gorgeous-minister-41131
03/23/2023, 3:49 AMpulumi about
no matter what you run even if you just want to pulumi update -C somedir/
in the pwd. For example...
ArgoCD strips the root /tmp/_argocd-repo of all read permissions [not sure why, but it's just the behavior it seems to exhibit https://github.com/argoproj/argo-cd/blob/master/reposerver/repository/repository.go#L175].
I can see if I can work around it, but I'm curious why the actions of pulumi about
seem to implicitly run now when doing a pulumi update
in a project in the current working directory...
TBH this isn't a problem unique to just argo, since it is certainly appropriate for someone to restrict access at the root of a directory, but allow permission in a subdirectory of that directory. Pulumi has no business trying to traverse from the top of the basedir root IMO.
Anyways it is reported as an error, but when the pulumi update
is run it seems to fail with exit codes...
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ pulumi about
CLI
Version 3.59.0
Go Version go1.20.2
Go Compiler gc
Host
OS ubuntu
Version 22.04
Arch x86_64
Pulumi locates its logs in /tmp by default
warning: Failed to read project: failed to locate Pulumi.yaml project file: open /tmp/_argocd-repo: permission denied
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ stat $(pwd)
File: /tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra
Size: 193 Blocks: 0 IO Block: 4096 directory
Device: 10301h/66305d Inode: 75495274 Links: 9
Access: (0755/drwxr-xr-x) Uid: ( 999/ argocd) Gid: ( 999/ argocd)
Access: 2023-03-23 03:44:11.481492993 +0000
Modify: 2023-03-23 03:44:11.517493089 +0000
Change: 2023-03-23 03:44:11.517493089 +0000
Birth: 2023-03-23 03:44:11.481492993 +0000
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ pulumi whoami
error: failed to locate Pulumi.yaml project file: open /tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra: permission denied
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ pulumi login file:///tmp/tmp.Wqvf7DFQPz
error: failed to locate Pulumi.yaml project file: open /tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra: permission denied
argocd@argo-cd-argocd-repo-server-55d7cdfb97-xtkp7:/tmp/_argocd-repo/52c01366-05dc-4758-9681-a63572526b17/infra$ echo $?
255
pulumi login
phasecd $HOME
${PULUMI_CMD} login file://$pulumi_state_temp
cd -