def __init__(
self,
provider_param1: Optional[str] = None,
provider_param2: Optional[str] = None,
):
config = Config()
self.provider_param1 = (
provider_param1 if provider_param1 else config.require("provider_param1")
)
self.provider_param2 = (
provider_param2 if provider_param2 else config.require("provider_param2")
)
def read_pulumi_config() -> EnvironmentDescriptor:
moduleCfg = Config()
awsCfg = Config("aws")
return EnvironmentDescriptor(
provider=moduleCfg.require('provider'),
stage=moduleCfg.require('stage'),
region=awsCfg.require('region'),
name=moduleCfg.require('name'),
access_key=awsCfg.get_secret('access_key'),
secret_key=awsCfg.get_secret('secret_key'),
)
def program():
config = Config()
config.get("plainstr1")
config.require("plainstr2")
config.get_secret("plainstr3")
config.require_secret("plainstr4")
config.get_bool("plainbool1")
config.require_bool("plainbool2")
config.get_secret_bool("plainbool3")
config.require_secret_bool("plainbool4")
config.get_int("plainint1")
config.require_int("plainint2")
config.get_secret_int("plainint3")
config.require_secret_int("plainint4")
config.get_float("plainfloat1")
config.require_float("plainfloat2")
config.get_secret_float("plainfloat3")
config.require_secret_float("plainfloat4")
config.get_object("plainobj1")
config.require_object("plainobj2")
config.get_secret_object("plainobj3")
config.require_secret_object("plainobj4")
config.get("str1")
config.require("str2")
config.get_secret("str3")
config.require_secret("str4")
config.get_bool("bool1")
config.require_bool("bool2")
config.get_secret_bool("bool3")
config.require_secret_bool("bool4")
config.get_int("int1")
config.require_int("int2")
config.get_secret_int("int3")
config.require_secret_int("int4")
config.get_float("float1")
config.require_float("float2")
config.get_secret_float("float3")
config.require_secret_float("float4")
config.get_object("obj1")
config.require_object("obj2")
config.get_secret_object("obj3")
config.require_secret_object("obj4")
def verify_data(r):
t = r.resource_type
if t != "pulumi-nodejs:dynamic:Resource":
return
# Verify is_dry_run()
assert is_dry_run() == r.props["isDryRun"]
# Verify get_project()
assert "PULUMI_TEST_PROJECT" in os.environ
assert get_project() == os.environ["PULUMI_TEST_PROJECT"]
assert get_project() == r.props["getProject"]
# Verify get_stack()
assert "PULUMI_TEST_STACK" in os.environ
assert get_stack() == os.environ["PULUMI_TEST_STACK"]
assert get_stack() == r.props["getStack"]
# Verify Config
assert json.dumps(CONFIG,
sort_keys=True) == json.dumps(dict(r.props["allConfig"]),
sort_keys=True)
config = Config()
value = config.require("aConfigValue")
assert value == "this value is a value"
assert aws_config.region == "us-west-2"
def __init__(
self,
username: str = None,
password: str = None,
account_name: str = None,
role: str = None,
database: str = None,
schema: str = None
):
config = Config()
self.username = username if username else config.require('snowflakeUsername')
self.password = password if password else config.require('snowflakePassword')
self.account_name = account_name if account_name else config.get('snowflakeAccountName')
self.role = role if role else config.get('snowflakeRole')
self.database = database if database else config.get('snowflakeDatabase')
self.schema = schema if schema else config.get('snowflakeSchema')
def build_vm_domain(config: pulumi.Config) -> str:
return 'controller-{0}.{1}.cloudapp.azure.com'.format(
config.require('installation_id'),
az_config.location.lower())
"""An Azure RM Python Pulumi program"""
import pulumi
import pulumi_azure_nextgen.resources.latest as resources
import pulumi_azure_nextgen.databricks.latest as databricks
from pulumi import Output, export, Config, StackReference, get_stack, get_project
config = Config()
# reading in StackReference Path from local config
mystackpath = config.require("stackreference")
# setting the StackReference
my_network_stackreference = StackReference(mystackpath)
my_secondvirtualnetwork_output = my_network_stackreference.get_output(
"virtual_network_name")
my_remote_resourcegroup_output = my_network_stackreference.get_output(
"resource_group_name")
#my_secondvirtualnetwork = my_secondvirtualnetwork_output.apply(lambda my_secondvirtualnetwork_output: f"{my_secondvirtualnetwork_output}")
#my_remote_resourcegroup = my_remote_resourcegroup_output.apply(lambda my_remote_resourcegroup_output: f"{my_remote_resourcegroup_output}")
# The values for my_secondvirtualnetwork & my_remote_resourcegroup are from the virtualnetwork that has
# already been created using another pulumi stack. This has to exist before this code can run.
my_secondvirtualnetwork = "shaht-vnet-peering-to-databricks" # 2nd virtual network. Needed for vpn peering block FROM databricks.
my_remote_resourcegroup = "shaht-rg-peering-to-databricks"
# local variables from config file
# my subscription id
mysubid = config.get("mysubid")
# azure location
my_location = config.get("location")
# resource group name
my_resource_group_name = config.get("resource_group_name")
peer = config.get('peer')
porg = config.get('org')
proj = config.get('project')
if porg and not proj: # assume the same project in other organization
proj = project
if not porg: # assume the same organization
porg = ''
if not proj: # assume the same project
proj = ''
if not peer:
reference = None
else:
reference = StackReference(f'{porg}/{proj}/{peer}')
# validate firewall_address_space and hub_address_space
firewall_address_space = config.require('firewall_address_space')
fwz_nw = ip_network(firewall_address_space)
if not fwz_nw.is_private:
raise ConfigError(['firewall_address_space'], 'must be private')
if fwz_nw.prefixlen > 24:
raise ConfigError(['firewall_address_space'], 'must be /24 or larger')
hub_address_space = config.require('hub_address_space')
hub_nw = ip_network(hub_address_space)
if not hub_nw.is_private:
raise ConfigError(['hub_address_space'], 'must be private')
if hub_nw.prefixlen > 24:
raise ConfigError(['hub_address_space'], 'must be /24 or larger')
if fwz_nw.overlaps(hub_nw):
raise ConfigError(['firewall_address_space', 'hub_address_space'],
'may not overlap')
from pulumi import Config, export, asset, Output
from pulumi_azure import core, storage, appservice, appinsights, sql
import pulumi
env = pulumi.get_stack()
appname = pulumi.get_project()
config = Config()
username = config.require("sqlUsername")
pwd = config.require("sqlPassword")
resource_group = core.ResourceGroup(appname + '-' + env + '-rg')
sql_server = sql.SqlServer(resource_name=appname + '-' + env + '-sql',
resource_group_name=resource_group.name,
administrator_login=username,
administrator_login_password=pwd,
version="12.0")
database = sql.Database(appname + '-' + env + '-db',
resource_group_name=resource_group.name,
server_name=sql_server.name,
requested_service_objective_name="S0")
connection_string = Output.all(sql_server.name, database.name, username, pwd) \
.apply(lambda args: f"Server=tcp:{args[0]}.database.windows.net;initial catalog={args[1]};user ID={args[2]};password={args[3]};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;")
app_service_plan = appservice.Plan(appname + '-' + env + '-asp',
resource_group_name=resource_group.name,
kind="App",
sku={
"""Exception raised for errors in Pulumi Config.
Attributes:
keys -- Config keys with the error
message -- explanation of the error
"""
def __init__(self, keys: [str], message: str):
self.keys = keys
self.message = message
# retrieve the stack configuration data
config = Config()
# retrieve the location
location = config.require('location')
# retrieve optional separator choice and suffix
separator = config.get('separator')
if not separator:
separator = '-'
else:
separator = separator[0]
if separator == ' ':
separator = ''
suffix = config.get('suffix')
if not suffix:
suffix = ''
# set default tags to be applied to all taggable resources
stack = get_stack()
granting the `sts:AssumeRole` action to those principals.
"""
return {
'Version':
'2012-10-17',
'Statement': [{
'Sid': 'AllowAssumeRole',
'Effect': 'Allow',
'Principal': principal,
'Action': 'sts:AssumeRole'
}]
}
config = Config()
unprivileged_username = config.require('unprivilegedUsername')
unprivileged_user = aws.iam.User('unprivileged-user',
name=unprivileged_username)
unprivileged_user_creds = aws.iam.AccessKey(
'unprivileged-user-key',
user=unprivileged_user.name,
# additional_secret_outputs specify properties that must be encrypted as secrets
# https://www.pulumi.com/docs/intro/concepts/resources/#additionalsecretoutputs
opts=ResourceOptions(additional_secret_outputs=["secret"]))
allow_s3_management_role = aws.iam.Role(
'allow-s3-management',
description='Allow management of S3 buckets',
assume_role_policy=unprivileged_user.arn.apply(
from pulumi_gcp.cloudrun import (
ServiceTemplateMetadataArgs,
ServiceTemplateSpecContainerEnvArgs,
)
config = Config()
cloud_sql_instance = pulumi_gcp.sql.DatabaseInstance(
"my-cloud-sql-instance",
database_version="POSTGRES_12",
deletion_protection=False,
settings=pulumi_gcp.sql.DatabaseInstanceSettingsArgs(tier="db-f1-micro"),
)
database = pulumi_gcp.sql.Database(
"database", instance=cloud_sql_instance.name, name=config.require("db-name")
)
users = pulumi_gcp.sql.User(
"users",
name=config.require("db-name"),
instance=cloud_sql_instance.name,
password=config.require_secret("db-password"),
)
sql_instance_url = Output.concat(
"postgres://",
config.require("db-name"),
":",
config.require_secret("db-password"),
"@/",
# Copyright 2016-2020, Pulumi Corporation. All rights reserved.
import base64
from pulumi import Config, Output, export
from pulumi_azure_nextgen.compute import latest as compute
from pulumi_azure_nextgen.network import latest as network
from pulumi_azure_nextgen.resources import latest as resources
config = Config()
location = config.get("location") or "westus"
username = config.require("username")
password = config.require("password")
resource_group = resources.ResourceGroup("server",
resource_group_name="server",
location=location)
net = network.VirtualNetwork("server-network",
resource_group_name=resource_group.name,
location=location,
virtual_network_name="server-network",
address_space=network.AddressSpaceArgs(
address_prefixes=["10.0.0.0/16"], ),
subnets=[
network.SubnetArgs(
name="default",
address_prefix="10.0.1.0/24",
)
])
public_ip = network.PublicIPAddress("server-ip",
from pulumi_gcp.container import Cluster
from pulumi_kubernetes import Provider
from pulumi_kubernetes.apps.v1 import Deployment
# Read in some configurable settings for our cluster:
config = Config(None)
# nodeCount is the number of cluster nodes to provision. Defaults to 3 if unspecified.
NODE_COUNT = config.get('node_count') or 3
# nodeMachineType is the machine type to use for cluster nodes. Defaults to n1-standard-1 if unspecified.
# See https://cloud.google.com/compute/docs/machine-types for more details on available machine types.
NODE_MACHINE_TYPE = config.get('node_machine_type') or 'n1-standard-1'
# username is the admin username for the cluster.
USERNAME = config.get('username') or 'admin'
# password is the password for the admin user in the cluster.
PASSWORD = config.require('password')
# Now, actually create the GKE cluster.
k8s_cluster = Cluster(
'gke-cluster',
initial_node_count=NODE_COUNT,
node_version='latest',
min_master_version='latest',
master_auth={
'username': USERNAME,
'password': PASSWORD
},
node_config={
'machine_type':
NODE_MACHINE_TYPE,
'oauth_scopes': [
from pulumi import Config, export
from pulumi_azure import cdn, core, storage
from cloudflare import create_dns_record
config = Config(name="resume-infra")
domain = config.require("domain")
zone_id = config.require("zone_id")
resource_group = core.ResourceGroup('nvd-codes-resume')
account = storage.Account('resumestorage',
resource_group_name=resource_group.name,
account_tier='Standard',
account_replication_type='LRS',
enable_https_traffic_only=False,
static_website={
"indexDocument": "index.html",
}
)
cdn_profile = cdn.Profile(
"resume-cdn",
resource_group_name=resource_group.name,
sku="Standard_Microsoft"
)
endpoint = cdn.Endpoint(
"resume-cdn-ep",
resource_group_name=resource_group.name,
# Copyright 2016-2020, Pulumi Corporation. All rights reserved.
import pulumi_aws as aws
from pulumi import Config, ResourceOptions, export
config = Config()
role_to_assume_arn = config.require('roleToAssumeARN')
aws_config = Config('aws')
provider = aws.Provider(
'privileged',
assume_role={
'role_arn': role_to_assume_arn,
# session name can contain only the following special characters =,.@-
# if any other special character is used, an error stating that the role
# cannot be assumed will be returned
'session_name': 'PulumiSession',
'externalId': 'PulumiApplication',
},
region=aws_config.require('region'))
# Creates an AWS resource (S3 Bucket)
bucket = aws.s3.Bucket('my-bucket', opts=ResourceOptions(provider=provider))
# Exports the DNS name of the bucket
export('bucket_name', bucket.bucket_domain_name)
ServiceTemplateMetadataArgs,
ServiceTemplateSpecContainerEnvArgs,
)
config = Config()
cloud_sql_instance = pulumi_gcp.sql.DatabaseInstance(
"my-cloud-sql-instance",
database_version="POSTGRES_12",
deletion_protection=False,
settings=pulumi_gcp.sql.DatabaseInstanceSettingsArgs(tier="db-f1-micro"),
)
database = pulumi_gcp.sql.Database("database",
instance=cloud_sql_instance.name,
name=config.require("db-name"))
users = pulumi_gcp.sql.User(
"users",
name=config.require("db-name"),
instance=cloud_sql_instance.name,
password=config.require_secret("db-password"),
)
sql_instance_url = Output.concat(
"postgres://",
config.require("db-name"),
":",
config.require_secret("db-password"),
"@/",
config.require("db-name"),
# retrieve the configuration data
config = Config()
# set default tags to be applied to all taggable resources
stack = get_stack()
default_tags = {'environment': stack}
# all resources will be created in the Resource Group location
resource_group = core.ResourceGroup(
stack + '-vdc-rg-',
tags=default_tags,
)
# Hub virtual network with gateway, firewall, DMZ and shared services subnets
hub1 = Hub(
config.require('hub_stem'),
HubProps(
config=config,
resource_group=resource_group,
tags=default_tags,
stack=stack,
),
opts=ResourceOptions(
custom_timeouts=CustomTimeouts(create='1h', update='1h', delete='1h')),
)
# Spoke virtual network for application environments
spoke1 = Spoke(
config.require('spoke_stem'),
SpokeProps(
config=config,
# Copyright 2016-2018, Pulumi Corporation.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from pulumi import CustomResource, Config
class MyResource(CustomResource):
def __init__(self, name):
CustomResource.__init__(self, "test:index:MyResource", name)
config = Config("foo")
MyResource(config.require("name"))
from pulumi import Config, export
##
# company
# └─ department
# └─ team
##
config = Config()
company_name = config.require("companyName")
export("companyName", company_name)
Returns the subdomain and the parent domain.
"""
parts = domain.split('.')
if len(parts) < 2:
raise Exception(f'No TLD found on ${domain}')
if len(parts) == 2:
return '', domain
subdomain = parts[0]
parts.pop(0)
return subdomain, '.'.join(parts) + '.'
# Read the configuration for this stack.
stack_config = Config()
target_domain = stack_config.require('targetDomain')
path_to_website_contents = stack_config.require('pathToWebsiteContents')
certificate_arn = stack_config.get('certificateArn')
# Create an S3 bucket configured as a website bucket.
content_bucket = pulumi_aws.s3.Bucket('contentBucket',
bucket=target_domain,
acl='public-read',
website={
'index_document': 'index.html',
'error_document': '404.html'
})
def crawl_directory(content_dir, f):
"""
from pulumi import StackReference, Config, export
from pulumi_aws import get_ami, ec2
config = Config()
company_stack = StackReference(config.require("companyStack"))
department_stack = StackReference(config.require("departmentStack"))
combines_tags = {
"department": department_stack.get_output("departmentName"),
"company": company_stack.get_output("companyName"),
"team": config.require("teamName"),
"Managed By": "Pulumi",
}
ami_id = get_ami(
most_recent="true",
owners=["099720109477"],
filters=[{
"name":
"name",
"values": ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
}]).id
instance = ec2.Instance("tagged",
instance_type="t2.medium",
ami=ami_id,
tags=combines_tags)
export("instance_id", instance.id)
export("instance_tags", instance.tags)
from pulumi import Config, get_stack, export, Output
import pulumi_azuread as ad
import pulumi_random as random
from pulumi_azure import core, containerservice
config = Config()
password = config.get_secret("password") or random.RandomPassword(
"pwd", length=20, special=True).result
ssh_public_key = config.require("sshPublicKey")
resource_group = core.ResourceGroup("aksresourcegroup")
ad_app = ad.Application("aks")
ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id)
ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword",
service_principal_id=ad_sp.id,
value=password,
end_date="2099-01-01T00:00:00Z")
aks_cluster_config = [
{
"name": "east",
"location": "eastus",
"node_count": 2,
"node_size": "Standard_D2_v2"
},
{
"name": "west",
"location": "westus",
from pulumi import Config, export
##
# company
# └─ department
# └─ team
##
config = Config()
department_name = config.require("departmentName")
export("departmentName", department_name)
from pulumi_aws.config.vars import region
from pulumi import Config, ResourceOptions, export
def require_region():
"""
require_region fetches the AWS region, requiring that it exists. if it does
not exist, an exception is raised.
"""
if not region:
raise Exception('No AWS region has been configured')
return region
config = Config()
role_to_assume_arn = config.require('roleToAssumeARN')
provider = aws.Provider('privileged',
assume_role={
'role_arn': role_to_assume_arn,
'session_name': 'PulumiSession',
'externalId': 'PulumiApplication',
},
region=require_region())
# Creates an AWS resource (S3 Bucket)
bucket = aws.s3.Bucket('my-bucket', opts=ResourceOptions(provider=provider))
# Exports the DNS name of the bucket
export('bucket_name', bucket.bucket_domain_name)
import vdc
# retrieve the configuration data
config = Config()
# set default tags to be applied to all taggable resources
stack = get_stack()
default_tags = {'environment': stack}
# set vdc default
vdc.tags = default_tags
# all resources will be created in configuration location
resource_group_name = vdc.resource_group(stack)
# another stack in the same project and organization may be peered
peer = config.get('peer')
if peer:
org = config.require('org')
project = get_project()
ref = f'{org}/{project}/{peer}'
else:
ref = None
# single hub virtual network with gateway, firewall, DMZ and shared services
hub = Hub(
'hub', # stem of child resource names (<4 chars)
HubProps(
resource_group_name=resource_group_name,
tags=default_tags,
stack=stack,
dmz_ar=config.require('firewall_dmz_subnet'),
fwm_ar=config.get('firewall_management_subnet'),
fws_ar=config.require('firewall_subnet'),
import pulumi_azure_native.insights as insights
import pulumi_azure_native.resources as resource
import pulumi_azure_native.sql as sql
import pulumi_azure_native.storage as storage
import pulumi_azure_native.web as web
from pulumi import Config, Output, asset, export
from pulumi_azure_native.storage import (BlobContainer, PublicAccess,
StorageAccount)
username = "******"
config = Config()
pwd = config.require("sqlPassword")
resource_group = resource.ResourceGroup("appservicerg")
storage_account = storage.StorageAccount(
"appservicesa",
resource_group_name=resource_group.name,
kind=storage.Kind.STORAGE_V2,
sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS))
app_service_plan = web.AppServicePlan("appservice-asp",
resource_group_name=resource_group.name,
kind="App",
sku=web.SkuDescriptionArgs(
tier="Basic",
name="B1",
))
storage_container = BlobContainer("appservice-c",
"""An AWS fargate with crosswalk vpc"""
import pulumi
from pulumi import export, ResourceOptions, Config, StackReference, get_stack, get_project
import json
import pulumi_aws as aws
# https://www.pulumi.com/docs/intro/concepts/organizing-stacks-projects/#inter-stack-dependencies
# read local config settings - network
config = Config()
# reading in vpc StackReference Path from local config
mystackpath = config.require("mystackpath")
# setting the StackReference
mycrosswalkvpc = StackReference(mystackpath)
# Get all network values from previously created vpc #
pulumi_vpc = mycrosswalkvpc.require_output("pulumi_vpc_id")
pulumi_vpc_name = mycrosswalkvpc.require_output("pulumi_vpc_name")
pulumi_vpc_cidr = mycrosswalkvpc.require_output("pulumi_vpc_cidr")
pulumi_vpc_id = mycrosswalkvpc.require_output("pulumi_vpc_id")
pulumi_private_subnets = mycrosswalkvpc.require_output(
"pulumi_vpc_private_subnet_ids")
pulumi_public_subnets = mycrosswalkvpc.require_output(
"pulumi_vpc_public_subnet_ids")
pulumi_az_amount = mycrosswalkvpc.require_output("pulumi_vpc_az_zones")
env_stack = get_stack()
env_project = get_project()
from pulumi import Config
config = Config()
org_id = config.require("org_id")
org_account_name = config.require("org_account_name")
org_account_email = config.require("org_account_email")
org_account_access_role_name = config.require("org_account_access_role_name")
org_account_username = config.require("org_account_username")
workmail_org_id = config.require("workmail_org_id")
workmail_group_email = config.require("workmail_group_email")
import os
import mimetypes
from pulumi_aws import lambda_, cloudwatch, iam, s3
from pulumi import export, Config, FileAsset
import iam as default_iam
LAMBDA_BUCKET = "sotnikov-itea-tf-states"
LAMBDA_SOURCE = 'delete_old_amis.py'
LAMBDA_PACKAGE = 'lambda.zip'
LAMBDA_VERSION = '1.0.0'
os.system('zip %s %s' % (LAMBDA_PACKAGE, LAMBDA_SOURCE))
project_conf = Config('proj')
cleanup_amis_conf = Config('cleanup_amis')
appname = project_conf.require('appname')
env = project_conf.require('env')
dc = project_conf.require('dc')
runtime = project_conf.require('runtime')
service_naming_convention = f"{appname}-{dc}-{env}"
lambda_name = "cleanup_old_amis"
# Upload Lambda function to the S3 bucket
mime_type, _ = mimetypes.guess_type(LAMBDA_PACKAGE)
obj = s3.BucketObject(LAMBDA_VERSION + '/' + LAMBDA_PACKAGE,
bucket=LAMBDA_BUCKET,
source=FileAsset(LAMBDA_PACKAGE),
content_type=mime_type)
lambda_role = default_iam.default_iam_role(service_naming_convention,
lambda_name)
