Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
s
straight-arm-50771
10/05/2022, 7:48 PMI'm fetching some secrets that are returned as JSON, yet they're classed somewhere as a string. I get this error:
Error: kubernetes:core/v1:Secret is not assignable from {type: string, metadata: {name: string, namespace: string}, data: string}
on Pulumi.yaml line 537:
537: ${dockerHubCredentials}
Cannot assign '{type: string, metadata: {name: string, namespace: string}, data: string}' to 'kubernetes:core/v1:Secret':
data: Cannot assign type 'string' to type 'Map<string>'variables:
dockerHubCredentials:
Fn::Invoke:
Function: gcp:secretmanager/getSecretVersion:getSecretVersion
Arguments:
secret: k8s_global_dockerhub-regcred
project: myproj
Return: secretData
resources:
regcred:
type: kubernetes:core/v1:Secret
properties:
type: <http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>
metadata:
name: regcred
namespace: some-ns
data:
${dockerHubCredentials}
outputs:
debugRegCred: ${dockerHubCredentials}Outputs:
debugRegCred: {".dockerconfigjson": "my-base64-encoded-config"}b
billowy-army-68599
10/05/2022, 8:04 PMI think you need to set a key name:
data:
something: ${dockerHubCredentials}s
straight-arm-50771
10/05/2022, 8:09 PMyea, that's in the json return. looking to leverage this for secrets that have 20+ key/value pairs. If I drop in the JSON in place of the variable
${dockerHubCredentials}Outputs:
debugDeployment: "stage"
debugDomain : "<http://example.com|example.com>"
debugRegCred : (json) {
.dockerconfigjson: "my-base64-encoded-config"
}
helmDeploy : "foo/bar"
k8s : "10.10.10.10"this is a work-around to
kubernetes:yaml:ConfigFileif I could ingest the raw secrets def, that would work too
trying to do something like this: https://www.pulumi.com/docs/reference/yaml/#substitution
(but set the variable from the return of getSecretVersion)
b
billowy-army-68599
10/05/2022, 8:17 PMI tnink it would be better to remove the
.dockerconfigjson.dockerconfigjson: ${dockerHubCredentials}it’s going to be tricky to manage if you’re trying to split strings and such like in the YAML config
s
straight-arm-50771
10/05/2022, 8:19 PMeh, was afraid of that. we have hundreds of secrets though across multiple namespaces per deployment. was trying to consolidate this down to 1 config per NS