bright-sandwich-93783
06/30/2021, 12:59 AMlittle-cartoon-10569
06/30/2021, 3:26 AMbright-sandwich-93783
06/30/2021, 3:39 AMbillowy-army-68599
06/30/2021, 8:44 AMbright-sandwich-93783
06/30/2021, 9:02 PMGetCertificate
)billowy-army-68599
06/30/2021, 9:06 PMbright-sandwich-93783
06/30/2021, 9:08 PMbillowy-army-68599
06/30/2021, 9:16 PMbright-sandwich-93783
06/30/2021, 9:17 PMClusterIdentity
Oidcs
blockbillowy-army-68599
06/30/2021, 9:21 PMbright-sandwich-93783
06/30/2021, 10:35 PMbillowy-army-68599
06/30/2021, 10:49 PMbright-sandwich-93783
06/30/2021, 11:00 PMpackage main
import (
"<http://github.com/pulumi/pulumi-aws/sdk/v3/go/aws/eks|github.com/pulumi/pulumi-aws/sdk/v3/go/aws/eks>"
"<http://github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam|github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam>"
"<http://github.com/pulumi/pulumi-tls/sdk/v4/go/tls|github.com/pulumi/pulumi-tls/sdk/v4/go/tls>"
"<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
exampleCluster, err := eks.NewCluster(ctx, "exampleCluster", nil)
if err != nil {
return err
}
exampleCert, err := tls.GetCertificate(ctx, tls.GetCertificateArgs {
Url: exampleCluster.Identities[0].Url
})
_, err = iam.NewOpenIdConnectProvider(ctx, "exampleOpenIdConnectProvider", &iam.OpenIdConnectProviderArgs{
ClientIdLists: pulumi.StringArray{
pulumi.String("<http://sts.amazonaws.com|sts.amazonaws.com>"),
},
ThumbprintLists: pulumi.StringArray{
exampleCertificate.ApplyT(func(exampleCertificate tls.GetCertificateResult) (string, error) {
return exampleCertificate.Certificates[0].Sha1Fingerprint, nil
}).(pulumi.StringOutput),
},
Url: pulumi.String(exampleCluster.Identities.ApplyT(func(identities []eks.ClusterIdentity) (string, error) {
return identities[0].Oidcs[0].Issuer, nil
}).(pulumi.StringOutput)),
})
if err != nil {
return err
}
return nil
})
}
exampleCert
is pseudocode, because I couldn't figure out a way to get the actual string
value of the issuer URL, unless I wanted to make the GetCertificate
call inside of an ApplyT callback...
Thoughts?billowy-army-68599
06/30/2021, 11:03 PMApplyT
, we try not to recommend it because it won't show up in previews, but it should worklittle-cartoon-10569
06/30/2021, 11:06 PMbright-sandwich-93783
06/30/2021, 11:06 PMstring
value for the URL, not a StringOutput/InputeksCluster.Identities.Index(<http://pulumi.Int|pulumi.Int>(0)).Oidcs().Index(<http://pulumi.Int|pulumi.Int>(0)).Issuer().Elem(),
little-cartoon-10569
06/30/2021, 11:07 PMbright-sandwich-93783
06/30/2021, 11:07 PMApplyT
callback, at which point you could make the call to tls.GetCertificate
GetCertificate
is a vanilla go structlittle-cartoon-10569
06/30/2021, 11:09 PM