adds instanceProfileName field to nodegroups #1496
Conversation
Does the PR have any schema changes?Looking good! No breaking changes found. |
nodejs/eks/nodegroup.ts
Outdated
| @@ -652,19 +653,54 @@ export function createNodeGroup( | |||
| return createNodeGroupInternal(name, args, pulumi.output(core), parent, provider); | |||
| } | |||
|
|
|||
| export function resolveOrGetInstanceProfile( | |||
There was a problem hiding this comment.
Could you please add function docs explaining what this function is exactly doing and when it's throwing errors. Thanks!
| @@ -4,28 +4,28 @@ | |||
|
|
|||
| "@ampproject/remapping@^2.2.0": | |||
| version "2.3.0" | |||
| resolved "https://registry.yarnpkg.com/@ampproject/remapping/-/remapping-2.3.0.tgz#ed441b6fa600072520ce18b43d2c8cc8caecc7f4" | |||
There was a problem hiding this comment.
These seem to be unrelated changes
nodejs/eks/nodegroup.ts
Outdated
| if (args.instanceProfile || c.nodeGroupOptions.instanceProfile) { | ||
| return args.instanceProfile ?? c.nodeGroupOptions.instanceProfile!; | ||
| } | ||
| return aws.iam.InstanceProfile.get( |
There was a problem hiding this comment.
I think pulling in the resource with the .get function would incur RUM costs. We circumvent this by using the data source instead.
It seems like we're only interested in the ARN, right? Instance Profile ARNs follow this format: arn:aws:iam::<account-id>:instance-profile/<profile-name>.
If we know the name we can construct it without having to load the resource.
In that case we need other props, we could use iam.getInstanceProfileOutput instead.
| }, | ||
| "instanceProfileName": { | ||
| TypeSpec: schema.TypeSpec{Type: "string"}, | ||
| Description: "The name of the IAM InstanceProfile to use on the NodeGroup.", |
There was a problem hiding this comment.
We should point out here that instanceProfile and instanceProfileName is mutually exclusive.
nodejs/eks/nodegroup.ts
Outdated
| name: string, | ||
| args: Omit<NodeGroupOptions, "cluster">, | ||
| c: pulumi.UnwrappedObject<CoreData>, |
There was a problem hiding this comment.
Why did you have to make this change?
nodejs/eks/nodegroup.ts
Outdated
| resolveOrGetInstanceProfile(name, args, c, parent, provider), | ||
| ); | ||
|
|
||
| const instanceProfileName = resolveInstanceProfileName(name, args, core, parent) |
There was a problem hiding this comment.
Why not do core.apply(c => resolveInstanceProfileName(...)) instead like before?
That way resolveInstanceProfileName can stay out of the output-space and operate on promptly available data instead. That would simplify testing
There was a problem hiding this comment.
The function would change to this in that case:
export function resolveInstanceProfileName(
nodeGroupName: string,
args: Omit<NodeGroupOptions, "cluster">,
c: pulumi.UnwrappedObject<CoreData>,
parent: pulumi.ComponentResource,
): pulumi.Output<string> {
if (
!args.instanceProfile &&
!args.instanceProfileName &&
!c.nodeGroupOptions.instanceProfile &&
!c.nodeGroupOptions.instanceProfileName
) {
throw new pulumi.ResourceError(
`an instanceProfile or instanceProfileName is required`,
parent,
);
}
if (
(args.instanceProfile || c.nodeGroupOptions.instanceProfile) &&
(args.instanceProfileName || c.nodeGroupOptions.instanceProfileName)
) {
throw new pulumi.ResourceError(
`invalid args for node group ${name}, instanceProfile and instanceProfileName are mutually exclusive`,
parent,
);
}
return args.instanceProfile?.name ?? pulumi.output(c.nodeGroupOptions.instanceProfileName!)
}There was a problem hiding this comment.
I'd also slightly change the definedness checks to check for all possible cases:
export function resolveInstanceProfileName(
name: string,
args: Omit<NodeGroupOptions, "cluster">,
c: pulumi.UnwrappedObject<CoreData>,
parent: pulumi.ComponentResource,
): pulumi.Output<string> {
// todo check the mutual exclusive'ness
if (args.instanceProfileName) {
return pulumi.output(args.instanceProfileName);
} else if (c.nodeGroupOptions.instanceProfileName) {
return pulumi.output(c.nodeGroupOptions.instanceProfileName);
} else if (args.instanceProfile) {
return args.instanceProfile.name;
} else if (c.nodeGroupOptions.instanceProfile) {
return c.nodeGroupOptions.instanceProfile.name;
} else {
throw new pulumi.ResourceError(
`an instanceProfile or instanceProfileName is required`,
parent,
);
}
}
nodejs/eks/nodegroup.ts
Outdated
| (args.instanceProfile || c.nodeGroupOptions.instanceProfile) && | ||
| (args.instanceProfileName || c.nodeGroupOptions.instanceProfileName) | ||
| ) { | ||
| ): pulumi.Output<string> | undefined { |
There was a problem hiding this comment.
Shouldn't this always return a value?
Proposed changes
Add
instanceProfileNameas anInput<string>field toNodeGroupandNodeGroupV2. This would unblock pulumi/pulumi-self-hosted-installers#181 by creating a path for users to create anInstanceProfilein a separate stack from theNodeGroupand pass the instance profile's name by stack reference. Currently pulumi/pulumi#17515, preventsNodeGroupcomponents from acceptingInstanceProfilevalues created in another stack and provided to theNodeGroup's stack byaws.iam.InstanceProfile.get(), and theinstanceProfileparameter cannot accept anInstanceProfileresource passed by stack reference because theinstanceProfileparameter is a plainInstanceProfiletype, not anInput<InstanceProfile>.Related issues (optional)
Closes #1497