Hello wave I have recently started using Pulumi and started Pulumi Community #typescript

Hello :wave: I have recently started using Pulumi ...

bored-salesmen-65698

05/29/2024, 6:03 AM

Hello 👋 I have recently started using Pulumi and started creating a component resource for an AWS IAM role like the following, I am confused if the whole logic inside the constructor should be inside an async function or does Pulumi handle it automatically when I will use this package?

Copy code

export class EksRole extends pulumi.ComponentResource {
  public readonly role: aws.iam.Role;

  constructor(
    name: string,
    args: EksRoleArgs,
    opts?: pulumi.ComponentResourceOptions
  ) {
    super('custom:aws:eksRole', name, {}, opts);

    const defaultArgs: EksRoleArgs = {
      ...xyz,
      ...args,
    };

    const assumeRolePolicy = aws.iam.getPolicyDocument({
      statements: [
        {
          ..........,
      ],
    });

    this.role = new aws.iam.Role(
      name,
      {
        assumeRolePolicy: assumeRolePolicy.then((policy) => policy.json),
        description: defaultArgs.roleDescription,
        maxSessionDuration: defaultArgs.roleMaxSessionDuration,
        name: defaultArgs.roleName,
        path: defaultArgs.rolePath,
        permissionsBoundary: defaultArgs.rolePermissionsBoundary,
        tags: defaultArgs.roleTags,
      },
      { parent: this }
    );

    this.attachInlinePolicy(defaultArgs.roleInlinePolicy);

    this.registerOutputs({ role: this.role });
  }

  private attachInlinePolicy(policy: pulumi.Input<string> | undefined) {
    if (policy) {
      pulumi.all([this.role.name, policy]).apply(([role, policy]) => {
        new aws.iam.RolePolicy(
          `${role}-inline-policy`,
          {
            policy,
            role,
          },
          { parent: this }
        );
      });
    }
  }
}

lively-crayon-44649

05/29/2024, 8:43 AM

Hey Vishal -- as you may know, in general you can't use

async

code from within a constructor. If your challenge is with the

getPolicyDocument

function, you might replace it with

getPolicyDocumentOutput

, which will return an

Output<T>

instead of a

Promise<T>

, which you should be able to slot in to your other resources without needing to worry about

async

lively-crayon-44649

05/29/2024, 8:44 AM

In general, all Pulumi functions like

getPolicyDocument

will have an

Output

variant that returns an

Output

instead of a

Promise

little-cartoon-10569

05/29/2024, 11:13 PM

The promise code in here should work, no? If not, the output equivalent would work, though it's still async and Pulumi still handles it. You don't need to use getPolicyDocument at all, and I recommend against it. Pulumi provides the PolicyDocument type for this, which uses strongly-typed objects to build the correct JSON for you during deployment.

bored-salesmen-65698

05/30/2024, 4:38 AM

Thank you both, I will check those options 🙂

lively-crayon-44649

05/30/2024, 8:23 AM

(@little-cartoon-10569 is right that the promise code will work -- I should have written that you can't make a constructor `async`/there is not a standardised way of managing

async

constructors yet)

Open in Slack

Previous Next