Title
t

thousands-train-46386

12/06/2022, 3:29 PM
I’m attempting to create an AWS IAM policy and provide the resulting ARN to a Role. Using Go + Pulumi it seems I must write custom code to take the Pulumi output value from one resource so it can be provided as an input to another resource which expects Go native types. The same scenario seems to exist for values I extract with the
ApplyT
method on previously created resources. Am I headed in the right direction or is there a simpler way?
l

little-soccer-5693

12/06/2022, 6:54 PM
usually the outputs will have an Arn() and/or ID() helper functions to facilitate this, and there is also the handy pulumi.Sprintf() when you need to combine output strings into something else. I tend to prefer those where possible, but there are sometimes situations where that's not possible and using Apply() directly is the only way to go.
e.g. here's a code block i have for setting up a lambda permission for api gateway:
permissionArgs := &lambda.PermissionArgs{
                Action:    pulumi.String("lambda:InvokeFunction"),
                Function:  lambdaFunc.Arn,
                Principal: pulumi.String("<http://apigateway.amazonaws.com|apigateway.amazonaws.com>"),
                SourceArn: pulumi.Sprintf("arn:aws:execute-api:%v:%v:%v/*",
                        region, accountId, apiGw.ID()),
        }
        _, err = lambda.NewPermission(ctx, "lambda-perm", permissionArgs)
        if err != nil {
                return err
        }
where lambdaFunc and apiGw were outputs from earlier pulumi operations.
f

fierce-ability-58936

12/06/2022, 8:17 PM
I think PolicyArns in piam.RoleArgs should expect a
pulumi.StringArrayOutput
The
pulumi.ToStringArray
requires plain strings, yes, but there's also an Output version of it that expects an array of StringOutput. So this should work:
...
	PolicyArns: pulumi.ToStringArrayOutput(
			[]pulumi.StringOutput{acmeDNS01Policy.Arn}),
	}
...
t

thousands-train-46386

12/07/2022, 1:51 PM
@fierce-ability-58936 Thank you for that advice, that does seem to have helped as I’m no longer getting compile errors. When I attempt to provision the stack though I’m now receiving an error:
error: an unhandled error occurred: waiting for RPCs: rpc error: code = Unknown desc = setting args: copying input "role": expected destination type to implement pulumi.Input or pulumi.Output, got utils.RoleArgs
I’ve attempt to change my code according to what the error is reporting:
_, err = piam.NewAssumableRoleWithOIDC(ctx, eksID+"-cert-manager", &piam.AssumableRoleWithOIDCArgs{
	Role: piam.RolePtr(
		&piam.RoleArgs{
			Name:       pulumi.String(eksID + "-cert-manager"),
			PolicyArns: pulumi.ToStringArrayOutput([]pulumi.StringOutput{acmeDNS01Policy.Arn}),
		}),
	ProviderUrls: pulumi.ToStringArrayOutput([]pulumi.StringOutput{oidcPolicyURL}),
	Tags: pulumi.StringMap{
		"Owner":       pulumi.String(event.User),
		"EKS cluster": pulumi.String(eksID),
    },
}, pulumi.DependsOn([]pulumi.Resource{eksCluster}))
I’m really struggling with this resource and have not been able to find an other examples other than what is provided in the resource docs
f

fierce-ability-58936

12/07/2022, 7:33 PM
Can't test right now but the doc says
Role: iam.RoleArgs{
                Name:       pulumi.String("oidc-role"),
                PolicyArns: pulumi.ToStringArray([]string{"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"}),
            },
So there's no extra RolePtr, maybe that causes the issue.
t

thousands-train-46386

12/07/2022, 8:29 PM
I added
RolePtr
because I was getting that error. FWIW, I get the same error both ways 🤷