search

pulumi / pulumi-aws-native

AWS Native Provider for Pulumi
Apache License 2.0
94 stars 17 forks source link

Incorrect docs for aws-native.iam.Role #1543

Open kg-jcaron opened 5 months ago

kg-jcaron commented 5 months ago

What happened?

The docs show the Roles being created with all values lowercased, but this results in an MalformedPolicyDocumentException in AWS with the error message "Unknown field statement". Making all the fields that are statically typed in pulumi lowercase, and everything else uppercase as per the cloudformation docs seems to work.

Example

Example from the docs:

const rootRole = new aws_native.iam.Role("rootRole", {
    assumeRolePolicyDocument: {
        version: "2012-10-17",
        statement: [{
            effect: "Allow",
            principal: {
                service: ["ec2.amazonaws.com"],
            },
            action: ["sts:AssumeRole"],
        }],
    },
    path: "/",
    policies: [{
        policyName: "root",
        policyDocument: {
            version: "2012-10-17",
            statement: [{
                effect: "Allow",
                action: "*",
                resource: "*",
            }],
        },
    }],
});

Capitalization scheme that aws seems to expect:

const rootRole = new aws_native.iam.Role("rootRole", {
    assumeRolePolicyDocument: {
        Version: "2012-10-17",
        Statement: [{
            Effect: "Allow",
            Principal: {
                Service: ["ec2.amazonaws.com"],
            },
            Action: ["sts:AssumeRole"],
        }],
    },
    path: "/",
    policies: [{
        policyName: "root",
        policyDocument: {
            Version: "2012-10-17",
            Statement: [{
                Effect: "Allow",
                Action: "*",
                Resource: "*",
            }],
        },
    }],
});

Output of pulumi about

CLI
Version 3.116.1 Go Version go1.22.2 Go Compiler gc

Plugins KIND NAME VERSION resource aws 6.36.0 resource aws-native 0.105.0 resource cloudinit 1.4.3 language nodejs unknown

Host
OS darwin Version 14.4.1 Arch arm64

This project is written in nodejs: executable='/Users/XXXXX/.asdf/shims/node' version='v20.11.0'

Backend
Name pulumi.com Token type personal

Dependencies: NAME VERSION @pulumi/aws 6.36.0 @pulumi/aws-native 0.105.0 @pulumi/pulumi 3.116.1 @pulumi/cloudinit 1.4.3 typescript 4.9.5 @types/node 14.18.63

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

corymhall commented 5 months ago

@kg-jcaron thanks for letting us know!

Link to docs for reference https://www.pulumi.com/registry/packages/aws-native/api-docs/iam/role/

I believe that these examples are generated from the aws-cloudformation-user-guide and we probably have logic in there to covert everything to camel case. We should probably add an exception in the case that it is a JSON field and leave the casing as is.

mikhailshilkov commented 4 months ago

@corymhall Do you have a sense of whether it's a provider-specific issue (e.g. we change capitalization while reading CF examples) or a program gen issue in pu/pu? It would be nice to either fix it here, or make sure we have an appropriate upstream issue linked.

corymhall commented 4 months ago

@mikhailshilkov I'm pretty sure that the logic is in the cf2pulumi code in this repo, my hunch is that it's in this function https://github.com/pulumi/pulumi-aws-native/blob/a8c4998d32185b9e780ff51f1dfc3d323d5d2095/provider/pkg/cf2pulumi/renderer.go#L583