https://pulumi.com logo
Join Slack
Powered by
Hi Team, Quick question which I think will actual...
# esc
s
Hi Team, Quick question which I think will actually be a feature request ... I was trying to set up an ESC environment to give access to an Oracle Cloud Infrastructure Tenancy so I could manage it's RBAC independently to the stack access. (Was trying to avoid having to lock down every pulumi stack just so I could remove access to some but maintain open access for the rest... hence trying to use ESC rather then stack secrets). However, OCI access config requires an 
oci_api_key.pem
certificate to be provided to pulumi config ... as per the pulumi docs here: https://www.pulumi.com/registry/packages/oci/installation-configuration/#pulumi-configuration However, I noticed that 
pulumi env set
Cannot take an input of a secret value from STDIN like 
pulumi config set
can as indicated by the docs. This means it is almost impossible (I've not managed it) to get the .pem file formatted the way the OCI provider is expecting it. ie you cannot run similar to
Copy code
# Set the private key from standard input to retain the format
cat "~/.oci/oci_api_key.pem" | pulumi env set org/proj/env pulumiConfig.oci:privateKey --secret
Is this a functionality hole? Or is there another way around that I am missing?
Errors from the 
pulumi env set
when trying to pass by STDIN
r
Here's the issue: https://github.com/pulumi/esc/issues/224 Please upvote it! There's a comment there that outlines how you can currently work around this.
s
Thanks Komal! ... Can give that a go and have upvoted the issue!
s
I was able to get this working at some point, but probably not via pure CLI. I believe I just pasted this in the UI and messed with the indentation there. (I know the part you need help with is listed as a comment, but I'm pretty sure that's how I got it working.) https://github.com/pulumi/workshops/blob/067c844c69030e8dc44e983ae658d6b6e1698921/oci-k8s-py/README.md?plain=1#L10-L31
s
Ah that makes sense! I did try to do it using the table view in the UI but that really doesn't like new lines!
hadn't clocked the 
fn::secret
trick in yaml!
s
Yeah, I think if you drop into the text editor you'll be able to get it working. BTW, I found that ESC really made things nice for working with OCI!
s
Yeah I think your snippet there from your workshop is a dream! Needs adding to some docs for sure 🤔
s
Where would you expect to find it? I don't know that we have an obvious home for that information.
s
Yeah hence the thinking face 😅
I didn't know either, but I definitely didn't come across the workshop example when searching around for an answer... hmmmn.
I feel like ideally it could go on the oci provider installation page?..
s
Agreed - it's current home is not great at all for discoverability.
s
s
Yeah, that's not a bad spot. I'll create an issue right now. What's your GH username so I can tag you in the issue (if that's ok)?
s
s
Open in Slack
PreviousNext
Powered by