shy-doctor-90574
10/11/2022, 2:29 PMpurple-angle-61594
10/17/2022, 7:26 PMbrainy-church-78120
11/18/2022, 12:12 AMwhite-chef-55657
11/22/2022, 9:01 AMwhite-chef-55657
12/01/2022, 10:16 AMread pulumi:pulumi:StackReference
- is it a known issue with the pulumi service? would it be better to use a different backend?magnificent-scientist-64889
12/01/2022, 2:54 PMimport { LocalWorkspace } from '@pulumi/pulumi/automation';
LocalWorkspace.createOrSelectStack({
stackName: 'debug-stack',
workDir: 'debug'
}, {
stackSettings: {
['debug-stack']: {
config: {
'debug-stack:accountId': '012345678912',
'aws:allowedAccountIds': ['012345678912'],
'aws:region': 'eu-west-1'
}
}
},
envVars: { AWS_PROFILE: 'REDACTED', PULUMI_ACCESS_TOKEN: 'REDACTED' }
}).then(stack => {
stack.up({ onEvent: console.log }).then(result => console.log(result.summary));
});
What happens is, after the stack is created in the pulumi cloud, the stack is set without the trailing 0 on the accountId.
The local Pulumi.debug-stack.yaml
file is created correctly at this point.
When running up, the state is read from the pulumi cloud and then fails, as it validates against allowed account ids [ '12345678912'].
When looking at the up request onEvent output, the preludeEvent shows:
{
sequence: 0,
timestamp: 1669902905,
preludeEvent: {
config: {
'aws:allowedAccountIds': '[12345678912]',
'aws:region': 'eu-west-1',
'debug-stack:accountId': '1.2345678912e+10'
}
}
}
So my guess is there is a type conversion error happening in the Cloud Service.damp-lamp-30288
12/09/2022, 3:20 AMDuplicate resource URN
. However there is no other KMS key in this stack and no duplicate URN. I have exported the stack to JSON and verified that there is no matching URN.
error: Duplicate resource URN 'urn:pulumi:production::jackpot-reader::aws:kms/key:Key::jackpot-reader-production-key'; try giving it a unique name
Even weirder, when I go back to a previous commit (before the KMS key was in the stack) and run a pulumi preview
, in the diff it shows that it's trying to create the KMS Key! Yet there's no key in the IaC!
...
+ └─ aws:kms:Key jackpot-reader-production-key create
+ └─ aws:kms:Alias key-alias create
...
Changing the name just creates two keys as well! (one with the new and one with the old)
...
+ ├─ aws:kms:Key jackpot-reader-production-kms-key create
+ │ └─ aws:kms:Alias jackpot-reader-production-kms-key-alias create
+ ├─ aws:kms:Key jackpot-reader-production-key create
+ │ └─ aws:kms:Alias key-alias create
...
Any help would be appreciated as we are essentially blocked from deploying this stack.
Versions:
"@pulumi/aws": "^4.38.0"
"@pulumi/pulumi": "^2.1.0"
We are using TypeScript as well.
I've tried updating the AWS package, pulumi package, refreshing the stack but no luck.bored-vase-40478
12/28/2022, 4:53 PMbrainy-church-78120
01/06/2023, 3:43 PMrough-jordan-15935
01/19/2023, 5:06 AMpulumi up
the other team member has to redeploy the entire stack again. thinking its a state issue, but state is managed via the pulumi backend.
and, interestingly -> when a specific member of my team deploys, pulumi changes the VCS link on that stack to the forked repo and not the original repo.
could i any help on this?
this significantly affects development time.square-hair-965
01/19/2023, 11:19 PMneeds_verification
state but don't seem to ever get confirmation emails when the button is used.
is there anyone available to help? i created a support request through the site form and never received a response either (we're a team account atm)magnificent-scientist-64889
02/16/2023, 2:02 PMerror: Preview failed: constructing secrets manager of type "cloud": secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access
I can eliminate the error by giving access to the KMS key in stack 1 to the deployment role in stack 2. Which seems counter intuitive when the stack references does not expose the config and has the following comment:
/**
* Fetches the value promptly of the named stack output. May return undefined if the value is
* not known for some reason.
*
* This operation is not supported (and will throw) if the named stack output is a secret.
*
* @param name The name of the stack output to fetch.
*/
getOutputValue(name: string): Promise<any>;
Is this by design?
Hope someone can shed some light on it.
EDIT: looks like a bug https://github.com/pulumi/pulumi/issues/11109elegant-solstice-49845
02/17/2023, 7:07 AMpulumi new <https://bitbucket.org/{organisation}/{repo}.git>
Issue arises when I add the above as the template value for browser capabilities eg <https://app.pulumi.com/new?template=https://bitbucket.org/{organisation}/{repo}.git>
cool-dress-96114
02/24/2023, 9:55 PMcareful-army-28297
03/10/2023, 11:40 AMmillions-train-91139
03/22/2023, 9:36 AMbored-activity-40468
04/09/2023, 6:46 AM<https://api.pulumi.com/api/stacks/{org}/{project}/np/decrypt>
after digging in the archive. Where is the best place to make an issue to have it added to <https://api.pulumi.com/api>
? And is BuildDecrypt
exposed or only decrypt
?lemon-agent-27707
04/13/2023, 2:43 PMlemon-agent-27707
04/13/2023, 2:43 PMlemon-agent-27707
04/13/2023, 5:29 PMable-train-72108
04/27/2023, 1:59 PMrapid-monitor-13579
07/31/2023, 1:38 PMStackReference
make sense.
like homelab/${microstack}/env
.
There is a way to link this Organization to use my personal account licence?white-chef-55657
08/14/2023, 2:02 PMwhite-chef-55657
08/16/2023, 6:30 AMmillions-train-91139
08/23/2023, 3:21 PMlittle-cartoon-10569
10/03/2023, 9:00 PMclean-dusk-43198
10/07/2023, 2:10 PMDiagnostics:
18
pulumi:pulumi:Stack (smilingwords-gcp-management-prod):
19
warning: unable to detect a global setting for GCP Project;
20
Pulumi will rely on per-resource settings for this operation.
21
Set the GCP Project by using:
22
`pulumi config set gcp:project <project>`
23
warning: unable to detect a global setting for GCP Project;
24
Pulumi will rely on per-resource settings for this operation.
25
Set the GCP Project by using:
26
`pulumi config set gcp:project <project>`
27
error: Running program '/deployment/index.ts' failed with an unhandled exception:
28
[36m<ref *1>[39m Error: invocation of gcp:projects/getProject:getProject returned an error: invoking gcp:projects/getProject:getProject: 1 error occurred:
29
* Error retrieving projects: Get "<https://cloudresourcemanager.googleapis.com/v1/projects?alt=json&filter=name%3Asmw-bot+lifecycleState%3AACTIVE+labels.smw_bot%3Ay+labels.pulumi%3Ay>": oauth2/google: unable to generate access token: Post "<https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/smw-bot-serviceaccount@smw-bot-qowk5.iam.gserviceaccount.com:generateAccessToken>": oauth2/google: status code 400: {"error":"invalid_target","error_description":"The target service indicated by the \"audience\" parameters is invalid. This might either be because the pool or provider is disabled or deleted or because it doesn't exist."}
30
31
32
at Object.callback [90m(/deployment/[39mnode_modules/[4m@pulumi[24m/runtime/invoke.ts:172:37[90m)[39m
33
at Object.onReceiveStatus [90m(/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/client.ts:360:26[90m)[39m
34
at Object.onReceiveStatus [90m(/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/client-interceptors.ts:458:34[90m)[39m
35
at Object.onReceiveStatus [90m(/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/client-interceptors.ts:419:48[90m)[39m
36
at [90m/deployment/[39mnode_modules/[4m@grpc[24m/grpc-js/src/resolving-call.ts:132:24
37
[90m at processTicksAndRejections (node:internal/process/task_queues:77:11)[39m {
38
promise: Promise { [36m<rejected>[39m [36m[Circular *1][39m }
39
}
What is the issue or how it can be solved?
It would be very nice if someone would have the answer!
Please help 😕
Thanks in advance!numerous-daybreak-17216
10/14/2023, 9:05 AMcrooked-kitchen-90092
11/03/2023, 4:00 PMmillions-train-91139
11/08/2023, 7:17 AMreadonly
permissions on some stacks.
I assumed running pulumi preview
will work just fine.
It does, but after showing a correct preview it if fails with:
error: failed to encrypt secret value: [404] Not Found: Stack 'my-stack' not found
When I give it write
permissions on the stack, it succeeds.
Why does it try to encrypt anything on preview
, seems like a bug