Output-ify JSON use in CreateRoleStack (#1325)

Co-authored-by: Matthew (Matt) Jeffryes <[email protected]>
Co-authored-by: Richard Shade <[email protected]>
Co-authored-by: Luke Hoban <[email protected]>
Co-authored-by: Richard Shade <[email protected]>

Author: 4 people

aws-cs-assume-role/create-role/CreateRoleStack.cs

@@ -25,16 +25,33 @@ public CreateRoleStack()
         // https://www.pulumi.com/docs/intro/concepts/resources/#additionalsecretoutputs
         new CustomResourceOptions { AdditionalSecretOutputs = { "secret" } });
 
-        var tempPolicy = unprivilegedUser.Arn.Apply((string arn) =>
-        {
-            AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(arn);
-            return JsonSerializer.Serialize<AssumeRolePolicyArgs>(policyArgs);
-        });
+        AssumeRolePolicyArgs policyArgs = new AssumeRolePolicyArgs(unprivilegedUser.Arn);
+        var tempPolicy = Output.Create(policyArgs).Apply(args => JsonSerializer.Serialize(args,
+            new JsonSerializerOptions
+            {
+                WriteIndented = false,
+                PropertyNamingPolicy = null // Remove camelCase policy
+            }));
+
+        // Alternative approach using a direct string-based policy document
+        var directPolicy = unprivilegedUser.Arn.Apply(arn => @$"{{
+            ""Version"": ""2012-10-17"",
+            ""Statement"": [
+                {{
+                    ""Sid"": ""AllowAssumeRole"",
+                    ""Effect"": ""Allow"",
+                    ""Principal"": {{
+                        ""AWS"": ""{arn}""
+                    }},
+                    ""Action"": ""sts:AssumeRole""
+                }}
+            ]
+        }}");
 
         var allowS3ManagementRole = new Iam.Role("allow-s3-management", new Iam.RoleArgs
         {
             Description = "Allow management of S3 buckets",
-            AssumeRolePolicy = tempPolicy
+            AssumeRolePolicy = directPolicy // Use the direct string approach instead
         });
 
         var rolePolicy = new Iam.RolePolicy("allow-s3-management-policy", new Iam.RolePolicyArgs
@@ -60,42 +77,49 @@ public CreateRoleStack()
 
     public class AssumeRolePolicyArgs
     {
+        [JsonPropertyName("Version")]
         public string Version => "2012-10-17";
-        public StatementArgs Statement { get; private set; }
 
-        public AssumeRolePolicyArgs(string arn)
+        [JsonPropertyName("Statement")]
+        public StatementArgs[] Statement { get; private set; }
+
+        public AssumeRolePolicyArgs(Input<string> arn)
         {
-            Statement = new StatementArgs(arn);
+            Statement = new StatementArgs[] { new StatementArgs(arn) };
         }
-
     }
 
     public class StatementArgs
     {
+        [JsonPropertyName("Sid")]
         public string Sid => "AllowAssumeRole";
+
+        [JsonPropertyName("Effect")]
         public string Effect => "Allow";
+
+        [JsonPropertyName("Principal")]
         public PrincipalArgs Principal { get; private set; }
+
+        [JsonPropertyName("Action")]
         public string Action => "sts:AssumeRole";
 
-        public StatementArgs(string arn)
+        public StatementArgs(Input<string> arn)
         {
             Principal = new PrincipalArgs(arn);
         }
     }
 
     public class PrincipalArgs
     {
-        public string AWS { get; private set; }
+        [JsonPropertyName("AWS")]
+        public Input<string> AWS { get; private set; }
 
-        public PrincipalArgs(string arn)
+        public PrincipalArgs(Input<string> arn)
         {
             AWS = arn;
         }
     }
 
-
-
-
     [Output]
     public Output<string> roleArn { get; set; }
     [Output]