https://pulumi.com logo
Powered by
#yaml
Title
# yaml
s

straight-arm-50771

10/05/2022, 7:48 PM
I'm fetching some secrets that are returned as JSON, yet they're classed somewhere as a string. I get this error:
Copy code
Error: kubernetes:core/v1:Secret is not assignable from {type: string, metadata: {name: string, namespace: string}, data: string}
      on Pulumi.yaml line 537:
     537:         ${dockerHubCredentials}
    Cannot assign '{type: string, metadata: {name: string, namespace: string}, data: string}' to 'kubernetes:core/v1:Secret':
      data: Cannot assign type 'string' to type 'Map<string>'
# Pulumi.yaml #
Copy code
variables:
  dockerHubCredentials:
    Fn::Invoke:
      Function: gcp:secretmanager/getSecretVersion:getSecretVersion
      Arguments:
        secret: k8s_global_dockerhub-regcred
        project: myproj
      Return: secretData

resources:
  regcred:
    type: kubernetes:core/v1:Secret
    properties:
      type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
      metadata:
        name: regcred
        namespace: some-ns
      data:
        ${dockerHubCredentials}

outputs:
  debugRegCred: ${dockerHubCredentials}
# Return #
Copy code
Outputs:
debugRegCred: {".dockerconfigjson": "my-base64-encoded-config"}
b

billowy-army-68599

10/05/2022, 8:04 PM
I think you need to set a key name:
Copy code
data:
       something: ${dockerHubCredentials}
s

straight-arm-50771

10/05/2022, 8:09 PM
yea, that's in the json return. looking to leverage this for secrets that have 20+ key/value pairs. If I drop in the JSON in place of the variable 
${dockerHubCredentials}
, it works. The pulumi up return recognizes it as a JSON:
Copy code
Outputs:
    debugDeployment: "stage"
    debugDomain    : "<http://example.com|example.com>"
    debugRegCred   : (json) {
        .dockerconfigjson: "my-base64-encoded-config"
    }

    helmDeploy     : "foo/bar"
    k8s            : "10.10.10.10"
this is a work-around to 
kubernetes:yaml:ConfigFile
not being available yet
if I could ingest the raw secrets def, that would work too
(but set the variable from the return of getSecretVersion)
b

billowy-army-68599

10/05/2022, 8:17 PM
I tnink it would be better to remove the 
.dockerconfigjson
part from the retrieved secret, and only have it return the secret itself, then you can do
Copy code
.dockerconfigjson: ${dockerHubCredentials}
it’s going to be tricky to manage if you’re trying to split strings and such like in the YAML config
s

straight-arm-50771

10/05/2022, 8:19 PM
eh, was afraid of that. we have hundreds of secrets though across multiple namespaces per deployment. was trying to consolidate this down to 1 config per NS
Powered by