Calling __str__ on an Output[T] is not supported
T...
# generalc
crooked-raincoat-45073
03/19/2023, 8:24 PMCalling str on an Output[T] is not supported
This should be an easy one to solve, but I have somehow a hard time getting it working.
{'Version': '2012-10-17', 'Statement': [{'Effect': 'Allow', 'Principal': {'Federated': <pulumi.output.Output object at 0x10a205c90>}, 'Action': 'sts:AssumeRoleWithWebIdentity', 'Condition': {'StringEquals': {'*Calling str on an Output[T] is not supported*.\n\nTo get the value of an Output[T] as an Output[str] consider:\n1. o.apply(lambda v: f"prefix{v}suffix")\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of Pulumi.': 'sts.amazonaws.com'}}}]}
Copy code
policy_json = ({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": eks_cluster.core.oidc_provider.arn
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
f"{eks_cluster.core.oidc_provider.url.apply(lambda v: v)}": "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
})
print(policy_json)b
billowy-army-68599
03/19/2023, 8:37 PM
You’re doing the apply inside the string, do it at the root of the string build (ie: right after the =)
billowy-army-68599
03/19/2023, 8:37 PM
You can’t interpolate an output directly into the string, it needs to be known when you build the string
billowy-army-68599
03/19/2023, 8:38 PM
Also, the value after “federated” is an output so will throw the error
c
crooked-raincoat-45073
03/19/2023, 8:38 PMcan you give an example?
b
billowy-army-68599
03/19/2023, 8:41 PM
c
crooked-raincoat-45073
03/19/2023, 8:50 PMtry to understand a bit more, Quick question, why does this not work?
Copy code
policy_json = eks_cluster.core.oidc_provider.url.apply(lambda v: json.dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "eks_cluster.core.oidc_provider.arn"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringEquals": {
f"{v}": "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
}))
print(f"Output is: -> {policy_json}")b
billowy-army-68599
03/19/2023, 8:54 PM
Give this a read
https://leebriggs.co.uk/blog/2021/05/09/pulumi-apply.html
c
crooked-raincoat-45073
03/19/2023, 10:04 PMI made it now a bit more compact, so it suits better my use case. (the following is now working)
Copy code
external_dns_role = aws.iam.Role(
f"cr-eks-external-dns-role-{pulumi.get_stack()}",
path="/",
description="Role for External DNS on EKS to modify route53",
assume_role_policy=Output.json_dumps({
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": eks_cluster.core.oidc_provider.arn,
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"StringLike": {
Output.format("{}:sub", eks_cluster.core.oidc_provider.url): "system:serviceaccount:kube-system:external-dns*",
Output.format("{}:aud", eks_cluster.core.oidc_provider.url): "<http://sts.amazonaws.com|sts.amazonaws.com>",
}
}
}
]
}),
)10 Views