https://pulumi.com logo
b

best-xylophone-83824

09/09/2019, 4:04 PM
what is the easiest way to "wait" for whole object and then get is as JSON? I have gcp.serviceaccount.ServiceAccountKey, all of it's properties are Output<>, but object itself is not, so I tried following, but failed:
Copy code
const x = new gcp.serviceaccount.Key(...)
new k8s.core.v1.Secret("x", { data:  {key: x.apply(JSON.stringify) }} )
b

busy-umbrella-36067

09/09/2019, 4:06 PM
I think you have to wrap all the properties you need which are outputs inside of a
pulumi.all
c

cool-egg-852

09/09/2019, 4:06 PM
Copy code
const gcpCredentials = new k8s.core.v1.Secret('gcp-credentials', {
  metadata: {
    namespace: namespace.metadata.name,
    labels: config.appLabels
  },
  type: 'Opaque',
  stringData: {
    'gcp-credentials.json': serviceAccount.key.privateKey.apply(x => Buffer.from(x, 'base64').toString('utf8'))
  }
});
This is what we do in our projects
b

best-xylophone-83824

09/09/2019, 4:07 PM
that is just a key, not the whole json, right?
c

cool-egg-852

09/09/2019, 4:07 PM
It’s the entire GOOGLE_APPLICATION_CREDENTIALS file
So we mount this secret in our pods, and use an env
GOOGLE_APPLICATION_CREDENTIALS
as a path to the mount.
b

best-xylophone-83824

09/09/2019, 4:10 PM
@busy-umbrella-36067, if I set whole resource as stack output, it comes back as a plain JSON , so they already have a generic code which does all the promise resolution, I'll try to find it
@cool-egg-852, thanks, I'll check, but I recall there were problems with GOOGLE_APPLICATION_CREDENTIALS in a ruby library project is using
worth a shot nevertheless
@cool-egg-852,you were right, worked!
I was looking at .priavateKey in the stack output and though it is a whole .Key . got confused by the fact that inside that privateKey there is another
private_key
c

cool-egg-852

09/09/2019, 4:45 PM
Ah, yeah, it is confusing.