Open istvan-fodor opened 1 year ago
This is a current limitation of config with the yaml runtime. It doesn't support objects, I think the following config should work:
config:
test-pulumi-config:my:
password:
secure: AAABAMWO68C8qxo2dfXy4UHPUjIeXx76vbwuawqzWj1BBDYDZO3aMI39S9nWzoUQQw==
I'm having the exact same symptom when running a YAML program with the aws:assumeRole.roleArn
config. Is there a workaround for this one?
I have a workaround for aws:assumeRole.roleArn
, but not for the original issue. @istvan-fodor if you are able to break up your initial object into separate keys, that will work for now.
For @fuadsaud using roleArn
we have a workaround. In your Pulumi.yaml declare a config
entry and resources
entry like so:
config:
awsRoleArn:
type: string
secret: true
resources:
awsProvider:
type: pulumi:providers:aws
properties:
assumeRole:
roleArn: ${awsRoleArn}
defaultProvider: true
# options:
# # if you would like to pin to an AWS version
# version:
Then run:
pulumi config set --secret awsRoleArn foobar
The default provider will then be used for all resources in your program. The default provider configured in this way only takes configuration via environment variable (AWS_...
env vars) and explicit config, so if you have any config in your Pulumi.stack.yaml
like so:
# In the stack config file
config:
aws:foo: "bar"
You will want to pass them into the explicit provider like so:
resources:
awsProvider:
type: pulumi:providers:aws
properties:
foo: ${aws:foo}
A partial fix for Pulumi YAML unblocking a workaround for @istvan-fodor has been posted here:
Sorry that this isn't an ideal solution @istvan-fodor, definitely something we need to improve upon.
What happened?
I created a new project from the yaml template (no code at all, just config files) and set a secret value using the following command:
pulumi config set --path 'my.test.password' secretpassword123 --secret
The resulting config file looks like this:
When I try to run a
pulumi up
, I get the following error:Steps to reproduce
pulumi config set --path 'my.test.password' secretpassword123 --secret
pulumi up
Expected Behavior
pulumi up
would run without error.Actual Behavior
Got error on
pulumi up
Output of
pulumi about
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).