def program(): config = Config() config.get("plainstr1") config.require("plainstr2") config.get_secret("plainstr3") config.require_secret("plainstr4") config.get_bool("plainbool1") config.require_bool("plainbool2") config.get_secret_bool("plainbool3") config.require_secret_bool("plainbool4") config.get_int("plainint1") config.require_int("plainint2") config.get_secret_int("plainint3") config.require_secret_int("plainint4") config.get_float("plainfloat1") config.require_float("plainfloat2") config.get_secret_float("plainfloat3") config.require_secret_float("plainfloat4") config.get_object("plainobj1") config.require_object("plainobj2") config.get_secret_object("plainobj3") config.require_secret_object("plainobj4") config.get("str1") config.require("str2") config.get_secret("str3") config.require_secret("str4") config.get_bool("bool1") config.require_bool("bool2") config.get_secret_bool("bool3") config.require_secret_bool("bool4") config.get_int("int1") config.require_int("int2") config.get_secret_int("int3") config.require_secret_int("int4") config.get_float("float1") config.require_float("float2") config.get_secret_float("float3") config.require_secret_float("float4") config.get_object("obj1") config.require_object("obj2") config.get_secret_object("obj3") config.require_secret_object("obj4")
def __init__( self, username: str = None, password: str = None, account_name: str = None, role: str = None, database: str = None, schema: str = None ): config = Config() self.username = username if username else config.require('snowflakeUsername') self.password = password if password else config.require('snowflakePassword') self.account_name = account_name if account_name else config.get('snowflakeAccountName') self.role = role if role else config.get('snowflakeRole') self.database = database if database else config.get('snowflakeDatabase') self.schema = schema if schema else config.get('snowflakeSchema')
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import provisioners import pulumi import base64 from pulumi import Config, Output, export from pulumi_azure_nextgen.compute import latest as compute from pulumi_azure_nextgen.network import latest as network from pulumi_azure_nextgen.resources import latest as resources # Get the config ready to go. config = Config() key_name = config.get('keyName') public_key = config.get('publicKey') admin_username = config.get('admin_username') admin_password = config.get('admin_password') location = config.get('location') # The privateKey associated with the selected key must be provided (either directly or base64 encoded), # along with an optional passphrase if needed. def decode_key(key): if key.startswith('-----BEGIN RSA PRIVATE KEY-----'): return key return key.encode('ascii') private_key = config.require_secret('privateKey').apply(decode_key) private_key_passphrase = config.get_secret('privateKeyPassphrase') # Create a resource group to hold project resources.
# Copyright 2016-2020, Pulumi Corporation. All rights reserved. import base64 from pulumi import Config, Output, export from pulumi_azure_nextgen.compute import latest as compute from pulumi_azure_nextgen.network import latest as network from pulumi_azure_nextgen.resources import latest as resources config = Config() location = config.get("location") or "westus" username = config.require("username") password = config.require("password") resource_group = resources.ResourceGroup("server", resource_group_name="server", location=location) net = network.VirtualNetwork("server-network", resource_group_name=resource_group.name, location=location, virtual_network_name="server-network", address_space=network.AddressSpaceArgs( address_prefixes=["10.0.0.0/16"], ), subnets=[ network.SubnetArgs( name="default", address_prefix="10.0.1.0/24", ) ]) public_ip = network.PublicIPAddress("server-ip",
# The KVM host is created via a component resource. # Any KVM host can be used as long as the connection URI is returned to the main so that # the libvirt provider can be instantiated. # # In this case, the KVM host component creates a VM in Azure and uses an ssh connection URI. # import pulumi as pulumi from pulumi import Config, Output, ResourceOptions, export import pulumi_libvirt as libvirt import libvirt_host # Get some stack-related config data stackname = pulumi.get_stack() config = Config() basename = config.get("basename") or "libvirt-ex" basename = f"{basename}-{stackname}" ### Create a KVM host libvirt_server = libvirt_host.Server(basename) ### Use the KVM host # Create a provider using the connection URI returned by the KVM host component libvirt_provider = libvirt.Provider(f"{basename}-libvirt", uri=libvirt_server.libvirt_remote_uri) # Create a storage pool for the KVM VM that is going to be launched. vm_pool = libvirt.Pool(f"{basename}-vm_pool", args=libvirt.PoolArgs(type="dir", path=libvirt_server.vm_pool_dir), opts=ResourceOptions(provider=libvirt_provider))
def pulumi_program(): config = Config() export("exp_static", "foo") export("exp_cfg", config.get("bar")) export("exp_secret", config.get_secret("buzz"))
"""Exception raised for errors in Pulumi Config. Attributes: keys -- Config keys with the error message -- explanation of the error """ def __init__(self, keys: [str], message: str): self.keys = keys self.message = message # retrieve the stack configuration data config = Config() # retrieve optional separator choice and suffix separator = config.get('separator') or '-' separator = separator[0] if separator == ' ': separator = '' suffix = config.get('suffix') or '' # retrieve project and stack (org not yet available) project = get_project() stack = get_stack() # set default tags to be applied to all taggable resources default_tags = { 'manager': 'pulumi', 'project': project, 'stack': stack, }
import pulumi from pulumi import Config, ResourceOptions from pulumi_kubernetes import Provider from pulumi_kubernetes.apps.v1 import Deployment config = Config() namespace = config.get("namespace") or "default" provider = Provider("kubernetes", namespace=namespace) app_labels = {"app": "nginx"} deployment = Deployment( "nginx", spec={ "selector": {"match_labels": app_labels}, "replicas": 1, "template": { "metadata": {"labels": app_labels}, "spec": {"containers": [{"name": "nginx", "image": "nginx"}]}, }, }, opts=ResourceOptions(provider=provider), ) pulumi.export("name", deployment.metadata["name"])
self.message = message # retrieve the stack configuration data config = Config() # set default tags to be applied to all taggable resources stack = get_stack() default_tags = { 'environment': stack } # Azure Bastion hosts in hub and spokes (until functional across peerings) azure_bastion = config.get_bool('azure_bastion') # Azure Firewall to route all Internet-bound traffic to designated next hop forced_tunnel = config.get('forced_tunnel') if forced_tunnel: ft_ip = ip_address(forced_tunnel) # check IP address is valid # another stack may be peered in the same project, even across organizations org = config.get('org') peer = config.get('peer') project = config.get('project') if org and not project: project = get_project() if not org: org = "" if not project: project = "" if not peer: reference = None
from hub import HubProps, Hub from spoke import SpokeProps, Spoke import vdc # retrieve the configuration data config = Config() # set default tags to be applied to all taggable resources stack = get_stack() default_tags = {'environment': stack} # set vdc default vdc.tags = default_tags # all resources will be created in configuration location resource_group_name = vdc.resource_group(stack) # another stack in the same project and organization may be peered peer = config.get('peer') if peer: org = config.require('org') project = get_project() ref = f'{org}/{project}/{peer}' else: ref = None # single hub virtual network with gateway, firewall, DMZ and shared services hub = Hub( 'hub', # stem of child resource names (<4 chars) HubProps( resource_group_name=resource_group_name, tags=default_tags, stack=stack, dmz_ar=config.require('firewall_dmz_subnet'),
"""Configures the example. If password and public key for connecting to the cluster are not set with `pulumi config`, we generate a random password and key pair. """ from pulumi import Config from pulumi_random import RandomPassword from pulumi_tls import PrivateKey config = Config() k8s_version = config.get('k8sVersion') or '1.18.14' password = config.get('password') or RandomPassword('pw', length=20, special=True) generated_key_pair = PrivateKey('ssh-key', algorithm='RSA', rsa_bits=4096) admin_username = config.get('adminUserName') or 'testuser' ssh_public_key = config.get('sshPublicKey') or \ generated_key_pair.public_key_openssh
"""An Azure RM Python Pulumi program""" import pulumi from pulumi_azure_nextgen.storage import latest as storage from pulumi_azure_nextgen.resources import latest as resources from pulumi_azure_nextgen.network import latest as network from pulumi import export, ResourceOptions, Config, StackReference, get_stack, get_project config = Config() my_location = config.get("location") my_resource_group_name = config.get("resource_group_name") my_network_name = config.get("network_name") my_cidr_block = config.get("virtual_network_cidr") my_subnet_1_cidr = config.get("subnet_1_cidr") my_subnet_2_cidr = config.get("subnet_2_cidr") projectName = get_project() stackName = get_stack() mytags = { "stack": stackName, "project": projectName, "created_by": "johnsmith", "launched_via": "pulumi", "team": "engineering", "cli": "yes" } # Create an Azure Resource Group # https://www.pulumi.com/docs/reference/pkg/azure-nextgen/resources/resourcegroup/ resource_group = resources.ResourceGroup( f"{my_network_name}-resource-group",
"""An Azure RM Python Pulumi program""" import pulumi import pulumi_azure_nextgen.network.latest as network from pulumi import Config, StackReference # read local config settings - network config = Config() # reading in StackReference Path from local config mystackpath = config.require("stackreference") # setting the StackReference mynetworkstackreference = StackReference(mystackpath) # get azure subscription id my_subid = config.get("subid") # getting the resource group that where the current virtualnetwork ( the one that doesn't have databricks) is. my_resource_group = mynetworkstackreference.get_output("resource_group_name") # getting the virutal network that where the current virtualnetwork ( the one that doesn't have databricks) is. my_virtual_network_name = mynetworkstackreference.get_output("virtual_network_name") # Databricks resource group my_remote_resource_group = "myWorkspace" # Databricks virtual network my_remote_virtual_network = "workers-vnet" # vnet peering name FROM the virtualnetwork TO the databricks virtualnetwork my_virtual_network_peering_name = "shaht-vnet-peering-back-to-databricks" # vnet peering resource v_net_peering = network.VirtualNetworkPeering("virtualNetworkPeering",
"""A Google Cloud Python Pulumi program that stands up PostgresSQL""" import pulumi import pulumi_gcp as gcp # gcp https://www.pulumi.com/docs/reference/pkg/gcp/ from pulumi_gcp import sql, compute import pulumi_postgresql as postgres # PostgresSQL Provider https://www.pulumi.com/docs/reference/pkg/postgresql/ https://github.com/pulumi/pulumi-postgresql import pulumi_random as random # Used for password generation https://www.pulumi.com/docs/reference/pkg/random/ import pg8000.native # Used for creating table https://github.com/tlocke/pg8000name = "shaht" from pulumi import Config # To read from pulumi config: Setting and Getting Configuration Values https://www.pulumi.com/docs/intro/concepts/config/#setting-and-getting-configuration-values config = Config() # To get Data from local config myip = config.get("myip") # your ip with /32 myregion = gcp.config.region # gcp region name = "demo" # The following config values are set via: https://www.pulumi.com/docs/reference/cli/pulumi_config_set/ # The following 4 inputs will be updated ONLY after the initial postgres sql database instance, database, and users have been created. # We need the instance information to pass back in since we are using python package # to create the tables. See the readme # Start postgres_sql_instance_public_ip_address = config.get( "postgres_sql_instance_public_ip_address") postgres_sql_user_username = config.get("postgres_sql_user_username") postgres_sql_database_name = config.get("postgres_sql_database_name") postgres_sql_user_password = config.get("postgres_sql_user_password") # End # creates a random password https://www.pulumi.com/docs/reference/pkg/random/randompassword/ mypassword = random.RandomPassword("randompassword", length=12,
from pulumi import Config import boto3 conf = Config('aws') client = boto3.client('ec2', region_name=conf.get('region')) def get_subnets_ids(): return [ subnet['SubnetId'] for subnet in client.describe_subnets()['Subnets'] ] def get_default_security_groups_ids(): return [ secgrp['GroupId'] for secgrp in client.describe_security_groups()['SecurityGroups'] if secgrp['GroupName'] == 'default' ]
config = Config() # set default tags to be applied to all taggable resources stack = get_stack() default_tags = { 'environment': stack } # Azure Bastion hosts in hub and spokes (until functional across peerings) azure_bastion = config.get_bool('azure_bastion') # Azure Firewall to route all Internet-bound traffic to designated next hop forced_tunnel = config.get_bool('forced_tunnel') # another stack in the same project and organization may be peered peer = config.get('peer') if peer: org = config.require('org') project = get_project() reference = f'{org}/{project}/{peer}' else: reference = None # validate firewall_address_space and hub_address_space firewall_address_space = config.require('firewall_address_space') fwz_nw = ip_network(firewall_address_space) if not fwz_nw.is_private: raise ConfigError(['firewall_address_space'], 'must be private') if fwz_nw.prefixlen > 24: raise ConfigError(['firewall_address_space'], 'must be /24 or larger') hub_address_space = config.require('hub_address_space')
from pulumi import Config, export, get_project, get_stack, Output, ResourceOptions from pulumi_gcp.config import project, zone from pulumi_gcp.container import Cluster, get_engine_versions from pulumi_kubernetes import Provider from pulumi_kubernetes.apps.v1 import Deployment from pulumi_kubernetes.core.v1 import Service from pulumi_random import RandomString # Read in some configurable settings for our cluster: config = Config(None) # nodeCount is the number of cluster nodes to provision. Defaults to 3 if unspecified. NODE_COUNT = config.get('node_count') or 3 # nodeMachineType is the machine type to use for cluster nodes. Defaults to n1-standard-1 if unspecified. # See https://cloud.google.com/compute/docs/machine-types for more details on available machine types. NODE_MACHINE_TYPE = config.get('node_machine_type') or 'n1-standard-1' # username is the admin username for the cluster. USERNAME = config.get('username') or 'admin' # password is the password for the admin user in the cluster. PASSWORD = config.get_secret('password') or RandomString( "password", length=20, special=True).result engine_version = Output.from_input(get_engine_versions()).latest_master_version # Now, actually create the GKE cluster. k8s_cluster = Cluster( 'gke-cluster', initial_node_count=NODE_COUNT, node_version=engine_version, min_master_version=engine_version, master_auth={
from pulumi import Config, export, ResourceOptions from pulumi_azure import core, network, lb, compute import pulumi_random as random config = Config() admin_user = config.get("adminUser") or "azureuser" admin_password = config.get_secret("adminPassword") or random.RandomPassword( "pwd", length=20, special="true").result domain = config.get("domain") or random.RandomString( "domain", length=10, number="false", special="false", upper="false").result application_port = config.get_float("applicationPort") or 80 resource_group = core.ResourceGroup("vmss-rg") public_ip = network.PublicIp("public-ip", resource_group_name=resource_group.name, allocation_method="Static", domain_name_label=domain) load_balancer = lb.LoadBalancer("lb", resource_group_name=resource_group.name, frontend_ip_configurations=[{ "name": "PublicIPAddress", "publicIpAddressId": public_ip.id, }]) bpepool = lb.BackendAddressPool("bpepool", resource_group_name=resource_group.name, loadbalancer_id=load_balancer.id)
# Doc: https://www.pulumi.com/docs/intro/concepts/resources/#protect # Doc: https://www.pulumi.com/docs/reference/cli/pulumi_state_unprotect/ import base64 import pulumi from pulumi import Config, ResourceOptions from pulumi_tls import PrivateKey from pulumi_azure_native import resources, containerservice import pulumi_azuread as azuread import pulumi_kubernetes as k8s from pulumi_kubernetes.helm.v3 import Chart, ChartOpts import pulumi_random as random # Config values or defaults config = Config() k8s_version = config.get('k8sVersion') or '1.18.14' admin_username = config.get('adminUserName') or 'testuser' node_count = config.get_int('nodeCount') or 2 node_size = config.get('nodeSize') or 'Standard_D2_v2' password = config.get_secret("password") if not password: rando_password = random.RandomPassword( 'password', length=16, special=True, override_special='@_#', ) password = rando_password.result # Resource Group resource_group = resources.ResourceGroup('rg')
def build_secrets(config: pulumi.Config): secrets_template = """export CTR_FQDN="{fqdn}" export CTR_EMAIL="{email}" export CTR_PASSWORD="******" export CTR_FIRSTNAME="{admin_first_name}" export CTR_LASTNAME="{admin_last_name}" export CTR_SMTP_HOST={smtp_host} export CTR_SMTP_PORT={smtp_port} export CTR_SMTP_TLS={smtp_tls} export CTR_SMTP_AUTH={smtp_auth} export CTR_SMTP_FROM={smtp_from} """ if config.get('db_type') == 'sass': secrets_template += """export PG_INSTALL_TYPE=sass export CTR_DB_HOST="{db_hostname}" export CTR_DB_USER="******" export CTR_DB_PASS="******" """ elif config.get('db_type') == 'local': secrets_template += 'export PG_INSTALL_TYPE=local\n' if config.get_bool('smtp_auth'): if config.get('smtp_user'): secrets_template += 'export CTR_SMTP_USER={0}\n'.format(config.get('smtp_user')) if config.get('smtp_pass'): secrets_template += 'export CTR_SMTP_PASS={0}\n'.format(config.get('smtp_pass')) hostname = build_vm_domain(config) db_admin_username = config.get('db_admin_username') or 'controller' installation_id = config.get('installation_id') values = { 'fqdn': hostname, 'email': config.get('admin_email'), 'admin_pass': config.get('admin_password'), 'admin_first_name': config.get('admin_first_name'), 'admin_last_name': config.get('admin_last_name'), 'db_hostname': 'config-db-{0}.postgres.database.azure.com'.format(installation_id), 'db_user': '******'.format(db_admin_username, installation_id), 'db_pass': config.get('db_admin_password'), 'smtp_host': config.get('smtp_host'), 'smtp_port': config.get('smtp_port'), 'smtp_tls': 'true' if config.get_bool('smtp_tls') else 'false', 'smtp_from': config.get('smtp_from'), 'smtp_auth': 'true' if config.get_bool('smtp_auth') else 'false' } return secrets_template.format_map(values)
import pulumi_digitalocean as do from pulumi import Config, export, Output, ResourceOptions from pulumi_kubernetes import Provider from pulumi_kubernetes.apps.v1 import Deployment from pulumi_kubernetes.core.v1 import Service config = Config() node_count = config.get_float("nodeCount") or 3 app_replica_count = config.get_float("appReplicaCount") or 5 domain_name = config.get("domainName") cluster = do.KubernetesCluster("do-cluster", region="sfo2", version="latest", node_pool={ "name": "default", "size": "s-2vcpu-2gb", "node_count": node_count }) k8s_provider = Provider("do-k8s", kubeconfig=cluster.kube_configs[0]["rawConfig"]) app_labels = {"app": "app-nginx"} app = Deployment("do-app-dep", spec={ 'selector': { 'matchLabels': app_labels }, 'replicas': 1, 'template': {
my_network_stackreference = StackReference(mystackpath) my_secondvirtualnetwork_output = my_network_stackreference.get_output( "virtual_network_name") my_remote_resourcegroup_output = my_network_stackreference.get_output( "resource_group_name") #my_secondvirtualnetwork = my_secondvirtualnetwork_output.apply(lambda my_secondvirtualnetwork_output: f"{my_secondvirtualnetwork_output}") #my_remote_resourcegroup = my_remote_resourcegroup_output.apply(lambda my_remote_resourcegroup_output: f"{my_remote_resourcegroup_output}") # The values for my_secondvirtualnetwork & my_remote_resourcegroup are from the virtualnetwork that has # already been created using another pulumi stack. This has to exist before this code can run. my_secondvirtualnetwork = "shaht-vnet-peering-to-databricks" # 2nd virtual network. Needed for vpn peering block FROM databricks. my_remote_resourcegroup = "shaht-rg-peering-to-databricks" # local variables from config file # my subscription id mysubid = config.get("mysubid") # azure location my_location = config.get("location") # resource group name my_resource_group_name = config.get("resource_group_name") # name my_name = config.get("name") # workspace name my_Workspacename = config.get("workspacename") # Databricks vpn peering name. my_peering_name = "databricks_peering" # Creating Tags # stackname for tags stackName = get_stack()
from pulumi import Config, export, get_project, get_stack, Output, ResourceOptions from pulumi_gcp.config import project, zone from pulumi_gcp.container import Cluster, get_engine_versions from pulumi_kubernetes import Provider from pulumi_kubernetes.apps.v1 import Deployment from pulumi_kubernetes.core.v1 import Service from pulumi_random import RandomPassword # Read in some configurable settings for our cluster: config = Config(None) # nodeCount is the number of cluster nodes to provision. Defaults to 3 if unspecified. NODE_COUNT = config.get('node_count') or 3 # nodeMachineType is the machine type to use for cluster nodes. Defaults to n1-standard-1 if unspecified. # See https://cloud.google.com/compute/docs/machine-types for more details on available machine types. NODE_MACHINE_TYPE = config.get('node_machine_type') or 'n1-standard-1' # username is the admin username for the cluster. USERNAME = config.get('username') or 'admin' # password is the password for the admin user in the cluster. PASSWORD = config.get_secret('password') or RandomPassword( "password", length=20, special=True).result # master version of GKE engine MASTER_VERSION = config.get('master_version') # Now, actually create the GKE cluster. k8s_cluster = Cluster( 'gke-cluster', initial_node_count=NODE_COUNT, node_version=MASTER_VERSION, min_master_version=MASTER_VERSION, master_auth={
parts = domain.split('.') if len(parts) < 2: raise Exception(f'No TLD found on ${domain}') if len(parts) == 2: return '', domain subdomain = parts[0] parts.pop(0) return subdomain, '.'.join(parts) + '.' # Read the configuration for this stack. stack_config = Config() target_domain = stack_config.require('targetDomain') path_to_website_contents = stack_config.require('pathToWebsiteContents') certificate_arn = stack_config.get('certificateArn') # Create an S3 bucket configured as a website bucket. content_bucket = pulumi_aws.s3.Bucket('contentBucket', bucket=target_domain, acl='public-read', website={ 'index_document': 'index.html', 'error_document': '404.html' }) def crawl_directory(content_dir, f): """ Crawl `content_dir` (including subdirectories) and apply the function `f` to each file. """
from pulumi import Config, export, get_project, get_stack, Output, ResourceOptions from pulumi_gcp.config import project, zone, region from pulumi_gcp.container import Cluster, get_engine_versions from pulumi_kubernetes import Provider from pulumi_kubernetes.apps.v1 import Deployment from pulumi_kubernetes.core.v1 import Service from pulumi_random import RandomPassword # Read in some configurable settings for our cluster: config = Config(None) NODE_COUNT = config.get("node_count") NODE_MACHINE_TYPE = config.get("node_machine_type") IMAGE_TYPE = config.get("image_type") DISK_TYPE = config.get("disk_type") DISK_SIZE_GB = config.get("disk_size_gb") # master version of GKE engine MASTER_VERSION = config.get("master_version") CLUSTER_NAME = config.get("pulumi-gke") print(f"Master version: {MASTER_VERSION}") print(f"Project: {project} | Region: {region} | Zone: {zone}") # Now, actually create the GKE cluster. # Pulumi docs: https://www.pulumi.com/docs/reference/pkg/python/pulumi_gcp/container/#pulumi_gcp.container.Cluster # Terraform docs: https://www.terraform.io/docs/providers/google/r/container_cluster.html k8s_cluster = Cluster( "gke-cluster", name=CLUSTER_NAME, # Zone is read automagically from the stack config file
import pulumi_okta as okta import pulumi from pulumi import Config, export # User email sourceemail = "*****@*****.**" # Getting config values from pulumi config config = Config() # Retrieving AWS account ID that is passed in accountid = config.get("awsaccountid") # Retrieving iam saml provider iam_saml_provider = config.get("iamsamlprovider") # Retrieving role role = config.get("myrole") # Creating identityProviderArn for app_setting_json myidentityProviderArn = f"arn:aws:iam::{accountid}:saml-provider/{iam_saml_provider}" # Creating roleValuePattern for app_setting_json myroleValuePattern = f"arn:aws:iam::{accountid}:saml-provider/OKTA,arn:aws:iam::{accountid}:role/{role}" # Creating groupFilter for app_setting_json mygroupFilter = f"aws_(?{accountid}//d+)_(?{role}[a-zA-Z0-9+=,.@//-_]+)" # Combing it all to create the app_setting_json app_setting_json_total = '{' + f''' "appFilter":"okta", "awsEnvironmentType":"aws.amazon", "joinAllRoles": false, "sessionDuration": 14400, "loginURL": "https://console.aws.amazon.com/ec2/home", "identityProviderArn":"{myidentityProviderArn}", "roleValuePattern":"{myroleValuePattern}",