https://pulumi.com logo
Join Slack
Powered by
Hey guys - I've been playing around with ESC, and ...
# esc
l
Hey guys - I've been playing around with ESC, and the first use-case I thought of was to define all of our org's AWS accounts as top-level environments which could then be extended. I'm not seeing a way to define/update an environment just using a (local) yaml file + the cli, though. Is it only doable via the API? (or is there a nice little hack like piping into 
esc env edit
that I can use for testing? šŸ˜‰)
Also, very surprised by the lack of a git provider/sync solution right now! I may look into building something along those lines, if it doesn't already exist.
Also very sad you can't have additional forward slashes in environment names šŸ˜æ
The Pulumi Service provider also doesn't support interacting with ESC? šŸ˜ž I feel like I've fundamentally misunderstood something about ESC, because it seems to be trying very hard to not be manageable by any means other than manually
is there also not an openapi spec for the rest api?
Hacky script which abuses the 
--editor
arg of the ESC CLI to set the contents of an environment from a local yaml file:
Copy code
#!/bin/bash

environment="$1"
file="$2"

editor_script="$(mktemp)"
cat <<EOF >>$editor_script
#!/bin/bash
esc_file="\$1"
yq -i e 'load("$file")' \$esc_file
EOF

chmod +x "$editor_script"
esc env edit "$environment" --editor "$editor_script"
r
> The Pulumi Service provider also doesn't support interacting with ESC We're working on it! https://github.com/pulumi/pulumi-pulumiservice/issues/225 Also working on SDKs/Open API spec. ā€¢ https://github.com/pulumi/esc/pull/271 ā€¢ https://github.com/pulumi/esc/pull/276
Also, very surprised by the lack of a git provider/sync solution right now!
Can you say more about what you're looking for here?
l
Nice! Thanks Komal, I'll follow those issues. In particular, the part of ESC that interests me is the environments, rather than the secret integration. It seems like it would make referencing various aws accounts and prod/staging/dev a lot easier, as their centralised nature means I can put a Pulumi project anywhere and still be able to import that information from the org ESC. The main use case right now is defining our aws accounts in esc. This could probably be achieved via stack references, but ESC handles inheritance in an intuitive way that I quite like, with proper support for permissions, and is easy to teach. The inheritance naturally works well with directories in a git repo, and defining our environments in git and then having them sync to ESC is basically what I'm looking for. I've put together a small proof of concept which looks like this (see why I wanted to put slashes in the env names? šŸ™‚) :
Copy code
environments/
ā””ā”€ā”€ aws-accounts/
    ā”œā”€ā”€ account-1.yaml   # in esc: org/aws-accounts_account-1
    ā”œā”€ā”€ account-1/
    ā”‚   ā”œā”€ā”€ prod.yaml    # in esc: org/aws-accounts_account-1_prod, inherits from ../account-1.yaml
    ā”‚   ā”œā”€ā”€ stage.yaml   # in esc: org/aws-accounts_account-1_stage
    ā”‚   ā””ā”€ā”€ dev.yaml     # in esc: org/aws-accounts_account-1_dev
    ā””ā”€ā”€ account-2.yaml   # in esc: org/aws-accounts_account-2, inherits from ../account-2.yaml/
        ā”œā”€ā”€ prod.yaml    # in esc: org/aws-accounts_account-2_prod
        ā”œā”€ā”€ stage.yaml   # in esc: org/aws-accounts_account-2_stage
        ā””ā”€ā”€ dev.yaml     # in esc: org/aws-accounts_account-2_dev
Given Pulumi's focus on IaC I'm surprised that ESC didn't already have a solution for recursively syncing a directory/repo of yaml files. It feels like the most natural place to define environments, along with the infrastructure that defines the core of those environments. Since this doesn't already exist, I feel I'm misunderstanding ESC's strengths. Have you found that ESC is better focused on being more of an integrated central secret store?
r
Given Pulumi's focus on IaC I'm surprised that ESC didn't already have a solution for recursively syncing a directory/repo of yaml files. It feels like the most natural place to define environments, along with the infrastructure that defines the core of those environments.
Yeah, something like what you describe is in the plans for GA. It has come up in a number of contexts, one solution is the pulumiservice provider which we will be pursuing in the next month. Syncing from git is another option we've deliberated. Here are some relevant issues: ā€¢ https://github.com/pulumi/esc/issues/63 ā€¢ https://github.com/pulumi/esc/issues/185 Definitely upvote/add comments because we use that to guide prioritization.
2 Views
Open in Slack
PreviousNext
Powered by