Follow-up question for Stack READMEs... the explanatory text on the stack's README tab says:

README templates can reference Stack outputs and resource properties.

Is there special syntax for referencing resource properties? All the examples I can find refer to outputs only.

@full-artist-27215 semi-related, how did you first find out about stack readmes? im curious! [someone else will answer ur actual question soon]

Is there somewhere to look to discover why a pulumi preview failed? The diagnostic logs of the preview run itself in the service ends with the

dotnet build

completing successfully, then... nothing until it failed at the 10 minute mark (I assume this is a service timeout). It would be good to discern whether it's a problem we can control or something awry with the pulumi service

I got a panic during a `pulumi up`: the GitHub workflow has finished correctly (reporting failure 👍 ) but the Pulumi app thinks it's still in progress. And

pulumi cancel

is producing bad mojo:

4:10 $ pulumi cancel
This will irreversibly cancel the currently running update for 'dev'!
Please confirm that this is what you'd like to do by typing ("dev"): dev
warning: A new version of Pulumi is available. To upgrade from version '3.34.0' to '3.37.1', visit <https://pulumi.com/docs/reference/install/> for manual instructions and release notes.
error: [409] Conflict: The Update has already timed out
14:10 $ pulumi stack ls
NAME              LAST UPDATE  RESOURCE COUNT  URL
myorg/dev*        in progress  9               ...

Any suggestions on how to really really cancel this? And maybe some hints on where to start looking for errors like this:

stderr: panic: fatal: An assertion has failed: cannot read an archive that has no contents

I can't see any link in the Pulumi app for raising a support request. Does such a thing exist?

Hey All! We wanted to let everybody know that we've made a couple of improvements to the Pulumi Service Provider in version

v0.1.6

that I think you all will appreciate 🙂 Notably: • #63 (My personal favorite, and a community request) To use the provider locally, all you need to do is run

pulumi login

, and it'll use your saved credentials. This means you no longer need to set

PULUMI_ACCESS_TOKEN

or set a configuration value! You can still set the variable if you'd like to override your saved credentials, or if you're running your program in CI/CD. • #51 We added

TeamStackPermission

resource, so you can manage team access to stacks within a pulumi program. You can grant stack permissions to a team from directly inside of the stack itself now, which I think is pretty neat. Here's an example in YAML. We're excited about directly integrating the Pulumi Service into Pulumi programs. So we would love to get more feedback from you all about how we can improve, and what features you would like us to add. Please file an issue here if you have any ideas, suggestions, or if you find any bugs!

Hej you fine people! We're using a Pulumi Webhook—created via the Pulumi Provider—to monitor activity. Everything is fine and dandy until we

pulumi refresh

. We get the following error:

pulumiservice:index:Webhook ([...]-pulumi-webhook):
    error: error reading from server: read tcp 127.0.0.1:56677->127.0.0.1:56674: wsarecv: An existing connection was forcibly closed by the remote host.

  pulumi:pulumi:Stack ([...]):
    panic: interface conversion: interface {} is nil, not resource.PropertyMap
    goroutine 98 [running]:
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/resource.PropertyValue.ObjectValue(...)|github.com/pulumi/pulumi/sdk/v3/go/common/resource.PropertyValue.ObjectValue(...)>
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.37.2/go/common/resource/properties.go:431
    <http://github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*PulumiServiceWebhookResource).Diff(0x184f460|github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*PulumiServiceWebhookResource).Diff(0x184f460>?, 0xc0000c4000)
        /home/runner/work/pulumi-pulumiservice/pulumi-pulumiservice/provider/pkg/provider/webhook.go:132 +0x64b
    <http://github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*pulumiserviceProvider).Diff(0xc00058c3c0|github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*pulumiserviceProvider).Diff(0xc00058c3c0>, {0xc0001c5880?, 0x101fb55?}, 0x40?)
        /home/runner/work/pulumi-pulumiservice/pulumi-pulumiservice/provider/pkg/provider/provider.go:181 +0x74
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler.func1({0x18588a8|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler.func1({0x18588a8>, 0xc00068c390}, {0x1623ca0?, 0xc0000c4000})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.37.2/proto/go/provider.pb.go:3707 +0x78
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0x18588a8|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0x18588a8>, 0xc00068c030}, {0x1623ca0, 0xc0000c4000}, 0xc000392120, 0xc0002500c0)
        /home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x3f9
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler({0x1654080|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler({0x1654080>?, 0xc00058c3c0}, {0x18588a8, 0xc00068c030}, 0xc00058c2a0, 0xc0003b2640)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.37.2/proto/go/provider.pb.go:3709 +0x138
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc00031ac40|google.golang.org/grpc.(*Server).processUnaryRPC(0xc00031ac40>, {0x185e020, 0xc000684340}, 0xc000394000, 0xc0002b9fb0, 0x1e85728, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:1283 +0xcfe
    <http://google.golang.org/grpc.(*Server).handleStream(0xc00031ac40|google.golang.org/grpc.(*Server).handleStream(0xc00031ac40>, {0x185e020, 0xc000684340}, 0xc000394000, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:1620 +0xa2f
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.2()|google.golang.org/grpc.(*Server).serveStreams.func1.2()>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:922 +0x98
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:920 +0x28a

After this unsuccessful

refresh

, attempts to

pulumi up

then also fail:

panic: interface conversion: interface {} is nil, not resource.PropertyMap
    goroutine 13 [running]:
    <http://github.com/pulumi/pulumi/sdk/v3/go/common/resource.PropertyValue.ObjectValue(...)|github.com/pulumi/pulumi/sdk/v3/go/common/resource.PropertyValue.ObjectValue(...)>
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.37.2/go/common/resource/properties.go:431
    <http://github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*PulumiServiceWebhookResource).Diff(0x184f460|github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*PulumiServiceWebhookResource).Diff(0x184f460>?, 0xc0004e2b60)
        /home/runner/work/pulumi-pulumiservice/pulumi-pulumiservice/provider/pkg/provider/webhook.go:132 +0x64b
    <http://github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*pulumiserviceProvider).Diff(0xc000106360|github.com/pulumi/pulumi-pulumiservice/provider/pkg/provider.(*pulumiserviceProvider).Diff(0xc000106360>, {0xc0001d7880?, 0x101fb55?}, 0x40?)
        /home/runner/work/pulumi-pulumiservice/pulumi-pulumiservice/provider/pkg/provider/provider.go:181 +0x74
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler.func1({0x18588a8|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler.func1({0x18588a8>, 0xc0002494d0}, {0x1623ca0?, 0xc0004e2b60})
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.37.2/proto/go/provider.pb.go:3707 +0x78
    <http://github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0x18588a8|github.com/grpc-ecosystem/grpc-opentracing/go/otgrpc.OpenTracingServerInterceptor.func1({0x18588a8>, 0xc000249110}, {0x1623ca0, 0xc0004e2b60}, 0xc000422740, 0xc000443050)
        /home/runner/go/pkg/mod/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645/go/otgrpc/server.go:57 +0x3f9
    <http://github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler({0x1654080|github.com/pulumi/pulumi/sdk/v3/proto/go._ResourceProvider_Diff_Handler({0x1654080>?, 0xc000106360}, {0x18588a8, 0xc000249110}, 0xc000122f00, 0xc000392100)
        /home/runner/go/pkg/mod/github.com/pulumi/pulumi/sdk/v3@v3.37.2/proto/go/provider.pb.go:3709 +0x138
    <http://google.golang.org/grpc.(*Server).processUnaryRPC(0xc00031ac40|google.golang.org/grpc.(*Server).processUnaryRPC(0xc00031ac40>, {0x185e020, 0xc000505860}, 0xc0000d97a0, 0xc000317110, 0x1e85728, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:1283 +0xcfe
    <http://google.golang.org/grpc.(*Server).handleStream(0xc00031ac40|google.golang.org/grpc.(*Server).handleStream(0xc00031ac40>, {0x185e020, 0xc000505860}, 0xc0000d97a0, 0x0)
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:1620 +0xa2f
    <http://google.golang.org/grpc.(*Server).serveStreams.func1.2()|google.golang.org/grpc.(*Server).serveStreams.func1.2()>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:922 +0x98
    created by <http://google.golang.org/grpc.(*Server).serveStreams.func1|google.golang.org/grpc.(*Server).serveStreams.func1>
        /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/server.go:920 +0x28a

  pulumiservice:index:Webhook ([...]-pulumi-webhook):
    error: error reading from server: read tcp 127.0.0.1:56886->127.0.0.1:56883: wsarecv: An existing connection was forcibly closed by the remote host.

To fix the issue, we found that we have to

destroy

the stack and

up

it again—then everything is back in order. Has anybody had similar problems, is this a known issue, and how should we proceed? 😄 Thanks in advance!

Hi, we're using Pulumi Cloud, but sometimes I feel the need to take a look at the stack directly using some custom CLI tools. I currently use

pulumi stack export

but our stacks can be big and that takes a while. Is there a way to keep a copy of the stack locally? I'm not looking at anything even remotely safe from a concurrent point of view BTW, just some local copy of the stack. Thank you

hello! we are working on a new feature in the service and are running usability studies next week. if ya would be interested in participating in an hour-long session in which you share your screen and complete a few tasks pls add an emoji or send me a dm. thank you!!

Hi all. My name is Jonelle Boyd and I'm apart of the UX team here at Pulumi. The UX team is looking to make some updates to the Service UI which involve redesigning the Stacks list page and creating a new Resources page, and I am trying to find a couple of our users to interview who use these two areas frequently. This would really help us in assuring that we're considering our users needs and wants when designing for these updates. If you're interested, please DM me. Thanks for your help!

[X-Post] Pulumi Service vs Spacelift Question Thanks!

hi folks, you can now bulk transfer stacks in the service ui. look for the transfer stacks button on the stacks page of individual accounts and the 3-dot menu next to the create project button on the stacks page in collaborative organizations.

howdy 👋 I recently noticed we’re no longer getting comments on PRs, I don’t think anything changed with the github integration, the only major change I can think of is that we switched to reusable workflows Pulumi still adds status checks on the PRs, but not comments - any idea how to troubleshoot this?

pulumi usually hangs on

read pulumi:pulumi:StackReference

- is it a known issue with the pulumi service? would it be better to use a different backend?

Hi, Hope someone can be off assistance - I'm guessing it's a bug in the Pulumi Cloud Service. I've tried setting up a simple test case:

import { LocalWorkspace } from '@pulumi/pulumi/automation';

LocalWorkspace.createOrSelectStack({
    stackName: 'debug-stack',
    workDir: 'debug'
}, {
    stackSettings: {
        ['debug-stack']: {
            config: {
                'debug-stack:accountId': '012345678912',
                'aws:allowedAccountIds': ['012345678912'],
                'aws:region': 'eu-west-1'
            }
        }
    },
    envVars: { AWS_PROFILE: 'REDACTED', PULUMI_ACCESS_TOKEN: 'REDACTED' }
}).then(stack => {
    stack.up({ onEvent: console.log }).then(result => console.log(result.summary));
});

What happens is, after the stack is created in the pulumi cloud, the stack is set without the trailing 0 on the accountId. The local

Pulumi.debug-stack.yaml

file is created correctly at this point. When running up, the state is read from the pulumi cloud and then fails, as it validates against allowed account ids [ '12345678912']. When looking at the up request onEvent output, the preludeEvent shows:

{
  sequence: 0,                                   
  timestamp: 1669902905,
  preludeEvent: {                                
    config: {                                    
      'aws:allowedAccountIds': '[12345678912]',  
      'aws:region': 'eu-west-1',
      'debug-stack:accountId': '1.2345678912e+10'
    }
  }
}

So my guess is there is a type conversion error happening in the Cloud Service.

Hi 👋 I've run into a very frustrating issue with Pulumi and am in need of assistance. Currently all deployments of this stack are blocked because of this issue. I have a simple update to create a new KMS Key and Key alias that is failing due to

Duplicate resource URN

. However there is no other KMS key in this stack and no duplicate URN. I have exported the stack to JSON and verified that there is no matching URN.

error: Duplicate resource URN 'urn:pulumi:production::jackpot-reader::aws:kms/key:Key::jackpot-reader-production-key'; try giving it a unique name

Even weirder, when I go back to a previous commit (before the KMS key was in the stack) and run a

pulumi preview

, in the diff it shows that it's trying to create the KMS Key! Yet there's no key in the IaC!

...
 +   └─ aws:kms:Key                     jackpot-reader-production-key            create     
 +      └─ aws:kms:Alias                key-alias                                create 
...

Changing the name just creates two keys as well! (one with the new and one with the old)

...
 +   ├─ aws:kms:Key                     jackpot-reader-production-kms-key        create     
 +   │  └─ aws:kms:Alias                jackpot-reader-production-kms-key-alias  create     
 +   ├─ aws:kms:Key                     jackpot-reader-production-key            create     
 +   │  └─ aws:kms:Alias                key-alias                                create    
...

Any help would be appreciated as we are essentially blocked from deploying this stack. Versions:

"@pulumi/aws": "^4.38.0"

"@pulumi/pulumi": "^2.1.0"

We are using TypeScript as well. I've tried updating the AWS package, pulumi package, refreshing the stack but no luck.

Hi, not sure if this is the right channel to post this question, I’m doing a proof of concept to migrate from the pulumi service to AWS S3 as the backend. What would be the correct operation to remove the stack references from the pulumi service after migrating to AWS S3 the stack state?

theres a few new lil quality of life improvements in the service ui.. • favicons in your browser tab now indicate update status when on an update page • stacks list page now displays the total stack count have ideas on what would make your life better while using the service ui pls share them over in github! https://github.com/pulumi/service-requests

hi, not sure if this is the correct channel for this question. but im currently working in a team working on the same pulumi project. each team member has a fork and when they run a deployment using

pulumi up

the other team member has to redeploy the entire stack again. thinking its a state issue, but state is managed via the pulumi backend. and, interestingly -> when a specific member of my team deploys, pulumi changes the VCS link on that stack to the forked repo and not the original repo. could i any help on this? this significantly affects development time.

hey guys, trying to get a hold of someone in account management. I have a org account user for redacted that is in a

needs_verification

state but don't seem to ever get confirmation emails when the button is used. is there anyone available to help? i created a support request through the site form and never received a response either (we're a team account atm)

Hi, I'm experiencing what i believe is an error, not sure if it's working as intended though. I have a project and stack, that uses a KMS key in AWS for encrypting config secrets, the key is restricted to be used by the deployment role / and account admin. I have another stack for a separate account, that has the same setup. In the second stack, I initialize a stack reference to the first account. When previewing I then get the following error:

error: Preview failed: constructing secrets manager of type "cloud": secrets (code=Unknown): AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access

I can eliminate the error by giving access to the KMS key in stack 1 to the deployment role in stack 2. Which seems counter intuitive when the stack references does not expose the config and has the following comment:

/**
 * Fetches the value promptly of the named stack output. May return undefined if the value is
 * not known for some reason.
 *
 * This operation is not supported (and will throw) if the named stack output is a secret.
 *
 * @param name The name of the stack output to fetch.
 */
getOutputValue(name: string): Promise<any>;

Is this by design? Hope someone can shed some light on it. EDIT: looks like a bug https://github.com/pulumi/pulumi/issues/11109

Hey guys, have an issue using the pulumi button using browser with bitbucket repo https://www.pulumi.com/docs/intro/pulumi-service/pulumi-button/#browser The CLI works fine when creating a new pulumi instance eg.

pulumi new <https://bitbucket.org/{organisation}/{repo}.git>

Issue arises when I add the above as the template value for browser capabilities

eg <https://app.pulumi.com/new?template=https://bitbucket.org/{organisation}/{repo}.git>

Hi there, is there a way to import my existing stack (DIY state stored, login into an S3 bucket) into Pulumi Service?

i am unable to join using link

After enabling SAML, I can still log in with password. Is this only because I’m admin?

Discovered

<https://api.pulumi.com/api/stacks/{org}/{project}/np/decrypt>

after digging in the archive. Where is the best place to make an issue to have it added to

<https://api.pulumi.com/api>

? And is

BuildDecrypt

exposed or only

decrypt

?

has renamed the channel from "pulumi-service" to "pulumi-cloud"

set the channel description: All things Pulumi Cloud (https://app.pulumi.com) Request a feature or file a bug here: https://github.com/pulumi/pulumi-cloud-requests

Big announcement, we just added multi-cloud search, analytics, and intelligence to the Pulumi Cloud. Join #pulumi-insights to learn more! https://pulumi-community.slack.com/archives/CB36DSVSA/p1681398456659489

Hello, I just opened a new issue. Very minor UI bug 🙂 https://github.com/pulumi/pulumi-cloud-requests/issues/226