sparse-intern-71089
09/10/2020, 8:28 PMworried-city-86458
09/10/2020, 8:28 PMpublic static Role CreateRoleForService(string name, string service) =>
new Role(name, new RoleArgs { AssumeRolePolicy = AssumeRoleForService(service) });
public static Role CreateRoleForServiceAccount(string name, Output<string> oidcArn, Output<string> oidcUrl, string saNamespace, string saName) =>
new Role(name, new RoleArgs { AssumeRolePolicy = AssumeRoleForServiceAccount(oidcArn, oidcUrl, saNamespace, saName) });
private static Output<string> AssumeRoleForService(string service) =>
Output.Create(GetPolicyDocument.InvokeAsync(
new GetPolicyDocumentArgs
{
Statements =
{
new GetPolicyDocumentStatementArgs
{
Effect = "Allow",
Principals =
{
new GetPolicyDocumentStatementPrincipalArgs
{
Type = "Service",
Identifiers = { service }
}
},
Actions = { "sts:AssumeRole" }
}
}
})).Apply(policy => policy.Json);
private static Output<string> AssumeRoleForServiceAccount(Output<string> oidcArn, Output<string> oidcUrl, string saNamespace, string saName) =>
Output.Tuple(oidcArn, oidcUrl).Apply(((string OidcArn, string OidcUrl)tuple) => GetPolicyDocument.InvokeAsync(
new GetPolicyDocumentArgs
{
Statements =
{
new GetPolicyDocumentStatementArgs
{
Effect = "Allow",
Principals =
{
new GetPolicyDocumentStatementPrincipalArgs
{
Type = "Federated",
Identifiers = { tuple.OidcArn }
}
},
Actions = { "sts:AssumeRoleWithWebIdentity" },
Conditions =
{
new GetPolicyDocumentStatementConditionArgs
{
Test = "StringEquals",
Values = { $"system:serviceaccount:{saNamespace}:{saName}" },
Variable = $"{tuple.OidcUrl}:sub"
}
}
}
}
})).Apply(policy => policy.Json);
worried-city-86458
09/10/2020, 8:44 PMSid
not being omitted, it would be nice to have more insight into how such properties are handled on the backend. Is there source I can look at that shows the null
being translated to an empty string in this case, and which I can suggest it omits the value instead?worried-city-86458
09/10/2020, 8:49 PMworried-city-86458
09/11/2020, 9:57 PM