When attempting the simple hello-world compute module code provided on the Compute > Documentation > ’ Build a Compute Module backed pipeline’ page (also here), I consistently get an Name Resolution error. I have reproduced this both on a Developer and Enterprise stack.
Example code within App.py for context - My enrollment domain has been {REDACTED}:
FOUNDRY_URL = “{REDACTED}.palantirfoundry.com”
def get_stream_latest_records():
url = f"https://{FOUNDRY_URL}/stream-proxy/api/streams/{input_rid}/branches/{input_branch}/records"
response = requests.get(url, headers={“Authorization”: f"Bearer {bearer_token}"})
return response.json()
Error:
[CRITICAL] Fatal error in application: HTTPSConnectionPool(host=‘{REDACTED}.palantirfoundry.com’, port=443): Max retries exceeded with url: /stream-proxy/api/streams/ri.foundry.main.dataset.b4e997c7-203a-4f76-a47f-528c280e01bb/branches/master/records (Caused by NameResolutionError(“<urllib3.connection.HTTPSConnection object at 0x7faaf96b7710>: Failed to resolve ‘{REDACTED}.palantirfoundry.com’ ([Errno -2] Name or service not known)”))*
Is this a newbie error? I couldn’t find any notes in the docs, nor AIP, that indicates extra steps for network considerations.
Hello,
From that error It appears you need to configure a source for your stack.
Compute modules in Foundry operate under a “zero trust” security model, ensuring maximum isolation and security. By default, these modules lack any external network access, including access to other Foundry services. This strict isolation is crucial for maintaining a secure environment.
Please refer to the following documentation for guidance on configuring a source: Foundry Compute Modules Sources
Thanks for the reply. I did see that point in the documentation however I didn’t think it applied here. I’m simply implementing the example on the Execution Modes page (Pipeline execution mode) and the details in the ‘Add inputs and outputs’ section, specifically how a bearer token is dynamically injected upon startup, works in a similar way to how the Source credentials are injected.
Today I took a slightly different approach and I tried this tutorial. It has the same basic output structure, is quite detailed and doesn’t mention additional steps to access the output resource. Again, I got the same DNS error upon attempting to write to the declared output stream.
The requirement for a source with egress to your REDACTED_STACK is applicable to any CM where you attempt to hit an /api endpoint like you do here to hit the streaming endpoint. This holds true for both this example in docs and this tutorial. Have you tried adding a source with egress, and does that resolve the issue for both examples?
I can work on our end to improve the documentation examples to make this requirement explicitly clear and avoid confusion 
1 Like
Huzzah! That worked. I created a REST API Data Connection with my stack url as the Domain base URL with Authentication set to “None”. I was previously hesitant to go down this track because I assumed that the Authentication would have to be “Bearer token” to match the request that was being made in the code. This didn’t make sense to me since I figured the token would rotate and this approach would eventually just break.
Thanks for your help!