This message was deleted.
# golangs
sparse-intern-71089
01/13/2019, 4:49 AMThis message was deleted.
c
chilly-photographer-60932
01/14/2019, 5:49 PM@gorgeous-egg-16927 Would you have any idea on how we can get this?
g
gorgeous-egg-16927
01/14/2019, 6:01 PMSorry, I haven't used the Go libs myself, so I'm not sure. @creamy-potato-29402?
c
chilly-photographer-60932
01/15/2019, 10:49 PM@white-balloon-205 Still waiting for some feedback on this.
c
creamy-potato-29402
01/16/2019, 4:14 AM@gorgeous-egg-16927 @chilly-photographer-60932 I am not fully up to date on the Go stuff. @white-balloon-205 who owns this? @incalculable-sundown-82514?
c
chilly-photographer-60932
01/16/2019, 12:19 PMI would appreciate help in resolving this.
chilly-photographer-60932
01/16/2019, 12:19 PMWe are building stuff based on pulumi and this is a blocker for us.
c
creamy-potato-29402
01/16/2019, 6:11 PM@chilly-photographer-60932 https://pulumi.io/reference/pkg/nodejs/@pulumi/gcp/serviceAccount/#Key-pgpKey
creamy-potato-29402
01/16/2019, 6:12 PMI think it should be a base64-encoded string
c
chilly-photographer-60932
01/16/2019, 6:15 PMSo we cannot generate a user profile without a PGP key?
c
creamy-potato-29402
01/16/2019, 6:15 PMI’m looking through the code now…
creamy-potato-29402
01/16/2019, 6:15 PMit’s totally foreign to me, though
c
chilly-photographer-60932
01/16/2019, 6:16 PMI saw the code and AFAIK it is not possible
chilly-photographer-60932
01/16/2019, 6:16 PMI wanted to make sure I am right
i
incalculable-sundown-82514
01/16/2019, 6:17 PMI’m taking a look too
c
chilly-photographer-60932
01/16/2019, 6:18 PMThank you!
g
gentle-diamond-70147
01/16/2019, 6:19 PM@chilly-photographer-60932 this is for AWS, correct?
c
chilly-photographer-60932
01/16/2019, 6:23 PMYes!
i
incalculable-sundown-82514
01/16/2019, 6:23 PM@chilly-photographer-60932 yes, it is correct that you must provide a PGP key, unfortunately.
c
chilly-photographer-60932
01/16/2019, 6:26 PMI knew that. But wanted to be sure. That brings complexity like
keybasei
incalculable-sundown-82514
01/16/2019, 6:28 PMI know, that’s why I was confirming 😄
incalculable-sundown-82514
01/16/2019, 6:29 PMI’m checkout out why it’s required now
incalculable-sundown-82514
01/16/2019, 6:29 PM*checking
incalculable-sundown-82514
01/16/2019, 6:30 PMOur AWS provider uses the Terraform AWS provider to do resource CRUD operations, and Terraform requires the
pgp_keyc
creamy-potato-29402
01/16/2019, 6:33 PM@chilly-photographer-60932 Most people don’t administrate users or user logins from infrastructure-as-code platforms. Typically you’d create IAM groups and roles, and then create user accounts and logins from the console.
creamy-potato-29402
01/16/2019, 6:35 PMThere are many reasons for this, but the main ones are that it becomes a lot easier to leak credentials and creates chicken-and-egg problems like: should users manage their own passwords in the code, etc.
w
white-balloon-205
01/16/2019, 10:14 PM
FWIW - the request to not require PGP for this API is in tracked in https://github.com/terraform-providers/terraform-provider-aws/issues/4564.
3 Views