Not sure if this is automation API related but I h...
# automation-api
Not sure if this is automation API related but I have a stack where calling refresh just stucks. I added logging of the refresh command output, it list all the resources needed for refresh and after that it’s just stuck on
@ refreshing....
for many minutes
Pulumi does not run the program for refresh so there should be no difference in behavior between automation and cli driven programs.
Is there any way to understand what is taking so long? it’s almost 20 minutes stuck on refresh, this is happening consistently and nothing was changed in the environment
There are verbose logging options, but these aren't supported in automation api yet.
You can set up a CLI wrapper as such: Or just set
workdir := path.Join(".")
and do a refresh with the CLI in that directory using those params.
I found the issue, i used the wrong passphrase during the refresh, I’m not sure why it was hanging instead of just failing.
@clever-byte-21551 that sounds like potentially a bug related to the passphrase secrets-provider - would you mind opening a GitHub issue?
it was actually something totally different, the aws credentials that persisted to the state file has expired that caused the refresh to hang
Aha - yes. We actually fixed that to not persist those credentials in the state file recently when they come from ambient environment - so you should no longer see this class of error in the future after deploying an update withe a recent AWS/Azure/GCP provider.
@white-balloon-205 when was that? I’m using v3.2
I upgraded to 3.4 and i still see the credentials in the state file (i’m using golang)
Copy code
"urn": "urn:pulumi:stackName::projectName::pulumi:providers:aws::assumedRole",
                    "custom": true,
                    "id": "c0d2a4d0-f889-4df7-a460-217f4e415133",
                    "type": "pulumi:providers:aws",
                    "inputs": {
                        "accessKey": "REDACTED",
                        "profile": "",
                        "region": "us-east-1",
                        "secretKey": "REDACTED",
                        "token": "REDACTED"
If you are specifying them explicitly
pulumi config set aws:accessKey
new aws.Provider("aws", {accessKey: ...})
then they will be there. But if they are just coming from environment variables, they shouldn't be stored in the state. Are you doing the latter and still seeing this? Have you done an update with that more recent version?
I’m defining them explicitly in code because I will be dealing with multiple deployments simultaneously on the same machine . And I’m also using the new Automation API for that.