I use Pulumi's `RandomPassword` to generate a pass...
# general
b
I use Pulumi's
RandomPassword
to generate a password, and then I use bcrypt to store the hash in my nginx configuration. Like so:
Copy code
this.basicAuthPassword = new RandomPassword('basic-auth-password', {
  length: 40,
  special: false,
});

const passwordHash = this.basicAuthPassword.result.apply((password) => {
  return hashSync(password);
});
unfortunately the hash generated changes every time because bcrypt generates a random hash. How can I deal with this with pulumi?
l
Can the hashSync function take a fixed seed? Or even a seed derived from one of Random's functions?
b
unfortunately not 😞 I could give it a fixed salt, but I would need to generate it as well (using bcrypt.genSalt)
l
I think a fixed salt is what you'll need. You can't set it from something constant?
You could wrap it in a bcrpyt dynamic provider, and store the value in state...
Actually that'd be handy for other people too, I bet...
👏 1
b
I'll read up on that 🙂
I'm working on making that a reality, so far not so bad but I have a few questions about Dynamic Resource providers. 1. The example about Dynamic Resource Ouputs mentions that you can provide typings for the Outputs, but does not use it anywhere https://www.pulumi.com/docs/intro/concepts/resources/#dynamic-resource-outputs (the
MyResourceProviderOutputs
interface is not used anywhere and I can't see how the
MyResource
class properties are set) 2. What would be the best way to share this provider with the community? A published
npm
package?
l
I think dynamic providers aren't really intended for sharing in the same way that native go or multi-lang providers are, so a repo would be best, and an npm package would be a nice supplement.
I'm not sure what the first point is asking? Is it about strongly-typed properties of resources? If it is, have a look at the name property of the outs property of the object returned from the create function here: https://github.com/pulumi/examples/blob/50ac7847a750988c1fc8043ba3883a84803fcd98/classic-azure-ts-dynamicresource/cdnCustomDomain.ts#L196
You'll see that there's no inputs.name property passed to create, but there is a name property available on the resulting resource, and it is strongly typed as
pulumi.Output<string>
.
b
Thanks for the pointer! (follow-up discussion here FYI, https://pulumi-community.slack.com/archives/C84L4E3N1/p1625773284005100)
b
Not the same, but this is what I'm doing - for some reason it does not seem to want to recreate the secret when i do preview, but nearly certain it should as it would regenerate the salt every pass:
Copy code
myElasticAdminPass.result.apply(async (pass) => {
    console.log("Starting salt generation")
    const salt = bcrypt.genSaltSync(10, "a")
    console.log("Salt generation complete, starting hashing")
    const bcryptPass = bcrypt.hashSync(pass, salt);
    console.log("hashing complete.")
    const myElasticUsersSecret = new k8s.core.v1.Secret(`${args.infra.regions[region].config.nodeName}-myElasticFileRealmSecrets`, {                
        metadata:{
            name: "my-elastic-file-realm-secrets"
        },
        stringData: {
            users: `
${myElasticAdminUser}:${bcryptPass}
`,
            users_roles: `
superuser:${myElasticAdminUser}
admin:${myElasticAdminUser}
`
        }
    },{
        provider: monitoringProvider,
        dependsOn: eckOperator,
        parent: this
    })
}
137 Views