Pulumi:如何将 Output<string>[] 序列化为 JSON
Pulumi: How to serialize Output<string>[] to JSON
我想允许 Lambda 服务在我的 VPC 内创建部署,因此我有类型为 Output<string>[] 的子网 ID 数组,我想将其放入角色策略中,如下所示:
export const createNetworkInterfacePolicy = new aws.iam.RolePolicy(
"network-interface-policy-2",
{
policy: pulumi.interpolate `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["ec2:CreateNetworkInterfacePermission"],
"Resource": [
"arn:aws:ec2:${region}:${callerIdentity.accountId}:network-interface/*"
],
"Condition": {
"StringEquals": {
"ec2:Subnet": ${JSON.stringify(vpc.vpcPrivateSubnetIds.map(item => item.apply(JSON.stringify)))},
"ec2:AuthorizedService": "lambda.amazonaws.com"
}
}
}
]
}`,
role: deploymentRole
}
);
不幸的是,我最终得到的是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Resource": [
"arn:aws:ec2:us-east-2:removedAccountId:network-interface/*"
],
"Condition": {
"StringEquals": {
"ec2:Subnet": [
"Calling [toJSON] on an [Output<T>] is not supported.\n\nTo get the value of an Output as a JSON value or JSON string consider either:\n 1: o.apply(v => v.toJSON())\n 2: o.apply(v => JSON.stringify(v))\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.",
"Calling [toJSON] on an [Output<T>] is not supported.\n\nTo get the value of an Output as a JSON value or JSON string consider either:\n 1: o.apply(v => v.toJSON())\n 2: o.apply(v => JSON.stringify(v))\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi."
],
"ec2:AuthorizedService": "lambda.amazonaws.com"
}
}
}
]
}
我尝试了很多组合,但其中 none 行得通。如何从 Output<string>[] 生成 JSON 数组?
有时,最简单的方法是将应用包装在另一个资源的整个创建过程中。在这种情况下,appTaskPolicy 变为 OutputInstance<aws.iam.Policy>,然后您可以使用它自己的输出将其输入到程序的其他部分。
如果您还没有这样做,则需要 import * as pulumi from '@pulumi/pulumi';
const vpc = awsx.Network.getDefault();
const appTaskPolicyName = named('app-task-policy');
const appTaskPolicy = pulumi.all(vpc.publicSubnetIds).apply(([...subnetIds]) => {
return new aws.iam.Policy(appTaskPolicyName, {
policy: {
Version: '2012-10-17',
Statement: [
{
Action: ['sqs:GetQueueUrl', 'sqs:SendMessage'],
Resource: [
'someresourcearn'
],
Effect: 'Allow',
Condition: {
StringEquals: {
'ec2:Subnet': subnetIds,
'ec2:AuthorizedService': 'lambda.amazonaws.com'
}
}
}
]
}
});
});
我想允许 Lambda 服务在我的 VPC 内创建部署,因此我有类型为 Output<string>[] 的子网 ID 数组,我想将其放入角色策略中,如下所示:
export const createNetworkInterfacePolicy = new aws.iam.RolePolicy(
"network-interface-policy-2",
{
policy: pulumi.interpolate `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["ec2:CreateNetworkInterfacePermission"],
"Resource": [
"arn:aws:ec2:${region}:${callerIdentity.accountId}:network-interface/*"
],
"Condition": {
"StringEquals": {
"ec2:Subnet": ${JSON.stringify(vpc.vpcPrivateSubnetIds.map(item => item.apply(JSON.stringify)))},
"ec2:AuthorizedService": "lambda.amazonaws.com"
}
}
}
]
}`,
role: deploymentRole
}
);
不幸的是,我最终得到的是:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateNetworkInterfacePermission"
],
"Resource": [
"arn:aws:ec2:us-east-2:removedAccountId:network-interface/*"
],
"Condition": {
"StringEquals": {
"ec2:Subnet": [
"Calling [toJSON] on an [Output<T>] is not supported.\n\nTo get the value of an Output as a JSON value or JSON string consider either:\n 1: o.apply(v => v.toJSON())\n 2: o.apply(v => JSON.stringify(v))\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi.",
"Calling [toJSON] on an [Output<T>] is not supported.\n\nTo get the value of an Output as a JSON value or JSON string consider either:\n 1: o.apply(v => v.toJSON())\n 2: o.apply(v => JSON.stringify(v))\n\nSee https://pulumi.io/help/outputs for more details.\nThis function may throw in a future version of @pulumi/pulumi."
],
"ec2:AuthorizedService": "lambda.amazonaws.com"
}
}
}
]
}
我尝试了很多组合,但其中 none 行得通。如何从 Output<string>[] 生成 JSON 数组?
有时,最简单的方法是将应用包装在另一个资源的整个创建过程中。在这种情况下,appTaskPolicy 变为 OutputInstance<aws.iam.Policy>,然后您可以使用它自己的输出将其输入到程序的其他部分。
如果您还没有这样做,则需要 import * as pulumi from '@pulumi/pulumi';
const vpc = awsx.Network.getDefault();
const appTaskPolicyName = named('app-task-policy');
const appTaskPolicy = pulumi.all(vpc.publicSubnetIds).apply(([...subnetIds]) => {
return new aws.iam.Policy(appTaskPolicyName, {
policy: {
Version: '2012-10-17',
Statement: [
{
Action: ['sqs:GetQueueUrl', 'sqs:SendMessage'],
Resource: [
'someresourcearn'
],
Effect: 'Allow',
Condition: {
StringEquals: {
'ec2:Subnet': subnetIds,
'ec2:AuthorizedService': 'lambda.amazonaws.com'
}
}
}
]
}
});
});