https://pulumi.com logo
#general
Title
# general
b

brave-angle-33257

06/03/2019, 5:06 PM
output/string issue.. looking for best-practice advice
aws + typescript
i create a kms key/alias
Copy code
// create KMS key
var kms_key_name = `${prefix}-kms-key-ecs`;
var kms_key = new aws.kms.Key(kms_key_name);

// create key alias
var kms_key_alias_name = `${prefix}-kms-alias-ecs`;
var kms_key_alias = new aws.kms.Alias(kms_key_alias_name, {
    name: `alias/${kms_key_alias_name}`,
    targetKeyId: kms_key.arn
},
{
    dependsOn: kms_key,
    deleteBeforeReplace: true
});
right below try to use that key ARN in a policy, but the policy takes json data as string
Copy code
// taken from pulumi example to get output into string then interpolate
const final_key_arn: pulumi.Output<string> = kms_key.arn;

let policy = new aws.iam.Policy(ecs_role_name, {
    name: ecs_role_name,
    policy: JSON.stringify({
        "Version": "2012-10-17",
        "Statement": [{
                "Effect": "Allow",
                "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt"
                ],
                "Resource": `${final_key_arn}`
                }]
        })
    });
this doesnt work ^ says:
Copy code
Calling [toString] on an [Output<T>] is not supported.\\n\\nTo get the value of an Output<T> as an Output<string> consider either:\\n1: o.apply(v => `prefix${v}suffix`)\\n2: pulumi.interpolate `prefix${v}suffix`\\n\\nSee <https://pulumi.io/help/outputs> for more details.\\nThis function may throw in a future version of @pulumi/pulumi.\
s

stocky-spoon-28903

06/03/2019, 5:08 PM
@brave-angle-33257 this is the same pattern as for using ARNs in policies
Copy code
output({
    // your policy as a json object including references
}).apply(JSON.stringify)
b

brave-angle-33257

06/03/2019, 5:11 PM
on the output itself?
Copy code
const key_arn = kms_key.arn.apply(JSON.stringify)
sorry that snippet i cant tell exactly where it should be placed in my example context
is there a doc example?
s

stocky-spoon-28903

06/03/2019, 5:14 PM
One sec, I’ll dig out an example
b

brave-angle-33257

06/03/2019, 5:14 PM
ok thank you much
b

brave-salesmen-42327

06/03/2019, 5:25 PM
This is not a KMS example but the pattern is the same:
Copy code
const testToken = new aws.dynamodb.TableItem("test-token", {
  hashKey: jwtTokenTable.hashKey
  ,item: apiKeysOutput.apply( (keys) => 
    JSON.stringify({ 
      applicationID:   {"S":  keys.TEST.value }
      ,token:          {"S": "this-is-a-test-token"}
      ,expires:        {"S": "NEVER"}
    })
  )
  ,tableName: jwtTokenTable.name,
})
We build the dynamo tableitem by applying the the output we want then JSON stringifying it.
s

stocky-spoon-28903

06/03/2019, 5:28 PM
@brave-angle-33257 Here we go:
Copy code
// create KMS key
var kms_key_name = `${prefix}-kms-key-ecs`;
var kms_key = new aws.kms.Key(kms_key_name);

// create key alias
var kms_key_alias_name = `${prefix}-kms-alias-ecs`;
var kms_key_alias = new aws.kms.Alias(kms_key_alias_name, {
        name: `alias/${kms_key_alias_name}`,
        targetKeyId: kms_key.arn
    },
    {
        deleteBeforeReplace: true
    });

let policy = new aws.iam.Policy("xx", {
    name: "whatever",
    policy: pulumi.output({
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt"
            ],
            "Resource": kms_key_alias.arn,
        }]
    }).apply(JSON.stringify),
});
Note that you don’t need
dependsOn
for the alias since it picks up the dependency via
kms_key.arn
b

brave-angle-33257

06/03/2019, 5:29 PM
ah, ok.. I haven’t seen that pulumi.output() before
ok.. thanks for confirming that also
let me give this a shot
s

stocky-spoon-28903

06/03/2019, 5:30 PM
Yup, let me know if you hit issues there
b

brave-angle-33257

06/03/2019, 5:35 PM
perfect! that worked.. ok, i think this makes a bit more sense
i’ve been able to get handy with the apply() on outputs going directly to inputs such as
Copy code
subnetMappings: public_subnet_ids.apply(x => x.map(y => ({ subnetId: y }))),
s

stocky-spoon-28903

06/03/2019, 5:36 PM
Yup - you can do that. Basically apply is “when this value is known, do this to it and produce a new value”
b

brave-angle-33257

06/03/2019, 5:36 PM
but when going into a string, still have some issues, but i see this pattern of creating the object, passing it into an output constructor, then applying a stringify makes sense
excellent, thanks again! this is for a rushed-production endeavor so you prompt reply was much appreciated
s

stocky-spoon-28903

06/03/2019, 5:37 PM
No worries, feel free to tag if there’s anything else, I’ll be around most of this week
👍 1