pulumi / pulumi-synced-folder

A Pulumi component that synchronizes a local folder to Amazon S3, Azure Blob Storage, or Google Cloud Storage.
Apache License 2.0
3 stars 3 forks source link

Can't use a resource provider that assumes a different role with ManagedObjects set to false #59

Open JoeStead opened 6 months ago

JoeStead commented 6 months ago

What happened?

Whilst setting ManagedObjects = false the command that is run does not respect the provider

Example

The following code will not work


  var resourceOptions = new CustomResourceOptions
            {
                Provider = new Provider("provider",
                    new ProviderArgs { AssumeRole = new ProviderAssumeRoleArgs { RoleArn = ARole})
            };

new S3BucketFolder("synced-folder", new S3BucketFolderArgs { Path = "./artifacts/ui",
              BucketName = bucket.BucketName,
              Acl = CannedAcl.BucketOwnerFullControl.ToString(),
              ManagedObjects = false,
          }, new ComponentResourceOptions { Provider = resourceOptions.Provider, Parent = bucket});

Because the command that gets run when ManagedObjects are set to false:

const syncCommand = pulumi.interpolate`aws s3 sync "${args.path}" "s3://${args.bucketName}" --acl "${args.acl}" --region "${region.name}" --delete --only-show-errors`;

does not respect the role that is assumed.

In order to resolve this, an sts command will need to be run to assume the correct role in the code here:

let aliases: pulumi.Alias[] = [];
            if (!args.disableManagedObjectAliases) {
                aliases = [{
                    name: "sync-command",
                }];
            }
            //TODO assume a role here or something
            new command.local.Command(`${name}-sync-command`, {
                create: syncCommand,
                update:  syncCommand,
                delete: deleteCommand,
                environment: {
                    LAST_MODIFIED: new Date(folderContents.summary.lastModified).toString(),
                },
            }, { parent: this, aliases });

I was planning on a PR for this, but I couldn't find a way to get the role from the provider / using the aws.getXXX functions, so not sure how to resolve this.

Output of pulumi about

Package version is: 0.11.1

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

cnunciato commented 6 months ago

Thanks for submitting this @JoeStead! We'll take a look.