https://pulumi.com logo
#general
Title
# general
w

white-action-27798

04/20/2021, 10:26 AM
Hi, I've another question related to Pulumi's new version. I've noticed that you change aws.iam.Policy function and now the policy parameter get string insted dict. Our function looks like this:
Copy code
def create_iam_policy_write_access_to_bucket(bucket, policy_name_suffix):
    # todo(zeev+dan): why not Managed policy?
    with open('./polices/s3_bucket_write_access_policy.json') as f:
        policy_document = json.load(f)
        policy_document['Statement'][0]['Resource'] = pulumi.Output.concat(bucket.arn, "/*")
        name, _ = get_resource_name_by_convention(f's3_write_access_iam_policy-{policy_name_suffix}')
        s3_write_access_iam_policy = iam.Policy(
            name,
            description="write Access to a given bucket arn",
            policy=policy_document
        )
        return s3_write_access_iam_policy
s3_bucket_write_access_policy.json:
Copy code
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:DeleteObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "PLACE_HOLDER_FOR_PULUMI"
    }
  ]
}
We need to edit the policy (change the resource field to the relevant s3 bucket). How can we do it with the new function? I tried a lot of things for example I tried to change the function to:
Copy code
def create_iam_policy_write_access_to_bucket(bucket, policy_name_suffix):
    with open('./polices/s3_bucket_write_access_policy.json') as f:
        policy_document = json.load(f)
        policy_document['Statement'][0]['Resource'] = pulumi.Output.concat(bucket.arn, "/*")
        name, _ = get_resource_name_by_convention(f's3_write_access_iam_policy-{policy_name_suffix}')
        s3_write_access_iam_policy = iam.Policy(
            name,
            description="write Access to a given bucket arn",
            policy=json.dumps(
                {
                    "Version": "2012-10-17",
                    "Statement": [
                        {
                            "Effect": "Allow",
                            "Action": [
                                "s3:PutObject",
                                "s3:DeleteObject",
                                "s3:PutObjectAcl"
                            ],
                            "Resource": policy_document['Statement'][0]['Resource']
                        }
                    ]
                }
            )
        )
        return s3_write_access_iam_policy
But I am getting this error message : TypeError: Object of type Output is not JSON serializable any idea how can we do it with the new function?
r

red-match-15116

04/20/2021, 3:34 PM
Hey @white-action-27798! Take a look at this issue as it captures what you’re seeing: https://github.com/pulumi/pulumi/issues/6818 Let me know if the workaround I replied with works for you.
w

white-action-27798

04/21/2021, 7:34 AM
Yay it’s works !! Thanks a lot Komal 🙂