https://pulumi.com logo
Join Slack
Powered by
I'm running into some trouble with the AWS-Native ...
# general
p
I'm running into some trouble with the AWS-Native package in golang, I need an AWS Role so I copied the example here: https://www.pulumi.com/registry/packages/aws-native/api-docs/iam/role/#example-2 thusly
Copy code
eksRole, err := iam.NewRole(ctx, "eksRole", &iam.RoleArgs{
                        AssumeRolePolicyDocument: pulumi.Any{
                                Version: "2012-10-17",
                                Statement: []map[string]interface{}{
                                        map[string]interface{}{
                                                "effect": "Allow",
                                                "principal": map[string]interface{}{
                                                        "service": []string{
                                                                "<http://eks.amazonaws.com|eks.amazonaws.com>",
                                                        },
                                                },
                                                "action": []string{
                                                        "sts:AssumeRole",
                                                },
                                        },
                                },
                        },
                        Path: pulumi.String("/"),
                        ManagedPolicyArns: pulumi.StringArray{
                                pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
                                pulumi.String("arn:aws:iam::aws:policy/AmazonEKSServicePolicy"),
                        },
                })
                if err != nil {
                        return err
                }
But when I try and run that I get the following errors.
Copy code
Diagnostics:
  pulumi:pulumi:Stack (EKS-EKS-test):
    # EKS
    ./main.go:77:30: pulumi.Any is not a type
    ./main.go:77:30: invalid composite literal type func(interface {}) pulumi.AnyOutput
 
    error: an unhandled error occurred: program exited with non-zero exit code: 2
I have spent some time checking I copied the example well enough and I can't find any syntax errors, also when I copy the code from the example verbatim into my main.go and try to run it I get similar errors. Did something change about pulumi.Any? Is there an error in the example? Please help!
l
Have you imported the Pulumi package and aliased it as "pulumi"?
p
yes, I assume having 
import { "<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>" }
at the top achieves that. I also expect the pulumi.String and pulumi.StringArray I used elsewhere would also fail if I hadn't.
l
Yep true.
I don't see that syntax in any of the other examples. Most use JSON marshalling, but this is one that I prefer the look of: https://github.com/pulumi/examples/blob/5b1b42e6bd2da3461e36630965f343e365ea5ff3/aws-go-slackbot/main.go#L46
All those 
[]map[string]interface{}
bits might be fine for golangians, but it's hard to read for the rest of us. This style seems more grokable.
p
That looks to be using the pulumi-aws provider and not the pulumi-aws-native one which I was trying to use out of preference
No argument on the grokablity mind
l
Shouldn't matter. In the API call, it's just JSON.
Try the 
pulumi.String(...)
approach, see if it fixes the problem?
p
Thanks, I'll give it a try
l
The rest shouldn't need to change, just the argument to AssumeRolePolicyDocument
The 
pulumi.Any
approach is probably relying on auto-conversion of objects to JSON under the Pulumi hood anyway. 
pulumi.String
is just making it a bit more explicit.
p
Yup that works fine.
using the pulumi.String
Thanks 😄
👍 1
So it seems I was wrong yesterday and this doesn't work. It compiles ok, but then when I try to apply it I get an error like:
Copy code
aws-native:iam:Role (eksRole):
    error: resource partially created but read failed. read error: reading resource state: operation error CloudControl: GetResource, https response error StatusCode: 400, RequestID: 37537079-4292-4a5b-a9f0-ff4d2da08801, ResourceNotFoundException: AWS::IAM::Role Handler returned status FAILED: The role with name eksRole-e2fc0f1 cannot be found. (Service: Iam, Status Code: 404, Request ID: e396cf09-f627-420f-8a5b-ebee365e73a1, Extended Request ID: null) (HandlerErrorCode: NotFound, RequestToken: e64d8096-1398-47b4-a8e4-c636b98ae8a2), create error: operation CREATE failed with "InvalidRequest": This policy contains invalid Json (Service: Iam, Status Code: 400, Request ID: ecf8171b-1d3f-4805-b714-3bd259667535, Extended Request ID: null)
and when I look at the details I see the JSON is like
Copy code
+ aws-native:iam:Role: (create)
        [urn=urn:pulumi:EKS-test::EKS::aws-native:iam:Role::eksRole]
        assumeRolePolicyDocument: "{ \"Version\": \"2012-10-17\", \"Statement\": [{ \"Effect\": \"Allow\", \"Principal\": { \"Service\": \"<http://eks.amazonaws.com|eks.amazonaws.com>\", }, \"Action\": \"sts:AssumeRole\", }] }"
        managedPolicyArns       : [
So a bunch of \s I don't need or want. Which is I guess what the pulumi.Any{} was about.
But there is no pulumi.Any{} only a pulumi.Any() so I don't understand why the example in the docs https://www.pulumi.com/registry/packages/aws-native/api-docs/iam/role/#example-2 is wrong
I solved this by using the encoding/json package to encode the json blob which makes the role: I cribbed the code from here https://www.pulumi.com/registry/packages/aws/api-docs/iam/role/#basic-example but I am using the AWS native role pakage.
2 Views
Open in Slack
PreviousNext
Powered by