p

    prehistoric-kite-30979

    8 months ago
    Is there a good way in native Pulumi to get the token (secret) of a service account I created. ServiceAccount.secrets will give me the name of the token created, so I think I just need to be able to read a secret created outside of Pulumi?
    f

    famous-leather-94346

    8 months ago
    It is not easy. We use this to get the token:
    secret_name = service_account.secrets[0]["name"]
    secret = pulumi.Output.all(
        namespace_name=namespace.metadata.name,
        secret_name=secret_name
    ).apply(
        lambda args:
        kubernetes.core.v1.Secret.get(
            name,
            f"{args['namespace_name']}/{args['secret_name']}",
            opts=pulumi.ResourceOptions(parent=self),
        )
    )
    token=secret.data["token"]
    Actual it is base64 encoded so the last line could be:
    token=secret.data["token"].apply(
        lambda token: base64.b64decode(token).decode()
    )
    p

    prehistoric-kite-30979

    7 months ago
    Ah I didn’t realize there was a .get available for secret
    its not obvious from the docs
    thanks 🙂