search

pulumi / pulumi-aws-iam

A Pulumi Multi Language Component for working with AWS IAM resources.
Apache License 2.0
6 stars 5 forks source link

UNKNOWN: marshaling properties: awaiting input property "role" #20

Open undervane opened 4 months ago

undervane commented 4 months ago

What happened?

After many tries changing config, I still keep getting the following error even with the most basic example, so possibly there's nothing to do with my own setup: Error: failed to register new resource aws-load-balancer-controller-test-eks-cluster [aws-iam:index:RoleForServiceAccountsEks]: 2 UNKNOWN: marshaling properties: awaiting input property "role": cannot marshal an input of type pulumi.StringOutput with element type string as a value of type pulumi.StringOutput at Object.registerResource (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/node_modules/@pulumi/runtime/resource.ts:438:27) at new Resource (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/node_modules/@pulumi/resource.ts:507:13) at new ComponentResource (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/node_modules/@pulumi/resource.ts:1011:9) at new RoleForServiceAccountsEks (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/node_modules/@pulumi/roleForServiceAccountsEks.ts:99:9) at SetupAlb (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/modules/alb.ts:42:14) at Object.<anonymous> (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/index.ts:12:9) at Module._compile (node:internal/modules/cjs/loader:1198:14) at Module.m._compile (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/node_modules/ts-node/src/index.ts:439:23) at Module._extensions..js (node:internal/modules/cjs/loader:1252:10) at Object.require.extensions.<computed> [as .ts] (/Users/undervane/Repositories/inbox/kubernetes-aws-typescript/node_modules/ts-node/src/index.ts:442:12)

Example

new iam.RoleForServiceAccountsEks("aws-load-balancer-controller-test-eks-cluster", {
    oidcProviders: {
        main: {
            providerArn: oidcProviderArn,
            namespaceServiceAccounts: ['kube-system:serviceAccountName'],
        }
    },
    role: {
        name: 'aws-load-balancer-controller-test-eks-cluster'
    },
    policies: {
        loadBalancer: {
            controller: true
        }
    }
});

Output of pulumi about

CLI          
Version      3.106.0
Go Version   go1.22.0
Go Compiler  gc

Plugins
NAME        VERSION
aws         6.22.2
aws         5.43.0
aws-iam     0.2.0
aws-native  0.97.0
awsx        2.5.0
docker      4.5.1
docker      3.6.1
eks         2.2.1
kubernetes  4.7.1
nodejs      unknown

Host     
OS       darwin
Version  13.6.4
Arch     x86_64

This project is written in nodejs: executable='/Users/undervane/.nvm/versions/node/v16.20.2/bin/node' version='v16.20.2'

Current Stack: undervane/kubernetes-aws-typescript/test

TYPE                                                        URN
pulumi:pulumi:Stack                                         urn:pulumi:test::kubernetes-aws-typescript::pulumi:pulumi:Stack::kubernetes-aws-typescript-test
eks:index:Cluster                                           urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster::test-eks-cluster
eks:index:ManagedNodeGroup                                  urn:pulumi:test::kubernetes-aws-typescript::eks:index:ManagedNodeGroup::ManagedSpot
eks:index:ServiceRole                                       urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$eks:index:ServiceRole::test-eks-cluster-eksRole
eks:index:ManagedNodeGroup                                  urn:pulumi:test::kubernetes-aws-typescript::eks:index:ManagedNodeGroup::ManagedOnDemand
pulumi:providers:aws                                        urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:aws::default_6_22_2
pulumi:providers:awsx                                       urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:awsx::default_2_5_0
aws:acm/certificate:Certificate                             urn:pulumi:test::kubernetes-aws-typescript::aws:acm/certificate:Certificate::simplicrm-io-cert
aws:iam/role:Role                                           urn:pulumi:test::kubernetes-aws-typescript::aws:iam/role:Role::nodegroup-role
aws:iam/role:Role                                           urn:pulumi:test::kubernetes-aws-typescript::aws:iam/role:Role::clusterAdminRole
aws:acm/certificate:Certificate                             urn:pulumi:test::kubernetes-aws-typescript::aws:acm/certificate:Certificate::aiflow-pl-cert
aws:iam/role:Role                                           urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$eks:index:ServiceRole$aws:iam/role:Role::test-eks-cluster-eksRole-role
awsx:ec2:Vpc                                                urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc::test-eks-vpc
pulumi:providers:aws                                        urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:aws::default_6_9_0
aws:route53/record:Record                                   urn:pulumi:test::kubernetes-aws-typescript::aws:route53/record:Record::simplicrm-io-cert-record
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:test::kubernetes-aws-typescript::aws:iam/rolePolicyAttachment:RolePolicyAttachment::AmazonEKS_CNI_Policy-attachment
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:test::kubernetes-aws-typescript::aws:iam/rolePolicyAttachment:RolePolicyAttachment::AmazonEC2ContainerRegistryReadOnly-attachment
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:test::kubernetes-aws-typescript::aws:iam/rolePolicyAttachment:RolePolicyAttachment::AmazonEKSWorkerNodePolicy-attachment
aws:route53/record:Record                                   urn:pulumi:test::kubernetes-aws-typescript::aws:route53/record:Record::aiflow-pl-cert-record
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$eks:index:ServiceRole$aws:iam/rolePolicyAttachment:RolePolicyAttachment::test-eks-cluster-eksRole-4b490823
aws:acm/certificateValidation:CertificateValidation         urn:pulumi:test::kubernetes-aws-typescript::aws:acm/certificateValidation:CertificateValidation::simplicrm-io-cert-validation
aws:acm/certificateValidation:CertificateValidation         urn:pulumi:test::kubernetes-aws-typescript::aws:acm/certificateValidation:CertificateValidation::aiflow-pl-cert-validation
aws:ec2/vpc:Vpc                                             urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc::test-eks-vpc
aws:ec2/subnet:Subnet                                       urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::test-eks-vpc-private-2
aws:ec2/subnet:Subnet                                       urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::test-eks-vpc-public-1
aws:ec2/subnet:Subnet                                       urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::test-eks-vpc-private-1
aws:ec2/subnet:Subnet                                       urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::test-eks-vpc-public-2
aws:ec2/internetGateway:InternetGateway                     urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/internetGateway:InternetGateway::test-eks-vpc
aws:ec2/subnet:Subnet                                       urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::test-eks-vpc-public-3
aws:ec2/subnet:Subnet                                       urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet::test-eks-vpc-private-3
aws:ec2/routeTable:RouteTable                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::test-eks-vpc-private-2
aws:ec2/routeTable:RouteTable                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::test-eks-vpc-public-1
aws:ec2/eip:Eip                                             urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::test-eks-vpc-1
aws:ec2/routeTable:RouteTable                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::test-eks-vpc-private-1
aws:ec2/routeTable:RouteTable                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::test-eks-vpc-public-2
aws:ec2/eip:Eip                                             urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::test-eks-vpc-2
aws:ec2/routeTable:RouteTable                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::test-eks-vpc-public-3
aws:ec2/eip:Eip                                             urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/eip:Eip::test-eks-vpc-3
aws:ec2/routeTable:RouteTable                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable::test-eks-vpc-private-3
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::test-eks-vpc-private-2
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::test-eks-vpc-public-1
aws:ec2/route:Route                                         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::test-eks-vpc-public-1
aws:ec2/natGateway:NatGateway                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::test-eks-vpc-1
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::test-eks-vpc-private-1
aws:ec2/route:Route                                         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::test-eks-vpc-public-2
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::test-eks-vpc-public-2
aws:ec2/natGateway:NatGateway                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::test-eks-vpc-2
aws:ec2/route:Route                                         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::test-eks-vpc-public-3
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::test-eks-vpc-public-3
aws:ec2/natGateway:NatGateway                               urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/natGateway:NatGateway::test-eks-vpc-3
aws:ec2/routeTableAssociation:RouteTableAssociation         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/routeTableAssociation:RouteTableAssociation::test-eks-vpc-private-3
aws:ec2/route:Route                                         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::test-eks-vpc-private-1
aws:ec2/route:Route                                         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::test-eks-vpc-private-2
aws:ec2/route:Route                                         urn:pulumi:test::kubernetes-aws-typescript::awsx:ec2:Vpc$aws:ec2/vpc:Vpc$aws:ec2/subnet:Subnet$aws:ec2/routeTable:RouteTable$aws:ec2/route:Route::test-eks-vpc-private-3
pulumi:providers:pulumi                                     urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:pulumi::default
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::test-eks-cluster-eksClusterSecurityGroup
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::test-eks-cluster-eksClusterInternetEgressRule
aws:eks/cluster:Cluster                                     urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:eks/cluster:Cluster::test-eks-cluster-eksCluster
aws:ec2/securityGroup:SecurityGroup                         urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroup:SecurityGroup::test-eks-cluster-nodeSecurityGroup
aws:iam/openIdConnectProvider:OpenIdConnectProvider         urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:iam/openIdConnectProvider:OpenIdConnectProvider::test-eks-cluster-oidcProvider
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::test-eks-cluster-eksNodeIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::test-eks-cluster-eksExtApiServerClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::test-eks-cluster-eksClusterIngressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::test-eks-cluster-eksNodeInternetEgressRule
aws:ec2/securityGroupRule:SecurityGroupRule                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$aws:ec2/securityGroupRule:SecurityGroupRule::test-eks-cluster-eksNodeClusterIngressRule
pulumi:providers:aws-iam                                    urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:aws-iam::default_0_2_0
aws-iam:index:RoleForServiceAccountsEks                     urn:pulumi:test::kubernetes-aws-typescript::aws-iam:index:RoleForServiceAccountsEks::aws-load-balancer-controller-test-eks-cluster
pulumi:providers:aws                                        urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:aws::default
pulumi:providers:kubernetes                                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$pulumi:providers:kubernetes::test-eks-cluster-provider
pulumi:providers:kubernetes                                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$pulumi:providers:kubernetes::test-eks-cluster-eks-k8s
pulumi:providers:kubernetes                                 urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:kubernetes::provider
pulumi:providers:eks                                        urn:pulumi:test::kubernetes-aws-typescript::pulumi:providers:eks::default
kubernetes:core/v1:ConfigMap                                urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$kubernetes:core/v1:ConfigMap::test-eks-cluster-nodeAccess
kubernetes:core/v1:Namespace                                urn:pulumi:test::kubernetes-aws-typescript::kubernetes:core/v1:Namespace::infra
eks:index:VpcCni                                            urn:pulumi:test::kubernetes-aws-typescript::eks:index:Cluster$eks:index:VpcCni::test-eks-cluster-vpc-cni
aws:iam/policy:Policy                                       urn:pulumi:test::kubernetes-aws-typescript::aws-iam:index:RoleForServiceAccountsEks$aws:iam/policy:Policy::aws-load-balancer-controller-test-eks-cluster
aws:eks/nodeGroup:NodeGroup                                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:ManagedNodeGroup$aws:eks/nodeGroup:NodeGroup::ManagedOnDemand
aws:eks/nodeGroup:NodeGroup                                 urn:pulumi:test::kubernetes-aws-typescript::eks:index:ManagedNodeGroup$aws:eks/nodeGroup:NodeGroup::ManagedSpot
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole         urn:pulumi:test::kubernetes-aws-typescript::kubernetes:rbac.authorization.k8s.io/v1:ClusterRole::clusterAdminRole
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding  urn:pulumi:test::kubernetes-aws-typescript::kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding::cluster-admin-binding
kubernetes:helm.sh/v3:Chart                                 urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart::kubernetes-dashboard
kubernetes:core/v1:ServiceAccount                           urn:pulumi:test::kubernetes-aws-typescript::kubernetes:core/v1:ServiceAccount::admin-user
kubernetes:helm.sh/v3:Release                               urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Release::aws-load-balancer-controller
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole         urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:ClusterRole::kubernetes-dashboard-readonly
kubernetes:core/v1:Secret                                   urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:Secret::kube-system/kubernetes-dashboard-certs
kubernetes:core/v1:Service                                  urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:Service::kube-system/kubernetes-dashboard
kubernetes:core/v1:ServiceAccount                           urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:ServiceAccount::kube-system/kubernetes-dashboard
kubernetes:rbac.authorization.k8s.io/v1:ClusterRole         urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:ClusterRole::kubernetes-dashboard-metrics
kubernetes:core/v1:ConfigMap                                urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:ConfigMap::kube-system/kubernetes-dashboard-settings
kubernetes:rbac.authorization.k8s.io/v1:RoleBinding         urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:RoleBinding::kube-system/kubernetes-dashboard
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding  urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding::kubernetes-dashboard-readonly
kubernetes:core/v1:Secret                                   urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:Secret::kube-system/kubernetes-dashboard-key-holder
kubernetes:core/v1:Secret                                   urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:core/v1:Secret::kube-system/kubernetes-dashboard-csrf
kubernetes:apps/v1:Deployment                               urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:apps/v1:Deployment::kube-system/kubernetes-dashboard
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding  urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBinding::kubernetes-dashboard-metrics
kubernetes:rbac.authorization.k8s.io/v1:Role                urn:pulumi:test::kubernetes-aws-typescript::kubernetes:helm.sh/v3:Chart$kubernetes:rbac.authorization.k8s.io/v1:Role::kube-system/kubernetes-dashboard
aws:iam/role:Role                                           urn:pulumi:test::kubernetes-aws-typescript::aws-iam:index:RoleForServiceAccountsEks$aws:iam/role:Role::aws-load-balancer-controller-test-eks-cluster-role
aws:iam/rolePolicyAttachment:RolePolicyAttachment           urn:pulumi:test::kubernetes-aws-typescript::aws-iam:index:RoleForServiceAccountsEks$aws:iam/rolePolicyAttachment:RolePolicyAttachment::aws-load-balancer-controller-test-eks-cluster

Found no pending operations associated with test

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/undervane
User           undervane
Organizations  undervane
Token type     personal

Dependencies:
NAME                VERSION
@pulumi/awsx        2.5.0
@pulumi/eks         2.2.1
@pulumi/pulumi      3.107.0
@types/node         18.19.17
typescript          4.9.5
@pulumi/aws-iam     0.2.0
@pulumi/aws-native  0.97.0
@pulumi/aws         6.22.2

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

scottslowe commented 4 months ago

Hi @undervane! Thanks for submitting this issue. Are you able to share any more of your code, such as where oidcProviderArn is defined? Or where you're assigning this role to the ALB?

dag-andersen commented 4 days ago

Hi @scottslowe, i have the same issue.

I created a oidcProvider with

eksctl utils associate-iam-oidc-provider \
    --region <region-code> \
    --cluster <your-cluster-name> \
    --approve

from the official guide

But i also tried specifying: createOidcProvider: true when creating the cluster

const cluster = new eks.Cluster(config.pulumiName, {
  vpcId: vpc.vpcId,
  name: config.awsName,
  subnetIds: vpc.privateSubnetIds,
  createOidcProvider: true,
});

The pulumi code looks like this

const policy = new aws.iam.Policy('aws-load-balancer-controller-policy', {
  policy: fs.readFileSync('./iam-policy.json', 'utf8').toString(),
});

const roleForServiceAccountsEks = new iam.RoleForServiceAccountsEks(
  'aws-iam-example-role-for-service-accounts-eks',
  {
    role: {
      name: 'aws-load-balancer-controller',
      policyArns: [policy.arn],
    },
    policies: {
      loadBalancer: {
        controller: true,
      },
    },
    oidcProviders: {
      main: {
        providerArn: <the-arn-from-the-newly-created-oidc-provider>,
        namespaceServiceAccounts: [
          'kube-system:aws-load-balancer-controller',
        ],
      },
    },
  },
);

output:

Error: failed to register new resource aws-iam-example-role-for-service-accounts-eks [aws-iam:index:RoleForServiceAccountsEks]: 2 UNKNOWN: marshaling properties: awaiting input property "role": cannot marshal an input of type pulumi.StringOutput with element type string as a value of type pulumi.StringOutput
        at Object.registerResource (repo-path/node_modules/@pulumi/runtime/resource.ts:455:27)
        at new Resource (repo-path/node_modules/@pulumi/resource.ts:518:13)
        at new ComponentResource (repo-path/node_modules/@pulumi/resource.ts:1090:9)
        at new RoleForServiceAccountsEks (repo-path/node_modules/@pulumi/roleForServiceAccountsEks.ts:99:9)
        at Object.<anonymous> (repo-path/k8s-clusters/index.ts:101:39)
        at Module._compile (node:internal/modules/cjs/loader:1467:14)
        at Module.m._compile (repo-path/node_modules/@pulumi/pulumi/vendor/ts-node@7.0.1/index.js:3009:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1551:10)
        at Object.require.extensions.<computed> [as .ts] (repo-path/node_modules/@pulumi/pulumi/vendor/ts-node@7.0.1/index.js:3011:12)
        at Module.load (node:internal/modules/cjs/loader:1282:32) {
      promise: Promise { <rejected> [Circular *1] }
    }

Do you know what is wrong?