What would be the best way to have a function that can create AWS policy Documents and return them, while consuming outputs? I have the below code, but can’t figure out how to extract the strings from the outputs. Everything I’ve read seems to indicate that apply, all, etc still return an output rather than just a string

export function generateGithubOIDCAssumeRolePolicy(params: {
    githubOwner: Input<string>;
    repositoryName: Input<string>;
    oidcProviderArn: Input<string>;
}): Promise<GetPolicyDocumentResult> {
    return getPolicyDocument({
        statements: [
            {
                actions: ['sts:AssumeRoleWithWebIdentity'],
                conditions: [
                    {
                        test: 'StringLike',
                        values: [`repo:${params.githubOwner}/${params.repositoryName}:*`],
                        variable: '<http://token.actions.githubusercontent.com:sub|token.actions.githubusercontent.com:sub>',
                    },
                ],
                principals: [
                    {
                        identifiers: [params.oidcProviderArn],
                        type: 'Federated',
                    },
                ],
            },
        ],
    });
}

yeah if you're passing an input, because the statement is a string, you need an apply. https://github.com/jaxxstorm/pulumi-examples/blob/2519023cd4f22acd564783f6f4445a44dd82df65/typescript/aws/eks-platform/alb-ingress-controller/index.ts#L19-L38