb:s3:BucketPolicy",
            rough_inputs={
                "policy": {
                    "Statements": rcb.components.s3.get_bucket_policy_statements(
                        {
                            "statement_names": ["allow_load_balancer_access_logs"],
                            "values": {
                                "bucket_id": bucket.id,
                                "bucket_arn": bucket.arn,
                                "prefix": "alb_access_logs",
                                "aws_account_id": rcb_utils.PulumiHelpers.get_aws_account_id()

                            }
                        }
                    )
                },
                "bucket": attach_alb_args.inputs.alb_logs_bucket
            }
        )

    alb_security_group = pulumi_aws.ec2.SecurityGroup(
        f"{rcb_utils.naming_factory.get_resource_name('alb-sg')}",
        vpc_id=attach_alb_args.inputs.vpc_id
    )
    instance_security_group = pulumi_aws.ec2.SecurityGroup(
        f"{rcb_utils.naming_factory.get_resource_name('instance-sg')}",
        vpc_id=attach_alb_args.inputs.vpc_id
    )

    alb = pulumi_aws.lb.LoadBalancer(f"{rcb_utils.naming_factory.get_resource_name('alb')}",
                                     internal=attach_alb_args.inputs.internal,
                                     load_balancer_type="application",
                                     security_groups=[alb_security_group.id],
                                     subnets=attach_alb_args.inputs.subnets,
                                     enable_deletion_protection=False)

    pulumi_aws.ec2.NetworkInterfaceSecurityGroupAttachment(
        f"{rcb_utils.naming_factory.get_resource_name('alb-sg')}",
        security_group_id=instance_security_group.id,
        network_interface_id=__self__.outputs["instance"].primary_network_interface_id)

    for l in attach_alb_args.inputs.listener_to_target_mapping:
        pulumi_aws.ec2.SecurityGroupRule(f"{rcb_utils.naming_factory.get_resource_name('allow-ingress-to-alb')}",
                                         type="ingress",
                                         from_port=l["listener_port"],
                                         to_port=l["listener_port"],
                                         protocol="TCP",
                                         cidr_blocks=l["listener_cidr_blocks"],
                                         security_group_id=alb_security_group.id)

        pulumi_aws.ec2.SecurityGroupRule(f"{rcb_utils.naming_factory.get_resource_name('allow-ingress-to-instance')}",
                                         type="ingress",
                                         from_port=l["target_port"],
                                         to_port=l["target_port"],
                                         protocol="TCP",
                                         source_security_group_id=alb_security_group.id,
                                         security_group_id=instance_security_group.id)

        target_group = pulumi_aws.lb.TargetGroup(f"{rcb_utils.naming_factory.get_resource_name('target-group')}",
                                                 port=l["target_port"],
                                                 protocol=l["target_protocol"],
                                                 health_check=attach_alb_args.inputs.health_check,
                                                 vpc_id=attach_alb_args.inputs.vpc_id)

        pulumi_aws.lb.TargetGroupAttachment(
            f"{rcb_utils.naming_factory.get_resource_name('target-group-attachment')}",
            target_group_arn=target_group.arn,
            target_id=__self__.outputs["instance"].id,
            port=l["target_port"])

        pulumi_aws.lb.Listener(f"{rcb_utils.naming_factory.get_resource_name('listener')}",
                               load_balancer_arn=alb.arn,
                               port=l["listener_port"],
                               protocol=l["listener_protocol"],
                               # ssl_policy="ELBSecurityPolicy-2016-08",
                               certificate_arn=attach_alb_args.inputs.certificate_arn,
                               default_actions=[pulumi_aws.lb.ListenerDefaultActionArgs(
                                   type="forward",
                                   target_group_arn=target_group.arn,
                               )])

    return {"outputs": {"result": alb.id}}
that’s the resource method, it’s ssuper messy cause I’ve been trying to see what the problem could be
I thought it could be cause of the loop that i’m creating resources in, but removing the loop didn’t really fix the issue
i also have an invoke that runs within this method, could it be because of that?
b

billowy-army-68599

03/01/2023, 12:24 AM
it’s not super clear, you might want to wind some of this back, I can’t see any immediate issue
l

little-cartoon-10569

03/01/2023, 12:27 AM
Is it possible that rcb_utils.naming_factory is returning different values during preview and up?
k

kind-jelly-61624

03/01/2023, 12:28 AM
Hmm, true, but all it does for now is this
def get_resource_name(resource_type):
    stack_name = helpers.PulumiHelpers.get_stack_name()
    return f"{stack_name}-{resource_type}"
l

little-cartoon-10569

03/01/2023, 12:30 AM
Any chance that stack_name has a newline in it? There's some pretty weird formatting in the console output....
Oh wait, the 2nd output fixed that...
k

kind-jelly-61624

03/01/2023, 12:31 AM
yeah sorry about that, the first one had a bunch of random debug params in it i tried to hide
b

billowy-army-68599

03/01/2023, 12:32 AM
yeah that’s a good point, if you do
pulumi stack export
do you see the all the resources?
pulumi stack export | jq '.deployment.resources | length'
k

kind-jelly-61624

03/01/2023, 12:32 AM
ah let me check
i only see the ones that were created, not the ones that got skipped
b

billowy-army-68599

03/01/2023, 12:36 AM
hrm
k

kind-jelly-61624

03/01/2023, 7:30 PM
Heyy @billowy-army-68599, @little-cartoon-10569 Thanks for the help debugging yesterday! I thought the “self” variable in the resource method would contain the entire output returned by the resource but it looks like I only have the ARN
def attachALB(self, args: pulumi.input_type):
    return {"outputs": {"result": self}}
^^ that returns
result: "urn:pulumi:test::riotcloudbricks-test-stack::riotcloudbricks:ec2:Instance::jjjjj"
when i remove the resources that reference the resource (through self) from the method it’s all good
l

little-cartoon-10569

03/01/2023, 8:12 PM
I don't understand. Resource outputs are used for stack references. When you're inside the same project as a resource was created in, do you not simply pass the entire resource around? There shouldn't be any need to think about resource outputs in this code.
Have you solved the problem? Are you able to deploy all resources now?
k

kind-jelly-61624

03/01/2023, 8:36 PM
ah, i’m using Components that i’ve built seperately and I import them into my stack. In this case, my stack has imported the component that deploys an instance and then calls a resource method that can then attach an ALB to it. It looks like the method only recieves the ARN of the instance but not the instance itself. I will troubleshoot more to make sure it’s not some schema issue or something else on my end. For now, it seems I can’t use resource methods so I’ll have to look at creating another component to attach the ALB 🙂
l

little-cartoon-10569

03/01/2023, 8:51 PM
Not clear on that. Is the imported component created from another stack, and imported into this one? Or is the code that creates the component imported into this project, and run only from here? If the resource is created in another stack, you shouldn't attempt to manage it from this stack. You cold use a get method to create a read-only Pulumi resource to wrap it, or you could use the AWS SDK to get details about the resource. If you need only the ARN, it looks like you're already set.
k

kind-jelly-61624

03/01/2023, 8:53 PM
not creating the resource in another stack, it’s being created in the stack that’s run. It’s a similar concept to this https://github.com/pulumi/pulumi-component-provider-py-boilerplate
l

little-cartoon-10569

03/01/2023, 8:59 PM
I'm not a Python user, but when you create an object from a Python class, do you need to return
self
? You should be able to refer to the entire object as constructed. Also, isn't the special variable
__self__
? If you're able to narrow the problem down to something language-related, then #python may be able to help faster.