https://pulumi.com logo
Powered by
#python
Title
# python
c

clean-engineer-75963

10/04/2019, 5:08 PM
I'm still having some trouble and I think I created an XY problem for myself before... what I'm actually trying to do is use the 
pulumi_random
provider to generate a password, then store it in a Kubernetes secret with 
pulumi_kubernetes
. The code looks like this:
Copy code
python
password = pulumi_random.RandomPassword(password_name, length=32)

secret = corev1.Secret(
    password_name,
    data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))},
)
I've tried several permutations of what's in the 
data
arg to the Secret, and none of them are working.
password.result.apply(lambda result: "{}".format(result))
seems to work to get the result of the RandomPassword provider, but the Kubernetes provider complains that it's not valid base64.
n

numerous-easter-93888

10/04/2019, 5:10 PM
A lot of Pulumi code allows you to pass the object directly in. Have you tried that yet?
c

clean-engineer-75963

10/04/2019, 5:10 PM
Yes, that was the first thing I tried.
Let me get the error.
data={"pw": password.result}
complains that the input isn't base64 encoded.
n

numerous-easter-93888

10/04/2019, 5:12 PM
Well that's frustrating
c

clean-engineer-75963

10/04/2019, 5:12 PM
error: Plan apply failed: resource <my-resource> was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: v1.Secret.ObjectMeta: v1.ObjectMeta.TypeMeta: Kind: Data: decode base64: illegal base64 data at input byte 1, error found in #10 byte of ...|3{wTr*_uh"},"kind":"|..., bigger context ...|1","data":{"pw":"z%lyta@9S}h@-dESK+Yk#=x3{wTr*_uh"},"kind":"Secret","metadata":{"annotations":{"kube|...
Pulumi should probably handle the encoding itself. I'm surprised that it expects me to do it (if that's what's happening here).
So now I've been through several attempts of trying to b64encode it and I can't get that to work.
n

numerous-easter-93888

10/04/2019, 5:13 PM
What about saving 
password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))
as a variable just below 
password
and passing that variable in?
It shouldn't make a difference, but can't hurt to try
c

clean-engineer-75963

10/04/2019, 5:14 PM
Okay wait, the latest error is saying that it got bytes where it expected string. So maybe I just need to re-decode the b64-encoded string.
Haha, yeah, this works:
Copy code
data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")).decode())},
n

numerous-easter-93888

10/04/2019, 5:15 PM
Beautiful, lol
c

clean-engineer-75963

10/04/2019, 5:16 PM
Think I'll see if there's an issue open about this.
Turns out 
Secret
has a 
string_data
arg provided as a convenience method that does do the encoding for you.
I can pass 
password.result
directly to that.
woohoo 1
c

creamy-potato-29402

10/04/2019, 11:27 PM
@clean-engineer-75963 yeah, we have a very unopinionated view of k8s right now. We do not “embellish” the API at all—it’s a 1:1 mapping with the underlying resource shapes. I think this is probably the right move currently.
If we diverge in random places I think it will mainly confuse people.
5 Views
Powered by