sparse-intern-71089
02/19/2023, 1:54 PMbillowy-army-68599
apply
.
Try using this an example: https://github.com/pulumi/examples/blob/7c4ed37e9e00f039218b77bba6b65ffdc369abe9/aws-ts-static-website/index.ts#L300billowy-army-68599
pulumi.jsonStringify
is a helper method to make this easiercuddly-flower-91328
02/19/2023, 4:18 PMcuddly-flower-91328
02/20/2023, 1:13 PMapply
. TypeScript is new to me and I feel this is largely where my issues have revolved around.
If I do the following:
constructor(name: string, args: { clusterName: string, oidcArn: string, oidcUrl: string }, opts?: pulumi.ComponentResourceOptions) {
super("pkg:iam:clusterAutoscalerRole", name, args, opts);
let clusterName: string = args.clusterName;
let clusterTag: string = `aws:ResourceTag/k8s.io/cluster-autoscaler/${clusterName}`;
this.policy = new aws.iam.Policy(name, {
path: "/",
description: "Amazon EKS - Cluster autoscaler policy",
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [
{
Sid: "VisualEditor0",
Effect: "Allow",
Action: [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
Resource: "*",
Condition: {
StringEquals: {
[clusterTag]: "owned"
}
}
},
{
Sid: "VisualEditor1",
Effect: "Allow",
Action: [
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeLaunchTemplateVersions",
"autoscaling:DescribeTags",
"autoscaling:DescribeLaunchConfigurations",
"ec2:DescribeInstanceTypes"
],
Resource: "*"
}
]
})
}, { parent: this });
I get this in preview:
policy : "{"Version":"2012-10-17","Statement":[{"Sid":"VisualEditor0","Effect":"Allow","Action":["autoscaling:SetDesiredCapacity","autoscaling:TerminateInstanceInAutoScalingGroup"],"Resource":"*","Condition":{"StringEquals":{"aws:ResourceTag/k8s.io/cluster-autoscaler/":"owned"}}},{"Sid":"VisualEditor1","Effect":"Allow","Action":["autoscaling:DescribeAutoScalingInstances","autoscaling:DescribeAutoScalingGroups","ec2:DescribeLaunchTemplateVersions","autoscaling:DescribeTags","autoscaling:DescribeLaunchConfigurations","ec2:DescribeInstanceTypes"],"Resource":"*"}]}"
Where part of the key is populated but I am still missing the cluster name portion.cuddly-flower-91328
02/20/2023, 1:46 PMconstructor(name: string, args: { clusterName: string, oidcArn: string, oidcUrl: string }, opts?: pulumi.ComponentResourceOptions) {
super("pkg:iam:clusterAutoscalerRole", name, args, opts);
let tags = {};
let clusterTag = pulumi.interpolate `aws:ResourceTag/k8s.io/cluster-autoscaler/${args.clusterName}`;
clusterTag.apply(s => tags[s] = "owned");
this.policy = new aws.iam.Policy(name, {
path: "/",
description: "Amazon EKS - Cluster autoscaler policy",
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [
{
Sid: "VisualEditor0",
Effect: "Allow",
Action: [
"autoscaling:SetDesiredCapacity",
"autoscaling:TerminateInstanceInAutoScalingGroup"
],
Resource: "*",
Condition: {
StringEquals: tags
}
},
{
Sid: "VisualEditor1",
Effect: "Allow",
Action: [
"autoscaling:DescribeAutoScalingInstances",
"autoscaling:DescribeAutoScalingGroups",
"ec2:DescribeLaunchTemplateVersions",
"autoscaling:DescribeTags",
"autoscaling:DescribeLaunchConfigurations",
"ec2:DescribeInstanceTypes"
],
Resource: "*"
}
]
})
}, { parent: this });
But ended up with:
policy : "{"Version":"2012-10-17","Statement":[{"Sid":"VisualEditor0","Effect":"Allow","Action":["autoscaling:SetDesiredCapacity","autoscaling:TerminateInstanceInAutoScalingGroup"],"Resource":"*","Condition":{"StringEquals":{}}},{"Sid":"VisualEditor1","Effect":"Allow","Action":["autoscaling:DescribeAutoScalingInstances","autoscaling:DescribeAutoScalingGroups","ec2:DescribeLaunchTemplateVersions","autoscaling:DescribeTags","autoscaling:DescribeLaunchConfigurations","ec2:DescribeInstanceTypes"],"Resource":"*"}]}"
Where StringEquals
gets set to an empty {}
billowy-army-68599
oidcArn: string, oidcUrl: string
They are probably an Output<str>
There’s an EKS OIDC example here you can use as a reference, fwiw: https://github.com/jaxxstorm/pulumi-examples/blob/378ddb65c6ae2fa018d34f7f57edd871ab9af994/typescript/aws/eks-platform/external-dns/index.ts#L9cuddly-flower-91328
02/20/2023, 5:11 PMcuddly-flower-91328
02/20/2023, 7:01 PMiam.ts
which is imported into index.ts
within the project. Below is what exists in index.ts
as it relates to the code in question:
const clusterOidcProvider = cluster.core.oidcProvider;
export const clusterOidcProviderUrl = clusterOidcProvider.url;
export const clusterOidcProviderArn = clusterOidcProvider.arn;
let clusterName = cluster.core.cluster.name;
let args = {
clusterName: "",
oidcArn: "",
oidcUrl: "",
}
clusterName.apply(s => args["clusterName"] = s);
clusterOidcProviderArn.apply(s => args["oidcArn"] = s);
clusterOidcProviderUrl.apply(s => args["oidcUrl"] = s);
export const clusterAutoscalerRole = new iam.clusterAutoscalerRole(`${projectName}-${stackName}`, args);
The intent here was to package what is required to create the necessary role into a single Component Resource.
My next step was going to be creating the policy document like you did in that example as well as what I had seen here.
I figured I would include this additional bit of info in case I am just way off the mark, but I see that you're using all()
here which I haven't done and maybe that will be helpful 🤞billowy-army-68599
clusterName.apply(s => args["clusterName"] = s);
clusterOidcProviderArn.apply(s => args["oidcArn"] = s);
clusterOidcProviderUrl.apply(s => args["oidcUrl"] = s);
You can’t assign a value inside an apply, you can only perform that operation inside an apply
see https://leebriggs.co.uk/blog/2021/05/09/pulumi-apply for more infocuddly-flower-91328
02/20/2023, 7:20 PMlet clusterName = cluster.core.cluster.name;
let clusterTag = pulumi.interpolate `<http://k8s.io/cluster-autoscaler/${clusterName}`;|k8s.io/cluster-autoscaler/${clusterName}`;>
let tags = {
"org": "something",
"<http://k8s.io/cluster-autoscaler/enabled|k8s.io/cluster-autoscaler/enabled>": "true",
}
clusterTag.apply(s => tags[s] = "owned");
So it seemed fitting that maybe something similar may also work.
I appreciate your help on this!cuddly-flower-91328
02/20/2023, 11:41 PMNo matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.
Powered by