https://pulumi.com logo
Powered by
Title
l

lively-needle-84406

11/28/2022, 4:34 PM
Hey all, I am still stuck on an issue with using 
pulumi.interpolate
inside an iam PolicyDocument. Here is my code: 
const stringEqualsKey = pulumi.interpolate`aws:ResourceTag/k8s.io/cluster-autoscaler/${cluster.core.cluster.name}`;

export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
    policy: {
        Version: "2012-10-17",
        Statement: [
            {
                Sid: "VisualEditor0",
                Effect: "Allow",
                Action: [
                    "autoscaling:SetDesiredCapacity",
                    "autoscaling:TerminateInstanceInAutoScalingGroup"
                ],
                Resource: "*",
                Condition: {
                    StringEquals: {
                        [`${stringEqualsKey}`]: "owned"
                    }
                }
            },
            {
                Sid: "VisualEditor1",
                Effect: "Allow",
                Action: [
                    "autoscaling:DescribeAutoScalingInstances",
                    "autoscaling:DescribeAutoScalingGroups",
                    "ec2:DescribeLaunchTemplateVersions",
                    "autoscaling:DescribeTags",
                    "autoscaling:DescribeLaunchConfigurations"
                ],
                Resource: "*"
            }
        ]
    }
}, {
    dependsOn: [cluster]
});
Here is the error I am receiving: 
Calling [toString] on an [Output\u003cT\u003e] is not supported.\n\nTo get the value of an Output\u003cT\u003e as an Output\u003cstring\u003e consider either:\n1: o.apply(v =\u003e `prefix${v}suffix`)\n2: pulumi.interpolate `prefix${v}suffix`\n\nSee <https://pulumi.io/help/outputs> for more details.\nThis function may throw in a future version of @pulumi/pulumi.
I have tried 
apply
and 
pulumi.interpolate
to resolve this issue, but neither seem to work. Am I missing something about outputs? Thanks
b

billowy-army-68599

11/28/2022, 4:42 PM
how did you try doing it with 
apply
- you need to invoke apply and interpolate in the correct place, there are examples here https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/s3-cloudfront/index.ts#L50-L66
l

lively-needle-84406

11/28/2022, 4:57 PM
Thanks @billowy-army-68599 I have attempted this again using the 
apply
example. 
export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
    policy: pulumi
        .all([cluster.core.cluster.name])
        .apply(([clusterName]) => {
            JSON.stringify({
                Version: "2012-10-17",
                Statement: [
                    {
                        Sid: "VisualEditor0",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:SetDesiredCapacity",
                            "autoscaling:TerminateInstanceInAutoScalingGroup"
                        ],
                        Resource: "*",
                        Condition: {
                            StringEquals: {
                                [clusterName]: "owned"
                            }
                        }
                    },
                    {
                        Sid: "VisualEditor1",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:DescribeAutoScalingInstances",
                            "autoscaling:DescribeAutoScalingGroups",
                            "ec2:DescribeLaunchTemplateVersions",
                            "autoscaling:DescribeTags",
                            "autoscaling:DescribeLaunchConfigurations"
                        ],
                        Resource: "*"
                    }
                ]
            })
        })
}, {
    dependsOn: [cluster]
});
I like this method, but the issue is that the policy argument for 
aws.iam.Policy
needs to be of type 
string | PolicyDocument
, But, the response of 
pulumi.all.apply
is of type 
OutputInstance<void>
. Any ideas of how to resolve the type conflict?
b

billowy-army-68599

11/28/2022, 5:00 PM
cast it: https://github.com/jaxxstorm/pulumi-examples/blob/main/typescript/aws/s3-cloudfront/index.ts#L65
l

lively-needle-84406

11/28/2022, 6:00 PM
@billowy-army-68599 After casting, I am getting the following error: 
error: aws:iam/policy:Policy resource 'clusterAutoScalingPolicy' has a problem: Missing required argument: The argument "policy" is required, but no definition was found.. Examine values at 'Policy.Policy'.
Code: 
export const clusterAutoScalingPolicy = new aws.iam.Policy("clusterAutoScalingPolicy", {
    policy: pulumi
        .all([cluster.core.cluster.name])
        .apply(([clusterName]) => {
            JSON.stringify({
                Version: "2012-10-17",
                Statement: [
                    {
                        Sid: "VisualEditor0",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:SetDesiredCapacity",
                            "autoscaling:TerminateInstanceInAutoScalingGroup"
                        ],
                        Resource: "*",
                        Condition: {
                            StringEquals: {
                                [`aws:ResourceTag/k8s.io/cluster-autoscaler/${clusterName}`]: "owned"
                            }
                        }
                    },
                    {
                        Sid: "VisualEditor1",
                        Effect: "Allow",
                        Action: [
                            "autoscaling:DescribeAutoScalingInstances",
                            "autoscaling:DescribeAutoScalingGroups",
                            "ec2:DescribeLaunchTemplateVersions",
                            "autoscaling:DescribeTags",
                            "autoscaling:DescribeLaunchConfigurations"
                        ],
                        Resource: "*"
                    }
                ]
            })
        }) as unknown as aws.iam.PolicyDocument
}, {
    dependsOn: [cluster]
});
FYI - had to cast the 
policy
value to unknown first because of this error: 
Conversion of type 'OutputInstance<void>' to type 'PolicyDocument' may be a mistake because neither type sufficiently overlaps with the other. If this was intentional, convert the expression to 'unknown' first.
@billowy-army-68599 Bumping this up. Still currently stuck on this with no working resolution 😕
b

billowy-army-68599

11/29/2022, 7:59 PM
Sorry, still on my todo list
l

lively-needle-84406

12/05/2022, 4:12 PM
@billowy-army-68599 Following up on this. I could not get this working with any of the above mentioned solutions. I ended up just manually naming the cluster and using that specified cluster name in the string interpolation.
b

billowy-army-68599

12/06/2022, 5:27 PM
@lively-needle-84406 sorry for the delay here, I was at re:invent last week so had limited time to sit down and go through issues. Here’s the solution 
const policyDoc = cluster.core.cluster.name.apply((name) =>
  JSON.stringify({
    Version: "2012-10-17",
    Statement: [
      {
        Sid: "VisualEditor0",
        Effect: "Allow",
        Action: [
          "autoscaling:SetDesiredCapacity",
          "autoscaling:TerminateInstanceInAutoScalingGroup",
        ],
        Resource: "*",
        Condition: {
          StringEquals: {
            [`aws:ResourceTag/k8s.io/cluster-autoscaler/${name}`]: "owned",
          },
        },
      },
      {
        Sid: "VisualEditor1",
        Effect: "Allow",
        Action: [
          "autoscaling:DescribeAutoScalingInstances",
          "autoscaling:DescribeAutoScalingGroups",
          "ec2:DescribeLaunchTemplateVersions",
          "autoscaling:DescribeTags",
          "autoscaling:DescribeLaunchConfigurations",
        ],
        Resource: "*",
      },
    ],
  })
);

export const clusterAutoScalingPolicy = new aws.iam.Policy(
  "clusterAutoScalingPolicy",
  {
    policy: policyDoc,
  }, {
    dependsOn: [cluster],
  }
);
17 Views
#awsJoin Slack
Powered by