https://pulumi.com logo
#kubernetes
Title
# kubernetes
p

prehistoric-kite-30979

01/24/2022, 7:53 PM
Is there a good way in native Pulumi to get the token (secret) of a service account I created. ServiceAccount.secrets will give me the name of the token created, so I think I just need to be able to read a secret created outside of Pulumi?
f

famous-leather-94346

01/25/2022, 7:37 AM
It is not easy. We use this to get the token:
Copy code
secret_name = service_account.secrets[0]["name"]
secret = pulumi.Output.all(
    namespace_name=namespace.metadata.name,
    secret_name=secret_name
).apply(
    lambda args:
    kubernetes.core.v1.Secret.get(
        name,
        f"{args['namespace_name']}/{args['secret_name']}",
        opts=pulumi.ResourceOptions(parent=self),
    )
)
token=secret.data["token"]
Actual it is base64 encoded so the last line could be:
Copy code
token=secret.data["token"].apply(
    lambda token: base64.b64decode(token).decode()
)
p

prehistoric-kite-30979

01/26/2022, 5:43 PM
Ah I didn’t realize there was a .get available for secret
its not obvious from the docs
thanks 🙂
6 Views