Channels
#python
Title
c
chilly-hairdresser-56259
05/15/2020, 7:16 PMAnyone running into issues with iam.SamlProvider.Id? In the docs it states it returns the arn, I also have tried, iam.SamlProvider.arn. The error is that is it an invalid/malformed Principal ID for the Federated Identity. EDIT: I assume the issue is that "federated_identity" is a class object instead of an actual string. Not sure how to get around this.
f
future-barista-68134
05/15/2020, 7:31 PMWhere are you getting
federated_identityc
chilly-hairdresser-56259
05/15/2020, 7:38 PMIf I print out pingOneSaml.id it returns a pulumi class. "class 'pulumi.output.Output'". However export obtains the string of the id.
f
future-barista-68134
05/15/2020, 7:46 PMRight, that makes sense. Is the id that you receive when exporting the format you expect to work with this configuration?
c
chilly-hairdresser-56259
05/15/2020, 7:47 PMyes. It returns the ARN of the SamlProvider.
Here is the converted json when I print out then entire json object. On the outputs of the pulumi stack I get the correct expected output from Id.
f
future-barista-68134
05/15/2020, 7:56 PMCan export the json object, then use it to hardcode the value to see if it’s a problem with the generation or just the formatting?
c
chilly-hairdresser-56259
05/15/2020, 8:01 PMAre you saying export the json object of the variable "pingOneSaml.id"? Or are you saying grab the value from the json return?
f
future-barista-68134
05/15/2020, 8:07 PMExport the value of
iam.stsAssumeFederatedPolicyJson(assume_role='sts:AssumeRoleWithSAML', federated_identity=pingOneSaml)) Copy code
aws.iam.Role('%s-s3-ListBucket-role' % p_env,name="ListBuckets-%s-role" % p_env,assume_role_policy=assume_role_policy_variable)c
chilly-hairdresser-56259
05/15/2020, 8:10 PMAhh, I did try that already and same result. It doesen't seem to understand the reference of the pulumi.Output.output object.
f
future-barista-68134
05/15/2020, 8:17 PMYou might need to return an output from the function there. Try this:
Copy code
def stsAssumeFederatedPolicyJson(assume_role, federated_identity):
return federated_identity.id.apply( lambda id:
policy_json={}
statement=[
{
'Action': assume_role,
'Effect': 'Allow',
'Principal': {
'Federated': str(id)
}
}
]
policy_json['Version']='2012-10-17'
policy_json['Statement']=statement
return json.dumps(policy_json)
)this is because when json.dumps is run, the value of
federated_identity.idc
chilly-hairdresser-56259
05/15/2020, 8:22 PMahhh, that makes sense. I will give it a try.
👍 1
Cant seem to get it working. Ill have to look more into how the lambda should be working
@future-barista-68134 if I can't get this working, is there any reason why Pulumi adds random integers to the AWS Resource Name. For instance if I created an AWS IAM Identity Provider Named: "test", pulumi will name the actual AWS Resource "test-[enter random numbers]". If the name resource for SamlProvider wasn't acting as a name prefix, I could dynmically create the ARN of the IdentityProvider
f
future-barista-68134
05/15/2020, 9:42 PMPulumi does autonaming by default but can be overridden using the
namec
chilly-hairdresser-56259
05/15/2020, 9:49 PM😅@future-barista-68134 sorry, I thought I was setting it the entire time. I would have just built it dynamically instead of trying to get it to read the id.
f
future-barista-68134
05/15/2020, 10:00 PMThis is something that’s certainly different about Pulumi and commonly misunderstood 🙂
Were you able to get this working?
c
chilly-hairdresser-56259
05/18/2020, 1:13 AM@future-barista-68134 yes I did get it working. I just dynamically created the ARN based on the resources parameter name.
f
future-barista-68134
05/18/2020, 1:30 PMOkay, great 👍