fix: allow deploying Pulumi stacks in parallel to CFN

This commit is contained in:
Stefan Reimer 2022-08-26 11:44:33 +02:00
parent 4d30e2e805
commit 893c49bbb0
5 changed files with 15 additions and 20 deletions

View File

@ -1,6 +1,6 @@
ARG RUNTIME_VERSION="3.10" ARG RUNTIME_VERSION="3.10"
ARG DISTRO_VERSION="3.16" ARG DISTRO_VERSION="3.16"
ARG PULUMI_VERSION="3.36.0" ARG PULUMI_VERSION="3.38.0"
FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder FROM python:${RUNTIME_VERSION}-alpine${DISTRO_VERSION} AS builder
ARG PULUMI_VERSION ARG PULUMI_VERSION

View File

@ -444,14 +444,19 @@ def _provision(cb, stacks):
"""Utility function to reuse code between tasks""" """Utility function to reuse code between tasks"""
for step in sort_stacks(cb, stacks): for step in sort_stacks(cb, stacks):
if step: if step:
# if there are any Pulumi stacks in the step execute serial # Pulumi is not thread safe, so for now one by one
if _anyPulumi(step): if _anyPulumi(step):
for stack in step: for stack in step:
status = stack.get_status() if stack.mode != "pulumi":
if not status: status = stack.get_status()
stack.create() if not status:
stack.create()
else:
stack.update()
# Pulumi only needs "up"
else: else:
stack.update() stack.create()
else: else:
with ThreadPoolExecutor(max_workers=len(step)) as group: with ThreadPoolExecutor(max_workers=len(step)) as group:

View File

@ -109,12 +109,11 @@ def pulumi_ws(func):
except KeyError: except KeyError:
raise KeyError("Missing pulumi.backend setting !") raise KeyError("Missing pulumi.backend setting !")
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
# Do NOT set them via 'aws:secretKey' as they end up in the self.json in plain text !!!
account_id = self.connection_manager.call( account_id = self.connection_manager.call(
"sts", "get_caller_identity", profile=self.profile, region=self.region "sts", "get_caller_identity", profile=self.profile, region=self.region
)["Account"] )["Account"]
# Ugly hack as Pulumi currently doesnt support MFA_TOKENs during role assumptions
# Do NOT set them via 'aws:secretKey' as they end up in the self.json in plain text !!!
self.connection_manager.exportProfileEnv() self.connection_manager.exportProfileEnv()
# Secrets provider # Secrets provider

View File

@ -782,20 +782,10 @@ class Stack(object):
return status return status
@pulumi_ws
@exec_hooks @exec_hooks
def update(self): def update(self):
"""Updates an existing stack""" """Updates an existing stack"""
# We cannot migrate directly so bail out if CFN stack still exists
if self.mode == "pulumi":
logger.error(
"Cloudformation stack {} still exists, cannot use Pulumi!".format(
self.stackname
)
)
return
# Prepare parameters # Prepare parameters
self.resolve_parameters() self.resolve_parameters()

View File

@ -5,10 +5,11 @@ click
pexpect pexpect
python-minifier python-minifier
cfn-lint>=0.34 cfn-lint>=0.34
pulumi>=3.35.0 pulumi>=3.38.0
pulumi-aws>5.0.0 pulumi-aws>5.0.0
pulumi-aws-native pulumi-aws-native
pulumi-policy pulumi-policy
pulumi-command
# flake8 # flake8
# pytest # pytest