https://pulumi.com logo
Powered by
Title
b

bumpy-summer-9075

07/06/2021, 11:29 PM
I use Pulumi's 
RandomPassword
to generate a password, and then I use bcrypt to store the hash in my nginx configuration. Like so: 
this.basicAuthPassword = new RandomPassword('basic-auth-password', {
  length: 40,
  special: false,
});

const passwordHash = this.basicAuthPassword.result.apply((password) => {
  return hashSync(password);
});
unfortunately the hash generated changes every time because bcrypt generates a random hash. How can I deal with this with pulumi?
l

little-cartoon-10569

07/06/2021, 11:31 PM
Can the hashSync function take a fixed seed? Or even a seed derived from one of Random's functions?
b

bumpy-summer-9075

07/06/2021, 11:35 PM
unfortunately not 😞 I could give it a fixed salt, but I would need to generate it as well (using bcrypt.genSalt)
l

little-cartoon-10569

07/06/2021, 11:50 PM
I think a fixed salt is what you'll need. You can't set it from something constant?
You could wrap it in a bcrpyt dynamic provider, and store the value in state...
Actually that'd be handy for other people too, I bet...
👏 1
b

bumpy-summer-9075

07/06/2021, 11:51 PM
I'll read up on that 🙂
I'm working on making that a reality, so far not so bad but I have a few questions about Dynamic Resource providers. 1. The example about Dynamic Resource Ouputs mentions that you can provide typings for the Outputs, but does not use it anywhere https://www.pulumi.com/docs/intro/concepts/resources/#dynamic-resource-outputs (the 
MyResourceProviderOutputs
interface is not used anywhere and I can't see how the 
MyResource
class properties are set) 2. What would be the best way to share this provider with the community? A published 
npm
package?
l

little-cartoon-10569

07/08/2021, 11:16 PM
I think dynamic providers aren't really intended for sharing in the same way that native go or multi-lang providers are, so a repo would be best, and an npm package would be a nice supplement.
I'm not sure what the first point is asking? Is it about strongly-typed properties of resources? If it is, have a look at the name property of the outs property of the object returned from the create function here: https://github.com/pulumi/examples/blob/50ac7847a750988c1fc8043ba3883a84803fcd98/classic-azure-ts-dynamicresource/cdnCustomDomain.ts#L196
You'll see that there's no inputs.name property passed to create, but there is a name property available on the resulting resource, and it is strongly typed as 
pulumi.Output<string>
.
b

bumpy-summer-9075

07/09/2021, 12:00 AM
Thanks for the pointer! (follow-up discussion here FYI, https://pulumi-community.slack.com/archives/C84L4E3N1/p1625773284005100)
b

better-shampoo-48884

07/14/2021, 10:59 AM
Not the same, but this is what I'm doing - for some reason it does not seem to want to recreate the secret when i do preview, but nearly certain it should as it would regenerate the salt every pass: 
myElasticAdminPass.result.apply(async (pass) => {
    console.log("Starting salt generation")
    const salt = bcrypt.genSaltSync(10, "a")
    console.log("Salt generation complete, starting hashing")
    const bcryptPass = bcrypt.hashSync(pass, salt);
    console.log("hashing complete.")
    const myElasticUsersSecret = new k8s.core.v1.Secret(`${args.infra.regions[region].config.nodeName}-myElasticFileRealmSecrets`, {                
        metadata:{
            name: "my-elastic-file-realm-secrets"
        },
        stringData: {
            users: `
${myElasticAdminUser}:${bcryptPass}
`,
            users_roles: `
superuser:${myElasticAdminUser}
admin:${myElasticAdminUser}
`
        }
    },{
        provider: monitoringProvider,
        dependsOn: eckOperator,
        parent: this
    })
}
3 Views
#generalJoin Slack
Powered by