https://pulumi.com logo
Join Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
Title
c

clean-engineer-75963

10/04/2019, 5:08 PM
I'm still having some trouble and I think I created an XY problem for myself before... what I'm actually trying to do is use the 
pulumi_random
provider to generate a password, then store it in a Kubernetes secret with 
pulumi_kubernetes
. The code looks like this: 
python
password = pulumi_random.RandomPassword(password_name, length=32)

secret = corev1.Secret(
    password_name,
    data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))},
)
I've tried several permutations of what's in the 
data
arg to the Secret, and none of them are working.
password.result.apply(lambda result: "{}".format(result))
seems to work to get the result of the RandomPassword provider, but the Kubernetes provider complains that it's not valid base64.
n

numerous-easter-93888

10/04/2019, 5:10 PM
A lot of Pulumi code allows you to pass the object directly in. Have you tried that yet?
c

clean-engineer-75963

10/04/2019, 5:10 PM
Yes, that was the first thing I tried.
Let me get the error.
data={"pw": password.result}
complains that the input isn't base64 encoded.
n

numerous-easter-93888

10/04/2019, 5:12 PM
Well that's frustrating
c

clean-engineer-75963

10/04/2019, 5:12 PM
error: Plan apply failed: resource <my-resource> was not successfully created by the Kubernetes API server : Secret in version "v1" cannot be handled as a Secret: v1.Secret.ObjectMeta: v1.ObjectMeta.TypeMeta: Kind: Data: decode base64: illegal base64 data at input byte 1, error found in #10 byte of ...|3{wTr*_uh"},"kind":"|..., bigger context ...|1","data":{"pw":"z%lyta@9S}h@-dESK+Yk#=x3{wTr*_uh"},"kind":"Secret","metadata":{"annotations":{"kube|...
Pulumi should probably handle the encoding itself. I'm surprised that it expects me to do it (if that's what's happening here).
So now I've been through several attempts of trying to b64encode it and I can't get that to work.
n

numerous-easter-93888

10/04/2019, 5:13 PM
What about saving 
password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")))
as a variable just below 
password
and passing that variable in?
It shouldn't make a difference, but can't hurt to try
c

clean-engineer-75963

10/04/2019, 5:14 PM
Okay wait, the latest error is saying that it got bytes where it expected string. So maybe I just need to re-decode the b64-encoded string.
Haha, yeah, this works: 
data={"pw": password.result.apply(lambda result: base64.b64encode(result.encode("utf-8")).decode())},
n

numerous-easter-93888

10/04/2019, 5:15 PM
Beautiful, lol
c

clean-engineer-75963

10/04/2019, 5:16 PM
Think I'll see if there's an issue open about this.
Turns out 
Secret
has a 
string_data
arg provided as a convenience method that does do the encoding for you.
I can pass 
password.result
directly to that.
:woohoo: 1
c

creamy-potato-29402

10/04/2019, 11:27 PM
@clean-engineer-75963 yeah, we have a very unopinionated view of k8s right now. We do not “embellish” the API at all—it’s a 1:1 mapping with the underlying resource shapes. I think this is probably the right move currently.
If we diverge in random places I think it will mainly confuse people.
View count: 5
Back to #pythonJoin thread in Slack