https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
w
If I understand what you are trying to do - I believe this is equivalent to what you shared:
Copy code
const s3AccessKeyId = pulumi.output(args.s3AccessKeyId || config.getSecret('s3AccessKeyId'))
const s3SecretAccessKey = pulumi.output(args.s3SecretAccessKey || config.getSecret('s3SecretAccessKey'))
Depends a bit on what type you gave to 
args.s3AccessKeyId
.
f
Trying now - I am reading from Pulumi secrets now, ignoring the args
Weird, same thing. I have this besides the code you suggested:
Copy code
let walRestoreConfig = {}

    const walBackupConfig = {
      "BACKUP_SCHEDULE": walBackupSchedule,
      "USE_WALG_BACKUP": String(enableWalBackups),
      "BACKUP_NUM_TO_RETAIN": walBackupsToRetain,
      "WAL_S3_BUCKET": s3Bucket,
      "AWS_ACCESS_KEY_ID": s3AccessKeyId,
      "AWS_SECRET_ACCESS_KEY": s3SecretAccessKey,
      "AWS_ENDPOINT": s3Endpoint,
      "AWS_REGION": s3Region,
      "WALG_DISABLE_S3_SSE": "true"
    }

    if (clone) {
      walRestoreConfig = {
        "USEWALG_RESTORE": "true",
        "CLONE_METHOD": "CLONE_WITH_WALE",
        "CLONE_AWS_ACCESS_KEY_ID": s3AccessKeyId,
        "CLONE_AWS_SECRET_ACCESS_KEY": s3SecretAccessKey,
        "CLONE_AWS_ENDPOINT": s3Endpoint,
        "CLONE_AWS_REGION": s3Region,
        "CLONE_WAL_S3_BUCKET": s3Bucket,
        "CLONE_WAL_BUCKET_SCOPE_SUFFIX": `/${cloneClusterID}`,
        "CLONE_TARGET_TIME": cloneTargetTime,
        "CLONE_SCOPE": cloneClusterName
      }
    }
then I am merging the two objects as data for the config map. 
s3AccessKeyId
and 
s3SecretAccessKey
are rendered fine in 
AWS_ACCESS_KEY_ID
and 
AWS_SECRET_ACCESS_KEY
but not in 
CLONE_AWS_ACCESS_KEY_ID
and 
CLONE_AWS_SECRET_ACCESS_KEY
. The last two are empty or something, causing the config map to be created without those keys
Actually no, with that change all of those 4 keys are missing now
Oops. I think I know why the values were missing for the second object 😄 
config
is defined this way
Copy code
const config: pulumi.Config = new pulumi.Config(`${appName}-cluster`)
and I forgot to set those secrets for the second cluster, which has empty values. I'll fix that and try again
w
The last two are empty or something, causing the config map to be created without those keys
How are you populating the configmap? Note that 
s3AccessKeyId
will be an 
Output<string>
so you'll need to make sure whereever you are using it understands how to serialize that. If its passed as an input to a Pulumi resource, that will happen automatically. If you are trying to further process it - you will need to use 
.apply
. See https://www.pulumi.com/docs/intro/concepts/programming-model/#outputs.
f
I am confused as to what changes to make besides what you suggested earlier 🙂
w
How are you populating the configmap?
f
The config map is as follows:
Copy code
const configMap = new k8s.core.v1.ConfigMap(`${appName}-config-map`, 
      {
        metadata: {
          name: podConfigMapName,
          namespace: namespace
        },
        data: {...walBackupConfig, ...walRestoreConfig}
      },
      {
        parent: this,
        dependsOn: [
          ns
        ]
      }
    );
But now it complains about what I am assigning to 
data
I get
Copy code
Data contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
I wasn't getting this before
Interesting, if I replace the variables names with strings that error disappears
How do I use apply with the code you suggested earlier?
I have tried appending 
.apply(v => v)
but it doesn't work... I'm confused
w
I must be missing something about what the full code looks like. Morally - I understand you to be doing something like this - which works as expected for me:
Copy code
const configmap = new k8s.core.v1.ConfigMap("map", {
    data: {
        "a": pulumi.secret("hello"),
    },
});
It might help to add 
pulumi.output({...walBackupConfig, ...walRestoreConfig}).apply(console.log)
to print out what the value you are trying to pass actually looks like.
f
The console.log shows the following:
Copy code
AWS_ACCESS_KEY_ID: '[secret]',
      AWS_SECRET_ACCESS_KEY: '[secret]',
The other values are set correctly
w
Ah - that's actually because we are blinding the values in the console output for you 🙂. I honestly can't tell without seeing your full code - nothing looks wrong that you've shown me. This example seems to have all the same things you are doing - and works fine:
Copy code
const config = new pulumi.Config();
const s = config.requireSecret('secret');

const data = {
    s: s,
}

const configmap = new k8s.core.v1.ConfigMap("map", {
    data:  { ...data},
});

export const configmapdata = configmap.data;
f
Working! 😄 It didn't like the syntax I was using to merge the two objects for some reason. Or so it seems 😄 I am now setting a different object with some or all the config settings in the if/else and it's working. I can see the secrets just fine now in the configmap (don't ask me why secrets in a configmap... it's the way the Zalando operator for Postgres works). Thanks a lot!
👍 1
16 Views
Open in Slack
PreviousNext
Powered by