famous-kite-69533
03/26/2020, 7:14 PMconst s3AccessKeyIdSecret = args.s3AccessKeyId || config.getSecret('s3AccessKeyId')
const s3SecretAccessKeySecret = args.s3SecretAccessKey || config.getSecret('s3SecretAccessKey')
const s3AccessKeyId = pulumi.all([s3AccessKeyIdSecret]).apply(([id]) => id)
const s3SecretAccessKey = pulumi.all([s3SecretAccessKeySecret]).apply(([secret]) => secret)
How can I simplify this? I just want to get the secrets from Pulumi secrets if I don't specify them in the class. I am new to Typescript. Also, I am using these secrets in two objects, but for some reason the variables are not "empty" only when accessed the first time for the first object. When accessed for the second object the variables yield no values - I can see this in the config map that is created without those keys only for the second object; the objects are defined in the same scope and the keys that use these secrets are the same. Why aren't the variables working properly when used the second time? Thanks!white-balloon-205
const s3AccessKeyId = pulumi.output(args.s3AccessKeyId || config.getSecret('s3AccessKeyId'))
const s3SecretAccessKey = pulumi.output(args.s3SecretAccessKey || config.getSecret('s3SecretAccessKey'))
Depends a bit on what type you gave to args.s3AccessKeyId
.famous-kite-69533
03/26/2020, 7:47 PMfamous-kite-69533
03/26/2020, 7:52 PMlet walRestoreConfig = {}
const walBackupConfig = {
"BACKUP_SCHEDULE": walBackupSchedule,
"USE_WALG_BACKUP": String(enableWalBackups),
"BACKUP_NUM_TO_RETAIN": walBackupsToRetain,
"WAL_S3_BUCKET": s3Bucket,
"AWS_ACCESS_KEY_ID": s3AccessKeyId,
"AWS_SECRET_ACCESS_KEY": s3SecretAccessKey,
"AWS_ENDPOINT": s3Endpoint,
"AWS_REGION": s3Region,
"WALG_DISABLE_S3_SSE": "true"
}
if (clone) {
walRestoreConfig = {
"USEWALG_RESTORE": "true",
"CLONE_METHOD": "CLONE_WITH_WALE",
"CLONE_AWS_ACCESS_KEY_ID": s3AccessKeyId,
"CLONE_AWS_SECRET_ACCESS_KEY": s3SecretAccessKey,
"CLONE_AWS_ENDPOINT": s3Endpoint,
"CLONE_AWS_REGION": s3Region,
"CLONE_WAL_S3_BUCKET": s3Bucket,
"CLONE_WAL_BUCKET_SCOPE_SUFFIX": `/${cloneClusterID}`,
"CLONE_TARGET_TIME": cloneTargetTime,
"CLONE_SCOPE": cloneClusterName
}
}
then I am merging the two objects as data for the config map. s3AccessKeyId
and s3SecretAccessKey
are rendered fine in AWS_ACCESS_KEY_ID
and AWS_SECRET_ACCESS_KEY
but not in CLONE_AWS_ACCESS_KEY_ID
and CLONE_AWS_SECRET_ACCESS_KEY
. The last two are empty or something, causing the config map to be created without those keysfamous-kite-69533
03/26/2020, 7:53 PMfamous-kite-69533
03/26/2020, 7:55 PMconfig
is defined this way
const config: pulumi.Config = new pulumi.Config(`${appName}-cluster`)
and I forgot to set those secrets for the second cluster, which has empty values. I'll fix that and try againwhite-balloon-205
The last two are empty or something, causing the config map to be created without those keysHow are you populating the configmap? Note that
s3AccessKeyId
will be an Output<string>
so you'll need to make sure whereever you are using it understands how to serialize that. If its passed as an input to a Pulumi resource, that will happen automatically. If you are trying to further process it - you will need to use .apply
. See https://www.pulumi.com/docs/intro/concepts/programming-model/#outputs.famous-kite-69533
03/26/2020, 8:00 PMwhite-balloon-205
How are you populating the configmap?
famous-kite-69533
03/26/2020, 8:00 PMconst configMap = new k8s.core.v1.ConfigMap(`${appName}-config-map`,
{
metadata: {
name: podConfigMapName,
namespace: namespace
},
data: {...walBackupConfig, ...walRestoreConfig}
},
{
parent: this,
dependsOn: [
ns
]
}
);
But now it complains about what I am assigning to data
famous-kite-69533
03/26/2020, 8:01 PMData contains the configuration data. Each key must consist of alphanumeric characters, '-', '_' or '.'. Values with non-UTF-8 byte sequences must use the BinaryData field. The keys stored in Data must not overlap with the keys in the BinaryData field, this is enforced during validation process.
famous-kite-69533
03/26/2020, 8:01 PMfamous-kite-69533
03/26/2020, 8:01 PMfamous-kite-69533
03/26/2020, 8:02 PMfamous-kite-69533
03/26/2020, 8:08 PM.apply(v => v)
but it doesn't work... I'm confusedwhite-balloon-205
const configmap = new k8s.core.v1.ConfigMap("map", {
data: {
"a": pulumi.secret("hello"),
},
});
It might help to add pulumi.output({...walBackupConfig, ...walRestoreConfig}).apply(console.log)
to print out what the value you are trying to pass actually looks like.famous-kite-69533
03/26/2020, 8:12 PMAWS_ACCESS_KEY_ID: '[secret]',
AWS_SECRET_ACCESS_KEY: '[secret]',
The other values are set correctlywhite-balloon-205
const config = new pulumi.Config();
const s = config.requireSecret('secret');
const data = {
s: s,
}
const configmap = new k8s.core.v1.ConfigMap("map", {
data: { ...data},
});
export const configmapdata = configmap.data;
famous-kite-69533
03/26/2020, 8:21 PM