nutritious-battery-42762
03/27/2023, 7:02 PMconst serviceAccount = pulumi.output(gcp.compute.getDefaultServiceAccount({}));
const email = serviceAccount.apply(account => account.email)
this.admin_policy = pulumi.output(gcp.organizations.getIAMPolicy({
bindings: [
{
role: "roles/secretmanager.secretAccessor",
members: [
`serviceAccount:${email.apply(e=>e)})}`,
],
},
],
}, { parent: this }));
this.dbUrlPolicy = new gcp.secretmanager.SecretIamPolicy("db-url-policy", {
project: gcp.config.project,
secretId: this.database_url_secret.secretId,
policyData: pulumi.interpolate`${this.admin_policy.apply(admin => admin.policyData)}`,
}, { parent: this });
this.jwtSecretPolicy = new gcp.secretmanager.SecretIamPolicy("jwt-secret-policy", {
project: gcp.config.project,
secretId: this.jwt_secrets_secret.secretId,
policyData: pulumi.interpolate`${this.admin_policy.apply(admin => admin.policyData)}`,
}, { parent: this });
this.cookie_secret_policy = new gcp.secretmanager.SecretIamPolicy("cookie-secret-policy", {
project: gcp.config.project,
secretId: this.cookie_secret.secretId,
policyData: pulumi.interpolate`${this.admin_policy.apply(admin => admin.policyData)}`,
}, { parent: this });
serviceAccount.apply(email => console.log("Service Account Email: ", email));
billowy-army-68599
03/27/2023, 7:23 PMthis.admin_policy = pulumi.output(gcp.organizations.getIAMPolicy({
bindings: [
{
role: "roles/secretmanager.secretAccessor",
members: [
`serviceAccount:${email.apply(e=>e)})}`,
],
},
],
}, { parent: this }));
You can’t do email.apply
here, it needs to be at the root of the string build,
so
bindings: email.apply(e => ...
nutritious-battery-42762
03/27/2023, 7:27 PMType 'Output<{ role: string; members: string[]; }[]>' is not assignable to type 'GetIAMPolicyBinding[] | undefined'.
Type 'OutputInstance<{ role: string; members: string[]; }[]> & LiftedArray<{ role: string; members: string[]; }>' is missing the following properties from type 'GetIAMPolicyBinding[]': pop, push, concat, join, and 25 more.ts(2322)
billowy-army-68599
03/27/2023, 7:33 PMnutritious-battery-42762
03/27/2023, 7:33 PMthis.admin_policy = pulumi.output(gcp.organizations.getIAMPolicy({
bindings: email.apply( email => [
{
role: "roles/secretmanager.secretAccessor",
members: [
`serviceAccount:${email}`,
],
},
]),
}, { parent: this }));
billowy-army-68599
03/27/2023, 7:37 PMpulumi.output
the type bindings are correctnutritious-battery-42762
03/27/2023, 8:42 PM