This message was deleted.
# general
s
This message was deleted.
m
With TypeScript, you should be able to use
pulumi.interpolate
for this — have you tried it? https://www.pulumi.com/docs/intro/concepts/inputs-outputs/#outputs-and-strings
(Apologies if there’s something in there that prevents it, but from the looks of things, that should work.)
a
Hm I haven't been able to figure out how to make that work
Can you show how you would write it
m
Sure, lemme see
So since
policy
is typed as
Input<string | aws.iam.PolicyDocument>
, you can give it an object that conforms to the latter and use
pulumi.interpolate
to interpolate the outputs — here’s an example: https://gist.github.com/cnunciato/47acb7f701fb89d0d362d56440344a2b
In the example, the interpolated values are all
Output<string>
s
a
Thank you both! Very helpful
🙌 1
@billowy-army-68599 I have another instance where I need to interpolate some Outputs for an
aws.kms.Key
policy, but it doesn't accept an
aws.iam.PolicyDocument
. It only accepts
Input<string>
.
Copy code
commonClusterExecKey = new aws.kms.Key("cfx-common-cluster-ecs-exec-key", {
    description: "",
    deletionWindowInDays: 30,
    policy: Input<string> | undefined,
  });
It seems to me that an
aws.iam.PolicyDocument
has the exact same structure as a KMS policy document, and the documentation even says I can use
aws.iam.getPolicyDocument
. Why can't I simply pass an
aws.iam.PolicyDocument
object?
When I try to replicate my policy document using
aws.iam.getPolicyDocument
, I lose the ability to interpolate
b
we probably need to allow the input type on that, can you file an issue?
a
You allow the
Input<string>
type, but not
Input<aws.iam.PolicyDocument>
I'll file an issue
m
This is untested, but maybe you could use
aws.iam.getPolicyDocumentOutput().json
— something like this maybe?
Copy code
const key = new aws.kms.Key("some-key", {
    policy: aws.iam.getPolicyDocumentOutput({
        statements: [
            {
                sid: pulumi.interpolate`Some string containing ${someOutput.value}`,
                //...
            },
        ],
    }).json,
});
(As a potential unblocker; an issue would indeed be great)
Since
policy
is an
Input<string>
and not a plain
string
, something like that should be doable.
a
The problem with this is that we are passing around `aws.iam.PolicyDocument`'s everywhere else, and this would be a one-off thing. I can look into it though
👍 1