I am trying to run `stack.preview` with a tiny pro...
# automation-apiw
worried-queen-62794
04/22/2024, 11:09 PMI am trying to run
stack.previewaws.iam.Role Copy code
pulumi:providers:aws (default_6_29_0):
error: rpc error: code = Unknown desc = 2 errors occurred:
* CheckConfig failed because of malformed resource inputs: error unmarshalling property "assumeRole": invalid character 'a' looking for beginning of value
* CheckConfig failed to unmarshal news: error unmarshalling property "assumeRole": invalid character 'a' looking for beginning of valueassumeRoleassumeRolePolicypulumi-terraform-bridgel
little-cartoon-10569
04/22/2024, 11:55 PMCan you post the Role constructor snippet?
w
worried-queen-62794
04/23/2024, 12:06 AM Copy code
const program: PulumiFn = async () => {
new aws.iam.Role(
"Bootstrap",
{
description: `Allows users to deploy the TODO project.`,
path: "/user/",
name: "Bootstrap",
assumeRolePolicy: JSON.stringify({})
},
opts
);
};l
little-cartoon-10569
04/23/2024, 12:10 AMThat'll be the problem. Use a valid assumeRolePolicy.
w
worried-queen-62794
04/23/2024, 12:12 AMI’m pretty sure the previous one was valid. I’ll inline it and update this thread.
worried-queen-62794
04/23/2024, 12:14 AMYeah, simply copy/pasting the example from the docs has the same problem:
Copy code
const program: PulumiFn = async () => {
new aws.iam.Role(
"Bootstrap",
{
description: `Allows users to deploy the TODO project.`,
path: "/user/",
name: "Bootstrap",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: "sts:AssumeRole",
Effect: "Allow",
Sid: "",
Principal: {
Service: "<http://ec2.amazonaws.com|ec2.amazonaws.com>",
},
}],
})
},
opts
);
};l
little-cartoon-10569
04/23/2024, 1:04 AMThat all looks good to me. I don't know what the problem is. I'd think about removing the various Pulumi plugins etc., and reinstalling; maybe there's a bad version of something somewhere?
w
worried-queen-62794
04/23/2024, 1:07 AMWell thanks for looking. I’ll try that. I tried updating to the latest but that didn’t help. I’m also building the provider so I’ll have a go at debugging it and see if that gives any clues.
l
little-cartoon-10569
04/23/2024, 1:19 AMOh wait, I've had a thought: are you creating the aws.Provider instance in code?
little-cartoon-10569
04/23/2024, 1:19 AMCan you post that code?
w
worried-queen-62794
04/23/2024, 1:20 AM Copy code
const { version } = require("@pulumi/aws/package.json");
await stack.workspace.installPlugin("aws", version);l
little-cartoon-10569
04/23/2024, 1:22 AMNot the plugin, the instance of
aws.Provideraws:...w
worried-queen-62794
04/23/2024, 1:33 AMOh crap yeah that seems to be it. I’ve got:
Copy code
config:
aws:assumeRole: arn:aws:iam::675932482749:role/user/Bootstrapworried-queen-62794
04/23/2024, 1:34 AMDid the format for that change or something?
l
little-cartoon-10569
04/23/2024, 1:42 AMLot of colons in there, I'd probably wrap that in quotes. Also I know that some role properties are strictly the role name, not ARN. Let me look that one up.
little-cartoon-10569
04/23/2024, 1:47 AMHmm. I'd have to dig into the code of the provider to see what is done when only the default property is provided. According to the provider docs, the assumeRole property should contain a ProviderAssumeRole object, not a string. That object has a roleArn property which would match what you've got. It may be that the provider knows to convert a string to an object with a roleArn, but maybe not. You could try setting this:
Copy code
config:
aws:assumeRole:
roleArn: "arn:aws:iam::675932482749:role/user/Bootstrap"w
worried-queen-62794
04/23/2024, 1:49 AMYeah I wondered about that. The docs say that the “attributes” are optional but perhaps not or if it is then maybe it expects the role name and not an ARN. Well that’s plenty to go off of for now. Thanks a lot!