https://pulumi.com logo
Title
n

nutritious-battery-42762

03/27/2023, 7:02 PM
Not sure what i'm doing wrong and the error isn't particularly helpful.
const serviceAccount = pulumi.output(gcp.compute.getDefaultServiceAccount({}));
        const email = serviceAccount.apply(account => account.email)
      
        this.admin_policy = pulumi.output(gcp.organizations.getIAMPolicy({
            bindings: [
                {
                    role: "roles/secretmanager.secretAccessor",
                    members: [
                        `serviceAccount:${email.apply(e=>e)})}`,
                    ],
                },
            ],
        }, { parent: this }));


        this.dbUrlPolicy = new gcp.secretmanager.SecretIamPolicy("db-url-policy", {
            project: gcp.config.project,
            secretId: this.database_url_secret.secretId,
            policyData: pulumi.interpolate`${this.admin_policy.apply(admin => admin.policyData)}`,
        }, { parent: this });

        this.jwtSecretPolicy = new gcp.secretmanager.SecretIamPolicy("jwt-secret-policy", {
            project: gcp.config.project,
            secretId: this.jwt_secrets_secret.secretId,
            policyData: pulumi.interpolate`${this.admin_policy.apply(admin => admin.policyData)}`,
        }, { parent: this });

        this.cookie_secret_policy = new gcp.secretmanager.SecretIamPolicy("cookie-secret-policy", {
            project: gcp.config.project,
            secretId: this.cookie_secret.secretId,
            policyData: pulumi.interpolate`${this.admin_policy.apply(admin => admin.policyData)}`,
        }, { parent: this });
strangely it works when i add log statement
serviceAccount.apply(email => console.log("Service Account Email: ", email));
b

billowy-army-68599

03/27/2023, 7:23 PM
this code isn’t correct:
this.admin_policy = pulumi.output(gcp.organizations.getIAMPolicy({
            bindings: [
                {
                    role: "roles/secretmanager.secretAccessor",
                    members: [
                        `serviceAccount:${email.apply(e=>e)})}`,
                    ],
                },
            ],
        }, { parent: this }));
You can’t do
email.apply
here, it needs to be at the root of the string build, so
bindings: email.apply(e => ...
n

nutritious-battery-42762

03/27/2023, 7:27 PM
that doesn't work
Type 'Output<{ role: string; members: string[]; }[]>' is not assignable to type 'GetIAMPolicyBinding[] | undefined'.
  Type 'OutputInstance<{ role: string; members: string[]; }[]> & LiftedArray<{ role: string; members: string[]; }>' is missing the following properties from type 'GetIAMPolicyBinding[]': pop, push, concat, join, and 25 more.ts(2322)
@billowy-army-68599
b

billowy-army-68599

03/27/2023, 7:33 PM
what do you have?
n

nutritious-battery-42762

03/27/2023, 7:33 PM
this.admin_policy = pulumi.output(gcp.organizations.getIAMPolicy({
            bindings: email.apply( email => [
                {
                    role: "roles/secretmanager.secretAccessor",
                    members: [
                        `serviceAccount:${email}`,
                    ],
                },
            ]),
        }, { parent: this }));
b

billowy-army-68599

03/27/2023, 7:37 PM
I’m no expert in gcp, but it looks like by wrapping in
pulumi.output
the type bindings are correct
n

nutritious-battery-42762

03/27/2023, 8:42 PM
@billowy-army-68599 yeah i am lost, no idea what to do from here on out. I'm able to get things working when i deploy locally but Github actions fails
it shouldn't be a gcp specific issue