我有一个Pulumi (python)脚本,需要查询数据库以获取客户列表。它所做的其余设置是基于该列表的。
我已经尝试将该列表的用户名/密码存储在具有pulumi config set --secret db_user $USER和pulumi config set --secret db_password $PASSWORD的pulumi秘密中,以便它们在pulumi堆栈文件中加密。问题是,当我试图检索它们时,它们是Output对象。我认为pulumi这样做是为了跟踪值和创建它的资源,但我只需要字符串值,这样我就可以连接到数据库并运行查询,如下面的简化示例所示:
db_host = pulumi_config.require("db_host")
db_name = pulumi_config.require("db_name")
db_user = pulumi_config.require_secret("db_user")
db_password = pulumi_config.require_secret("db_password")
# psycopg2.connect fails with an error:
# TypeError: <pulumi.output.Output object at 0x10feb3df0> has type Output, but expected one of: bytes, unicode
connection = psycopg2.connect(
host = db_host,
database = db_name,
user = db_user,
password = db_password)
cursor = connection.cursor()
query = """
SELECT id
FROM customers
WHERE ready = true
ORDER BY id DESC
"""
cursor.execute(query)
customer_ids = []
for record in cursor:
customer_ids.append(record[0])
当我尝试连接psycopg2时,上面的代码失败了,因为它需要一个字符串。
我知道当我使用以Pulumi输入/输出作为参数的Pulumi库时,秘密被解密得很好。那么我如何解密这些秘密以用于非pulumi代码呢?
我认为pulumi这样做是为了同时跟踪值和创建它的资源
实际原因是因为Pulumi需要解析从配置中检索到的值,这是一个最终操作。Pulumi首先使用密钥解密值,一旦完成,它就可以解析它。
你正在处理一个输出,就像任何其他输出一样,如果你想将它插入到字符串中,你需要使用apply来解析值。
connection = Output.all(db_user, db_password)
.apply(lambda args: psycopg2.connect(
host = db_host,
database = db_name,
user = args[0],
password = args[1]))
# perform your SQL query here
注意,您所谈论的所有逻辑都需要在apply
作为其他尝试做类似事情的人的参考,完整的解决方案看起来像这样:
# Takes a connection object, uses it to perform a query, and then returns a list of customer IDs
def do_query(connection):
query = """
SELECT id
FROM customers
WHERE ready = true
ORDER BY id DESC
"""
cursor = connection.cursor()
cursor.execute(query)
customer_ids = []
for record in cursor:
customer_ids.append(record[0])
return customer_ids
# gets a list of customer IDs, wrapped in an Output object.
def get_customer_ids():
customer_ids = Output.all(db_user, db_password)
.apply(lambda args: do_query(
psycopg2.connect(
host = db_host,
database = db_name,
user = args[0],
password = args[1])))
return customer_ids
注意:客户id列表仍将包装在Output对象中,因此当您想要使用它时,需要做如下操作:
def create_connector_for_customers(customer_ids):
for customer in customer_ids:
connector_config = ConnectorConfigArgs(
# Use customer_id to set up connector
)
destination_schema = ConnectorDestinationSchemaArgs(
# Use customer_id to set up connector
)
# The customer ID list is wrapped in an Output, it can only be accessed within an `apply`
customer_list = get_customer_ids()
customer_list.apply(lambda customer_ids: create_connector_for_customers(customer_ids))