async def test_output_all_known_if_all_are_known(self):
res = FakeCustomResource("some-resource")
fut = asyncio.Future()
fut.set_result(42)
known_fut = asyncio.Future()
known_fut.set_result(True)
out = Output({res}, fut, known_fut)
other = FakeCustomResource("some-other-resource")
other_fut = asyncio.Future()
other_fut.set_result(UNKNOWN) # <- not known
other_known_fut = asyncio.Future()
other_known_fut.set_result(False)
other_out = Output({other}, other_fut, other_known_fut)
combined = Output.all(out, other_out)
combined_dict = Output.all(out=out, other_out=other_out)
deps = []
prop = await rpc.serialize_property(combined, deps)
prop_dict = await rpc.serialize_property(combined_dict, deps)
self.assertSetEqual(set(deps), {res, other})
# The contents of the list are unknown if any of the Outputs used to
# create it were unknown.
self.assertEqual(rpc.UNKNOWN, prop)
self.assertEqual(rpc.UNKNOWN, prop_dict)
def test_ephemeral_project():
project_name = "my-project-name"
root_project_name = "root-project-name"
organization_name = "root-organization-name"
args = ProjectArgs(project_name, root_project_name, organization_name)
project = Project("name", args)
def test_properties(args):
new_project_id = args[0]
assert new_project_id == project_name
Output.all(project.new_project_id).apply(test_properties)
def allow_s3_bucket_access(s3_bucket):
bucket_policy = Output.all(s3_bucket.arn).apply(lambda args: json.dumps({
"Version":
"2012-10-17",
"Id":
"BeginWorldExchange",
"Statement": [
{
"Sid": "PublicAccess",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": "s3:Get*",
"Resource": f"{args[0]}/*",
},
{
"Sid": "BeginWriteAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::851075464416:root"
},
"Action": "s3:Put*",
"Resource": f"{args[0]}/*",
},
],
}))
s3.BucketPolicy("beginworld-exchange-bucket-policy",
bucket=s3_bucket.id,
policy=bucket_policy)
def allow_s3_bucket_access(s3_bucket, roles, lamda_function_arn):
role_arns = [role.arn for role in roles]
bucket_policy = Output.all(s3_bucket.arn,
role_arns).apply(lambda args: json.dumps({
"Version":
"2012-10-17",
"Id":
"MorgueFileBucketPolicy",
"Statement": [
{
"Sid": "AllowThingsInTheBucket",
"Effect": "Allow",
"Principal": {
"AWS": args[1]
},
"Action": "s3:*",
"Resource": f"{args[0]}/*",
},
{
"Sid": "AllowTheBucket",
"Effect": "Allow",
"Principal": {
"AWS": args[1]
},
"Action": "s3:*",
"Resource": f"{args[0]}",
},
],
}))
s3.BucketPolicy("morgue-file-bucket-policy",
bucket=s3_bucket.id,
policy=bucket_policy)
async def test_output_all(self):
res = FakeCustomResource("some-resource")
fut = asyncio.Future()
fut.set_result(42)
known_fut = asyncio.Future()
known_fut.set_result(True)
out = Output({res}, fut, known_fut)
other = Output.from_input(99)
combined = Output.all(out, other)
combined_dict = Output.all(out=out, other=other)
deps = []
prop = await rpc.serialize_property(combined, deps)
prop_dict = await rpc.serialize_property(combined_dict, deps)
self.assertSetEqual(set(deps), {res})
self.assertEqual([42, 99], prop)
self.assertEqual({"out": 42, "other": 99}, prop_dict)
async def test_lifted_unknown(self):
settings.SETTINGS.dry_run = True
fut = asyncio.Future()
fut.set_result(UNKNOWN)
out = Output.from_input({ "foo": "foo", "bar": UNKNOWN, "baz": fut})
self.assertFalse(await out.is_known())
r1 = out["foo"]
self.assertTrue(await r1.is_known())
self.assertEqual(await r1.future(with_unknowns=True), "foo")
r2 = out["bar"]
self.assertFalse(await r2.is_known())
self.assertEqual(await r2.future(with_unknowns=True), UNKNOWN)
r3 = out["baz"]
self.assertFalse(await r3.is_known())
self.assertEqual(await r3.future(with_unknowns=True), UNKNOWN)
r4 = out["baz"]["qux"]
self.assertFalse(await r4.is_known())
self.assertEqual(await r4.future(with_unknowns=True), UNKNOWN)
out = Output.from_input([ "foo", UNKNOWN ])
r5 = out[0]
self.assertTrue(await r5.is_known())
self.assertEqual(await r5.future(with_unknowns=True), "foo")
r6 = out[1]
self.assertFalse(await r6.is_known())
self.assertEqual(await r6.future(with_unknowns=True), UNKNOWN)
out = Output.all(Output.from_input("foo"), Output.from_input(UNKNOWN),
Output.from_input([ Output.from_input(UNKNOWN), Output.from_input("bar") ]))
self.assertFalse(await out.is_known())
r7 = out[0]
self.assertTrue(await r7.is_known())
self.assertEqual(await r7.future(with_unknowns=True), "foo")
r8 = out[1]
self.assertFalse(await r8.is_known())
self.assertEqual(await r8.future(with_unknowns=True), UNKNOWN)
r9 = out[2]
self.assertFalse(await r9.is_known())
r10 = r9[0]
self.assertFalse(await r10.is_known())
self.assertEqual(await r10.future(with_unknowns=True), UNKNOWN)
r11 = r9[1]
self.assertTrue(await r11.is_known())
self.assertEqual(await r11.future(with_unknowns=True), "bar")
def __init__(self,
name: str,
account_id: Input[str],
account_name: Input[str],
access_role_name: Input[str],
username: Input[str],
user_policy_arn: Input[str],
password: Input[str],
opts: ResourceOptions = None):
super().__init__("nuage/aws:organizations:AWSOrganizationAccountUser",
name, {}, opts)
assume_role_arn = Output.all(account_id, access_role_name).apply(
lambda a: f"arn:aws:iam::{a[0]}:role/{a[1]}")
provider = aws.Provider("freelance-account-provider",
assume_role={"role_arn": assume_role_arn})
user = iam.User(
"freelance-account-user",
name=Output.all(account_name,
username).apply(lambda a: f"{a[0]}-{a[1]}"),
opts=pulumi.ResourceOptions(provider=provider))
user_login_profile = dynamic_providers.iam.UserLoginProfile(
"freelance-account-user-login-profile",
username=user.name,
password=password,
assume_role=dynamic_providers.iam.AssumeRole(
role_arn=assume_role_arn))
user_policy_attachment = iam.UserPolicyAttachment(
"freelance-account-user_UserAccessRole",
policy_arn=user_policy_arn,
user=user.name,
opts=pulumi.ResourceOptions(provider=provider))
self.console_url = Output.all(account_id).apply(
lambda a: f"https://{a[0]}.signin.aws.amazon.com/console")
self.username = user.name
self.password = password
self.register_outputs({})
def __init__(self,
name,
security_groups,
subnets,
vpc_id,
opts: ResourceOptions = None):
super().__init__("redata:cluster:FileSystem", name, {}, opts)
self.efs = aws.efs.FileSystem(name, encrypted=True)
self.efs_policy = aws.efs.FileSystemPolicy(
"redata-efs-policy",
file_system_id=self.efs.id,
policy=Output.all(self.efs.arn).apply(lambda args: json.dumps({
"Version":
"2012-10-17",
"Statement": [{
"Effect": "Deny",
"Principal": {
"AWS": "*"
},
"Action": "*",
# Included to avoid always seeing a diff on the policy in 'pulumi up':
"Resource": args[0],
"Condition": {
"Bool": {
"aws:SecureTransport": "false"
}
}
}]
})))
efs_secgrp = aws.ec2.SecurityGroup(
f'{name}-secgrp',
vpc_id=vpc_id,
description='Enable EFS mount target access',
ingress=[
aws.ec2.SecurityGroupIngressArgs(
protocol='tcp',
from_port=2049,
to_port=2049,
security_groups=security_groups)
],
)
efs_mount_targets = []
for i, subnet_id in enumerate(subnets):
target = aws.efs.MountTarget(
f"{name}-mount-{i}",
file_system_id=self.efs.id,
security_groups=[efs_secgrp.id],
subnet_id=subnet_id,
)
efs_mount_targets.append(target)
self.register_outputs({})
def _build_asg_userdata(self, cluster, name):
user_data = Output.all(cluster.endpoint, cluster.certificate_authority).apply(lambda args: """
#!/bin/bash
set -o xtrace
/etc/eks/bootstrap.sh --apiserver-endpoint %s --b64-cluster-ca %s %s
""" % (args[0], args[1]['data'], name))
print(user_data)
return user_data
def create_permission(app: Output[Application]) -> Output:
return Output.all(app.application_id, app.oauth2_permissions).apply(lambda args: {
"resourceAppId": args[0],
"resourceAccess": [
{
"id": args[1][0]["id"],
"type": "Scope"
}
]
})
async def test_output_all(self):
res = TestCustomResource("some-resource")
fut = asyncio.Future()
fut.set_result(42)
known_fut = asyncio.Future()
known_fut.set_result(True)
out = Output({res}, fut, known_fut)
other = Output.from_input(99)
combined = Output.all(out, other)
deps = []
prop = await rpc.serialize_property(combined, deps)
self.assertListEqual(deps, [res])
self.assertEqual([42, 99], prop)
def test_cross_project_registry():
bucket_name = "my-bucketname"
target_project_number = "target_project_number"
args = CrossProjectCloudRunAccessArgs(
bucket_name, Output.from_input(target_project_number)
)
cloud_run_access = CrossProjectCloudRunAccess(
"my-cloudrun-cross-registry-access", args, None
)
def test_properties(args):
observed_bucket_name, observed_member = args
assert observed_bucket_name == bucket_name
assert observed_member == _cloudrun_service_account(target_project_number)
return Output.all(
cloud_run_access.bucket_policy.bucket, cloud_run_access.bucket_policy.member
).apply(test_properties)
def __init__(
self, name, file_system: FileSystem, path, opts: ResourceOptions = None
):
super().__init__("redata:cluster:FileSystem", name, {}, opts)
self.ap = aws.efs.AccessPoint(
name,
file_system_id=file_system.efs.id,
posix_user=aws.efs.AccessPointPosixUserArgs(uid=1000, gid=1000),
root_directory=aws.efs.AccessPointRootDirectoryArgs(
path=path,
creation_info=aws.efs.AccessPointRootDirectoryCreationInfoArgs(
owner_uid=1000, owner_gid=1000, permissions="755"
),
),
opts=ResourceOptions(parent=self),
)
self.policy_document = Output.all(file_system.efs.arn, self.ap.arn).apply(
lambda args: json.dumps(
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"elasticfilesystem:ClientMount",
"elasticfilesystem:ClientWrite",
],
"Resource": args[0],
"Condition": {
"StringEquals": {
"elasticfilesystem:AccessPointArn": args[1]
}
},
}
],
}
)
)
self.register_outputs({})
async def test_output_all_composes_dependencies(self):
res = TestCustomResource("some-resource")
fut = asyncio.Future()
fut.set_result(42)
known_fut = asyncio.Future()
known_fut.set_result(True)
out = Output({res}, fut, known_fut)
other = TestCustomResource("some-other-resource")
other_fut = asyncio.Future()
other_fut.set_result(99)
other_known_fut = asyncio.Future()
other_known_fut.set_result(True)
other_out = Output({other}, other_fut, other_known_fut)
combined = Output.all(out, other_out)
deps = []
prop = await rpc.serialize_property(combined, deps)
self.assertSetEqual(set(deps), {res, other})
self.assertEqual([42, 99], prop)
def create_queue_and_policy(name):
queue = sqs.Queue(f"{name}-queue", visibility_timeout_seconds=200)
policy = Output.all(queue.arn).apply(
lambda args: json.dumps(
{
"Version": "2012-10-17",
"Id": f"{name}-policy",
"Statement": [
{
"Effect": "Allow",
"Action": ["SQS:*"],
"Resource": args[0],
"Principal": "*",
}
],
}
)
)
sqs.QueuePolicy(f"{name}-very-permissive", policy=policy, queue_url=queue.id)
return queue
"service": "false",
"container": "false",
"object": "true"
},
permissions={
"read": "true",
"write": "false",
"delete": "false",
"add": "false",
"list": "false",
"create": "false",
"update": "false",
"process": "false"
},
)
httpdotnet_signed_blob_url = Output.all(httpdotnet_storage_account.name, httpdotnet_container.name, httpdotnet_zib_blob.name, account_sas.sas) \
.apply(lambda args: f"https://{args[0]}.blob.core.windows.net/{args[1]}/{args[2]}{args[3]}")
httpdotnet_plan = appservice.Plan("http-dotnet",
resource_group_name=resource_group.name,
kind="FunctionApp",
sku={
"tier": "Dynamic",
"size": "Y1"
})
httpdotnet_function_app = appservice.FunctionApp(
"http-dotnet",
resource_group_name=resource_group.name,
app_service_plan_id=httpdotnet_plan.id,
storage_connection_string=httpdotnet_storage_account.
primary_connection_string,
environment = Output.all(
airflow_db.address, # 0
airflow_db.password, # 1
sd_namespace.name, # 2
redata_db.address, # 3
redata_db.password, # 4
redata_sources, # 5
airflow_admin_password, # 6
grafana_admin_password, # 7
).apply(lambda args: [
# Airflow DB
{
"name": "AIRFLOW_CONN_METADATA_DB",
"value":
f"postgres+psycopg2://airflow:{args[1]}@{args[0]}:5432/airflow"
},
{
"name": "AIRFLOW_VAR__METADATA_DB_SCHEMA",
"value": "airflow"
},
# Airflow Config
{
"name": "AIRFLOW__CORE__LOAD_DEFAULT_CONNECTIONS",
"value": "False"
},
{
"name": "AIRFLOW__CORE__SQL_ALCHEMY_CONN",
"value":
f"postgres+psycopg2://airflow:{args[1]}@{args[0]}:5432/airflow"
},
{
"name": "AIRFLOW__CORE__DAGS_FOLDER",
"value": "/usr/local/redata/redata/dags"
},
{
"name": "AIRFLOW__CORE__EXECUTOR",
"value": "LocalExecutor"
},
{
"name": "AIRFLOW__LOGGING__BASE_LOG_FOLDER",
"value": airflow_base_log_folder
},
# - Front-end IPs that are allowed to set secure headers; only our ALB can talk to us, so set it to *
# (see https://docs.gunicorn.org/en/stable/settings.html#forwarded-allow-ips)
{
"name": "FORWARDED_ALLOW_IPS",
"value": "*"
},
# - Set proper base URL for redirects etc
{
"name": "AIRFLOW__WEBSERVER__BASE_URL",
"value": f'{base_url}/airflow'
},
# - Admin user setup (via entrypoint script):
{
"name": "AIRFLOW_SECURITY_ADMIN_USER",
"value": "admin"
},
{
"name": "AIRFLOW_SECURITY_ADMIN_PASSWORD",
"value": args[6]
},
{
"name": "AIRFLOW_SECURITY_ADMIN_EMAIL",
"value": airflow_admin_email
},
# Grafana Config
{
"name":
"GF_INSTALL_PLUGINS",
"value":
"grafana-polystat-panel,grafana-clock-panel,grafana-simple-json-datasource"
},
{
"name": "GF_SECURITY_ADMIN_USER",
"value": "admin"
},
{
"name": "GF_SECURITY_ADMIN_PASSWORD",
"value": args[7]
},
{
'name': 'GF_SERVER_ROOT_URL',
'value': f'{base_url}/grafana'
},
{
'name': 'GF_SERVER_SERVE_FROM_SUB_PATH',
'value': 'true'
},
# Redata DB
{
"name": "REDATA_METRICS_DATABASE_HOST",
"value": args[3]
},
{
"name": "REDATA_METRICS_DATABASE_USER",
"value": "redata"
},
{
"name": "REDATA_METRICS_DATABASE_PASSWORD",
"value": args[4]
},
{
"name": "REDATA_METRICS_DATABASE_NAME",
"value": "redata"
},
{
"name": "REDATA_METRICS_DB_URL",
"value": f"postgres://*****:*****@{args[3]}:5432/redata"
},
# Redata Config
{
'name': 'GRAFANA_WEB_HOST',
'value': f'grafana-web.{args[2]}'
},
{
'name': 'GRAFANA_WEB_PORT',
'value': '3000'
},
{
"name": "REDATA_AIRFLOW_SCHEDULE_INTERVAL",
"value": redata_airflow_schedule_interval
},
{
"name": "REDATA_TIME_COL_BLACKLIST_REGEX",
"value": redata_time_col_blacklist_regex
},
] + [{
"name": f"REDATA_SOURCE_DB_URL_{name}",
"value": url
} for name, url in args[5].items()])
policy = Output.all(
dynamodb_table.arn,
dynamodb_table.stream_arn,
sns_topic.arn,
weapons_topic.arn,
chat_stream.arn,
bucket.arn,
twitch_chat_bot.arn,
errors_queue.arn,
weapons_queue.arn,
xl_upgrades_queue.arn,
gods_queue.arn,
error_stream.arn,
).apply(
lambda args: json.dumps(
{
"Version": "2012-10-17",
"Id": f"{MODULE_NAME}-policy",
"Statement": [
CREATE_CW_LOGS_POLICY,
{"Effect": "Allow", "Action": ["dynamodb:*"], "Resource": args[0]},
{"Effect": "Allow", "Action": ["dynamodb:*"], "Resource": args[1]},
{
"Effect": "Allow",
"Action": ["sns:*"],
"Resource": [args[2], args[3]],
},
{"Effect": "Allow", "Action": ["kinesis:*"], "Resource": args[4]},
{
"Effect": "Allow",
"Action": ["s3:ListObjectsV2"],
"Resource": args[5],
},
{"Effect": "Allow", "Action": ["lambda:*"], "Resource": args[6]},
{
"Effect": "Allow",
"Action": ["SQS:*"],
"Resource": [args[7], args[8], args[9], args[10]],
},
{"Effect": "Allow", "Action": ["kinesis:*"], "Resource": args[11]},
],
}
)
)
def __init__(self, name: str, args: WebServerArgs, opts: ResourceOptions = None):
super().__init__("custom:app:WebServer", name, {}, opts)
child_opts = ResourceOptions(parent=self)
public_ip = network.PublicIp(
"server-ip",
resource_group_name=args.resource_group.name,
location=args.resource_group.location,
allocation_method="Dynamic",
opts=child_opts,
)
network_iface = network.NetworkInterface(
"server-nic",
resource_group_name=args.resource_group.name,
location=args.resource_group.location,
ip_configurations=[
network.NetworkInterfaceIpConfigurationArgs(
name="webserveripcfg",
subnet_id=args.subnet.id,
private_ip_address_allocation="Dynamic",
public_ip_address_id=public_ip.id,
)
],
opts=child_opts,
)
userdata = """#!/bin/bash
echo "Hello, World!" > index.html
nohup python -m SimpleHTTPServer 80 &"""
vm = compute.VirtualMachine(
"server-vm",
resource_group_name=args.resource_group.name,
location=args.resource_group.location,
network_interface_ids=[network_iface.id],
vm_size="Standard_A0",
delete_data_disks_on_termination=True,
delete_os_disk_on_termination=True,
os_profile=compute.VirtualMachineOsProfileArgs(
computer_name="hostname",
admin_username=args.username,
admin_password=args.password,
custom_data=userdata,
),
os_profile_linux_config=compute.VirtualMachineOsProfileLinuxConfigArgs(
disable_password_authentication=False,
),
storage_os_disk=compute.VirtualMachineStorageOsDiskArgs(
create_option="FromImage",
name="myosdisk1",
),
storage_image_reference=compute.VirtualMachineStorageImageReferenceArgs(
publisher="canonical",
offer="UbuntuServer",
sku="16.04-LTS",
version="latest",
),
opts=child_opts,
)
# The public IP address is not allocated until the VM is running, so we wait
# for that resource to create, and then lookup the IP address again to report
# its public IP.
combined_output = Output.all(
vm.id, public_ip.name, public_ip.resource_group_name
)
self.public_ip_addr = combined_output.apply(
lambda lst: network.get_public_ip(name=lst[1], resource_group_name=lst[2]).ip_address
)
self.register_outputs({})
},
node_config={
'machine_type':
NODE_MACHINE_TYPE,
'oauth_scopes': [
'https://www.googleapis.com/auth/compute',
'https://www.googleapis.com/auth/devstorage.read_only',
'https://www.googleapis.com/auth/logging.write',
'https://www.googleapis.com/auth/monitoring'
],
},
)
# Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
# gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint,
k8s_cluster.master_auth)
k8s_config = k8s_info.apply(lambda info: """apiVersion: v1
clusters:
- cluster:
certificate-authority-data: {0}
server: https://{1}
name: {2}
contexts:
- context:
cluster: {2}
user: {2}
name: {2}
current-context: {2}
kind: Config
preferences: {{}}
users:
"user": {
"exec": {
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"command": "aws-iam-authenticator",
"args": [
"token",
"-i",
f"{cluster_name}",
],
},
},
}],
})
# Create the KubeConfig Structure as per https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
kubeconfig = Output.all(cluster.endpoint, cluster.certificate_authority["data"], cluster.name).apply(lambda args: generateKubeconfig(args[0], args[1], args[2]))
# Declare a provider using the KubeConfig we created
# This will be used to interact with the EKS cluster
k8s_provider = Provider("k8s-provider", kubeconfig=kubeconfig)
# Create a Namespace object https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
ns = Namespace("app-ns",
metadata={
"name": "joe-duffy",
},
opts=ResourceOptions(provider=k8s_provider)
)
app_labels = {
"app": "iac-workshop"
"node_size": "Standard_D2_v2"
},
]
cluster_names = []
for config in aks_cluster_config:
cluster = containerservice.KubernetesCluster(
"aksCluster-%s" % config["name"],
resource_group_name=resource_group.name,
linux_profile=containerservice.KubernetesClusterLinuxProfileArgs(
admin_username="******",
ssh_key=containerservice.KubernetesClusterLinuxProfileSshKeyArgs(
key_data=ssh_public_key, ),
),
service_principal=containerservice.
KubernetesClusterServicePrincipalArgs(
client_id=ad_app.application_id,
client_secret=ad_sp_password.value),
location=config["location"],
default_node_pool=containerservice.
KubernetesClusterDefaultNodePoolArgs(
name="aksagentpool",
node_count=config["node_count"],
vm_size=config["node_size"],
),
dns_prefix="sample-kube",
)
cluster_names.append(cluster.name)
export("aks_cluster_names", Output.all(cluster_names))
class FinalResource(CustomResource):
number: Output[str]
def __init__(self, name, number):
CustomResource.__init__(self, "test:index:FinalResource", name, {
"number": number,
})
def assert_eq(lhs, rhs):
assert lhs == rhs
res1 = MyResource("testResource1")
res2 = MyResource("testResource2")
res1.number.apply(lambda n: assert_eq(n, 2))
res2.number.apply(lambda n: assert_eq(n, 3))
# Output.all combines a list of outputs into an output of a list.
resSum = Output.all(res1.number, res2.number).apply(lambda l: l[0] + l[1])
FinalResource("testResource3", resSum)
# Test additional Output helpers
hello_world = Output.concat(
"Hello ",
Output.from_input("world!")).apply(lambda s: assert_eq(s, "Hello world!"))
export("helloworld", hello_world)
start="2020-01-01",
expiry="2030-01-01",
container_name=args[2],
permissions={
"read": "true",
"write": "false",
"delete": "false",
"list": "false",
"add": "false",
"create": "false"
})
return f"https://{args[0]}.blob.core.windows.net/{args[2]}/{args[3]}{blob_sas.sas}"
signed_blob_url = Output.all(storage_account.name,
storage_account.primary_connection_string,
storage_container.name, blob.name).apply(get_sas)
app_insights = appinsights.Insights("appservice-ai",
resource_group_name=resource_group.name,
location=resource_group.location,
application_type="web")
sql_server = sql.SqlServer("appservice-sql",
resource_group_name=resource_group.name,
administrator_login=username,
administrator_login_password=pwd,
version="12.0")
database = sql.Database("appservice-db",
resource_group_name=resource_group.name,
special=True,
).result
sql_server = sql.SqlServer(
"sqlserver",
resource_group_name=resource_group.name,
administrator_login_password=administrator_login_password,
administrator_login="******",
version="12.0")
database = sql.Database("sqldb",
resource_group_name=resource_group.name,
server_name=sql_server.name,
requested_service_objective_name="S0")
connection_string = Output.all(sql_server.name, database.name) \
.apply(lambda args: f"Server=tcp:{args[0]}.database.windows.net;Database={args[1]};") or "1111"
text_blob = storage.Blob("text",
storage_account_name=storage_account.name,
storage_container_name=container.name,
type="Block",
source=asset.FileAsset("./README.md"))
app_service_plan = appservice.Plan("asp",
resource_group_name=resource_group.name,
kind="App",
sku=appservice.PlanSkuArgs(tier="Basic",
size="B1"))
blob = storage.Blob(
"zip",
},
"name": "kubernetes",
}],
"contexts": [{
"context": {
"cluster": "kubernetes",
"user": "******",
},
"name": "aws",
}],
"current-context": "aws",
"kind": "Config",
"users": [{
"name": "aws",
"user": {
"exec": {
"apiVersion": "client.authentication.k8s.io/v1alpha1",
"command": "aws-iam-authenticator",
"args": [
"token",
"-i",
f"{cluster_name}",
],
},
},
}],
})
# Create the KubeConfig Structure as per https://docs.aws.amazon.com/eks/latest/userguide/create-kubeconfig.html
kubeconfig = Output.all(cluster.endpoint, cluster.certificate_authority["data"], cluster.name).apply(lambda args: generateKubeconfig(args[0], args[1], args[2]))
create_option="FromImage",
name="myosdisk1",
caching="ReadWrite",
disk_size_gb=100,
),
image_reference=compute.ImageReferenceArgs(
publisher="canonical",
offer="UbuntuServer",
sku="18.04-LTS",
version="latest",
),
),
)
# Get IP address as an output.
combined_output = Output.all(server.id, public_ip.name, resource_group.name)
public_ip_addr = combined_output.apply(
lambda lst: network.get_public_ip_address(public_ip_address_name=lst[1],
resource_group_name=lst[2]))
# Create connection object to server.
conn = provisioners.ConnectionArgs(
host=public_ip_addr.ip_address,
username=admin_username,
private_key=private_key,
private_key_passphrase=private_key_passphrase,
)
# Copy install script to server.
cp_config = provisioners.CopyFile(
'config',
location=resource_group.location,
network_interface_ids=[network_iface.id],
vm_size="Standard_A0",
delete_data_disks_on_termination=True,
delete_os_disk_on_termination=True,
os_profile={
"computer_name": "hostname",
"admin_username": username,
"admin_password": password,
"custom_data": userdata,
},
os_profile_linux_config={
"disable_password_authentication": False,
},
storage_os_disk={
"create_option": "FromImage",
"name": "myosdisk1",
},
storage_image_reference={
"publisher": "canonical",
"offer": "UbuntuServer",
"sku": "16.04-LTS",
"version": "latest",
})
combined_output = Output.all(vm.id, public_ip.name,
public_ip.resource_group_name)
public_ip_addr = combined_output.apply(
lambda lst: network.get_public_ip(name=lst[1], resource_group_name=lst[2]))
pulumi.export("public_ip", public_ip_addr.ip_address)
"horizontalPodAutoscaling": {
"disabled": "false"
},
# "httpLoadBalancing": {"disabled": False},
"istioConfig": {
"disabled": False,
"auth": "AUTH_MUTUAL_TLS"
},
},
# Equivalent of --no-enable-stackdriver-kubernetes
logging_service=None,
)
# Manufacture a GKE-style Kubeconfig. Note that this is slightly "different" because of the way GKE requires
# gcloud to be in the picture for cluster authentication (rather than using the client cert/key directly).
k8s_info = Output.all(k8s_cluster.name, k8s_cluster.endpoint,
k8s_cluster.master_auth)
k8s_config = k8s_info.apply(lambda info: """apiVersion: v1
clusters:
- cluster:
certificate-authority-data: {0}
server: https://{1}
name: {2}
contexts:
- context:
cluster: {2}
user: {2}
name: {2}
current-context: {2}
kind: Config
preferences: {{}}
users:
network_interface_ids=[nic.id],
os_disk={
"caching": "None",
"storage_account_type": "Standard_LRS"
},
size=config["size"],
source_image_reference=config["img"])
vm_ids.append(vm.id)
# create azure sql server
sqlserver = sql.SqlServer("sso-sql",
resource_group_name=rg.name,
administrator_login="******",
administrator_login_password=sqlpwd,
version="12.0")
# create sql database
sqldb = sql.Database("sso-db",
resource_group_name=rg.name,
server_name=sqlserver.name,
edition="Standard",
requested_service_objective_name="S1")
# connection string (thanks Pulumi docs)
connection_string = Output.all(sqlserver.name, sqldb.name, sql_user, sqlpwd) \
.apply(lambda args: f"Server=tcp:{args[0]}.database.windows.net;initial catalog={args[1]};user ID={args[2]};password={args[3]};Min Pool Size=0;Max Pool Size=30;Persist Security Info=true;")
# Export the connection string for the storage account
pulumi.export('vm_ids', vm_ids)
pulumi.export('connstr', connection_string)
