https://pulumi.com logo
#general
Title
# general
g

gorgeous-minister-41131

03/23/2023, 3:49 AM
did some behavior recently change with Pulumi from 3.53 -> 3.58 (and now 3.59?) -- I've been using it as an ArgoCD CMP for a while now, and it seems now pulumi wants to run
pulumi about
no matter what you run even if you just want to
pulumi update -C somedir/
in the pwd. For example... ArgoCD strips the root /tmp/_argocd-repo of all read permissions [not sure why, but it's just the behavior it seems to exhibit https://github.com/argoproj/argo-cd/blob/master/reposerver/repository/repository.go#L175]. I can see if I can work around it, but I'm curious why the actions of
pulumi about
seem to implicitly run now when doing a
pulumi update
in a project in the current working directory... TBH this isn't a problem unique to just argo, since it is certainly appropriate for someone to restrict access at the root of a directory, but allow permission in a subdirectory of that directory. Pulumi has no business trying to traverse from the top of the basedir root IMO. Anyways it is reported as an error, but when the
pulumi update
is run it seems to fail with exit codes...
Copy code
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ pulumi about
CLI
Version      3.59.0
Go Version   go1.20.2
Go Compiler  gc

Host
OS       ubuntu
Version  22.04
Arch     x86_64

Pulumi locates its logs in /tmp by default
warning: Failed to read project: failed to locate Pulumi.yaml project file: open /tmp/_argocd-repo: permission denied
Copy code
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ stat $(pwd)
  File: /tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra
  Size: 193       	Blocks: 0          IO Block: 4096   directory
Device: 10301h/66305d	Inode: 75495274    Links: 9
Access: (0755/drwxr-xr-x)  Uid: (  999/  argocd)   Gid: (  999/  argocd)
Access: 2023-03-23 03:44:11.481492993 +0000
Modify: 2023-03-23 03:44:11.517493089 +0000
Change: 2023-03-23 03:44:11.517493089 +0000
 Birth: 2023-03-23 03:44:11.481492993 +0000
Perhaps this is some weird implicit behavior of some common lib/function/etc, but it just smells wrong.
Copy code
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ pulumi whoami
error: failed to locate Pulumi.yaml project file: open /tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra: permission denied
it seems to be invoked by the whoami logic, and I see this stuff was recently changed in recent merges
Copy code
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ pulumi login file:///tmp/tmp.Wqvf7DFQPz
error: failed to locate Pulumi.yaml project file: open /tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra: permission denied
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ echo $?
255
I think I pinpointed the actual exit code
it's during the
pulumi login
phase
I opened/reported this - I know it's a strange edgecase, but it is one indeed.
I can reliably reproduce it just by creating a directory structure that removes read from the root-parent.
Also if anyone else runs into this, I was able to workaround it by doing
Copy code
cd $HOME
		${PULUMI_CMD} login file://$pulumi_state_temp
		cd -
It appears that pulumi update works just fine - it is just login that barfs on the permission problem
2 Views