Channels
#golang
Title
c
chilly-photographer-60932
01/13/2019, 4:49 AM Copy code
pulumi.Run(func(ctx *pulumi.Context) error {
userArgs := &iam.UserArgs{Name:"test"}
user,e := iam.NewUser(ctx,"test",userArgs)
if e!= nil {
return e
}
accessKeyArgs := &iam.AccessKeyArgs{User:"test"}
key, i := iam.NewAccessKey(ctx, "test", accessKeyArgs)
fmt.Println(key)
if i != nil{
return i
}
profile, e := iam. pulumi.Run(func(ctx *pulumi.Context) error {
userArgs := &iam.UserArgs{Name:"test"}
user,e := iam.NewUser(ctx,"test",userArgs)
if e!= nil {
return e
}
accessKeyArgs := &iam.AccessKeyArgs{User:"test"}
key, i := iam.NewAccessKey(ctx, "test", accessKeyArgs)
fmt.Println(key)
if i != nil{
return i
}
profile, e := iam.NewUserLoginProfile(ctx, "test",
&iam.UserLoginProfileArgs{PasswordLength: 10, PasswordResetRequired: true,
User:"test",PgpKey:key.PgpKey()})
if e != nil {
return e
}
ctx.Export("user", user.Name())
ctx.Export("userNam", profile.URN())
ctx.Export("key", accessKeyArgs.PgpKey)
return nil
})(ctx, "test",
&iam.UserLoginProfileArgs{PasswordLength: 10, PasswordResetRequired: true,
User:"test",PgpKey:key.PgpKey()})
if e != nil {
return e
}
ctx.Export("user", user.Name())
ctx.Export("userNam", profile.URN())
ctx.Export("key", accessKeyArgs.PgpKey)
return nil
})NewUserLoginProfile@gorgeous-egg-16927 Would you have any idea on how we can get this?
g
gorgeous-egg-16927
01/14/2019, 6:01 PMSorry, I haven't used the Go libs myself, so I'm not sure. @creamy-potato-29402?
c
chilly-photographer-60932
01/15/2019, 10:49 PM@white-balloon-205 Still waiting for some feedback on this.
c
creamy-potato-29402
01/16/2019, 4:14 AM@gorgeous-egg-16927 @chilly-photographer-60932 I am not fully up to date on the Go stuff. @white-balloon-205 who owns this? @incalculable-sundown-82514?
c
chilly-photographer-60932
01/16/2019, 12:19 PMI would appreciate help in resolving this.
We are building stuff based on pulumi and this is a blocker for us.
c
creamy-potato-29402
01/16/2019, 6:11 PM@chilly-photographer-60932 https://pulumi.io/reference/pkg/nodejs/@pulumi/gcp/serviceAccount/#Key-pgpKey
I think it should be a base64-encoded string
c
chilly-photographer-60932
01/16/2019, 6:15 PMSo we cannot generate a user profile without a PGP key?
c
creamy-potato-29402
01/16/2019, 6:15 PMI’m looking through the code now…
it’s totally foreign to me, though
c
chilly-photographer-60932
01/16/2019, 6:16 PMI saw the code and AFAIK it is not possible
I wanted to make sure I am right
i
incalculable-sundown-82514
01/16/2019, 6:17 PMI’m taking a look too
c
chilly-photographer-60932
01/16/2019, 6:18 PMThank you!
g
gentle-diamond-70147
01/16/2019, 6:19 PM@chilly-photographer-60932 this is for AWS, correct?
c
chilly-photographer-60932
01/16/2019, 6:23 PMYes!
i
incalculable-sundown-82514
01/16/2019, 6:23 PM@chilly-photographer-60932 yes, it is correct that you must provide a PGP key, unfortunately.
c
chilly-photographer-60932
01/16/2019, 6:26 PMI knew that. But wanted to be sure. That brings complexity like
keybasei
incalculable-sundown-82514
01/16/2019, 6:28 PMI know, that’s why I was confirming 😄
I’m checkout out why it’s required now
*checking
Our AWS provider uses the Terraform AWS provider to do resource CRUD operations, and Terraform requires the
pgp_keyc
creamy-potato-29402
01/16/2019, 6:33 PM@chilly-photographer-60932 Most people don’t administrate users or user logins from infrastructure-as-code platforms. Typically you’d create IAM groups and roles, and then create user accounts and logins from the console.
There are many reasons for this, but the main ones are that it becomes a lot easier to leak credentials and creates chicken-and-egg problems like: should users manage their own passwords in the code, etc.
w
white-balloon-205
01/16/2019, 10:14 PM
FWIW - the request to not require PGP for this API is in tracked in https://github.com/terraform-providers/terraform-provider-aws/issues/4564.
3 Views