little-whale-73288
07/29/2021, 2:21 PMOutput<string>
into aws.iam.GetPolicyDocumentArgs
? this attempt:
const policy = aws.iam.getPolicyDocument({statements: [{
actions: ["sts:AssumeRoleWithWebIdentity"],
principals: [{
identifiers: [bitbucket.oidcProvider.arn], // this is line 14
type: "Federated",
}],
condition: {
test: "StringLike",
variable: bitbucket.oidcProvider.url.apply(url => `${url.replace("https://", "")}:sub`),
values: ["...."],
}
}]})
results in:
pulumi.ts(14,23): error TS2322: Type 'Output<string>' is not assignable to type 'string'.
astonishing-tiger-81216
07/29/2021, 2:27 PMidentifiers: [bitbucket.oidcProvider.arn.apply(arn => arn)],
I’m afraid that’s my best guess right now.little-whale-73288
07/29/2021, 2:28 PMastonishing-tiger-81216
07/29/2021, 2:32 PMlittle-whale-73288
07/29/2021, 2:41 PMassumeRolePolicy: bitbucket.oidcProvider.arn.apply(
providerArn => pulumi.all([bitbucket.oidcProvider.arn, bitbucket.oidcProvider.url]).apply(
([arn, url]) =>
aws.iam.getPolicyDocument({statements: [{
actions: ["sts:AssumeRoleWithWebIdentity"],
principals: [{
identifiers: [arn],
type: "Federated",
}],
conditions: [{
test: "StringLike",
variable: `${url.replace("https://", "")}:sub`,
values: ["..."],
}],
}]}).then(doc => doc.json)
)
)
assumeRolePolicy : output<string>
echoing-actor-55539
07/29/2021, 3:59 PMidentifiers: [pulumi.interpolate`{bitbucket.oidcProvider.arn}`]
clever-sunset-76585
07/29/2021, 4:32 PMpulumi.interpolate
is your friend for these sorts of things when using JS/TS. So try:
identifiers: [pulumi.interpolate`${bitbucket.oidcProvider.url.replace("https://", "")}:sub`]
identifiers
doesn’t take an Output<string>
. So yeah you will need to use an outer apply
to get the plain string value. As for the string interpolation you are doing inside variable
you could use pulumi.interpolate
for such.little-cartoon-10569
07/29/2021, 10:39 PMgetPolicyDocument()
function.
(Code untested.. I'm particularly not confident in the LHS of the condition...)apply()
to generate the document. You only need apply()
to transform fields. Or in this case, pulumi.interpolate
.clever-sunset-76585
07/29/2021, 10:43 PMaws.iam.getPolicyDocument
@little-whale-73288. If it was to simply construct a policy document that you can use with a Policy
resource, you could just use the aws.iam.PolicyDocument
type as @little-cartoon-10569 suggests. That is overall better than trying to encapsulate everything inside an apply
.