Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
general
- s
stocky-spoon-28903
08/08/2018, 6:38 PMIs the idiomatic thing to do for unmet pre-conditions in a ComponentResource’s inputs to throw an exception?m- 2
- 1
- s
stocky-spoon-28903
08/08/2018, 6:46 PMAn AMI locator might be a nice abstraction for the Typescript SDK. Basically a priority selection between: - a specific AMI ID - an AMI name/owner pair + maybe additional filters - some default fallback (potentially) - s
stocky-spoon-28903
08/08/2018, 6:46 PMIt’s a pattern I’ve had to use 2-3 times over the last day or two - s
stocky-spoon-28903
08/08/2018, 7:35 PMAlso, is there a way to do a “targeted update”?m- 2
- 3
- s
stocky-spoon-28903
08/08/2018, 8:46 PMAnother one; has anyone done an initial run of newly created lambda function from the pulumi program that created it?w- 2
- 18
- s
stocky-spoon-28903
08/08/2018, 10:38 PMIs there a way to arrange a component such that all resources it creates must be created before it is considered fully created, such that using the component in
works across other components?dependsOnw- 2
- 5
- b
bland-lamp-97030
08/08/2018, 11:05 PMI'm trying to create a policy for SSM and need the accountId for the urn, but I can't seem to figure out a way to get it using the js lib. I see aws.getCallerIdentity, but that returns a promise. Any hints? - s
stocky-spoon-28903
08/08/2018, 11:05 PM@bland-lamp-97030 You can await the result of the promise - b
bland-lamp-97030
08/08/2018, 11:06 PMoutside of a function? - s
stocky-spoon-28903
08/08/2018, 11:06 PMNot outside, no. Are you in the global scope at the moment? - b
bland-lamp-97030
08/08/2018, 11:07 PMyes, just creating resources in index.js - s
stocky-spoon-28903
08/08/2018, 11:08 PMOne pattern I’ve used (as recommended by various people here) is an “async main” function, like this: https://gist.github.com/jen20/ccc91ab961843babf93b119fe67e1938 - s
stocky-spoon-28903
08/08/2018, 11:08 PM(Note that that particular gist is reproducing a crash though, so probably not the best one to copy/paste - the pattern is there though) - m
microscopic-florist-22719
08/08/2018, 11:09 PMDo you just need to pass the account ID into the input of another resource? - b
bland-lamp-97030
08/08/2018, 11:09 PMright, thanks, that makes sense! - s
stocky-spoon-28903
08/08/2018, 11:09 PMI’m guessing for a policy it needs to go into a stringified object - b
bland-lamp-97030
08/08/2018, 11:09 PMResource: aws.getCallerIdentity().then(resp => arn:aws:ssm:${region}:${resp.accountId}:parameter/myapp*) - b
bland-lamp-97030
08/08/2018, 11:10 PMbasically that - b
bland-lamp-97030
08/08/2018, 11:10 PMwithin a policy json stringify - m
microscopic-florist-22719
08/08/2018, 11:10 PMGot it. Can you DM me the full stringify? - m
microscopic-florist-22719
08/08/2018, 11:10 PM(assuming that you don't want to post it here) - b
bland-lamp-97030
08/08/2018, 11:11 PMno, I don't mind, but I think the async func will work for my purposes - b
bland-lamp-97030
08/08/2018, 11:11 PMconst policy = new aws.iam.RolePolicy("ksub-application-role-policy", { role: role.name, policy: JSON.stringify({ Version: "2012-10-17", Statement: [ { Action: ["ssm:GetParameters"], Effect: "Allow", Resource: aws.getCallerIdentity().then(resp => `arn:aws:ssm:${region}:${resp.accountId}:parameter/KSUB_*`), // how?? }, { Action: ["kms:Decrypt"], Effect: "Allow", Resource: kmsKey.arn, }, { Action: [ "autoscaling:Describe*", "ec2:Describe*", "ec2:Get*", "ecs:Describe*", "ecs:List*", "elasticache:Describe*", "elasticache:List*", "elasticloadbalancing:Describe*", "iam:Get*", "iam:List*", "ssm:DescribeParameters", "rds:Describe*", "rds:List*", ], Effect: "Allow", Resource: "*", }, ], }), }); - s
stocky-spoon-28903
08/08/2018, 11:11 PMHere’s a good example of using a promise value in a policy btw: https://github.com/jen20/lambda-cert/blob/master/pulumi/src/index.ts#L190-L253 - b
bland-lamp-97030
08/08/2018, 11:11 PMI didn't think the promise.then would work, but I found it in an example and figured I'd try it out - b
bland-lamp-97030
08/08/2018, 11:12 PMI should just stick to the python libs 🙂 - m
microscopic-florist-22719
08/08/2018, 11:12 PMThe canonical way to achieve what you need is to lift the `.then`:const policy = new aws.iam.RolePolicy("ksub-application-role-policy", { role: role.name, policy: aws.getCallerIdentity().then(resp => JSON.stringify({ Version: "2012-10-17", Statement: [ { Action: ["ssm:GetParameters"], Effect: "Allow", Resource: `arn:aws:ssm:${region}:${resp.accountId}:parameter/KSUB_*`, }, { Action: ["kms:Decrypt"], Effect: "Allow", Resource: kmsKey.arn, }, { Action: [ "autoscaling:Describe*", "ec2:Describe*", "ec2:Get*", "ecs:Describe*", "ecs:List*", "elasticache:Describe*", "elasticache:List*", "elasticloadbalancing:Describe*", "iam:Get*", "iam:List*", "ssm:DescribeParameters", "rds:Describe*", "rds:List*", ], Effect: "Allow", Resource: "*", }, ], })), }); - s
stocky-spoon-28903
08/08/2018, 11:13 PMThat’s quite a lot nicer. - b
bland-lamp-97030
08/08/2018, 11:13 PMoh, of course 👍 - s
stocky-spoon-28903
08/08/2018, 11:14 PMThe other important thing to know about there is
for if you need to depend on multiple promised parameterspulumi.all👍 1
Title
s
stocky-spoon-28903
08/08/2018, 11:14 PMThe other important thing to know about there is
pulumi.all👍 1
View count: 2