This message was deleted.
# generals
sparse-intern-71089
03/19/2023, 8:24 PMThis message was deleted.
🙌 1
b
billowy-army-68599
03/19/2023, 8:37 PM
You’re doing the apply inside the string, do it at the root of the string build (ie: right after the =)
billowy-army-68599
03/19/2023, 8:37 PM
You can’t interpolate an output directly into the string, it needs to be known when you build the string
billowy-army-68599
03/19/2023, 8:38 PM
Also, the value after “federated” is an output so will throw the error
c
crooked-raincoat-45073
03/19/2023, 8:38 PMcan you give an example?
b
billowy-army-68599
03/19/2023, 8:41 PM
c
crooked-raincoat-45073
03/19/2023, 8:50 PMtry to understand a bit more, Quick question, why does this not work?
Copy code
policy_json = eks_cluster.core.oidc_provider.url.apply(lambda v: json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "eks_cluster.core.oidc_provider.arn"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
f"{v}": "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
}))
print(f"Output is: -> {policy_json}")b
billowy-army-68599
03/19/2023, 8:54 PM
Give this a read
https://leebriggs.co.uk/blog/2021/05/09/pulumi-apply.html
đź‘€ 1
c
crooked-raincoat-45073
03/19/2023, 10:04 PMI made it now a bit more compact, so it suits better my use case. (the following is now working)
Copy code
external_dns_role = aws.iam.Role(
f"cr-eks-external-dns-role-{pulumi.get_stack()}",
path="/",
description="Role for External DNS on EKS to modify route53",
assume_role_policy=Output.json_dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": eks_cluster.core.oidc_provider.arn,
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
Output.format("{}:sub", eks_cluster.core.oidc_provider.url): "system:serviceaccount:kube-system:external-dns*",
Output.format("{}:aud", eks_cluster.core.oidc_provider.url): "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
}),
)đź‘Ť 2
10 Views