fix: allow deploying Pulumi stacks in parallel to CFN
This commit is contained in:
parent
4d30e2e805
commit
893c49bbb0
@ -1,6 +1,6 @@
|
|||||||
ARG RUNTIME_VERSION="3.10"
|
ARG RUNTIME_VERSION="3.10"
|
||||||
ARG DISTRO_VERSION="3.16"
|
ARG DISTRO_VERSION="3.16"
|
||||||
ARG PULUMI_VERSION="3.36.0"
|
ARG PULUMI_VERSION="3.38.0"
|
||||||
|
|
||||||
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
|
||||||
ARG PULUMI_VERSION
|
ARG PULUMI_VERSION
|
||||||
|
@ -444,14 +444,19 @@ def _provision(cb, stacks):
|
|||||||
"""Utility function to reuse code between tasks"""
|
"""Utility function to reuse code between tasks"""
|
||||||
for step in sort_stacks(cb, stacks):
|
for step in sort_stacks(cb, stacks):
|
||||||
if step:
|
if step:
|
||||||
# if there are any Pulumi stacks in the step execute serial
|
# Pulumi is not thread safe, so for now one by one
|
||||||
if _anyPulumi(step):
|
if _anyPulumi(step):
|
||||||
for stack in step:
|
for stack in step:
|
||||||
status = stack.get_status()
|
if stack.mode != "pulumi":
|
||||||
if not status:
|
status = stack.get_status()
|
||||||
stack.create()
|
if not status:
|
||||||
|
stack.create()
|
||||||
|
else:
|
||||||
|
stack.update()
|
||||||
|
|
||||||
|
# Pulumi only needs "up"
|
||||||
else:
|
else:
|
||||||
stack.update()
|
stack.create()
|
||||||
|
|
||||||
else:
|
else:
|
||||||
with ThreadPoolExecutor(max_workers=len(step)) as group:
|
with ThreadPoolExecutor(max_workers=len(step)) as group:
|
||||||
|
@ -109,12 +109,11 @@ def pulumi_ws(func):
|
|||||||
except KeyError:
|
except KeyError:
|
||||||
raise KeyError("Missing pulumi.backend setting !")
|
raise KeyError("Missing pulumi.backend setting !")
|
||||||
|
|
||||||
|
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
|
||||||
|
# Do NOT set them via 'aws:secretKey' as they end up in the self.json in plain text !!!
|
||||||
account_id = self.connection_manager.call(
|
account_id = self.connection_manager.call(
|
||||||
"sts", "get_caller_identity", profile=self.profile, region=self.region
|
"sts", "get_caller_identity", profile=self.profile, region=self.region
|
||||||
)["Account"]
|
)["Account"]
|
||||||
|
|
||||||
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
|
|
||||||
# Do NOT set them via 'aws:secretKey' as they end up in the self.json in plain text !!!
|
|
||||||
self.connection_manager.exportProfileEnv()
|
self.connection_manager.exportProfileEnv()
|
||||||
|
|
||||||
# Secrets provider
|
# Secrets provider
|
||||||
|
@ -782,20 +782,10 @@ class Stack(object):
|
|||||||
|
|
||||||
return status
|
return status
|
||||||
|
|
||||||
@pulumi_ws
|
|
||||||
@exec_hooks
|
@exec_hooks
|
||||||
def update(self):
|
def update(self):
|
||||||
"""Updates an existing stack"""
|
"""Updates an existing stack"""
|
||||||
|
|
||||||
# We cannot migrate directly so bail out if CFN stack still exists
|
|
||||||
if self.mode == "pulumi":
|
|
||||||
logger.error(
|
|
||||||
"Cloudformation stack {} still exists, cannot use Pulumi!".format(
|
|
||||||
self.stackname
|
|
||||||
)
|
|
||||||
)
|
|
||||||
return
|
|
||||||
|
|
||||||
# Prepare parameters
|
# Prepare parameters
|
||||||
self.resolve_parameters()
|
self.resolve_parameters()
|
||||||
|
|
||||||
|
@ -5,10 +5,11 @@ click
|
|||||||
pexpect
|
pexpect
|
||||||
python-minifier
|
python-minifier
|
||||||
cfn-lint>=0.34
|
cfn-lint>=0.34
|
||||||
pulumi>=3.35.0
|
pulumi>=3.38.0
|
||||||
pulumi-aws>5.0.0
|
pulumi-aws>5.0.0
|
||||||
pulumi-aws-native
|
pulumi-aws-native
|
||||||
pulumi-policy
|
pulumi-policy
|
||||||
|
pulumi-command
|
||||||
|
|
||||||
# flake8
|
# flake8
|
||||||
# pytest
|
# pytest
|
||||||
|
Loading…
Reference in New Issue
Block a user