https://pulumi.com logo
#golang
Title
c

chilly-photographer-60932

01/13/2019, 4:49 AM
Copy code
pulumi.Run(func(ctx *pulumi.Context) error {
		userArgs := &iam.UserArgs{Name:"test"}
		user,e := iam.NewUser(ctx,"test",userArgs)
		if e!= nil {
			return e
		}
		accessKeyArgs := &iam.AccessKeyArgs{User:"test"}
		key, i := iam.NewAccessKey(ctx, "test", accessKeyArgs)
		fmt.Println(key)
		if i != nil{
			return i
		}
		profile, e := iam.	pulumi.Run(func(ctx *pulumi.Context) error {
		userArgs := &iam.UserArgs{Name:"test"}
		user,e := iam.NewUser(ctx,"test",userArgs)
		if e!= nil {
			return e
		}
		accessKeyArgs := &iam.AccessKeyArgs{User:"test"}
		key, i := iam.NewAccessKey(ctx, "test", accessKeyArgs)
		fmt.Println(key)
		if i != nil{
			return i
		}
		profile, e := iam.NewUserLoginProfile(ctx, "test",
			&iam.UserLoginProfileArgs{PasswordLength: 10, PasswordResetRequired: true,
				User:"test",PgpKey:key.PgpKey()})
		if e != nil {
			return e
		}
		ctx.Export("user", user.Name())
		ctx.Export("userNam", profile.URN())
		ctx.Export("key", accessKeyArgs.PgpKey)
		return nil
	})(ctx, "test",
			&iam.UserLoginProfileArgs{PasswordLength: 10, PasswordResetRequired: true,
				User:"test",PgpKey:key.PgpKey()})
		if e != nil {
			return e
		}
		ctx.Export("user", user.Name())
		ctx.Export("userNam", profile.URN())
		ctx.Export("key", accessKeyArgs.PgpKey)
		return nil
	})
I am unable to create
NewUserLoginProfile
without a PGP key, how do I create one?
@gorgeous-egg-16927 Would you have any idea on how we can get this?
g

gorgeous-egg-16927

01/14/2019, 6:01 PM
Sorry, I haven't used the Go libs myself, so I'm not sure. @creamy-potato-29402?
c

chilly-photographer-60932

01/15/2019, 10:49 PM
@white-balloon-205 Still waiting for some feedback on this.
c

creamy-potato-29402

01/16/2019, 4:14 AM
@gorgeous-egg-16927 @chilly-photographer-60932 I am not fully up to date on the Go stuff. @white-balloon-205 who owns this? @incalculable-sundown-82514?
c

chilly-photographer-60932

01/16/2019, 12:19 PM
I would appreciate help in resolving this.
We are building stuff based on pulumi and this is a blocker for us.
c

creamy-potato-29402

01/16/2019, 6:11 PM
I think it should be a base64-encoded string
c

chilly-photographer-60932

01/16/2019, 6:15 PM
So we cannot generate a user profile without a PGP key?
c

creamy-potato-29402

01/16/2019, 6:15 PM
I’m looking through the code now…
it’s totally foreign to me, though
c

chilly-photographer-60932

01/16/2019, 6:16 PM
I saw the code and AFAIK it is not possible
I wanted to make sure I am right
i

incalculable-sundown-82514

01/16/2019, 6:17 PM
I’m taking a look too
c

chilly-photographer-60932

01/16/2019, 6:18 PM
Thank you!
g

gentle-diamond-70147

01/16/2019, 6:19 PM
@chilly-photographer-60932 this is for AWS, correct?
c

chilly-photographer-60932

01/16/2019, 6:23 PM
Yes!
i

incalculable-sundown-82514

01/16/2019, 6:23 PM
@chilly-photographer-60932 yes, it is correct that you must provide a PGP key, unfortunately.
c

chilly-photographer-60932

01/16/2019, 6:26 PM
I knew that. But wanted to be sure. That brings complexity like
keybase
i

incalculable-sundown-82514

01/16/2019, 6:28 PM
I know, that’s why I was confirming 😄
I’m checkout out why it’s required now
*checking
Our AWS provider uses the Terraform AWS provider to do resource CRUD operations, and Terraform requires the
pgp_key
field to be set: https://github.com/terraform-providers/terraform-provider-aws/blob/f42c7c018da40cc33377c4b6c66a75d5f41ad2ca/aws/resource_aws_iam_user_login_profile.go#L30-L33
c

creamy-potato-29402

01/16/2019, 6:33 PM
@chilly-photographer-60932 Most people don’t administrate users or user logins from infrastructure-as-code platforms. Typically you’d create IAM groups and roles, and then create user accounts and logins from the console.
There are many reasons for this, but the main ones are that it becomes a lot easier to leak credentials and creates chicken-and-egg problems like: should users manage their own passwords in the code, etc.
w

white-balloon-205

01/16/2019, 10:14 PM
FWIW - the request to not require PGP for this API is in tracked in https://github.com/terraform-providers/terraform-provider-aws/issues/4564.
3 Views