def __init__( self, provider_param1: Optional[str] = None, provider_param2: Optional[str] = None, ): config = Config() self.provider_param1 = ( provider_param1 if provider_param1 else config.require("provider_param1") ) self.provider_param2 = ( provider_param2 if provider_param2 else config.require("provider_param2") )
def read_pulumi_config() -> EnvironmentDescriptor: moduleCfg = Config() awsCfg = Config("aws") return EnvironmentDescriptor( provider=moduleCfg.require('provider'), stage=moduleCfg.require('stage'), region=awsCfg.require('region'), name=moduleCfg.require('name'), access_key=awsCfg.get_secret('access_key'), secret_key=awsCfg.get_secret('secret_key'), )
def program(): config = Config() config.get("plainstr1") config.require("plainstr2") config.get_secret("plainstr3") config.require_secret("plainstr4") config.get_bool("plainbool1") config.require_bool("plainbool2") config.get_secret_bool("plainbool3") config.require_secret_bool("plainbool4") config.get_int("plainint1") config.require_int("plainint2") config.get_secret_int("plainint3") config.require_secret_int("plainint4") config.get_float("plainfloat1") config.require_float("plainfloat2") config.get_secret_float("plainfloat3") config.require_secret_float("plainfloat4") config.get_object("plainobj1") config.require_object("plainobj2") config.get_secret_object("plainobj3") config.require_secret_object("plainobj4") config.get("str1") config.require("str2") config.get_secret("str3") config.require_secret("str4") config.get_bool("bool1") config.require_bool("bool2") config.get_secret_bool("bool3") config.require_secret_bool("bool4") config.get_int("int1") config.require_int("int2") config.get_secret_int("int3") config.require_secret_int("int4") config.get_float("float1") config.require_float("float2") config.get_secret_float("float3") config.require_secret_float("float4") config.get_object("obj1") config.require_object("obj2") config.get_secret_object("obj3") config.require_secret_object("obj4")
def verify_data(r): t = r.resource_type if t != "pulumi-nodejs:dynamic:Resource": return # Verify is_dry_run() assert is_dry_run() == r.props["isDryRun"] # Verify get_project() assert "PULUMI_TEST_PROJECT" in os.environ assert get_project() == os.environ["PULUMI_TEST_PROJECT"] assert get_project() == r.props["getProject"] # Verify get_stack() assert "PULUMI_TEST_STACK" in os.environ assert get_stack() == os.environ["PULUMI_TEST_STACK"] assert get_stack() == r.props["getStack"] # Verify Config assert json.dumps(CONFIG, sort_keys=True) == json.dumps(dict(r.props["allConfig"]), sort_keys=True) config = Config() value = config.require("aConfigValue") assert value == "this value is a value" assert aws_config.region == "us-west-2"
def __init__( self, username: str = None, password: str = None, account_name: str = None, role: str = None, database: str = None, schema: str = None ): config = Config() self.username = username if username else config.require('snowflakeUsername') self.password = password if password else config.require('snowflakePassword') self.account_name = account_name if account_name else config.get('snowflakeAccountName') self.role = role if role else config.get('snowflakeRole') self.database = database if database else config.get('snowflakeDatabase') self.schema = schema if schema else config.get('snowflakeSchema')
def build_vm_domain(config: pulumi.Config) -> str: return 'controller-{0}.{1}.cloudapp.azure.com'.format( config.require('installation_id'), az_config.location.lower())
"""An Azure RM Python Pulumi program""" import pulumi import pulumi_azure_nextgen.resources.latest as resources import pulumi_azure_nextgen.databricks.latest as databricks from pulumi import Output, export, Config, StackReference, get_stack, get_project config = Config() # reading in StackReference Path from local config mystackpath = config.require("stackreference") # setting the StackReference my_network_stackreference = StackReference(mystackpath) my_secondvirtualnetwork_output = my_network_stackreference.get_output( "virtual_network_name") my_remote_resourcegroup_output = my_network_stackreference.get_output( "resource_group_name") #my_secondvirtualnetwork = my_secondvirtualnetwork_output.apply(lambda my_secondvirtualnetwork_output: f"{my_secondvirtualnetwork_output}") #my_remote_resourcegroup = my_remote_resourcegroup_output.apply(lambda my_remote_resourcegroup_output: f"{my_remote_resourcegroup_output}") # The values for my_secondvirtualnetwork & my_remote_resourcegroup are from the virtualnetwork that has # already been created using another pulumi stack. This has to exist before this code can run. my_secondvirtualnetwork = "shaht-vnet-peering-to-databricks" # 2nd virtual network. Needed for vpn peering block FROM databricks. my_remote_resourcegroup = "shaht-rg-peering-to-databricks" # local variables from config file # my subscription id mysubid = config.get("mysubid") # azure location my_location = config.get("location") # resource group name my_resource_group_name = config.get("resource_group_name")
peer = config.get('peer') porg = config.get('org') proj = config.get('project') if porg and not proj: # assume the same project in other organization proj = project if not porg: # assume the same organization porg = '' if not proj: # assume the same project proj = '' if not peer: reference = None else: reference = StackReference(f'{porg}/{proj}/{peer}') # validate firewall_address_space and hub_address_space firewall_address_space = config.require('firewall_address_space') fwz_nw = ip_network(firewall_address_space) if not fwz_nw.is_private: raise ConfigError(['firewall_address_space'], 'must be private') if fwz_nw.prefixlen > 24: raise ConfigError(['firewall_address_space'], 'must be /24 or larger') hub_address_space = config.require('hub_address_space') hub_nw = ip_network(hub_address_space) if not hub_nw.is_private: raise ConfigError(['hub_address_space'], 'must be private') if hub_nw.prefixlen > 24: raise ConfigError(['hub_address_space'], 'must be /24 or larger') if fwz_nw.overlaps(hub_nw): raise ConfigError(['firewall_address_space', 'hub_address_space'], 'may not overlap')
from pulumi import Config, export, asset, Output from pulumi_azure import core, storage, appservice, appinsights, sql import pulumi env = pulumi.get_stack() appname = pulumi.get_project() config = Config() username = config.require("sqlUsername") pwd = config.require("sqlPassword") resource_group = core.ResourceGroup(appname + '-' + env + '-rg') sql_server = sql.SqlServer(resource_name=appname + '-' + env + '-sql', resource_group_name=resource_group.name, administrator_login=username, administrator_login_password=pwd, version="12.0") database = sql.Database(appname + '-' + env + '-db', resource_group_name=resource_group.name, server_name=sql_server.name, requested_service_objective_name="S0") connection_string = Output.all(sql_server.name, database.name, username, pwd) \ .apply(lambda args: f"Server=tcp:{args[0]}.database.windows.net;initial catalog={args[1]};user ID={args[2]};password={args[3]};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;") app_service_plan = appservice.Plan(appname + '-' + env + '-asp', resource_group_name=resource_group.name, kind="App", sku={
"""Exception raised for errors in Pulumi Config. Attributes: keys -- Config keys with the error message -- explanation of the error """ def __init__(self, keys: [str], message: str): self.keys = keys self.message = message # retrieve the stack configuration data config = Config() # retrieve the location location = config.require('location') # retrieve optional separator choice and suffix separator = config.get('separator') if not separator: separator = '-' else: separator = separator[0] if separator == ' ': separator = '' suffix = config.get('suffix') if not suffix: suffix = '' # set default tags to be applied to all taggable resources stack = get_stack()
granting the `sts:AssumeRole` action to those principals. """ return { 'Version': '2012-10-17', 'Statement': [{ 'Sid': 'AllowAssumeRole', 'Effect': 'Allow', 'Principal': principal, 'Action': 'sts:AssumeRole' }] } config = Config() unprivileged_username = config.require('unprivilegedUsername') unprivileged_user = aws.iam.User('unprivileged-user', name=unprivileged_username) unprivileged_user_creds = aws.iam.AccessKey( 'unprivileged-user-key', user=unprivileged_user.name, # additional_secret_outputs specify properties that must be encrypted as secrets # https://www.pulumi.com/docs/intro/concepts/resources/#additionalsecretoutputs opts=ResourceOptions(additional_secret_outputs=["secret"])) allow_s3_management_role = aws.iam.Role( 'allow-s3-management', description='Allow management of S3 buckets', assume_role_policy=unprivileged_user.arn.apply(
from pulumi_gcp.cloudrun import ( ServiceTemplateMetadataArgs, ServiceTemplateSpecContainerEnvArgs, ) config = Config() cloud_sql_instance = pulumi_gcp.sql.DatabaseInstance( "my-cloud-sql-instance", database_version="POSTGRES_12", deletion_protection=False, settings=pulumi_gcp.sql.DatabaseInstanceSettingsArgs(tier="db-f1-micro"), ) database = pulumi_gcp.sql.Database( "database", instance=cloud_sql_instance.name, name=config.require("db-name") ) users = pulumi_gcp.sql.User( "users", name=config.require("db-name"), instance=cloud_sql_instance.name, password=config.require_secret("db-password"), ) sql_instance_url = Output.concat( "postgres://", config.require("db-name"), ":", config.require_secret("db-password"), "@/",
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import base64 from pulumi import Config, Output, export from pulumi_azure_nextgen.compute import latest as compute from pulumi_azure_nextgen.network import latest as network from pulumi_azure_nextgen.resources import latest as resources config = Config() location = config.get("location") or "westus" username = config.require("username") password = config.require("password") resource_group = resources.ResourceGroup("server", resource_group_name="server", location=location) net = network.VirtualNetwork("server-network", resource_group_name=resource_group.name, location=location, virtual_network_name="server-network", address_space=network.AddressSpaceArgs( address_prefixes=["10.0.0.0/16"], ), subnets=[ network.SubnetArgs( name="default", address_prefix="10.0.1.0/24", ) ]) public_ip = network.PublicIPAddress("server-ip",
from pulumi_gcp.container import Cluster from pulumi_kubernetes import Provider from pulumi_kubernetes.apps.v1 import Deployment # Read in some configurable settings for our cluster: config = Config(None) # nodeCount is the number of cluster nodes to provision. Defaults to 3 if unspecified. NODE_COUNT = config.get('node_count') or 3 # nodeMachineType is the machine type to use for cluster nodes. Defaults to n1-standard-1 if unspecified. # See https://cloud.google.com/compute/docs/machine-types for more details on available machine types. NODE_MACHINE_TYPE = config.get('node_machine_type') or 'n1-standard-1' # username is the admin username for the cluster. USERNAME = config.get('username') or 'admin' # password is the password for the admin user in the cluster. PASSWORD = config.require('password') # Now, actually create the GKE cluster. k8s_cluster = Cluster( 'gke-cluster', initial_node_count=NODE_COUNT, node_version='latest', min_master_version='latest', master_auth={ 'username': USERNAME, 'password': PASSWORD }, node_config={ 'machine_type': NODE_MACHINE_TYPE, 'oauth_scopes': [
from pulumi import Config, export from pulumi_azure import cdn, core, storage from cloudflare import create_dns_record config = Config(name="resume-infra") domain = config.require("domain") zone_id = config.require("zone_id") resource_group = core.ResourceGroup('nvd-codes-resume') account = storage.Account('resumestorage', resource_group_name=resource_group.name, account_tier='Standard', account_replication_type='LRS', enable_https_traffic_only=False, static_website={ "indexDocument": "index.html", } ) cdn_profile = cdn.Profile( "resume-cdn", resource_group_name=resource_group.name, sku="Standard_Microsoft" ) endpoint = cdn.Endpoint( "resume-cdn-ep", resource_group_name=resource_group.name,
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import pulumi_aws as aws from pulumi import Config, ResourceOptions, export config = Config() role_to_assume_arn = config.require('roleToAssumeARN') aws_config = Config('aws') provider = aws.Provider( 'privileged', assume_role={ 'role_arn': role_to_assume_arn, # session name can contain only the following special characters =,.@- # if any other special character is used, an error stating that the role # cannot be assumed will be returned 'session_name': 'PulumiSession', 'externalId': 'PulumiApplication', }, region=aws_config.require('region')) # Creates an AWS resource (S3 Bucket) bucket = aws.s3.Bucket('my-bucket', opts=ResourceOptions(provider=provider)) # Exports the DNS name of the bucket export('bucket_name', bucket.bucket_domain_name)
ServiceTemplateMetadataArgs, ServiceTemplateSpecContainerEnvArgs, ) config = Config() cloud_sql_instance = pulumi_gcp.sql.DatabaseInstance( "my-cloud-sql-instance", database_version="POSTGRES_12", deletion_protection=False, settings=pulumi_gcp.sql.DatabaseInstanceSettingsArgs(tier="db-f1-micro"), ) database = pulumi_gcp.sql.Database("database", instance=cloud_sql_instance.name, name=config.require("db-name")) users = pulumi_gcp.sql.User( "users", name=config.require("db-name"), instance=cloud_sql_instance.name, password=config.require_secret("db-password"), ) sql_instance_url = Output.concat( "postgres://", config.require("db-name"), ":", config.require_secret("db-password"), "@/", config.require("db-name"),
# retrieve the configuration data config = Config() # set default tags to be applied to all taggable resources stack = get_stack() default_tags = {'environment': stack} # all resources will be created in the Resource Group location resource_group = core.ResourceGroup( stack + '-vdc-rg-', tags=default_tags, ) # Hub virtual network with gateway, firewall, DMZ and shared services subnets hub1 = Hub( config.require('hub_stem'), HubProps( config=config, resource_group=resource_group, tags=default_tags, stack=stack, ), opts=ResourceOptions( custom_timeouts=CustomTimeouts(create='1h', update='1h', delete='1h')), ) # Spoke virtual network for application environments spoke1 = Spoke( config.require('spoke_stem'), SpokeProps( config=config,
# Copyright 2016-2018, Pulumi Corporation. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from pulumi import CustomResource, Config class MyResource(CustomResource): def __init__(self, name): CustomResource.__init__(self, "test:index:MyResource", name) config = Config("foo") MyResource(config.require("name"))
from pulumi import Config, export ## # company # └─ department # └─ team ## config = Config() company_name = config.require("companyName") export("companyName", company_name)
Returns the subdomain and the parent domain. """ parts = domain.split('.') if len(parts) < 2: raise Exception(f'No TLD found on ${domain}') if len(parts) == 2: return '', domain subdomain = parts[0] parts.pop(0) return subdomain, '.'.join(parts) + '.' # Read the configuration for this stack. stack_config = Config() target_domain = stack_config.require('targetDomain') path_to_website_contents = stack_config.require('pathToWebsiteContents') certificate_arn = stack_config.get('certificateArn') # Create an S3 bucket configured as a website bucket. content_bucket = pulumi_aws.s3.Bucket('contentBucket', bucket=target_domain, acl='public-read', website={ 'index_document': 'index.html', 'error_document': '404.html' }) def crawl_directory(content_dir, f): """
from pulumi import StackReference, Config, export from pulumi_aws import get_ami, ec2 config = Config() company_stack = StackReference(config.require("companyStack")) department_stack = StackReference(config.require("departmentStack")) combines_tags = { "department": department_stack.get_output("departmentName"), "company": company_stack.get_output("companyName"), "team": config.require("teamName"), "Managed By": "Pulumi", } ami_id = get_ami( most_recent="true", owners=["099720109477"], filters=[{ "name": "name", "values": ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"] }]).id instance = ec2.Instance("tagged", instance_type="t2.medium", ami=ami_id, tags=combines_tags) export("instance_id", instance.id) export("instance_tags", instance.tags)
from pulumi import Config, get_stack, export, Output import pulumi_azuread as ad import pulumi_random as random from pulumi_azure import core, containerservice config = Config() password = config.get_secret("password") or random.RandomPassword( "pwd", length=20, special=True).result ssh_public_key = config.require("sshPublicKey") resource_group = core.ResourceGroup("aksresourcegroup") ad_app = ad.Application("aks") ad_sp = ad.ServicePrincipal("aksSp", application_id=ad_app.application_id) ad_sp_password = ad.ServicePrincipalPassword("aksSpPassword", service_principal_id=ad_sp.id, value=password, end_date="2099-01-01T00:00:00Z") aks_cluster_config = [ { "name": "east", "location": "eastus", "node_count": 2, "node_size": "Standard_D2_v2" }, { "name": "west", "location": "westus",
from pulumi import Config, export ## # company # └─ department # └─ team ## config = Config() department_name = config.require("departmentName") export("departmentName", department_name)
from pulumi_aws.config.vars import region from pulumi import Config, ResourceOptions, export def require_region(): """ require_region fetches the AWS region, requiring that it exists. if it does not exist, an exception is raised. """ if not region: raise Exception('No AWS region has been configured') return region config = Config() role_to_assume_arn = config.require('roleToAssumeARN') provider = aws.Provider('privileged', assume_role={ 'role_arn': role_to_assume_arn, 'session_name': 'PulumiSession', 'externalId': 'PulumiApplication', }, region=require_region()) # Creates an AWS resource (S3 Bucket) bucket = aws.s3.Bucket('my-bucket', opts=ResourceOptions(provider=provider)) # Exports the DNS name of the bucket export('bucket_name', bucket.bucket_domain_name)
import vdc # retrieve the configuration data config = Config() # set default tags to be applied to all taggable resources stack = get_stack() default_tags = {'environment': stack} # set vdc default vdc.tags = default_tags # all resources will be created in configuration location resource_group_name = vdc.resource_group(stack) # another stack in the same project and organization may be peered peer = config.get('peer') if peer: org = config.require('org') project = get_project() ref = f'{org}/{project}/{peer}' else: ref = None # single hub virtual network with gateway, firewall, DMZ and shared services hub = Hub( 'hub', # stem of child resource names (<4 chars) HubProps( resource_group_name=resource_group_name, tags=default_tags, stack=stack, dmz_ar=config.require('firewall_dmz_subnet'), fwm_ar=config.get('firewall_management_subnet'), fws_ar=config.require('firewall_subnet'),
import pulumi_azure_native.insights as insights import pulumi_azure_native.resources as resource import pulumi_azure_native.sql as sql import pulumi_azure_native.storage as storage import pulumi_azure_native.web as web from pulumi import Config, Output, asset, export from pulumi_azure_native.storage import (BlobContainer, PublicAccess, StorageAccount) username = "******" config = Config() pwd = config.require("sqlPassword") resource_group = resource.ResourceGroup("appservicerg") storage_account = storage.StorageAccount( "appservicesa", resource_group_name=resource_group.name, kind=storage.Kind.STORAGE_V2, sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS)) app_service_plan = web.AppServicePlan("appservice-asp", resource_group_name=resource_group.name, kind="App", sku=web.SkuDescriptionArgs( tier="Basic", name="B1", )) storage_container = BlobContainer("appservice-c",
"""An AWS fargate with crosswalk vpc""" import pulumi from pulumi import export, ResourceOptions, Config, StackReference, get_stack, get_project import json import pulumi_aws as aws # https://www.pulumi.com/docs/intro/concepts/organizing-stacks-projects/#inter-stack-dependencies # read local config settings - network config = Config() # reading in vpc StackReference Path from local config mystackpath = config.require("mystackpath") # setting the StackReference mycrosswalkvpc = StackReference(mystackpath) # Get all network values from previously created vpc # pulumi_vpc = mycrosswalkvpc.require_output("pulumi_vpc_id") pulumi_vpc_name = mycrosswalkvpc.require_output("pulumi_vpc_name") pulumi_vpc_cidr = mycrosswalkvpc.require_output("pulumi_vpc_cidr") pulumi_vpc_id = mycrosswalkvpc.require_output("pulumi_vpc_id") pulumi_private_subnets = mycrosswalkvpc.require_output( "pulumi_vpc_private_subnet_ids") pulumi_public_subnets = mycrosswalkvpc.require_output( "pulumi_vpc_public_subnet_ids") pulumi_az_amount = mycrosswalkvpc.require_output("pulumi_vpc_az_zones") env_stack = get_stack() env_project = get_project()
from pulumi import Config config = Config() org_id = config.require("org_id") org_account_name = config.require("org_account_name") org_account_email = config.require("org_account_email") org_account_access_role_name = config.require("org_account_access_role_name") org_account_username = config.require("org_account_username") workmail_org_id = config.require("workmail_org_id") workmail_group_email = config.require("workmail_group_email")
import os import mimetypes from pulumi_aws import lambda_, cloudwatch, iam, s3 from pulumi import export, Config, FileAsset import iam as default_iam LAMBDA_BUCKET = "sotnikov-itea-tf-states" LAMBDA_SOURCE = 'delete_old_amis.py' LAMBDA_PACKAGE = 'lambda.zip' LAMBDA_VERSION = '1.0.0' os.system('zip %s %s' % (LAMBDA_PACKAGE, LAMBDA_SOURCE)) project_conf = Config('proj') cleanup_amis_conf = Config('cleanup_amis') appname = project_conf.require('appname') env = project_conf.require('env') dc = project_conf.require('dc') runtime = project_conf.require('runtime') service_naming_convention = f"{appname}-{dc}-{env}" lambda_name = "cleanup_old_amis" # Upload Lambda function to the S3 bucket mime_type, _ = mimetypes.guess_type(LAMBDA_PACKAGE) obj = s3.BucketObject(LAMBDA_VERSION + '/' + LAMBDA_PACKAGE, bucket=LAMBDA_BUCKET, source=FileAsset(LAMBDA_PACKAGE), content_type=mime_type) lambda_role = default_iam.default_iam_role(service_naming_convention, lambda_name)