Adding a ESC+PSP tutorial #13349
Adding a ESC+PSP tutorial #13349
Conversation
IaroslavTitov
temporarily deployed
to
testing
GitHub Actions
Inactive
|
Your site preview for commit 8fdb9ee is ready! 🎉 http://www-testing-pulumi-docs-origin-pr-13349-8fdb9ee7.s3-website.us-west-2.amazonaws.com. |
| $ pulumi login | ||
|
|
||
| Manage your Pulumi stacks by logging in. | ||
| Run `esc login --help` for alternative login options. |
There was a problem hiding this comment.
should this be pulumi login?
|
|
||
| ## Obtain a personal access token | ||
|
|
||
| Next, you'll also need a Pulumi Cloud [personal access token](/docs/pulumi-cloud/access-management/access-tokens/#personal-access-tokens). Create a short-lived access token for this tutorial, copy it into your current shell to login into Pulumi Cloud. Keep the token creation page open in a separate tab, or paste it somewhere temporarily to use in the next step of the tutorial. |
There was a problem hiding this comment.
maybe ... Create a short-lived access token for this tutorial and copy it into your current shell to login into Pulumi Cloud. Be sure to keep track of this token as you will need it for the next step of the tutorial.?
|
|
||
| ## Brief Explanation | ||
|
|
||
| Pulumi Service Provider is used to create Pulumi Cloud resources using Pulumi IaC Programs. Just like an S3 bucket is created using an AWS provider, PSP allows creation of things like Environments, Environment Version Tags, Environment Webhooks, and much more. In order to authenticate with Pulumi Cloud, PSP uses the same personal access token (PAT for short!) as Pulumi CLI. This is where ESC comes in! |
There was a problem hiding this comment.
Pulumi Service Provider (PSP) is a Pulumi provider for creating and configuring Pulumi Cloud resources. ...
| --- | ||
|
|
||
| {{% notes %}} | ||
| This tutorial is all about using ESC with Pulumi Service Provider (PSP for short!). However, using ESC is an encouragement rather than a requirement. If you *don't* want to use ESC, refer to [PSP setup docs](/registry/packages/pulumiservice/installation-configuration/) instead. |
There was a problem hiding this comment.
personal preference but Pulumi Service Provider (PSP) is probably fine (don't need for short)
|
|
||
| Instead of providing PAT as an environment variable, risking losing or leaking it, we will create an ESC Environment and store the PAT there. We will then import this environment into the configuration of a new stack, in which we will create Pulumi Cloud resources | ||
|
|
||
| ## Create a new ESC project and environment |
There was a problem hiding this comment.
I would prefer just Create a new ESC environment. it sounds like we're creating 2 things if we say project and environment
| fn::secret: % FILL IN PAT HERE % | ||
| ``` | ||
|
|
||
| If you are *not* using Pulumi Self-hosted, just remove the line containing `apiUrl`. This optional field configures custom Pulumi Cloud backend, and is not needed for most users. |
There was a problem hiding this comment.
i would probably just add the opposite, to add the custom url if you are using self hosted
|
|
||
| If you are *not* using Pulumi Self-hosted, just remove the line containing `apiUrl`. This optional field configures custom Pulumi Cloud backend, and is not needed for most users. | ||
|
|
||
| Once you fill in your previously created PAT, click `Save` on the top right. This will update your new environment's definition with the values you just added. Note how the plain text PAT value you pasted in was converted into a secret. It is now securely stored within Pulumi Cloud, removing the risk of losing or leaking the PAT, while your stacks are still able to decrypt and use it. Feel free to close the token creation page now, we won't need it again! |
There was a problem hiding this comment.
Note that the plaintext PAT was converted into a secret value.
Probably don't need the last sentence if we changed the line above when obtaining a PAT
|
|
||
| Now it's time to create a new Pulumi Program that will use the new Environment and PSP to create more Pulumi Cloud resources! | ||
|
|
||
| Create a new folder in your shell (for example `esc-psp-tutorial`) and navigate into it. Then, run `pulumi new`, and navigate the menu to create a new stack from a template called `typescript`. Fill in the project name as `esc-psp-tutorial`, and the stack name as `%ORG NAME%/dev`, filling in your actual organization name (for the rest of the tutorial, `tutorials` will be used), and `dev` is the name of the new stack. |
There was a problem hiding this comment.
"dev as the name of the new stack"
| - creds/psp | ||
| ``` | ||
|
|
||
| In the config files, `environment` field lets you specify an array of ESC Environments to import. In this case, we only want to import the Environment we created above, `creds/psp`, where `creds` is the ESC project name and `psp` is the Environment name. |
There was a problem hiding this comment.
"Here, the environment field"
probably don't need "where creds is the ESC project name and psp is the Environment name."
|
|
||
| ### Wrapping up | ||
|
|
||
| You have learned how to create ESC environments in the Pulumi Cloud console, import them into IaC stacks and even create Environments using the Pulumi Service Provider. The environment you created, `creds/psp` can now be easily re-used between your stacks, or used to compose more complicated environments, using [Environment imports](https://www.pulumi.com/docs/esc/environments/imports/). Using what you know now, you can easily create other `creds` Environments for ther providers. For example, `creds/aws` or `creds/azure`! |
There was a problem hiding this comment.
I would replace complicated with complex - has a more positive connotation
how about "Using what you know now, you can easily create other Environments under the creds project to store credentials for other services."
Proposed changes
Related issues