OVH: Installation & Configuration

Information

Note that the lbrlabs Pulumi OVH provider is replaced by this official one.

Installation

The Pulumi OVH provider is available as a package in all Pulumi languages:

• JavaScript/TypeScript: @ovhcloud/pulumi-ovh
• Python: pulumi_ovh
• Go: github.com/ovh/pulumi-ovh/sdk/v2/go/ovh
• .NET: Pulumi.Ovh
• Java: com.ovhcloud.pulumi.ovh

Provider Binary

The OVH provider binary is a third party binary. It can be installed using the pulumi plugin command.

pulumi plugin install resource ovh vX.Y.Z --server github://api.github.com/ovh/pulumi-ovh

Replace the version string with your desired version.

Setup

To provision resources with the Pulumi OVH provider, you need to have OVH credentials. Your OVH credentials are never sent to pulumi.com. Pulumi uses the OVH API and the credentials in your environment to authenticate requests from your computer to OVH.

The provider needs to be configured with the proper credentials before it can be used. Requests to OVHcloud APIs require a set of secrets keys and the definition of the API endpoint. See First Steps with the API (or the French version, Premiers pas avec les API OVHcloud) for a detailed explanation.

Three forms of authentication are supported by the provider:

• OAuth2, using scoped service accounts, and compatible with OVHcloud IAM
• Short-lived access token received from OVH API (for example with the help of Hashicorp Vault OAuth2 secret engine configured to work with OVH auth API).
• Application key & application secret & consumer key

Get your credentials

The “OVH provider” needs to be configured with a set of credentials, which can be set using Pulumi stack configuration or environment variables.

OAuth2

First, you need to generate a pair of valid client_id and client_secret: you can proceed by following this documentation.

Once you have retrieved your client_id and client_secret, these parameters can be configured as shown hereafter:

• ovh:endpoint (environment variable: OVH_ENDPOINT)
• ovh:clientId (environment variable: OVH_CLIENT_ID)
• ovh:clientSecret (secret) (environment variable: OVH_CLIENT_SECRET)

Access Token

The provider will look for the token either at OVH_ACCESS_TOKEN environment variable, or get it via ovh:access_token argument in the provider’s stanza.

Similarly to OAuth2 method, the endpoint must be configured (either via ovh:endpoint argument, or with OVH_ENDPOINT environment variable).

Application Key/Application Secret

In order to retrieve this necessary information, please follow First steps with the OVHcloud APIs tutorial.

Concretely, you have to generate these credentials via the OVH token generation page with the following rights:

• GET /
• POST /*
• PUT /*
• DELETE /*

Once you have retrieved your application_key, application_secret and consumer_key, these parameters can be configured as shown hereafter:

• ovh:endpoint (environment variable: OVH_ENDPOINT)
• ovh:applicationKey (environment variable: OVH_APPLICATION_KEY)
• ovh:applicationSecret (secret) (environment variable: OVH_APPLICATION_SECRET)
• ovh:consumerKey (environment variable: OVH_CONSUMER_KEY)

Endpoints

Depending on the API you want to use, you may set the endpoint to:

• ovh-eu for OVHcloud Europe API
• ovh-us for OVHcloud US API
• ovh-ca for OVHcloud Canada API
• soyoustart-eu for So you Start Europe API
• soyoustart-ca for So you Start Canada API
• kimsufi-eu for Kimsufi Europe API
• kimsufi-ca for Kimsufi Canada API
• Or any arbitrary URL to use in a test for example