https://pulumi.com logo
Title
a

able-hair-32695

12/17/2021, 6:43 PM
What would be the best way to have a function that can create AWS policy Documents and return them, while consuming outputs? I have the below code, but can’t figure out how to extract the strings from the outputs. Everything I’ve read seems to indicate that apply, all, etc still return an output rather than just a string
export function generateGithubOIDCAssumeRolePolicy(params: {
    githubOwner: Input<string>;
    repositoryName: Input<string>;
    oidcProviderArn: Input<string>;
}): Promise<GetPolicyDocumentResult> {
    return getPolicyDocument({
        statements: [
            {
                actions: ['sts:AssumeRoleWithWebIdentity'],
                conditions: [
                    {
                        test: 'StringLike',
                        values: [`repo:${params.githubOwner}/${params.repositoryName}:*`],
                        variable: '<http://token.actions.githubusercontent.com:sub|token.actions.githubusercontent.com:sub>',
                    },
                ],
                principals: [
                    {
                        identifiers: [params.oidcProviderArn],
                        type: 'Federated',
                    },
                ],
            },
        ],
    });
}
The condition values, and principal identifiers in this case are the ones causing issues
b

billowy-army-68599

12/17/2021, 6:45 PM