How to trigger update only when `hashedPassword` changed ``` Pulumi Community #typescript

How to trigger update only when `hashedPassword` c...

prehistoric-fish-76119

02/09/2024, 11:10 AM

How to trigger update only when

hashedPassword

changed:

Copy code

const traefikAuthSecret = new k8s.core.v1.Secret(
  "traefik-auth",
  {
    metadata: {
      name: `traefik-auth`,
      namespace: traefikNamespace.metadata.name,
    },
    stringData: {
      auth: `${httpUsername}:${hashedPassword}`,
    },
  },
  {
    ignoreChanges: ["data"],
  }
);

gentle-application-59272

02/13/2024, 8:17 AM

are you saying that it's not triggering an update when hashedPassword changes?

prehistoric-fish-76119

02/13/2024, 9:53 AM

@gentle-application-59272

hashedPassword

it's bcrypted password, it changed every run. I have:

Copy code

const hashedPassword = bcrypt.hashSync(password, 10);

I want to trigger secret update only in case of

password

changed, not

hashedPassword

. Probably there could be a way to save some checksum based on password.

gentle-application-59272

02/13/2024, 10:46 AM

hold up i'm sure i've seen a way to memoize a functional expression, hold up

gentle-application-59272

02/13/2024, 11:05 AM

this can be hacked together using something like random;

Copy code

const salt = new random.RandomString("random", {
  length: 22,
  special: false,
  keepers: {
    password
  }
});

const hash = salt.apply(salt => bcrypt.hashSync(password, `$2a$10$${salt}`))

gentle-application-59272

02/13/2024, 11:05 AM

in this case your hash will always be the same for the same random string

gentle-application-59272

02/13/2024, 11:05 AM

and if i'm not mistaken randomstring will stay the same unless password changes

prehistoric-fish-76119

02/13/2024, 11:52 AM

@gentle-application-59272 Interesting, I will take a look! 🙂 Thanks

gentle-application-59272

02/13/2024, 11:55 AM

you'll have to interpolate the hash into the string;

Copy code

import { interpolate } from '@pulumi/pulumi';

...

    stringData: {
      auth: interpolate`${httpUsername}:${hash}`,
    },

prehistoric-fish-76119

02/13/2024, 11:56 AM

What is

$2a$10$

gentle-application-59272

02/13/2024, 11:57 AM

the npm bcrypt library seems to use that semantically, it appends that to the head of the actual random 22 character salt, it could be like a 'salt version' marker

gentle-application-59272

02/13/2024, 11:57 AM

i'm not 100% sure but all salts I created by the npm bcrypt package appear to have it, without it the

hashSync

function fails

prehistoric-fish-76119

02/13/2024, 12:05 PM

@gentle-application-59272 Work like a charm! Thanks Only

salt.result.apply

Open in Slack

Previous Next