https://pulumi.com logo
Join Slack
Powered by
When trying to assign a userassignedidentity to AK...
# golang
b
When trying to assign a userassignedidentity to AKS following this example: https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/#createupdate-managed-cluster-with-enableahub I get the error that "pulumi.AnyMap" isnt declared by package pulumi Anyone know what gives? Second question: I've created an identity - is it identity.ID() that i have to pass in? - How do i convert that ID to a string?
b
I’d try just 
pulumi.Map
and see if it works
The code example is wrong, you should open a bug on the Pulumi docs
b
pulumi.Map works! (atleast its accepted :D) Now the problem is just how i convert the identity.ID() to a string. Got any ideas?
b
I know nothing about Azure, so I probably need some example code of what you created and what you’re trying to pass it into 🙂
b
Identity: &containerservice.ManagedClusterIdentityArgs{       Type: containerservice.ResourceIdentityTypeUserAssigned,       UserAssignedIdentities: pulumi.Map{         clusterArgs.UserAssignedIdentity.ID(): nil,       },     }, Essentially .ID() outputs a pulumi.IDOutput and to create the string key it wants a string
b
Hmm I don’t think you can do this. The key has to be a raw string, not a future.
You’d have to do it in an 
ApplyT
essentially.
b
I've already created the identity previously, so it shouldnt be unknown?
previously as in before the above code runs, that is
b
It looks like it is a Pulumi resource? Those values are all futures, the program execution (in terms of calls to Azure/etc) are not sequential like this.
b
Perhaps im misunderstanding future. But yes the identity is created using pulumi before the AKS cluster - which needs the identity. I'm not very familiar with the apply thing - Thanks for the link
b
Basically, all the values you are getting back are future values - their execution is not known until the entire resource graph is computed, which will happen at the end. So when you reference 
clusterArgs.UserAssignedIdentity.ID()
, it is not something that’s known right now, it’s a reference for something that will be replaced later.
b
Aaaaah. Yeah that totally makes sense. Sorry for the massive brainfart.
b
Not at all, it’s not intuitive until it clicks 🙂
b
You don't happen to have a similar link, but where the examples are written in Go, right? 😛
b
you’re a bit in a bind, because ideally, you don’t create a resource in an 
Apply
block
b
Don't i essentially just want to make Pulumi create the ManagedIdentity get the values i need and then the AKS cluster?
Just like he describes it in the previous link “Wait for the value you’re applying to be known, then do something”
b
Yes, but it’s generally not best practice to create a new resource in an apply block
And in your case, you want the actual value (a 
string
) in order to be able to create the resource
Typically, you’d use an Apply to transform the value and return another future.
b
Hmm wouldn't i use the apply block before creating the cluster, to get the value/future i need and store it?
So: 1. Create the managedidentity 2. Use the apply thing to get the Future value of Id and convert it to a string 3. Create the AKS cluster with my new identity
b
Apply returns a future
So you can't access the raw value except inside the apply block
b
I can't return it "outside" ? Like they do here with the url
Copy code
url := pulumi.All(hostname, port).ApplyT(func (args []interface{}) string {
    return fmt.Sprintf("<http://%s:%d/>", args[0], args[1])
})
Copy code
url := vpc.DnsName.ApplyT(func(dnsName string) string {
    return "https://" + dnsName
}).(pulumi.StringOutput)
is probably a better example
Ah hell, i feel like im missing something completely obvious haha - Sorry if im just asking dumb questions
b
No all good.
The type of url in the example is StringOutput
And to populate your Pulumi.Map key, you need an actual string
Does that make sense
b
yes
b
There isn't a great option for you here. Id say if you can make the identity ID not be dynamic such that you can fully specify it in the map without depending on the output of the ID resource.
But actually let me look at something
b
Hmm. I might be able to do that. Azure ID's are made up of a bunch of known data. Subscription guid, resource group name etc. That could be possible i suppose
b
Yes
Yeha I looked it up, I think you either have to do that or create the resource itself inside an apply
b
Damn
I was so proud of identityId := clusterArgs.Identity.ID().ApplyT(func(id pulumi.ID) pulumi.StringOutput {     return id.ToStringOutput()   }).(pulumi.StringOutput) hahaha
b
🙂
Sorry.
b
I'll see if i can't manually create the resource string
Its gonna be one of those things where looking at the code is gonna hurt haha
b
In my midn the code is something like:
Copy code
// create the ID
identity := ...NewIDentity(..., Args{ID: "your static string"})

cluster := NewCluster(.... { ClusterIdentity: map[string]interface{}{fmt.Sprintf(".../%s", "your static string")}}})
b
Yeah thats more or less what i'd imagined
I can't remember exactly what makes up a resource id so im trying to look that up
b
Sorry I couldn’t be more helpful 🙂
b
Correct me if im not wrong - But can't Terraform handle this? Essentially it'll just put in "Known after apply" when doing previews etc But ive found some examples of how to do this in TF
b
I’m not super familiar with Terraform, but I can imagine that it knows how to handle this. I think this particular issue is mostly about how Pulumi generated the input types here - if it was a map of 
map[pulumi.StringOutput]pulumi.StringOutput
, you wouldn’t have had this issue.
b
I haven't tried yet but the way to get subscriptionid is this: https://www.pulumi.com/registry/packages/azure-native/api-docs/authorization/getclientconfig/ Wouldn't that be the same issue? As SubscriptionId is an output, i can't get it as a regular string or?
b
No those have actual values
But your subscription will not necessarily be created by the time this is called
Especially the first time you run your stack
Though I may be mixing resources here
I think you were creating an identity before
In which case this is fine
b
You are, The subscription is defintely created 😛
usually done manually beforehand
b
Yeah sorry azure is not my strong suit 😀
b
I appreciate all the help none the less. I'm going to try n construct the string myself. I'm contemplating creating an issue/improvement thingy in github to ask for a built in map[Pulumi.StringOutput]interface{} for this specific purpose lol
b
Yeah I’d open a bug on the Azure provider to note this, or at least ask the maintainers for perspective.
b
I came across this issue: https://github.com/pulumi/pulumi-azure-native/issues/812 I have no idea how to translate their solution to go though
b
I'm not sure if this solution will work for the Go SDK, I think the type system is a lot more strict
But I'm not 100% sure.
b
Damnit 😂
So i've attempted to simply construct the damn thing myself - /subscriptions/xxx/resourceGroups/yyy/providers/Microsoft.ManagedIdentity/userAssignedIdentities/zzz However with this: Identity: &containerservice.ManagedClusterIdentityArgs{       Type: containerservice.ResourceIdentityTypeUserAssigned,       UserAssignedIdentities: pulumi.Map{         clusterArgs.UserAssignedIdentityId: nil,       },     }, I'm still getting an error: error: Code="MissingIdentityIds" Message="The identity ids must not be null or empty for 'UserAssigned' identity type." Even if i manually put it in, in quotes "long-id-here": nil I get the same error any ideas?
10 Views
Open in Slack
PreviousNext
Powered by