https://pulumi.com logo
Title
s

straight-cartoon-24485

06/20/2021, 5:57 PM
How to access a service account's secret programmatically? Goal is to output the base64 decoded secret as an output variable, and refactor this hack:
export const getTokenWith = pulumi.interpolate `kubectl get secret/${dashboardServiceAccount.secrets[0].name} -n kube-system -o go-template='{{.data.token | base64decode}}'`
which "works" by returning:
getTokenWith: "kubectl get secret/admin-user-ys16knlv-token-xpqss -n kube-system -o go-template='{{.data.token | base64decode}}'"
which I then copy paste to get what I really need to log into the kubernetes dashboard with a token...
Maybe what I'm asking (in general) is: How to access a dependent auto-created sub-resource? I suppose there is a way to traverse the state DAG programmatically? The only examples I've seen so far were to access the state of explicitly defined resources, for which I have a direct programmatic handle on.
Looks like https://www.pulumi.com/docs/intro/concepts/resources/#resource-get could be used to read state, but shouldn't Pulumi already be aware of the child secret resource? or do I need to first https://www.pulumi.com/docs/intro/concepts/resources/#import so I can get a programmatic handle on the child-resource? (this approach looks redundant, as Pulumi is probably already aware of the secret)
s

sparse-park-68967

06/21/2021, 4:56 PM
Is the secret created in pulumi? You should be able to export it explicitly. You will need to pass the
--show-secrets
to show the secret when you do a
pulumi stack output
.