https://pulumi.com logo
#typescript
Title
# typescript
p

prehistoric-fish-76119

02/09/2024, 11:10 AM
How to trigger update only when
hashedPassword
changed:
Copy code
const traefikAuthSecret = new k8s.core.v1.Secret(
  "traefik-auth",
  {
    metadata: {
      name: `traefik-auth`,
      namespace: traefikNamespace.metadata.name,
    },
    stringData: {
      auth: `${httpUsername}:${hashedPassword}`,
    },
  },
  {
    ignoreChanges: ["data"],
  }
);
g

gentle-application-59272

02/13/2024, 8:17 AM
are you saying that it's not triggering an update when hashedPassword changes?
p

prehistoric-fish-76119

02/13/2024, 9:53 AM
@gentle-application-59272
hashedPassword
it's bcrypted password, it changed every run. I have:
Copy code
const hashedPassword = bcrypt.hashSync(password, 10);
I want to trigger secret update only in case of
password
changed, not
hashedPassword
. Probably there could be a way to save some checksum based on password.
g

gentle-application-59272

02/13/2024, 10:46 AM
hold up i'm sure i've seen a way to memoize a functional expression, hold up
this can be hacked together using something like random;
Copy code
const salt = new random.RandomString("random", {
  length: 22,
  special: false,
  keepers: {
    password
  }
});

const hash = salt.apply(salt => bcrypt.hashSync(password, `$2a$10$${salt}`))
in this case your hash will always be the same for the same random string
and if i'm not mistaken randomstring will stay the same unless password changes
p

prehistoric-fish-76119

02/13/2024, 11:52 AM
@gentle-application-59272 Interesting, I will take a look! 🙂 Thanks
g

gentle-application-59272

02/13/2024, 11:55 AM
you'll have to interpolate the hash into the string;
Copy code
import { interpolate } from '@pulumi/pulumi';

...

    stringData: {
      auth: interpolate`${httpUsername}:${hash}`,
    },
p

prehistoric-fish-76119

02/13/2024, 11:56 AM
What is
$2a$10$
?
g

gentle-application-59272

02/13/2024, 11:57 AM
the npm bcrypt library seems to use that semantically, it appends that to the head of the actual random 22 character salt, it could be like a 'salt version' marker
i'm not 100% sure but all salts I created by the npm bcrypt package appear to have it, without it the
hashSync
function fails
p

prehistoric-fish-76119

02/13/2024, 12:05 PM
@gentle-application-59272 Work like a charm! Thanks Only
salt.result.apply
.