https://pulumi.com logo
#python
Title
# python
c

crooked-pillow-11944

09/23/2021, 3:38 AM
Has anybody used dictionaries or lists with Output.all...apply? https://pulumi-community.slack.com/archives/CRH5ENVDX/p1632365439151400
r

red-match-15116

09/23/2021, 3:52 AM
I can’t quite figure out what you’re doing here… can you tell me what
buckets
looks like?
But maybe this helps… you can spread the dictionary within the
output.all()
So like
Output.all(*buckets).apply(lambda args: f"{args[0]}, {args[1]"})
Or if buckets is a dictionary then:
Copy code
buckets = {"bucket-1": "bucketid1", "bucket-2": "bucketid2"}
Output.all(**buckets).apply(lambda args: f"{args["bucket-1"]}, {args["bucket-2"]}) // returns Output("bucketid1, bucketid2")
p

proud-art-41399

09/23/2021, 8:17 AM
This is how I use
Output.all
with multiple values:
Copy code
execution_role_policy = aws.iam.Policy(
    "execution-role-policy",
    policy=pulumi.Output.all(
        mongodb_uri_parameter=mongodb_uri_parameter.arn,
        mongodb_database_parameter=mongodb_database_parameter.arn,
        elasticsearch_url_parameter=elasticsearch_url_parameter.arn,
    ).apply(
        lambda args: json.dumps(
            {
                "Version": "2012-10-17",
                "Statement": [
                    {
                        "Effect": "Allow",
                        "Action": ["ssm:GetParameters"],
                        "Resource": [
                            args["mongodb_uri_parameter"],
                            args["mongodb_database_parameter"],
                            args["elasticsearch_url_parameter"],
                        ],
                    }
                ],
            }
        )
    ),
)
c

crooked-pillow-11944

09/23/2021, 11:31 AM
I'm using dynamic values. I need a for loop to iterate over the dictionary and create a JSON string from it, like so:
Copy code
for k in dictionary:
    stmt['Resource'].append(f'arn:aws:s3:::{k}')
    stmt['Resource'].append(f'arn:aws:s3:::{k}/*')
I'll play around with this in a small stack. I'm sure it's doable
I ended up creating a separate IAM RolePolicy for each of the dynamic resources (s3 buckets):
Copy code
for key in buckets:
        codebuild_role_policy = aws.iam.RolePolicy(f"bucketpolicy-{key}",
            role=test_role.name,
            policy=pulumi.Output.all(bucket=buckets[key]).apply(lambda args: f"""{{
                "Version": "2012-10-17",
                "Statement": [
                {{
                    "Effect": "Allow",
                    "Action": ["s3:*"],
                    "Resource": [
                        "arn:aws:s3:::{args['bucket']}",
                        "arn:aws:s3:::{args['bucket']}/*"
                    ]
                }}
                ]
            }}
            """))
5 Views