https://pulumi.com logo
Join Slack
Powered by
``` pulumi.Run(func(ctx *pulumi.Context) error { ...
# golang
c
Copy code
pulumi.Run(func(ctx *pulumi.Context) error {
		userArgs := &iam.UserArgs{Name:"test"}
		user,e := iam.NewUser(ctx,"test",userArgs)
		if e!= nil {
			return e
		}
		accessKeyArgs := &iam.AccessKeyArgs{User:"test"}
		key, i := iam.NewAccessKey(ctx, "test", accessKeyArgs)
		fmt.Println(key)
		if i != nil{
			return i
		}
		profile, e := iam.	pulumi.Run(func(ctx *pulumi.Context) error {
		userArgs := &iam.UserArgs{Name:"test"}
		user,e := iam.NewUser(ctx,"test",userArgs)
		if e!= nil {
			return e
		}
		accessKeyArgs := &iam.AccessKeyArgs{User:"test"}
		key, i := iam.NewAccessKey(ctx, "test", accessKeyArgs)
		fmt.Println(key)
		if i != nil{
			return i
		}
		profile, e := iam.NewUserLoginProfile(ctx, "test",
			&iam.UserLoginProfileArgs{PasswordLength: 10, PasswordResetRequired: true,
				User:"test",PgpKey:key.PgpKey()})
		if e != nil {
			return e
		}
		ctx.Export("user", user.Name())
		ctx.Export("userNam", profile.URN())
		ctx.Export("key", accessKeyArgs.PgpKey)
		return nil
	})(ctx, "test",
			&iam.UserLoginProfileArgs{PasswordLength: 10, PasswordResetRequired: true,
				User:"test",PgpKey:key.PgpKey()})
		if e != nil {
			return e
		}
		ctx.Export("user", user.Name())
		ctx.Export("userNam", profile.URN())
		ctx.Export("key", accessKeyArgs.PgpKey)
		return nil
	})
I am unable to create 
NewUserLoginProfile
without a PGP key, how do I create one?
@gorgeous-egg-16927 Would you have any idea on how we can get this?
g
Sorry, I haven't used the Go libs myself, so I'm not sure. @creamy-potato-29402?
c
@white-balloon-205 Still waiting for some feedback on this.
c
@gorgeous-egg-16927 @chilly-photographer-60932 I am not fully up to date on the Go stuff. @white-balloon-205 who owns this? @incalculable-sundown-82514?
c
I would appreciate help in resolving this.
We are building stuff based on pulumi and this is a blocker for us.
c
I think it should be a base64-encoded string
c
So we cannot generate a user profile without a PGP key?
c
I’m looking through the code now…
it’s totally foreign to me, though
c
I saw the code and AFAIK it is not possible
I wanted to make sure I am right
i
I’m taking a look too
c
Thank you!
g
@chilly-photographer-60932 this is for AWS, correct?
c
Yes!
i
@chilly-photographer-60932 yes, it is correct that you must provide a PGP key, unfortunately.
c
I knew that. But wanted to be sure. That brings complexity like 
keybase
i
I know, that’s why I was confirming 😄
I’m checkout out why it’s required now
*checking
Our AWS provider uses the Terraform AWS provider to do resource CRUD operations, and Terraform requires the 
pgp_key
field to be set: https://github.com/terraform-providers/terraform-provider-aws/blob/f42c7c018da40cc33377c4b6c66a75d5f41ad2ca/aws/resource_aws_iam_user_login_profile.go#L30-L33
c
@chilly-photographer-60932 Most people don’t administrate users or user logins from infrastructure-as-code platforms. Typically you’d create IAM groups and roles, and then create user accounts and logins from the console.
There are many reasons for this, but the main ones are that it becomes a lot easier to leak credentials and creates chicken-and-egg problems like: should users manage their own passwords in the code, etc.
w
FWIW - the request to not require PGP for this API is in tracked in https://github.com/terraform-providers/terraform-provider-aws/issues/4564.
3 Views
Open in Slack
PreviousNext
Powered by