```[10:53 AM] instance_assume_role_policy = ia...
# awsw
witty-ice-69000
08/13/2020, 4:21 PM Copy code
[10:53 AM] instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user], provider=provider),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [
{"identifiers": [user.arn.apply(lambda arn: arn)], "type": "AWS"}
],
},
],
)d
delightful-controller-41497
08/13/2020, 4:24 PM"Repeated field Values has nil element"
You need to provide a "Values" parameter maybe?
w
witty-ice-69000
08/13/2020, 5:15 PMSo what is a "Values" parameter? According to the pulumi docs in this example https://www.pulumi.com/docs/reference/pkg/aws/iam/role/ all I've done is elaborated the example make a specific user ARN assume the role.
witty-ice-69000
08/13/2020, 7:46 PMFigured out that the user ARN wasn't coming through for some reason. It looks like there is some kind of time out on the user creation that results in a null ARN being fed into the role policy.
I thought that using the
depends_on Copy code
user = iam.User(
"pulumi_user",
name=construct_iam_resource_name("iam_deployment"),
path=automata_iam_path,
tags={"purpose": "Account used to perform Pulumi stack updates on CI/CD."},
)
user_arn = user.arn.apply(lambda arn: arn)
instance_assume_role_policy = iam.get_policy_document(
opts=pulumi.ResourceOptions(depends_on=[user]),
statements=[
{
"actions": ["sts:AssumeRole"],
"effect": "Allow",
"principals": [{"identifiers": [user_arn], "type": "AWS"}],
},
],
version="2012-10-17",
)d
delightful-controller-41497
08/13/2020, 7:53 PMHave you tried without the apply() in
user.arnw
witty-ice-69000
08/13/2020, 7:57 PMUsing plain
user.arn