rhythmic-sunset-53997
05/15/2023, 2:05 PMpulumi.Config()
inside a dynamic provider class, but kept getting errors that the configuration is not defined (even though it is). Turns out this is a known issue (Slack thread here, GH issue here).
However, a Pulumi blog post says this should be possible:
Provider Credentials
If you need to use the credentials used by the rest of your Pulumi app, also known as the ambient provider credentials, you can access the relevant credentials (and other configuration) through theThe code that is not working for me is:where<provider>.config
is the imported provider module.provider
class AlertRuleProvider(ResourceProvider):
def create(self, props):
_es_username = Config('foobar').require('password')
when run:
error: Exception calling application: Missing required configuration variable 'foobar:password'
please set a value using the command `pulumi config set foobar:password <value>`
---
I don’t want to pass the credentials as a prop to the provider, because then it gets stored in the state file. On top of the security concerns, I expect there will be problems with this when the credentials expire and new ones need to be used. So what is the correct approach to interface with 3rdparty APIs from dynamic providers?
Thank youclever-sunset-76585
05/15/2023, 4:02 PMprocess.env
yourself? I don't know if that would work though but worth a shot.rhythmic-sunset-53997
05/16/2023, 12:32 PMos.environ
when they are defined at the bash level (e.g. FOO=bar pulumi up
). It’s a little annoying because this way we have to ensure those are available in the environment of whoever is running the pulumi command.
The second suggestion, with consuming these from the stack config and then setting them as environment variables, does not work, sadly. I suspect this is due to the actual __main__.py
code running in a different process than the rest of the program? Whatever the cause, the provider can only see the environment variables it has set up itself.