I'm still having some trouble and I think I create...
# python
I'm still having some trouble and I think I created an XY problem for myself before... what I'm actually trying to do is use the
provider to generate a password, then store it in a Kubernetes secret with
. The code looks like this:
Copy code
password = pulumi_random.RandomPassword(password_name, length=32)

secret = corev1.Secret(
    data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))},
I've tried several permutations of what's in the
arg to the Secret, and none of them are working.
password.result.apply(lambda result: "{}".format(result))
seems to work to get the result of the RandomPassword provider, but the Kubernetes provider complains that it's not valid base64.
A lot of Pulumi code allows you to pass the object directly in. Have you tried that yet?
Yes, that was the first thing I tried.
Let me get the error.
data={"pw": password.result}
complains that the input isn't base64 encoded.
Well that's frustrating
error: Plan apply failed: resource <my-resource> was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: v1.Secret.ObjectMeta: v1.ObjectMeta.TypeMeta: Kind: Data: decode base64: illegal base64 data at input byte 1, error found in #10 byte of ...|3{wTr*_uh"},"kind":"|..., bigger context ...|1","data":{"pw":"z%lyta@9S}h@-dESK+Yk#=x3{wTr*_uh"},"kind":"Secret","metadata":{"annotations":{"kube|...
Pulumi should probably handle the encoding itself. I'm surprised that it expects me to do it (if that's what's happening here).
So now I've been through several attempts of trying to b64encode it and I can't get that to work.
What about saving
password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))
as a variable just below
and passing that variable in?
It shouldn't make a difference, but can't hurt to try
Okay wait, the latest error is saying that it got bytes where it expected string. So maybe I just need to re-decode the b64-encoded string.
Haha, yeah, this works:
Copy code
data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")).decode())},
Beautiful, lol
Think I'll see if there's an issue open about this.
Turns out
has a
arg provided as a convenience method that does do the encoding for you.
I can pass
directly to that.
woohoo 1
@clean-engineer-75963 yeah, we have a very unopinionated view of k8s right now. We do not “embellish” the API at all—it’s a 1:1 mapping with the underlying resource shapes. I think this is probably the right move currently.
If we diverge in random places I think it will mainly confuse people.