sparse-intern-71089
02/22/2023, 11:52 PMlittle-cartoon-10569
02/22/2023, 11:56 PMappServiceAccount.name
is an output, and handles it accordingly. You have to do the same.little-cartoon-10569
02/22/2023, 11:59 PMconsole.log(appServiceAccount.name.apply((n) => `${n}`)
You need to do your work inside the apply:
appServiceAccount.name.apply((n) => console.log(`${n}`))
little-cartoon-10569
02/23/2023, 12:00 AMbest-summer-38252
02/23/2023, 12:03 AMlittle-cartoon-10569
02/23/2023, 12:24 AMbest-summer-38252
02/23/2023, 12:43 AMbest-summer-38252
02/23/2023, 12:44 AMconst appIAM = new gcp.serviceaccount.IAMPolicy("appSAIAM", {
serviceAccountId: appServiceAccount.name,
policyData: appAuthz.then((admin) => admin.policyData),
});
The example's code:
const admin_account_iam = new gcp.serviceaccount.IAMPolicy("admin-account-iam", {
serviceAccountId: sa.name,
policyData: admin.then(admin => admin.policyData),
});
best-summer-38252
02/23/2023, 12:51 AMlittle-cartoon-10569
02/23/2023, 1:05 AMadmin.then(...)
is returning a Promise. I'm guessing that appAuthz's policyData property is an Output? If it is, then you're setting the policyData property to be a value of type Promise<Output<string>
. I'm not certain on this, but I think that Pulumi's magic lifting capabilities don't work on Promises, so the value resolved for policyData is of type Output<string>
, instead of string
.
If I'm right, the best fixes are either to not use a Promise at all (change to an Input or Output), or change appAuthz.policyData
to return a string. Assuming that this latter is impossible (it probably is), then the easiest fix is this:
const appIAM = new gcp.serviceaccount.IAMPolicy("appSAIAM", {
serviceAccountId: appServiceAccount.name,
policyData: pulumi.output(appAuthz).policyData,
});
little-cartoon-10569
02/23/2023, 1:06 AMbest-summer-38252
02/23/2023, 1:11 AMlittle-cartoon-10569
02/23/2023, 1:20 AMlittle-cartoon-10569
02/23/2023, 1:20 AMbest-summer-38252
02/23/2023, 1:27 AMbest-summer-38252
02/23/2023, 5:28 PMgcp.serviceaccount.IAMPolicy
but the getIAMPolicy
const appAuthz = gcp.organizations.getIAMPolicy({
bindings: [
{
role: "roles/workflows.invoker",
members: appServiceAccount.email.apply(email => [`serviceAccount:${email}`]),
},
],
});
And I cant just do the entire bindings array in the apply() scope nor whole args object:
const appAuthz = gcp.organizations.getIAMPolicy(
appServiceAccount.email.apply(email => ({
bindings: [{
role: "roles/workflows.invoker",
members: [`serviceAccount:${email}`]
}]
}))
);
best-summer-38252
02/23/2023, 5:29 PMlittle-cartoon-10569
02/23/2023, 8:52 PMlittle-cartoon-10569
02/23/2023, 8:52 PMlittle-cartoon-10569
02/23/2023, 8:54 PMconst appAuthz = gcp.organizations.getIAMPolicy(
appServiceAccount.email.apply(email => ({
bindings: [{
role: "roles/workflows.invoker",
members: [`serviceAccount:${email}`]
}]
}))
);
To this:
const appAuthz = appServiceAccount.email.apply(email => {
return gcp.organizations.getIAMPolicy(
{
bindings: [{
role: "roles/workflows.invoker",
members: [`serviceAccount:${email}`]
}]
});
});
(Or something like that; code not checked, compiled, linted or anythiing 🙂 )