Hi, Looking to resurface an issue I've been having. I have an environment properly setup in the console, attached to a stack, and I can return values from the env using pulumi config get <var>. However when running a preview or deploying through the console the values are not retrieved properly. Im writting a python AWS project.

Is this possibly what you're running into? https://github.com/pulumi/esc/issues/347

Thanks for the link but not quite, im just importing one env (no nested envs) and no secrets involved.

Hmm... gonna need more details on how to repro then! Can you give us a code sample of your environment and what you mean that they are not retrieved properly? How are you accessing them in your pulumi program?

Sure thing: So my I have a esc environment called 'development' configured as below.

values:
  aws:
    login:
      fn::open::aws-login:
        oidc:
          duration: 1h
          roleArn:
            fn::secret:
              ciphertext: secret
          sessionName: pulumi-environments-session
          subjectAttributes:
            - currentEnvironment.name
            - pulumi.user.login
  environmentVariables:
    AWS_ACCESS_KEY_ID: ${key}
    AWS_SECRET_ACCESS_KEY: ${key}
    AWS_SESSION_TOKEN: ${token}
  pulumiConfig:
    aws:region: <region>
    network:vpc_cidr: <cidr>
    network:private_subnet_01_cidr: <cidr>
    network:public_subnet_01_cidr: <cidr>
    network:av_zone_01: <av-zone>

I have a pulumi.dev.yaml file as below:

environment:
  - development

In my main.py I then have the following code, note config.require() here is just being used to debug it will be set to get in production:

config = pulumi.Config()

primary_region = config.require("aws:region")
vpc_cidr = config.get("network:vpc_cidr")
private_subnet_01_cidr = config.get("network:private_subnet_01_cidr")
public_subnet_01_cidr = config.get("network:public_subnet_01_cidr")
av_zone_01 = config.get("network:av_zone_01")

If I run 'pulumi env ls' I can see all my envs including the development environment added to this project. If I run 'puluumi env open <org>/development' I can see the relevant config parameters and login credentials. If I look at the configuration of the stack inside the Pulumi console I can see all the relevant config parameters. Despite this when I run pulumi preview in my local env I get the following error:

error: Missing required configuration variable '<stack-name>:aws:region'
        please set a value using the command `pulumi config set <stack-name>:aws:region <value>`

I get the same error when I run a deployment in the pulumi console. So I update the esc config to the following in an attempt to debug

values:
  aws:
    login:
      fn::open::aws-login:
        oidc:
          duration: 1h
          roleArn:
            fn::secret:
              ciphertext: secret
          sessionName: pulumi-environments-session
          subjectAttributes:
            - currentEnvironment.name
            - pulumi.user.login
  environmentVariables:
    AWS_ACCESS_KEY_ID: ${key}
    AWS_SECRET_ACCESS_KEY: ${key}
    AWS_SESSION_TOKEN: ${token}
  pulumiConfig:
    <stack-name>:aws:region: <region>
    <stack-name>:network:vpc_cidr: <cidr>
    <stack-name>:network:private_subnet_01_cidr: <cidr>
    <stack-name>:network:public_subnet_01_cidr: <cidr>
    <stack-name>:network:av_zone_01: <av-zone>

And with this config I get the following error:

error: validating stack config: could not parse <stack-name>:aws:region as a configuration key (configuration keys should be of the form `<namespace>:<name>`)

Any help would be much appreciated - I'm running python 3.11.3 and pulumi 3.103.1

Interesting! I wonder if the colons are throwing it off. You might want to do:

aws_config = pulumi.Config("aws")
network_config = pulumi.Config("network")

primary_region = aws_config.require("region")
vpc_cidr = network_config.get("nvpc_cidr")
private_subnet_01_cidr = network_config.get("private_subnet_01_cidr")
public_subnet_01_cidr = network_config.get("public_subnet_01_cidr")
av_zone_01 = network_config.get("av_zone_01")

I'll give that a try!