https://pulumi.com logo
Title
c

clever-byte-21551

09/22/2020, 6:22 AM
Not sure if this is automation API related but I have a stack where calling refresh just stucks. I added logging of the refresh command output, it list all the resources needed for refresh and after that it’s just stuck on
@ refreshing....
for many minutes
l

lemon-agent-27707

09/22/2020, 6:35 AM
Pulumi does not run the program for refresh so there should be no difference in behavior between automation and cli driven programs.
c

clever-byte-21551

09/22/2020, 6:39 AM
Is there any way to understand what is taking so long? it’s almost 20 minutes stuck on refresh, this is happening consistently and nothing was changed in the environment
l

lemon-agent-27707

09/22/2020, 6:53 AM
There are verbose logging options, but these aren't supported in automation api yet. https://www.pulumi.com/docs/troubleshooting/#verbose-logging
You can set up a CLI wrapper as such: https://github.com/EvanBoyle/automation-api-examples/tree/main/inline_local_hybrid Or just set
workdir := path.Join(".")
and do a refresh with the CLI in that directory using those params.
c

clever-byte-21551

09/22/2020, 11:02 AM
I found the issue, i used the wrong passphrase during the refresh, I’m not sure why it was hanging instead of just failing.
w

white-balloon-205

09/22/2020, 2:19 PM
@clever-byte-21551 that sounds like potentially a bug related to the passphrase secrets-provider - would you mind opening a GitHub issue?
c

clever-byte-21551

09/22/2020, 2:20 PM
it was actually something totally different, the aws credentials that persisted to the state file has expired that caused the refresh to hang
w

white-balloon-205

09/22/2020, 8:41 PM
Aha - yes. We actually fixed that to not persist those credentials in the state file recently when they come from ambient environment - so you should no longer see this class of error in the future after deploying an update withe a recent AWS/Azure/GCP provider.
c

clever-byte-21551

09/23/2020, 5:09 AM
@white-balloon-205 when was that? I’m using v3.2
I upgraded to 3.4 and i still see the credentials in the state file (i’m using golang)
"urn": "urn:pulumi:stackName::projectName::pulumi:providers:aws::assumedRole",
                    "custom": true,
                    "id": "c0d2a4d0-f889-4df7-a460-217f4e415133",
                    "type": "pulumi:providers:aws",
                    "inputs": {
                        "accessKey": "REDACTED",
                        "profile": "",
                        "region": "us-east-1",
                        "secretKey": "REDACTED",
                        "token": "REDACTED"
                    },
w

white-balloon-205

09/23/2020, 3:48 PM
If you are specifying them explicitly
pulumi config set aws:accessKey
or
new aws.Provider("aws", {accessKey: ...})
then they will be there. But if they are just coming from environment variables, they shouldn't be stored in the state. Are you doing the latter and still seeing this? Have you done an update with that more recent version?
c

clever-byte-21551

09/24/2020, 5:07 AM
I’m defining them explicitly in code because I will be dealing with multiple deployments simultaneously on the same machine . And I’m also using the new Automation API for that.