Hello what s the kosher way to put `Output lt string gt ` in Pulumi Community #typescript

Hello, what's the kosher way to put `Output<str...

little-whale-73288

07/29/2021, 2:21 PM

Hello, what's the kosher way to put

Output<string>

into

aws.iam.GetPolicyDocumentArgs

? this attempt:

Copy code

const policy = aws.iam.getPolicyDocument({statements: [{
    actions: ["sts:AssumeRoleWithWebIdentity"],
    principals: [{
        identifiers: [bitbucket.oidcProvider.arn], // this is line 14
        type: "Federated",
    }],
    condition: {
        test: "StringLike",
        variable: bitbucket.oidcProvider.url.apply(url => `${url.replace("https://", "")}:sub`),
        values: ["...."],
    }
}]})

results in:

Copy code

pulumi.ts(14,23): error TS2322: Type 'Output<string>' is not assignable to type 'string'.

astonishing-tiger-81216

07/29/2021, 2:27 PM

Hey @little-whale-73288, This one feels familiar from vague memories. Could you try?

Copy code

identifiers: [bitbucket.oidcProvider.arn.apply(arn => arn)],

I’m afraid that’s my best guess right now.

little-whale-73288

07/29/2021, 2:28 PM

@astonishing-tiger-81216 nope, it's still not a string 😞.

astonishing-tiger-81216

07/29/2021, 2:32 PM

Ah ok. Sorry. Better leave it to someone more capable. Can’t think why and don’t want to suggest casting which feels wrong for some reason. Good luck 🤞

little-whale-73288

07/29/2021, 2:41 PM

thanks 🙂

little-whale-73288

07/29/2021, 2:42 PM

this seems to be working, but meh:

Copy code

assumeRolePolicy: bitbucket.oidcProvider.arn.apply(
        providerArn => pulumi.all([bitbucket.oidcProvider.arn, bitbucket.oidcProvider.url]).apply(
            ([arn, url]) =>
            aws.iam.getPolicyDocument({statements: [{
                actions: ["sts:AssumeRoleWithWebIdentity"],
                principals: [{
                    identifiers: [arn],
                    type: "Federated",
                }],
                conditions: [{
                    test: "StringLike",
                    variable: `${url.replace("https://", "")}:sub`,
                    values: ["..."],
                }],
            }]}).then(doc => doc.json)
        )
    )

👍 1

little-whale-73288

07/29/2021, 2:53 PM

then the diff is useless:

Copy code

assumeRolePolicy   : output<string>

echoing-actor-55539

07/29/2021, 3:59 PM

try something like this

Copy code

identifiers: [pulumi.interpolate`{bitbucket.oidcProvider.arn}`]

👍 1

☝️ 1

clever-sunset-76585

07/29/2021, 4:32 PM

@echoing-actor-55539’s right.

pulumi.interpolate

is your friend for these sorts of things when using JS/TS. So try:

Copy code

identifiers: [pulumi.interpolate`${bitbucket.oidcProvider.url.replace("https://", "")}:sub`]

clever-sunset-76585

07/29/2021, 4:35 PM

Oh I misread the error message. The problem is that

identifiers

doesn’t take an

Output<string>

. So yeah you will need to use an outer

apply

to get the plain string value. As for the string interpolation you are doing inside

variable

you could use

pulumi.interpolate

for such.

little-cartoon-10569

07/29/2021, 10:39 PM

In this case you should cast to PolicyDocument, not use the

getPolicyDocument()

function. (Code untested.. I'm particularly not confident in the LHS of the condition...)

Untitled.ts

little-cartoon-10569

07/29/2021, 10:40 PM

This means that you don't need

apply()

to generate the document. You only need

apply()

to transform fields. Or in this case,

pulumi.interpolate

clever-sunset-76585

07/29/2021, 10:43 PM

Yeah I guess what was the reason for using

aws.iam.getPolicyDocument

@little-whale-73288. If it was to simply construct a policy document that you can use with a

Policy

resource, you could just use the

aws.iam.PolicyDocument

type as @little-cartoon-10569 suggests. That is overall better than trying to encapsulate everything inside an

apply

14 Views

Open in Slack

Previous Next