https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# general
s
This message was deleted.
l
@quiet-hamburger-20840 can you help here?
h
looks like it was due to a lack of permissions in AWS. still seems like an odd error message though...
not so much 404...but maybe 403? or even 401. at least then i know it's a perms thing and not that my stack has disappeared 🙂
l
Hopefully chris can help explain what's going on!
@colossal-beach-47527 ^
i paged the wrong chris originally
c
We return a 404 to not disclose the existence of resources. So if you tried to run 
pulumi up
on a stack you don’t have permissions to access, e.g. one in a different Pulumi organization, you’d see a 404 instead of a 403. However, in this situation it doesn’t seem like that is the case.
Could you provide some more context here? e.g. the commands you are running? What does 
pulumi stack ls
, 
pulumi whoami
and 
pulumi up
show?
h
let's see: 1. I ran
Copy code
pulumi up
2. I selected the stack from the stack selection 3. I got a 404 stack not found 4. Tried
Copy code
pulumi up -s <stack name>'
5. Got 404 6.
Copy code
pulumi stack select
7. Picked the stack 8.
Copy code
pulumi up
9. 404 10. pulumi.com...see the stack 11. cry Then a team member added me to the AWS IAM role that granted access to the related AWS resources. Now all things
Copy code
pulumi xxx
work as expected.
If stack select failed or pulumi.com showed me nothing, i could have understood the 404, but that wasn't the case
what other things can i provide to be useful, given things are working now
c
Let me review things, one sec.
Then a team member added me to the AWS IAM role that granted access to the related AWS resources. Now all things
Copy code
pulumi xxx
work as expected.
That’s definitely some surprising behavior 😛 , and almost certainly a bug somewhere in the 
pulumi
CLI. Could you share with me the name of the Pulumi stack that you got these errors on, but were eventually able to successfully run 
pulumi up
? That will allow me to query our backend API logs, to see what response codes were sent to the CLI tool. I suspect the problem is actually in the 
pulumi
tool itself, since any error messages relating to resource management (e.g. AWS IAM creds) don’t interact with the Pulumi Service’s API.
h
interesting...ok...i've had my understanding corrected. i was a member of the "tableau" organization, but wasn't on the team owning the stack. it was adding me to the team that allowed things to work, not adding the AWS perms. does it sound right that i would be able to see the stack in the UI but the command line would 404 in that case?
the stack i was working with was "tableau/mustang-aws-iam-sandbox"
c
Ok, that does make more sense. It’s possible that everything here is working as expected, modulo us needing to provide better error messages in this situation. I’ll look into things to confirm, but I would guess the following happened: - You have READ access to the stack, which is why you can see it within the Pulumi Console UI. - You did not have WRITE access to the stack, which is required to perform an update to it. And that’s why you saw that 
404
from the CLI. - After you were added to the team and added 
WRITE
permission to the stack, you were able to update it like intended.
Historically we’ve erred on the side of very opaque errors, but in this situation — where you are a member of the organization, with READ access to the stack — returning a 403 would have been more reasonable. (Assuming that was the case.) Anyways, sorry for the trouble. Hopefully we can improve the UX around this type of situation.
h
being new to Pulumi, but having worked a little with Terraform and a fair bit with ARM...this is 1000% better 🙂 thanks for listening to me learn things! and thanks for the great work!
partypus 2
❤️ 1
Open in Slack
PreviousNext
Powered by