prehistoric-account-60014
12/20/2019, 10:22 PM400
status code from the CLI? I’m attempting to run:
pulumi config --verbose=3 --stack $PULUMI_STACK --config-file Pulumi.development.yaml --show-secrets --json)
but all I’m seeing is:
error: could not decrypt configuration value: [400] Message authentication failed
I was hoping --verbose=3
would help a bit but there isn’t any extra information compared to the non-verbose run.white-balloon-205
prehistoric-account-60014
12/20/2019, 10:26 PMdevelopment
into a new stack on each merge request. Because Pulumi.development.yaml
can’t just be copied, because of how the encryption is unique per stack, I’m getting the config JSON so that I can loop through it and set it in the new stack. Here’s the snippet:
function test_pulumi() {
PULUMI_STACK=test
CI_ENVIRONMENT_SLUG=development
CI=true
pulumi login
pulumi stack init $PULUMI_STACK || true
if [[ "$CI_ENVIRONMENT_SLUG" != "production" ]] || [[ "$CI_ENVIRONMENT_SLUG" != "staging" ]]; then
json="$(pulumi config --verbose=3 --stack $PULUMI_STACK --config-file Pulumi.development.yaml --show-secrets --json)"
keys="$(echo $json | jq -r 'keys[]')"
for key in $(echo $keys | tr '\n' ' ')
do
pulumi config --stack "$PULUMI_STACK" set "$key" "$(echo $json | jq -r '.["'"$key"'"].value')" $(if [ "$(echo $json | jq -r '.["'"$key"'"].secret')" = "true" ]; then echo "--secret"; fi)
done
fi
pulumi login
.test_pulumi
because I’m reproducing this stuff locally after getting the 400
in CI. Getting the 400
locally as well.--stack $PULUMI_STACK
to --stack development
in the line where I get the JSON and that would be fine for now. I was just wondering if it wasn’t supported to decrypt from a config file that’s different from the current stack? (I’m like 99% sure that’s the issue here)development
instead of specifying the configuration file. I was trying to avoid this before because I didn’t want to hardcode the development stack, but hardcoding Pulumi.development.yaml
is basically the exact same thing. I’m guessing that the server returns a 400
because it’s using the encryption key of $PULUMI_STACK
but attempting to decrypt Pulumi.development.yaml
which belongs to another stack and that makes perfect sense. I guess the error message could be a bit clearer but it was definitely an erroneous setup on my end. I guess I didn’t need any help 😅white-balloon-205
prehistoric-account-60014
12/20/2019, 10:47 PM