Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
c
crooked-raincoat-45073
03/19/2023, 8:24 PMCalling str on an Output[T] is not supported
This should be an easy one to solve, but I have somehow a hard time getting it working.
{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow', 'Principal': {'Federated': <pulumi.output.Output object at 0x10a205c90>}, 'Action': 'sts:AssumeRoleWithWebIdentity', 'Condition': {'StringEquals': {'*Calling str on an Output[T] is not supported*.\n\nTo get the value of an Output[T] as an Output[str] consider:\n1. o.apply(lambda v: f"prefix{v}suffix")\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of Pulumi.': 'sts.amazonaws.com'}}}]}
policy_json = ({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": eks_cluster.core.oidc_provider.arn
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
f"{eks_cluster.core.oidc_provider.url.apply(lambda v: v)}": "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
})
print(policy_json)b
billowy-army-68599
03/19/2023, 8:37 PMYou’re doing the apply inside the string, do it at the root of the string build (ie: right after the =)
You can’t interpolate an output directly into the string, it needs to be known when you build the string
Also, the value after “federated” is an output so will throw the error
c
crooked-raincoat-45073
03/19/2023, 8:38 PMcan you give an example?
b
billowy-army-68599
03/19/2023, 8:41 PMc
crooked-raincoat-45073
03/19/2023, 8:50 PMtry to understand a bit more, Quick question, why does this not work?
policy_json = eks_cluster.core.oidc_provider.url.apply(lambda v: json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "eks_cluster.core.oidc_provider.arn"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
f"{v}": "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
}))
print(f"Output is: -> {policy_json}")b
billowy-army-68599
03/19/2023, 8:54 PMGive this a read
https://leebriggs.co.uk/blog/2021/05/09/pulumi-apply.html
c
crooked-raincoat-45073
03/19/2023, 10:04 PMI made it now a bit more compact, so it suits better my use case. (the following is now working)
external_dns_role = aws.iam.Role(
f"cr-eks-external-dns-role-{pulumi.get_stack()}",
path="/",
description="Role for External DNS on EKS to modify route53",
assume_role_policy=Output.json_dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": eks_cluster.core.oidc_provider.arn,
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
Output.format("{}:sub", eks_cluster.core.oidc_provider.url): "system:serviceaccount:kube-system:external-dns*",
Output.format("{}:aud", eks_cluster.core.oidc_provider.url): "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
}),
)