Simplify examples

pulumi · Oct 16, 2024 · dd44cba · dd44cba
1 parent 8affc67
commit dd44cba
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 12 deletions.
diff --git a/examples/cluster/index.ts b/examples/cluster/index.ts
@@ -19,7 +19,7 @@ const cluster1 = new eks.Cluster(`${projectName}-1`, {
     nodeAmiId: "ami-066e69f6f03b5383e",
 });
 
-export const defaultAsgArn: pulumi.Output<string> = cluster1.defaultNodeGroup.apply(ng => ng?.autoScalingGroup.arn ?? pulumi.output(""));
+export const defaultAsgName: pulumi.Output<string> = cluster1.defaultNodeGroupAsgName;
 
 const cluster2 = new eks.Cluster(`${projectName}-2`, {
     vpcId: vpc.vpcId,

diff --git a/examples/examples_nodejs_test.go b/examples/examples_nodejs_test.go
@@ -57,7 +57,7 @@ func TestAccCluster(t *testing.T) {
 					info.Outputs["kubeconfig4"],
 				)
 
-				assert.NotEmpty(t, info.Outputs["defaultAsgArn"], "should have a default ASG")
+				assert.NotEmpty(t, info.Outputs["defaultAsgName"], "should have a default ASG")
 
 				// let's test there's a iamRoleArn specified for the cluster
 				assert.NotEmpty(t, info.Outputs["iamRoleArn"])

diff --git a/examples/extra-sg/index.ts b/examples/extra-sg/index.ts
@@ -61,7 +61,7 @@ const nodeIngressRule = new aws.ec2.SecurityGroupRule("nodeIngressRule", {
   fromPort: 0,
   toPort: 65535,
   protocol: "tcp",
-  securityGroupId: cluster.nodeSecurityGroup.apply((sg) => sg!.id),
+  securityGroupId: cluster.nodeSecurityGroupId,
   sourceSecurityGroupId: customSecurityGroup.id,
 });
 
@@ -108,6 +108,6 @@ const ng = new eks.NodeGroupV2("example-mng", {
   amiId: "ami-066e69f6f03b5383e",
   extraNodeSecurityGroups: [
     customSecurityGroup, // Plain type
-    cluster.nodeSecurityGroup.apply(sg => sg!), // Input type
+    cluster.nodeSecurityGroupId, // Input type
   ],
 });
diff --git a/examples/oidc-iam-sa/index.ts b/examples/oidc-iam-sa/index.ts
@@ -19,8 +19,6 @@ export const kubeconfig = cluster.kubeconfig;
 if (!cluster?.core?.oidcProvider) {
     throw new Error("Invalid cluster OIDC provider URL");
 }
-const clusterOidcProvider = cluster.core.oidcProvider;
-export const clusterOidcProviderUrl = clusterOidcProvider.apply(u => u!.url);
 
 // Setup Pulumi Kubernetes provider.
 const provider = new k8s.Provider("eks-k8s", {
@@ -34,22 +32,21 @@ export const appsNamespaceName = appsNamespace.metadata.name;
 // Create the new IAM policy for the Service Account using the
 // AssumeRoleWebWebIdentity action.
 const saName = "s3";
-const oidcProviderArn = clusterOidcProvider.apply(o => o!.arn);
-const saAssumeRolePolicy = pulumi.all([clusterOidcProviderUrl, oidcProviderArn, appsNamespaceName]).apply(([url, arn, namespace]) => aws.iam.getPolicyDocument({
+const saAssumeRolePolicy = aws.iam.getPolicyDocument({
     statements: [{
         actions: ["sts:AssumeRoleWithWebIdentity"],
         conditions: [{
             test: "StringEquals",
-            values: [`system:serviceaccount:${namespace}:${saName}`],
-            variable: `${url.replace("https://", "")}:sub`,
+            values: [pulumi.interpolate`system:serviceaccount:${appsNamespaceName}:${saName}`],
+            variable: pulumi.interpolate`${cluster.oidcIssuer}:sub`,
         }],
         effect: "Allow",
         principals: [{
-            identifiers: [arn],
+            identifiers: [cluster.oidcProviderArn],
             type: "Federated",
         }],
     }],
-}));
+});
 
 const saRole = new aws.iam.Role(saName, {
     assumeRolePolicy: saAssumeRolePolicy.json,