https://pulumi.com logo
Powered by
Title
p

proud-art-41399

03/29/2023, 8:22 AM
Hi, can anyone explain me what's the purpose of 
.pulumi/Pulumi.yaml
in the case of self-managed backend? In my case it's backed by AWS S3 bucket. I've just found out that my builds haven't been passing since 23th March because my fine-grained IAM role for use with GitHub Actions doesn't contain permission to access this object. The builds were passing until that time, though, the last one passing just a couple of hours before. The Pulumi version used by Pulumi GitHub action changed from v3.58.0 to v3.59.0 between the passing and failing job, if that matters. Was that 
.pulumi/Pulumi.yaml
file/object just introcuded by that time? I haven't found any mentions about it in https://www.pulumi.com/docs/intro/concepts/state/.
Also, the failing GitHub Actions job showed this error: 
Logging into <s3://pulumi.xxx.xxx>

/home/runner/work/_actions/pulumi/actions/v4/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/errors.js:73
                    : new CommandError(result));
^
CommandError: code: -2
 stdout: 
 stderr: Command failed with exit code 255: pulumi stack select --stack xxx-xxx-prod --non-interactive
error: PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions
 err?: Error: Command failed with exit code 255: pulumi stack select --stack xxx-xxx-prod --non-interactive
error: PULUMI_ACCESS_TOKEN must be set for login during non-interactive CLI sessions

    at Object.createCommandError (/home/runner/work/_actions/pulumi/actions/v4/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/errors.js:73:1)
    at Object.<anonymous> (/home/runner/work/_actions/pulumi/actions/v4/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/cmd.js:76:1)
    at Generator.throw (<anonymous>)
    at rejected (/home/runner/work/_actions/pulumi/actions/v4/webpack:/pulumi-github-action/node_modules/@pulumi/pulumi/automation/cmd.js:19:1)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
which didn't suggest the above problem. Only when trying to run Pulumi locally (assuming the IAM role) it showed: 
pulumi stack select --stack xxx-xxx-prod
error: read ".pulumi/Pulumi.yaml": blob (key ".pulumi/Pulumi.yaml") (code=Unknown): AccessDenied: Access Denied
	status code: 403, request id: V9KQCGMCQS4AYK6Y, host id: nXb8oU+0htao76xHXqi8IJeWWgTsY8kzZsMVAfE6j3A9gk3VR+mH8W92EbtmWIUKS/ltQkJ3hPE=
b

billowy-army-68599

03/29/2023, 2:13 PM
Could you open an issue for this please?
p

proud-art-41399

03/29/2023, 3:04 PM
Do you think it's an issue? I was more like just asking about the purpose of the 
.pulumi/Pulumi.yaml
file and when (or more likely why) it was introduced. Seems like my fault in the end that I didn't specify permissions to access this file.
51 Views
#generalJoin Slack
Powered by