Add pluralized lifecycle_policies to EFS file system data source #4590
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The lifecycle_policy attribute has MaxItemsOne hardcoded on the Pulumi side and this triggers panics when there is more than one lifecycle policy on the resource. By adding pluralized lifecycle_policies and fixing the singular version to only return at most one element we're able to fix this panic without introducing breaking changes.
flostadler
commented
Oct 1, 2024
| @@ -275175,7 +275175,7 @@ | |||
| } | |||
| }, | |||
| "aws:iam/role:Role": { | |||
| "description": "\n\n## Import\n\nUsing `pulumi import`, import IAM Roles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/role:Role developer developer_name\n```\n", | |||
| "description": "Provides an IAM role.\n\n\u003e **NOTE:** If policies are attached to the role via the `aws.iam.PolicyAttachment` resource and you are modifying the role `name` or `path`, the `force_detach_policies` argument must be set to `true` and applied before attempting the operation otherwise you will encounter a `DeleteConflict` error. The `aws.iam.RolePolicyAttachment` resource (recommended) does not have this requirement.\n\n\u003e **NOTE:** If you use this resource's `managed_policy_arns` argument or `inline_policy` configuration blocks, this resource will take over exclusive management of the role's respective policy types (e.g., both policy types if both arguments are used). These arguments are incompatible with other ways of managing a role's policies, such as `aws.iam.PolicyAttachment`, `aws.iam.RolePolicyAttachment`, and `aws.iam.RolePolicy`. If you attempt to manage a role's policies by multiple means, you will get resource cycling and/or errors.\n\n\u003e **NOTE:** We suggest using explicit JSON encoding or `aws.iam.getPolicyDocument` when assigning a value to `policy`. They seamlessly translate configuration to JSON, enabling you to maintain consistency within your configuration without the need for context switches. Also, you can sidestep potential complications arising from formatting discrepancies, whitespace inconsistencies, and other nuances inherent to JSON.\n\n## Example Usage\n\n### Basic Example\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst testRole = new aws.iam.Role(\"test_role\", {\n name: \"test_role\",\n assumeRolePolicy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: \"sts:AssumeRole\",\n Effect: \"Allow\",\n Sid: \"\",\n Principal: {\n Service: \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags: {\n \"tag-key\": \"tag-value\",\n },\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ntest_role = aws.iam.Role(\"test_role\",\n name=\"test_role\",\n assume_role_policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": \"sts:AssumeRole\",\n \"Effect\": \"Allow\",\n \"Sid\": \"\",\n \"Principal\": {\n \"Service\": \"ec2.amazonaws.com\",\n },\n }],\n }),\n tags={\n \"tag-key\": \"tag-value\",\n })\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var testRole = new Aws.Iam.Role(\"test_role\", new()\n {\n Name = \"test_role\",\n AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = \"sts:AssumeRole\",\n [\"Effect\"] = \"Allow\",\n [\"Sid\"] = \"\",\n [\"Principal\"] = new Dictionary\u003cstring, object?\u003e\n {\n [\"Service\"] = \"ec2.amazonaws.com\",\n },\n },\n },\n }),\n Tags = \n {\n { \"tag-key\", \"tag-value\" },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": \"sts:AssumeRole\",\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Sid\": \"\",\n\t\t\t\t\t\"Principal\": map[string]interface{}{\n\t\t\t\t\t\t\"Service\": \"ec2.amazonaws.com\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"test_role\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"test_role\"),\n\t\t\tAssumeRolePolicy: pulumi.String(json0),\n\t\t\tTags: pulumi.StringMap{\n\t\t\t\t\"tag-key\": pulumi.String(\"tag-value\"),\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var testRole = new Role(\"testRole\", RoleArgs.builder()\n .name(\"test_role\")\n .assumeRolePolicy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", \"sts:AssumeRole\"),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Sid\", \"\"),\n jsonProperty(\"Principal\", jsonObject(\n jsonProperty(\"Service\", \"ec2.amazonaws.com\")\n ))\n )))\n )))\n .tags(Map.of(\"tag-key\", \"tag-value\"))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n testRole:\n type: aws:iam:Role\n name: test_role\n properties:\n name: test_role\n assumeRolePolicy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action: sts:AssumeRole\n Effect: Allow\n Sid:\n Principal:\n Service: ec2.amazonaws.com\n tags:\n tag-key: tag-value\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Using Data Source for Assume Role Policy\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst instanceAssumeRolePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"sts:AssumeRole\"],\n principals: [{\n type: \"Service\",\n identifiers: [\"ec2.amazonaws.com\"],\n }],\n }],\n});\nconst instance = new aws.iam.Role(\"instance\", {\n name: \"instance_role\",\n path: \"/system/\",\n assumeRolePolicy: instanceAssumeRolePolicy.then(instanceAssumeRolePolicy =\u003e instanceAssumeRolePolicy.json),\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\ninstance_assume_role_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\"sts:AssumeRole\"],\n \"principals\": [{\n \"type\": \"Service\",\n \"identifiers\": [\"ec2.amazonaws.com\"],\n }],\n}])\ninstance = aws.iam.Role(\"instance\",\n name=\"instance_role\",\n path=\"/system/\",\n assume_role_policy=instance_assume_role_policy.json)\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var instanceAssumeRolePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"sts:AssumeRole\",\n },\n Principals = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementPrincipalInputArgs\n {\n Type = \"Service\",\n Identifiers = new[]\n {\n \"ec2.amazonaws.com\",\n },\n },\n },\n },\n },\n });\n\n var instance = new Aws.Iam.Role(\"instance\", new()\n {\n Name = \"instance_role\",\n Path = \"/system/\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinstanceAssumeRolePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"sts:AssumeRole\",\n\t\t\t\t\t},\n\t\t\t\t\tPrincipals: []iam.GetPolicyDocumentStatementPrincipal{\n\t\t\t\t\t\t{\n\t\t\t\t\t\t\tType: \"Service\",\n\t\t\t\t\t\t\tIdentifiers: []string{\n\t\t\t\t\t\t\t\t\"ec2.amazonaws.com\",\n\t\t\t\t\t\t\t},\n\t\t\t\t\t\t},\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"instance\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"instance_role\"),\n\t\t\tPath: pulumi.String(\"/system/\"),\n\t\t\tAssumeRolePolicy: pulumi.String(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var instanceAssumeRolePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"sts:AssumeRole\")\n .principals(GetPolicyDocumentStatementPrincipalArgs.builder()\n .type(\"Service\")\n .identifiers(\"ec2.amazonaws.com\")\n .build())\n .build())\n .build());\n\n var instance = new Role(\"instance\", RoleArgs.builder()\n .name(\"instance_role\")\n .path(\"/system/\")\n .assumeRolePolicy(instanceAssumeRolePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build());\n\n }\n}\n```\n```yaml\nresources:\n instance:\n type: aws:iam:Role\n properties:\n name: instance_role\n path: /system/\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\nvariables:\n instanceAssumeRolePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - sts:AssumeRole\n principals:\n - type: Service\n identifiers:\n - ec2.amazonaws.com\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Inline Policies\n\n\u003e The `inline_policy` argument is deprecated. Use the `aws.iam.RolePolicy` resource instead. If Pulumi should exclusively manage all inline policy associations (the current behavior of this argument), use the `aws.iam.RolePoliciesExclusive` resource as well.\n\nThis example creates an IAM role with two inline IAM policies. If someone adds another inline policy out-of-band, on the next apply, this provider will remove that policy. If someone deletes these policies out-of-band, this provider will recreate them.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst inlinePolicy = aws.iam.getPolicyDocument({\n statements: [{\n actions: [\"ec2:DescribeAccountAttributes\"],\n resources: [\"*\"],\n }],\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n inlinePolicies: [\n {\n name: \"my_inline_policy\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n },\n {\n name: \"policy-8675309\",\n policy: inlinePolicy.then(inlinePolicy =\u003e inlinePolicy.json),\n },\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\ninline_policy = aws.iam.get_policy_document(statements=[{\n \"actions\": [\"ec2:DescribeAccountAttributes\"],\n \"resources\": [\"*\"],\n}])\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n inline_policies=[\n {\n \"name\": \"my_inline_policy\",\n \"policy\": json.dumps({\n \"version\": \"2012-10-17\",\n \"statement\": [{\n \"action\": [\"ec2:Describe*\"],\n \"effect\": \"Allow\",\n \"resource\": \"*\",\n }],\n }),\n },\n {\n \"name\": \"policy-8675309\",\n \"policy\": inline_policy.json,\n },\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var inlinePolicy = Aws.Iam.GetPolicyDocument.Invoke(new()\n {\n Statements = new[]\n {\n new Aws.Iam.Inputs.GetPolicyDocumentStatementInputArgs\n {\n Actions = new[]\n {\n \"ec2:DescribeAccountAttributes\",\n },\n Resources = new[]\n {\n \"*\",\n },\n },\n },\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n InlinePolicies = new[]\n {\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"my_inline_policy\",\n Policy = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Resource\"] = \"*\",\n },\n },\n }),\n },\n new Aws.Iam.Inputs.RoleInlinePolicyArgs\n {\n Name = \"policy-8675309\",\n Policy = inlinePolicy.Apply(getPolicyDocumentResult =\u003e getPolicyDocumentResult.Json),\n },\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\tinlinePolicy, err := iam.GetPolicyDocument(ctx, \u0026iam.GetPolicyDocumentArgs{\n\t\t\tStatements: []iam.GetPolicyDocumentStatement{\n\t\t\t\t{\n\t\t\t\t\tActions: []string{\n\t\t\t\t\t\t\"ec2:DescribeAccountAttributes\",\n\t\t\t\t\t},\n\t\t\t\t\tResources: []string{\n\t\t\t\t\t\t\"*\",\n\t\t\t\t\t},\n\t\t\t\t},\n\t\t\t},\n\t\t}, nil)\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"my_inline_policy\"),\n\t\t\t\t\tPolicy: pulumi.String(json0),\n\t\t\t\t},\n\t\t\t\t\u0026iam.RoleInlinePolicyArgs{\n\t\t\t\t\tName: pulumi.String(\"policy-8675309\"),\n\t\t\t\t\tPolicy: pulumi.String(inlinePolicy.Json),\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.IamFunctions;\nimport com.pulumi.aws.iam.inputs.GetPolicyDocumentArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n final var inlinePolicy = IamFunctions.getPolicyDocument(GetPolicyDocumentArgs.builder()\n .statements(GetPolicyDocumentStatementArgs.builder()\n .actions(\"ec2:DescribeAccountAttributes\")\n .resources(\"*\")\n .build())\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .inlinePolicies( \n RoleInlinePolicyArgs.builder()\n .name(\"my_inline_policy\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build(),\n RoleInlinePolicyArgs.builder()\n .name(\"policy-8675309\")\n .policy(inlinePolicy.applyValue(getPolicyDocumentResult -\u003e getPolicyDocumentResult.json()))\n .build())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n inlinePolicies:\n - name: my_inline_policy\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - ec2:Describe*\n Effect: Allow\n Resource: '*'\n - name: policy-8675309\n policy: ${inlinePolicy.json}\nvariables:\n inlinePolicy:\n fn::invoke:\n Function: aws:iam:getPolicyDocument\n Arguments:\n statements:\n - actions:\n - ec2:DescribeAccountAttributes\n resources:\n - '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Inline Policies\n\n\u003e The `inline_policy` argument is deprecated. Use the `aws.iam.RolePolicy` resource instead. If Pulumi should exclusively manage all inline policy associations (the current behavior of this argument), use the `aws.iam.RolePoliciesExclusive` resource as well.\n\nThis example creates an IAM role with what appears to be empty IAM `inline_policy` argument instead of using `inline_policy` as a configuration block. The result is that if someone were to add an inline policy out-of-band, on the next apply, this provider will remove that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n inlinePolicies: [{}],\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n inline_policies=[{}],\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n InlinePolicies = new[]\n {\n null,\n },\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tInlinePolicies: iam.RoleInlinePolicyArray{\n\t\t\t\tnil,\n\t\t\t},\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport com.pulumi.aws.iam.inputs.RoleInlinePolicyArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder()\n .inlinePolicies()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n inlinePolicies:\n - {}\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Exclusive Managed Policies\n\nThis example creates an IAM role and attaches two managed IAM policies. If someone attaches another managed policy out-of-band, on the next apply, this provider will detach that policy. If someone detaches these policies out-of-band, this provider will attach them again.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst policyOne = new aws.iam.Policy(\"policy_one\", {\n name: \"policy-618033\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\"ec2:Describe*\"],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\nconst policyTwo = new aws.iam.Policy(\"policy_two\", {\n name: \"policy-381966\",\n policy: JSON.stringify({\n Version: \"2012-10-17\",\n Statement: [{\n Action: [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n Effect: \"Allow\",\n Resource: \"*\",\n }],\n }),\n});\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [\n policyOne.arn,\n policyTwo.arn,\n ],\n});\n```\n```python\nimport pulumi\nimport json\nimport pulumi_aws as aws\n\npolicy_one = aws.iam.Policy(\"policy_one\",\n name=\"policy-618033\",\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\"ec2:Describe*\"],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\npolicy_two = aws.iam.Policy(\"policy_two\",\n name=\"policy-381966\",\n policy=json.dumps({\n \"Version\": \"2012-10-17\",\n \"Statement\": [{\n \"Action\": [\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n ],\n \"Effect\": \"Allow\",\n \"Resource\": \"*\",\n }],\n }))\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[\n policy_one.arn,\n policy_two.arn,\n ])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing System.Text.Json;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var policyOne = new Aws.Iam.Policy(\"policy_one\", new()\n {\n Name = \"policy-618033\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"ec2:Describe*\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Resource\"] = \"*\",\n },\n },\n }),\n });\n\n var policyTwo = new Aws.Iam.Policy(\"policy_two\", new()\n {\n Name = \"policy-381966\",\n PolicyDocument = JsonSerializer.Serialize(new Dictionary\u003cstring, object?\u003e\n {\n [\"Version\"] = \"2012-10-17\",\n [\"Statement\"] = new[]\n {\n new Dictionary\u003cstring, object?\u003e\n {\n [\"Action\"] = new[]\n {\n \"s3:ListAllMyBuckets\",\n \"s3:ListBucket\",\n \"s3:HeadBucket\",\n },\n [\"Effect\"] = \"Allow\",\n [\"Resource\"] = \"*\",\n },\n },\n }),\n });\n\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[]\n {\n policyOne.Arn,\n policyTwo.Arn,\n },\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"encoding/json\"\n\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\ttmpJSON0, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"ec2:Describe*\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson0 := string(tmpJSON0)\n\t\tpolicyOne, err := iam.NewPolicy(ctx, \"policy_one\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-618033\"),\n\t\t\tPolicy: pulumi.String(json0),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\ttmpJSON1, err := json.Marshal(map[string]interface{}{\n\t\t\t\"Version\": \"2012-10-17\",\n\t\t\t\"Statement\": []map[string]interface{}{\n\t\t\t\tmap[string]interface{}{\n\t\t\t\t\t\"Action\": []string{\n\t\t\t\t\t\t\"s3:ListAllMyBuckets\",\n\t\t\t\t\t\t\"s3:ListBucket\",\n\t\t\t\t\t\t\"s3:HeadBucket\",\n\t\t\t\t\t},\n\t\t\t\t\t\"Effect\": \"Allow\",\n\t\t\t\t\t\"Resource\": \"*\",\n\t\t\t\t},\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\tjson1 := string(tmpJSON1)\n\t\tpolicyTwo, err := iam.NewPolicy(ctx, \"policy_two\", \u0026iam.PolicyArgs{\n\t\t\tName: pulumi.String(\"policy-381966\"),\n\t\t\tPolicy: pulumi.String(json1),\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\t_, err = iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{\n\t\t\t\tpolicyOne.Arn,\n\t\t\t\tpolicyTwo.Arn,\n\t\t\t},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Policy;\nimport com.pulumi.aws.iam.PolicyArgs;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport static com.pulumi.codegen.internal.Serialization.*;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var policyOne = new Policy(\"policyOne\", PolicyArgs.builder()\n .name(\"policy-618033\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\"ec2:Describe*\")),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build());\n\n var policyTwo = new Policy(\"policyTwo\", PolicyArgs.builder()\n .name(\"policy-381966\")\n .policy(serializeJson(\n jsonObject(\n jsonProperty(\"Version\", \"2012-10-17\"),\n jsonProperty(\"Statement\", jsonArray(jsonObject(\n jsonProperty(\"Action\", jsonArray(\n \"s3:ListAllMyBuckets\", \n \"s3:ListBucket\", \n \"s3:HeadBucket\"\n )),\n jsonProperty(\"Effect\", \"Allow\"),\n jsonProperty(\"Resource\", \"*\")\n )))\n )))\n .build());\n\n var example = new Role(\"example\", RoleArgs.builder()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns( \n policyOne.arn(),\n policyTwo.arn())\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns:\n - ${policyOne.arn}\n - ${policyTwo.arn}\n policyOne:\n type: aws:iam:Policy\n name: policy_one\n properties:\n name: policy-618033\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - ec2:Describe*\n Effect: Allow\n Resource: '*'\n policyTwo:\n type: aws:iam:Policy\n name: policy_two\n properties:\n name: policy-381966\n policy:\n fn::toJSON:\n Version: 2012-10-17\n Statement:\n - Action:\n - s3:ListAllMyBuckets\n - s3:ListBucket\n - s3:HeadBucket\n Effect: Allow\n Resource: '*'\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n### Example of Removing Managed Policies\n\nThis example creates an IAM role with an empty `managed_policy_arns` argument. If someone attaches a policy out-of-band, on the next apply, this provider will detach that policy.\n\n\u003c!--Start PulumiCodeChooser --\u003e\n```typescript\nimport * as pulumi from \"@pulumi/pulumi\";\nimport * as aws from \"@pulumi/aws\";\n\nconst example = new aws.iam.Role(\"example\", {\n name: \"yak_role\",\n assumeRolePolicy: instanceAssumeRolePolicy.json,\n managedPolicyArns: [],\n});\n```\n```python\nimport pulumi\nimport pulumi_aws as aws\n\nexample = aws.iam.Role(\"example\",\n name=\"yak_role\",\n assume_role_policy=instance_assume_role_policy[\"json\"],\n managed_policy_arns=[])\n```\n```csharp\nusing System.Collections.Generic;\nusing System.Linq;\nusing Pulumi;\nusing Aws = Pulumi.Aws;\n\nreturn await Deployment.RunAsync(() =\u003e \n{\n var example = new Aws.Iam.Role(\"example\", new()\n {\n Name = \"yak_role\",\n AssumeRolePolicy = instanceAssumeRolePolicy.Json,\n ManagedPolicyArns = new[] {},\n });\n\n});\n```\n```go\npackage main\n\nimport (\n\t\"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam\"\n\t\"github.com/pulumi/pulumi/sdk/v3/go/pulumi\"\n)\n\nfunc main() {\n\tpulumi.Run(func(ctx *pulumi.Context) error {\n\t\t_, err := iam.NewRole(ctx, \"example\", \u0026iam.RoleArgs{\n\t\t\tName: pulumi.String(\"yak_role\"),\n\t\t\tAssumeRolePolicy: pulumi.Any(instanceAssumeRolePolicy.Json),\n\t\t\tManagedPolicyArns: pulumi.StringArray{},\n\t\t})\n\t\tif err != nil {\n\t\t\treturn err\n\t\t}\n\t\treturn nil\n\t})\n}\n```\n```java\npackage generated_program;\n\nimport com.pulumi.Context;\nimport com.pulumi.Pulumi;\nimport com.pulumi.core.Output;\nimport com.pulumi.aws.iam.Role;\nimport com.pulumi.aws.iam.RoleArgs;\nimport java.util.List;\nimport java.util.ArrayList;\nimport java.util.Map;\nimport java.io.File;\nimport java.nio.file.Files;\nimport java.nio.file.Paths;\n\npublic class App {\n public static void main(String[] args) {\n Pulumi.run(App::stack);\n }\n\n public static void stack(Context ctx) {\n var example = new Role(\"example\", RoleArgs.builder()\n .name(\"yak_role\")\n .assumeRolePolicy(instanceAssumeRolePolicy.json())\n .managedPolicyArns()\n .build());\n\n }\n}\n```\n```yaml\nresources:\n example:\n type: aws:iam:Role\n properties:\n name: yak_role\n assumeRolePolicy: ${instanceAssumeRolePolicy.json}\n managedPolicyArns: []\n```\n\u003c!--End PulumiCodeChooser --\u003e\n\n## Import\n\nUsing `pulumi import`, import IAM Roles using the `name`. For example:\n\n```sh\n$ pulumi import aws:iam/role:Role developer developer_name\n```\n", | |||
There was a problem hiding this comment.
This change relates to: #4588
|
Beautiful. I think if you add a patch ticket to track this with a ref to this PR and mark it as impact/breaking we'll be sure to revisit for v7 release. |
t0yv0
approved these changes
Oct 1, 2024
Does the PR have any schema changes?Looking good! No breaking changes found. Maintainer note: consult the runbook for dealing with any breaking changes. |
This was referenced Oct 2, 2024
|
This PR has been shipped in release v6.54.2. |
zemnmez-renovate-bot
added a commit
to zemn-me/monorepo
that referenced
this pull request
Oct 2, 2024
##### [`v6.54.2](https://github.com/pulumi/pulumi-aws/releases/tag/v6.54.2) ##### Does the PR have any schema changes? Looking good! No breaking changes found. No new resources/functions. #### What's Changed - Re-generate schema to fix aws.iam.Role description by [@t0yv0](https://github.com/t0yv0) in pulumi/pulumi-aws#4589 - Set explicit version for .NET core SDK requirement by [@justinvp](https://github.com/justinvp) in pulumi/pulumi-aws#4591 - Add pluralized lifecycle_policies to EFS file system data source by [@flostadler](https://github.com/flostadler) in pulumi/pulumi-aws#4590 - Update GitHub Actions workflows. by [@pulumi-bot](https://github.com/pulumi-bot) in pulumi/pulumi-aws#4592 **Full Changelog**: pulumi/pulumi-aws@v6.54.1...v6.54.2
github-merge-queue bot
pushed a commit
to zemn-me/monorepo
that referenced
this pull request
Oct 2, 2024
##### [`v6.54.2](https://github.com/pulumi/pulumi-aws/releases/tag/v6.54.2) ##### Does the PR have any schema changes? Looking good! No breaking changes found. No new resources/functions. #### What's Changed - Re-generate schema to fix aws.iam.Role description by [@t0yv0](https://github.com/t0yv0) in pulumi/pulumi-aws#4589 - Set explicit version for .NET core SDK requirement by [@justinvp](https://github.com/justinvp) in pulumi/pulumi-aws#4591 - Add pluralized lifecycle_policies to EFS file system data source by [@flostadler](https://github.com/flostadler) in pulumi/pulumi-aws#4590 - Update GitHub Actions workflows. by [@pulumi-bot](https://github.com/pulumi-bot) in pulumi/pulumi-aws#4592 **Full Changelog**: pulumi/pulumi-aws@v6.54.1...v6.54.2
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
lifecycle_policyoutput of theefs.getFileSystemdata source hasMaxItemsOnehardcoded on the Pulumi side and this triggers panics when there is more than one lifecycle policy on the resource.By adding a pluralized lifecycle_policies output and fixing the singular version to only return at most one element we're able to fix this panic without introducing breaking changes. To incentivize users to move to the pluralized version I've marked the singular version as deprecated.
During the next major release we can drop the patch (I'll create a tracking ticket once this PR goes in) and the auto-aliasing should correctly drop
MaxItemsOneas well. At that point we're tracking upstream behavior again.Fixes #4568