This message was deleted Pulumi Community #general

Join Slack

This message was deleted.

# general

sparse-intern-71089

06/03/2019, 5:06 PM

This message was deleted.

brave-angle-33257

06/03/2019, 5:06 PM

aws + typescript

brave-angle-33257

06/03/2019, 5:06 PM

i create a kms key/alias

brave-angle-33257

06/03/2019, 5:06 PM

Copy code

// create KMS key
var kms_key_name = `${prefix}-kms-key-ecs`;
var kms_key = new aws.kms.Key(kms_key_name);

// create key alias
var kms_key_alias_name = `${prefix}-kms-alias-ecs`;
var kms_key_alias = new aws.kms.Alias(kms_key_alias_name, {
    name: `alias/${kms_key_alias_name}`,
    targetKeyId: kms_key.arn
},
{
    dependsOn: kms_key,
    deleteBeforeReplace: true
});

brave-angle-33257

06/03/2019, 5:07 PM

right below try to use that key ARN in a policy, but the policy takes json data as string

brave-angle-33257

06/03/2019, 5:07 PM

Copy code

// taken from pulumi example to get output into string then interpolate
const final_key_arn: pulumi.Output<string> = kms_key.arn;

let policy = new aws.iam.Policy(ecs_role_name, {
    name: ecs_role_name,
    policy: JSON.stringify({
        "Version": "2012-10-17",
        "Statement": [{
                "Effect": "Allow",
                "Action": [
                    "kms:Encrypt",
                    "kms:Decrypt"
                ],
                "Resource": `${final_key_arn}`
                }]
        })
    });

brave-angle-33257

06/03/2019, 5:08 PM

this doesnt work ^ says:

Copy code

Calling [toString] on an [Output<T>] is not supported.\\n\\nTo get the value of an Output<T> as an Output<string> consider either:\\n1: o.apply(v => `prefix${v}suffix`)\\n2: pulumi.interpolate `prefix${v}suffix`\\n\\nSee <https://pulumi.io/help/outputs> for more details.\\nThis function may throw in a future version of @pulumi/pulumi.\

stocky-spoon-28903

06/03/2019, 5:08 PM

@brave-angle-33257 this is the same pattern as for using ARNs in policies

stocky-spoon-28903

06/03/2019, 5:09 PM

Copy code

output({
    // your policy as a json object including references
}).apply(JSON.stringify)

brave-angle-33257

06/03/2019, 5:11 PM

on the output itself?

Copy code

const key_arn = kms_key.arn.apply(JSON.stringify)

brave-angle-33257

06/03/2019, 5:12 PM

sorry that snippet i cant tell exactly where it should be placed in my example context

brave-angle-33257

06/03/2019, 5:12 PM

is there a doc example?

stocky-spoon-28903

06/03/2019, 5:14 PM

One sec, I’ll dig out an example

brave-angle-33257

06/03/2019, 5:14 PM

ok thank you much

brave-salesmen-42327

06/03/2019, 5:25 PM

This is not a KMS example but the pattern is the same:

Copy code

const testToken = new aws.dynamodb.TableItem("test-token", {
  hashKey: jwtTokenTable.hashKey
  ,item: apiKeysOutput.apply( (keys) => 
    JSON.stringify({ 
      applicationID:   {"S":  keys.TEST.value }
      ,token:          {"S": "this-is-a-test-token"}
      ,expires:        {"S": "NEVER"}
    })
  )
  ,tableName: jwtTokenTable.name,
})

We build the dynamo tableitem by applying the the output we want then JSON stringifying it.

stocky-spoon-28903

06/03/2019, 5:28 PM

@brave-angle-33257 Here we go:

stocky-spoon-28903

06/03/2019, 5:28 PM

Copy code

// create KMS key
var kms_key_name = `${prefix}-kms-key-ecs`;
var kms_key = new aws.kms.Key(kms_key_name);

// create key alias
var kms_key_alias_name = `${prefix}-kms-alias-ecs`;
var kms_key_alias = new aws.kms.Alias(kms_key_alias_name, {
        name: `alias/${kms_key_alias_name}`,
        targetKeyId: kms_key.arn
    },
    {
        deleteBeforeReplace: true
    });

let policy = new aws.iam.Policy("xx", {
    name: "whatever",
    policy: pulumi.output({
        "Version": "2012-10-17",
        "Statement": [{
            "Effect": "Allow",
            "Action": [
                "kms:Encrypt",
                "kms:Decrypt"
            ],
            "Resource": kms_key_alias.arn,
        }]
    }).apply(JSON.stringify),
});

stocky-spoon-28903

06/03/2019, 5:29 PM

Note that you don’t need

dependsOn

for the alias since it picks up the dependency via

kms_key.arn

brave-angle-33257

06/03/2019, 5:29 PM

ah, ok.. I haven’t seen that pulumi.output() before

brave-angle-33257

06/03/2019, 5:29 PM

ok.. thanks for confirming that also

brave-angle-33257

06/03/2019, 5:30 PM

let me give this a shot

stocky-spoon-28903

06/03/2019, 5:30 PM

Yup, let me know if you hit issues there

brave-angle-33257

06/03/2019, 5:35 PM

perfect! that worked.. ok, i think this makes a bit more sense

brave-angle-33257

06/03/2019, 5:35 PM

i’ve been able to get handy with the apply() on outputs going directly to inputs such as

Copy code

subnetMappings: public_subnet_ids.apply(x => x.map(y => ({ subnetId: y }))),

stocky-spoon-28903

06/03/2019, 5:36 PM

Yup - you can do that. Basically apply is “when this value is known, do this to it and produce a new value”

brave-angle-33257

06/03/2019, 5:36 PM

but when going into a string, still have some issues, but i see this pattern of creating the object, passing it into an output constructor, then applying a stringify makes sense

brave-angle-33257

06/03/2019, 5:37 PM

excellent, thanks again! this is for a rushed-production endeavor so you prompt reply was much appreciated

stocky-spoon-28903

06/03/2019, 5:37 PM

No worries, feel free to tag if there’s anything else, I’ll be around most of this week

👍 1

Open in Slack

Previous Next