This message was deleted.
# generals
sparse-intern-71089
12/22/2020, 1:54 PMThis message was deleted.
c
cool-fireman-90027
12/22/2020, 3:43 PMYou can use the dependsOn option.
p
prehistoric-kite-30979
12/22/2020, 3:57 PMI know, but if resources I depend on are created in a callback does this still work?
g
gentle-diamond-70147
12/22/2020, 4:45 PMI'm not following the callback usage here. If you could share some code, that would be helpful.
p
prehistoric-kite-30979
12/22/2020, 4:54 PM Copy code
var err error
role.base, err = iam.NewRole(ctx, role.name, &iam.RoleArgs{
NamePrefix: pulumi.String(role.name),
AssumeRolePolicy: cfg.AssumeRolePolicy,
}, pulumi.Parent(role))
if err != nil {
return nil, err
}
attachedPolicies := cfg.PolicyArns.ToStringArrayOutput().ApplyStringArray(
func(v interface{}) ([]string, error) {
res := make([]string, 0)
for _, policy := range v.([]string) {
rpaName := fmt.Sprintf("%v-%v", role.name, policyName(policy))
_, err := iam.NewRolePolicyAttachment(ctx, rpaName, &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String(policy),
Role: role.base.Name,
}, pulumi.Parent(role))
if err != nil {
return nil, err
}
res = append(res, rpaName)
}
return res, nil
},
)
return role, ctx.RegisterResourceOutputs(role, pulumi.Map{"AttachedPolicies": attachedPolicies})prehistoric-kite-30979
12/22/2020, 4:54 PMthis is what I have done ^^
prehistoric-kite-30979
12/22/2020, 4:55 PMcfg.Policy arns is of type StringArrayInput so I figure if Im registering the attached Policy names it should just work ™️
prehistoric-kite-30979
12/22/2020, 4:56 PMso then I tell eks to depend on the component resource in which those policies get registered
g
gentle-diamond-70147
12/22/2020, 5:05 PMI believe this should work as you're expecting. If a dependent resource uses an output or uses dependson as Tushar mentioned, then it should wait until everything within the component is ready.
p
prehistoric-kite-30979
12/23/2020, 10:57 AMAFAICT it doesn't work as I'm expecting. I see nodegroups failing to deploy because they dont have the correct permissions. Usually this happens on a clean install but works on subsequent ones.
prehistoric-kite-30979
12/23/2020, 10:58 AM Copy code
role, err := setupNodeGroupRole(ctx, cfg.clusterName, cfg.Name, cluster)
...
_, err = eks.NewNodeGroup(ctx, cfg.Name, &eks.NodeGroupArgs{
...
}, pulumi.Parent(cluster), pulumi.DependsOn([]pulumi.Resource{role, cluster}))prehistoric-kite-30979
12/23/2020, 11:00 AMthe role component resource...
Copy code
type Role struct {
pulumi.ResourceState
name string
base *iam.Role
}
func NewRole(ctx *pulumi.Context, cfg Config, parent pulumi.Resource) (*Role, error) {
role := &Role{name: fmt.Sprintf("%v-%v", cfg.Target, cfg.Use)}
if err := ctx.RegisterComponentResource(typeName, role.name, role, pulumi.Parent(parent)); err != nil {
return nil, err
}
...
role.base, err = iam.NewRole(ctx, role.name, &iam.RoleArgs{
...
attachedPolicies := cfg.PolicyArns.ToStringArrayOutput().ApplyStringArray(
func(v interface{}) ([]string, error) {
res := make([]string, 0)
for _, policy := range v.([]string) {
rpaName := fmt.Sprintf("%v-%v", role.name, policyName(policy))
_, err := iam.NewRolePolicyAttachment(ctx, rpaName, &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String(policy),
Role: role.base.Name,
}, pulumi.Parent(role))
if err != nil {
return nil, err
}
res = append(res, rpaName)
}
return res, nil
},
)
return role, ctx.RegisterResourceOutputs(role, pulumi.Map{"AttachedPolicies": attachedPolicies})
}4 Views