wave Hey All currently struggling to figure out why this va Pulumi Community #typescript

:wave: Hey All, currently struggling to figure out...

echoing-oil-42947

06/02/2023, 9:05 PM

👋 Hey All, currently struggling to figure out why this vault database static role is failing... If I attempt to create it in the vault UI, it works correctly; but it doesn't want to go through via Pulumi: Source:

Copy code

import * as pulumi from "@pulumi/pulumi";
import * as postgres from "@pulumi/postgresql";
import * as vault from "@pulumi/vault";
import { PostgresAdminProvider } from "../../providers/postgres";
import { VaultProvider } from "../../providers";

export const zipline = new pulumi.ComponentResource(
  "zipline",
  "zipline",
  {},
  {}
);

const ZiplineRole = new postgres.Role(
  "zipline-pg-role",
  {
    name: "zipline",
    password: "password",
    login: true,
  },
  { parent: zipline, provider: PostgresAdminProvider }
);

const ZiplineVaultRole = new vault.database.SecretBackendStaticRole(
  "zipline-vault-pg-role",
  {
    name: "consus-pg-zipline",
    username: ZiplineRole.name,
    rotationPeriod: 86400,
    backend: "database",
    dbName: "consus-pg-postgres",
  },
  { provider: VaultProvider, parent: zipline}
);

const ZiplineDb = new postgres.Database(
  "zipline-pg-db",
  {
    name: "zipline",
    owner: ZiplineRole.name,
  },
  { parent: zipline, provider: PostgresAdminProvider }
);

Error:

Copy code

Updating (main)

View in Browser (Ctrl+O): <https://app.pulumi.com/ItsMeBrianD/NomadHomelab/main/updates/18>

     Type                                          Name                   Status                  Info
     pulumi:pulumi:Stack                           NomadHomelab-main      **failed**              1 error
 +   ├─ zipline                                    zipline                created (0.76s)         
 +   │  ├─ postgresql:index:Role                   zipline-pg-role        created (1s)            
 +   │  ├─ postgresql:index:Database               zipline-pg-db          created (3s)            
 +   │  └─ vault:database:SecretBackendStaticRole  zipline-vault-pg-role  **creating failed**     1 error
 ~   └─ pulumi:providers:postgresql                postgres-admin         updated (0.20s)         [diff: ~username]


Diagnostics:
  pulumi:pulumi:Stack (NomadHomelab-main):
    error: update failed

  vault:database:SecretBackendStaticRole (zipline-vault-pg-role):
    error: 1 error occurred:
        * error creating static role "consus-pg-zipline" for backend "database": Error making API request.
    
    URL: PUT <https://vault.i.hl1.io/v1/database/static-roles/consus-pg-zipline>
    Code: 500. Errors:
    
    * 1 error occurred:
        * "consus-pg-zipline" is not an allowed role

Resources:
    + 3 created
    ~ 1 updated
    4 changes. 4 unchanged

Duration: 8s

11 Views

Open in Slack

Previous Next