Channels
#google-cloud
Title
p
prehistoric-account-60014
12/31/2019, 6:09 PMHas anybody gotten an issue similar to
could not get cloud url: unmarshalling credentials file: unexpected end of JSON inputgcloud auth activate-service-account --key-file "$KEY_FILE"If it helps, here’s a line I think is a part of the issue: https://github.com/pulumi/pulumi/blob/738005dd8368bffc565746453f8181930179ca38/cmd/util.go#L78
I’m also getting this issue attempting to create k8s resources:
error: could not deserialize deployment: constructing secrets manager of type "service": getting access token: unmarshalling credentials file: unexpected end of JSON inputw
white-balloon-205
12/31/2019, 9:44 PM
It sounds like one of the files in your
~/.pulumicredentials.jsonDid you hand edit anything there?
p
prehistoric-account-60014
12/31/2019, 9:45 PMI thought it was that at first so I ran
pulumi loginI did not hand edit, it’s all just running in CI
Let me post the relevant code
Copy code
curl -fsSL <https://get.pulumi.com/> | bash
export PATH=$PATH:$HOME/.pulumi/bin
pulumi loginThat is ran once in CI
Copy code
#!/bin/sh
set -e
if [ -z ${PULUMI_STACK+x} ]; then
echo PULUMI_STACK is not set. Exiting...
exit 1
fi
pulumi login
pulumi stack init "$PULUMI_STACK" || true
if [[ "$PULUMI_STACK" != "production" ]] || [[ "$PULUMI_STACK" != "staging" ]]; then
pulumi config refresh --stack development || true
json="$(pulumi config --stack development --show-secrets --json)"
keys="$(echo $json | jq -r 'keys[]')"
for key in $(echo $keys | tr '\n' ' ')
do
value="$(echo $json | jq -r '.["'"$key"'"].value')"
is_secret="$(echo $json | jq -r '.["'"$key"'"].secret')"
pulumi config --stack "$PULUMI_STACK" set "$key" "$value" $(if [ $is_secret = 'true' ]; then echo '--secret'; fi)
done
fiAnd this is run for each Pulumi project
The line 10 which has
pulumi loginAnd if it helps, I’m running this right before I install Pulumi:
Copy code
curl <https://sdk.cloud.google.com> | bash > /dev/null
export PATH=$PATH:/root/google-cloud-sdk/bin
KEY_FILE="$(mktemp)"
echo "$GCP_SERVICE_ACCOUNT" > "$KEY_FILE"
gcloud auth activate-service-account --key-file "$KEY_FILE"Also, some of the Pulumi projects are being updated without issue. So if the credentials are indeed corrupted, they don’t seem to be at first.
Any ideas on what could be happening here?
m
mammoth-elephant-55302
02/03/2020, 7:30 PMIt's because echo is only printing {
Maybe you need to do echo (cat )
Is this on a docker machine? How certain are you that gcloud auth is run successful if it isn't a completely new container or VM?
Are you running gcloud auth from within Google Cloud? (Like on a CE instance?)
p
prehistoric-account-60014
02/04/2020, 12:58 AMIt doesn’t seem to just be taking the first line of the JSON document. This is being run on a GitLab runner, so yes, it’s on docker
m
mammoth-elephant-55302
02/04/2020, 2:42 AMI wonder if this
https://stackoverflow.com/questions/26276348/echo-json-over-command-line-into-file
Maybe gcloud auth was built with a more flexible parser
p
prehistoric-account-60014
02/04/2020, 2:43 AMI just re-ran the CI job, it was about a month old at this point, and it seemed to pass. I’m rebasing some 100+ commits that have happened since then and making sure everything is good to go but it seems a fix in Pulumi might’ve removed this issue.
That stack overflow question seems extremely relevant, though. So I’ll keep working on this and report back.
I added
cat "$KEY_FILE"👍 1
Ok, so the issue is back. I thought that it could be because I was using
mktemp"$HOME/key.json"I’m re-adding the
catw
white-balloon-205
02/04/2020, 8:53 PM
Which error exactly are you seeing? I believe there were two different errors mentioned in this thread.
p
prehistoric-account-60014
02/04/2020, 8:53 PM Copy code
error: could not get cloud url: unmarshalling credentials file: unexpected end of JSON inputThe issue seems to happens some times and not happen other times without changing anything between runs.
w
white-balloon-205
02/05/2020, 3:15 AM
Interesting. That error is definitely from Pulumi itself, and should be related to having a malformed
~/.pulumi/credentials.jsonp
prehistoric-account-60014
02/05/2020, 3:31 PMI’m running on GitLab CI with the
node:10-alpineI’m going to
cat "$HOME/.pulumi/credentials.jsonpulumi upIt seems that the JSON file is missing a closing bracket.
Copy code
{
"current": "<https://api.pulumi.com>",
"accessTokens": {
"<https://api.pulumi.com>": "[MASKED]"
},
"accounts": {
"<https://api.pulumi.com>": {
"accessToken": "[MASKED]",
"username": "miguel",
"lastValidatedAt": "2020-02-05T17:15:45.14108518Z"
}
}An interesting observation is that when I output the file contents, it seems that all lines except that last bracket is printed immediately, then the program continues and sometimes that final line is printed later. For the stacks were this happen, Pulumi shows the preview. For the ones were it doesn’t, the error happens.
I’m going to change the command to do
cat "$HOME/.pulumi/credentials.json" | jq -cTo be more specific, this is the output of a failure case:
Copy code
{
"current": "<https://api.pulumi.com>",
"accessTokens": {
"<https://api.pulumi.com>": "[MASKED]"
},
"accounts": {
"<https://api.pulumi.com>": {
"accessToken": "[MASKED]",
"username": "miguel",
"lastValidatedAt": "2020-02-05T20:01:08.004514991Z"
}
}
error: stack 'review-mo-pulumi-pzf6a4' already exists
error: no previous deployment
error: could not get cloud url: unmarshalling credentials file: unexpected end of JSON input
}That being stdout
When there’s a success case, the bracket will be in the proper place, albeit delayed, and there will be no error message.
What’s being printed is
cat "$HOME/.pulumi/credentials.json"pulumi up Copy code
cat "$HOME/.pulumi/credentials.json"
pulumi stack init "$PULUMI_STACK" || true
pulumi config refresh --stack makeswift/development || true
json="$(pulumi config --stack makeswift/development --show-secrets --json)"That’s the actual script running that’s causing the above result. The first two errors are ignored on purpose by the
|| truepulumi configw
white-balloon-205
02/05/2020, 9:54 PM
Huh - that is very interesting and does suggest where the issue could be here.
Any chance you could open a GitHub issue with these details? If not - I’ll pull one together myself a bit later today.
p
prehistoric-account-60014
02/05/2020, 11:12 PMYes, I’ll probably get to it tomorrow. If you do open one before that, please let me know. I’ll gladly add some comments with details when I get the chance.
Some more information. I traced the script to see what was running and it seems that the command that resulted in the error this time was a
pulumi configw
white-balloon-205
02/06/2020, 5:14 AM
That is very plausible explanation. We haven’t seen this before - but it is possible that it is quite rare to run pulumi CLI commands concurrently so that this is very uncommon in practice. We will look into it.
p
prehistoric-account-60014
02/06/2020, 2:29 PMGotcha. Well, I’ve got some time on my hands now so I’ll go ahead and open the issue.
I think the issue is concurrent Pulumi commands. I’ve changed the program so that it deploys each project in series instead of in parallel and the issue has gone away.
🍧 1
👍 1
9 Views