https://pulumi.com logo
#python
Title
# python
h

handsome-state-59775

04/05/2021, 9:15 AM
Having issues using secrets from config:
Copy code
CONFIG_PROJ = p.Config()
REGISTRY_USERNAME = CONFIG_PROJ.require('registryUsername')
REGISTRY_PASSWORD = CONFIG_PROJ.require_secret('registryPassword')

registry_credentials_encoded = base64.b64encode(
    f'{REGISTRY_USERNAME}:{REGISTRY_PASSWORD}'.encode(),
).decode()
When used to create a k8s secret, the decoded version shows the
REGISTRY_PASSWORD
section having the value
<pulumi.output.Output object at 0x152478cd0>
instead of the actual value. Tried
REGISTRY_PASSWORD.apply(lambda s: s)
and
pulumi.Output.all(REGISTRY_PASSWORD).apply(lambda s: s)
as well, with the same result (diff mem location of course). 1. What am I doing wrong here? 2. What's the idiomatic way of resolving the future of an
Output
with if no transformations are required?
1
solved using:
Copy code
# Container registry secret for image pulls in main namespace
registry_credentials_encoded = REGISTRY_PASSWORD.apply(
    lambda registry_password_resolved:
    base64.b64encode(
        f'{REGISTRY_USERNAME}:{registry_password_resolved}'.encode(),
    ).decode(),
)
docker_config_json = registry_credentials_encoded.apply(
    lambda registry_credentials_encoded_resolved:
    {
        '.dockerconfigjson':
            '{"auths":{'
            f'"{CONTAINER_REGISTRY}":'
            '{"auth":'
            f'"{registry_credentials_encoded_resolved}"'
            '}}}',
    },
)
image_pull_secret_ns_main = k8s.core.v1.Secret(
    resource_name=f'containerRegistryCredentials-{NAMESPACE_MAIN}',
    metadata=k8s.meta.v1.ObjectMetaArgs(
        name='regcred',
        namespace=NAMESPACES[NAMESPACE_MAIN].metadata.name,
    ),
    type='<http://kubernetes.io/dockerconfigjson|kubernetes.io/dockerconfigjson>',
    string_data=docker_config_json,
    opts=p.ResourceOptions(
        provider=k8s_provider,
        parent=NAMESPACES[NAMESPACE_MAIN]
        if NAMESPACE_MAIN in NAMESPACES else aks,
    ),
)
5 Views