We are still seeing this but the above workaround doesn't work for us. We manually add it back in and then subsequent updates override it.

The only workaround that does work is installing the plugin manually.

Could you re-open?

Reading through #2318 I agree that I think it makes sense to build it at a layer above similar to something like Atlantis

I've gone ahead and made that change. Let me know what else you need from me.

Sorry for the delay. I can confirm switching to statSync also solves this problem. Want me to make the change?

Self-service

• [X] I'd be willing to implement a fix

Describe the bug

I'm trying to write my own plugin and want to import the versionUtils. My IDE recognises them but when I run the command I get:

Type Error: Cannot read property 'openVersionFile' of undefined

I suspect something is not getting bundled somewhere.

To reproduce

import { Plugin } from '@yarnpkg/core';
import { BaseCommand } from '@yarnpkg/cli';
import { versionUtils } from '@yarnpkg/plugin-version'

class ReleaseCommand extends BaseCommand {
  static paths = [
    ['release-check'],
  ];

  async execute() {
    console.log(versionUtils)  
  }
    
}

const plugin: Plugin = {
  commands: [
    ReleaseCommand,
  ],
};

export default plugin;

{
  "name": "yarn-plugin-release-check",
  "main": "./sources/index.ts",
  "dependencies": {
    "@types/node": "^15.0.0",
    "@yarnpkg/builder": "^3.0.1",
    "@yarnpkg/cli": "^3.0.1-rc.1",
    "@yarnpkg/core": "^3.0.0",
    "@yarnpkg/plugin-version": "3.0.0",
    "clipanion": "^3.0.1",
    "typescript": "^4.3.2"
  },
  "scripts": {
    "build": "builder build plugin"
  }
}

Environment

System:
    OS: macOS 11.6
    CPU: (8) x64 Apple M1
  Binaries:
    Node: 15.12.0 - /private/var/folders/9r/by9bv60j729_wcsxd86fwv480000gn/T/xfs-ff62c657/node
    Yarn: 3.0.2 - /private/var/folders/9r/by9bv60j729_wcsxd86fwv480000gn/T/xfs-ff62c657/yarn
    npm: 7.6.3 - ~/.nvm/versions/node/v15.12.0/bin/npm

Additional context

This is a fresh builder project.

FWIW, we work around this by generating local stack configs using the automation API. This won't solve all use cases though.

We end up having to use volumes anyway (I think due to our use of a monorepo). The volume fills up over time as pods are killed mid-reconcile. Obviously, we can fix this by increasing the graceful shutdown period, but it would be better if on startup the operator looks for old auto_workdirs and cleans them up.

Hello!

<!-- Please leave this section as-is, it's designed to help others in the community know how to interact with our GitHub issues. -->

• Vote on this issue by adding a 👍 reaction
• To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)

Issue details

yarn install (and I guess npm install) is run twice per reconcile. From slack discussion, the suspicion is that one is by the operator code and the other is via the automation API.

As also discussed it would be nice if we could customize the pre-start steps to run whatever we like. My use case is to support yarn without the hacky Dockerfile workaround and to support the https://yarnpkg.com/cli/workspaces/focus command. As such, I think the fix here has to be turning off the automation API part.

Steps to reproduce

Happens on all stacks every reconcile (just use yarn or npm).

Expected: One run of yarn install Actual: Two runs of yarn install

Let me verify in my local environment that this solves the problem. One thing my local env doesn't have is symlinks to files only directories.

• [codegen/go] detect and avoid collisions in resource and type code generation (#7857)
• Fix 7862 (#7887)
• Fix lint (#7915)
• Fix CHANGELOG_PENDING.md spelling (#7919)
• Add replaceOnChange to schema (#7874)
• Don't fail if one subset fails (#7917)
• Fix 7913 Python codegen issue with double-quote inside docstrings (#7914)
• Retry http downloads that intermittently fail builds (#7916)
• Prepare for v3.12.0 release
• Upgrade pulumi docker image to use NodeJS 14.x (#7904)
• Implemented file reading support for Go code generator (#7806)
• Fixed "unknown property '0'" error (#7912)
• Add CodegenUtilities to C# SDK in prep for 5758 (#7934)
• Revert "Fixed "unknown property '0'" error (#7912)" (#7939)
• Fix license badge in readme (#7941)
• Implemented sha1() support for Code Generator (#7834)
• feat: Improve error messages for (un)marshalling (#7936)
• Lower the BrokenDynamicProvider regression test from integration to mock (#7951)
• Fixup for 7874 (#7921)
• Implemented filebase64() support for Code Generator (#7863)
• Initial support for (un)marshaling output values (#7861)
• Use json.Unmarshal instead of custom parser (#7954)
• Run type checker against all languages (#7931)
• Add monitor feature for output values (#7870)
• Iwahbe/7881/thread replace on chages through sdks (#7967)
• [sdk/nodejs] Marshal output values (#7925)
• [sdk/go] Add RegisterInputType and register built-in types (#7928)
• [sdk/python] Marshal output values (#7926)
• [automation-api] Exclude tests from test_fast. (#7986)
• Fix python lint issues (#7988)
• Validate Name, Version and Enviroment (#7896)
• [sdk/go] Unmarshal output values in component provider (#7975)
• [sdk/python] Fix serializing output values within dicts (#7996)
• Emit schema.Package.Version when possible (#7938)
• Rename PermaLink to Permalink (#7999)
• iwahbe/7858/fix nodejs hypen imports (#7993)
• [schema] Add the Pulumi Package metaschema. (#7952)
• Switch from golint to revive (#8010)
• [testing] Add rapid generators for PropertyValues. (#8009)
• Cancel checks on outdated PR commits (#8016)
• Faster CI PR verification on Mac OS: run fewer tests, use fewer workers (#8004)
• Clean up diagnostic messages in event log (#7998)
• Use case insensitive checks when detecting duplicate type tokens (#8017)
• [apitype] Add a JSON schema for deployments. (#8002)
• Codegen testing upgrades (#7989)
• Fix master build (#8025)
• Prep for 3.13.0 release (#8026)
• Update SDK version in pulumi/pkg (#8027)
• post-release (#8028)
• [auto/python] - Fix a bug in printing stack. (#8032)
• Revert "Emit schema.Package.Version when possible (#7938)" (#8035)
• [codegen/nodejs] - Don't import types for functions if they don't exist (#8038)
• Simplify output-funcs codegen test (#8039)
• Fix build by accepting nodejs codegen output (#8045)
• iwahbe/turn on dotnet compile checks (#8044)
• [codegen/go] - Resolve type name collisions (#7985)
• [sdk/{nodejs,python}] Fix errors when testing remote components with mocks (#8053)
• Enable output values by default (#8014)
• Do report stdout and stderr in case of failure (#8055)
• [codegen/nodejs] - Fix provider enum with env var (#8051)
• Change Docker build to use Pulumi's fork of action-docker-build.
• [sdk/go] Marshal output values (#7958)
• [sdk/go] Fix unmarshaling known output values in provider (#8082)
• Prepare for v3.13.1 release (#8083)
• Update pkg -> sdk dependency
• Update tests/go.mod (#8085)
• Tidy pkg/go.sum (#8086)
• Prepare for v3.13.2 release (#8087)
• Update pkg -> sdk dependency (#8088)
• [codegen/go] Rewrite cyclic types. (#8049)
• Release cleanup (#8094)
• Bold in-progress diffs diffrently (#7918)
• Check worktree is clean before releasing (#8093)
• [cli] Add the ability to control auto-refresh of stacks by Pulumi.yaml (#8071)
• iwahbe/7802/compile program generator test output (#8036)
• Update doc alias
• [developer-docs] Add preliminary type system docs. (#8096)
• [engine/test] Add a repro for #7786. (#8097)
• Use setup-go@v2 for the docs generation PR workflow
• Fix typo in matrix ref
• [codegen] Rename the PCL package. (#8103)
• [developer-docs] Change some type system terms.
• Go codegen flag to disable fnOutput generation to save space (#8106)
• [testing] Stack context for value generation (#8108)
• [codegen/docs] Generate a package tree that can be serialized as JSON (#8102)
• Support "lifting" single-valued method returns to their return type (#8111)
• Revert "Cancel checks on outdated PR commits (#8016)" (#8118)
• Update gen.go
• [sdk/python] Add a smoke test for output deps (#8113)
• Disable ConcurrentUpdateError test (#7953)
• Fix Go automation API --target / --replace args (#8109)
• Fix 8110 (#8116)
• Fix typo in Output.apply docstring (#8133)
• [codegen/docs] Add Nomad to the docs gen title lookup (#8128)
• [sdk/python] - Python 3.10 compatibility (#8130)
• Do not share maps so tests can run in parallel (#8136)
• Turn off grpc info log in Provider (#7891)
• Bring back PR automatic outdated commit check pre-emption (#8145)
• Prepare for v3.14.0 release (#8149)
• Updating version of pulumi sdk used to v3.14.0 (#8150)
• update go.sum files (#8151)
• cleanup changelog pending (#8152)
• Improve concurrent ID computation for /run-acceptance-tests (#8148)
• Change CI and prerelease builds to send dispatches. (#8135)
• Minimally extend .NET SDK to support 5758 (#8142)
• Use importBasePath before name if specified (#8159)
• [developer-docs] Document resource import. (#8137)
• 5758 for Node JS (#8047)
• Add more package names
• [codegen/go] Emit input type registrations (#7959)
• Ensure the command dispatch has correct access to new docker repo (#8167)
• Determine secretness by checking raw string for the secret sentinel (#8179)
• Iwahbe/8000/uprgade go versions (#8171)
• Only prune the trailing spaces in Python automation result (#8160)
• Clarify error message language (#8188)
• Fix default package name (#8187)
• Accommodate - in base segments for baseImportPaths (#8190)
• Add that pulumictl is needed to make pulumi (#8196)
• Add flag for input registration to the go schema (#8198)
• Pin grpc version (#8214)
• Enable workaround for Yarn workspaces for inline functions

For everyone using yarn 2+ workspaces once this PR https://github.com/pulumi/pulumi/pull/8215 gets merged and you bump to the version that contains the fix if you do the package.json configuration in my above comment it should all just work.

Signed-off-by: Liam White liam@tetrate.io

<!--- Thanks so much for your contribution! If this is your first time contributing, please ensure that you have read the CONTRIBUTING documentation. -->

Description

Basically, yarn workspaces rely on symlinks for monorepo-local packages. See https://github.com/pulumi/pulumi/issues/2661#issuecomment-939531284 for full context.

I think this also resolves https://github.com/pulumi/pulumi/issues/2980

Checklist

<!--- Please provide details if the checkbox below is to be left unchecked. -->

• [x] I have added tests that prove my fix is effective or that my feature works -> I manually verified this works as there is no testing framework in this section of the code. <!--- User-facing changes require a CHANGELOG entry. -->
• [ ] I have updated the CHANGELOG-PENDING file with my change <!-- If the change(s) in this PR is a modification of an existing call to the Pulumi Service, then the service should honor older versions of the CLI where this change would not exist. You must then bump the API version in /pkg/backend/httpstate/client/api.go, as well as add it to the service. -->
• [ ] Yes, there are changes in this PR that warrants bumping the Pulumi Service API version <!-- @Pulumi employees: If yes, you must submit corresponding changes in the service repo. -->

• [codegen/go] detect and avoid collisions in resource and type code generation (#7857)
• Fix 7862 (#7887)
• Fix lint (#7915)
• Fix CHANGELOG_PENDING.md spelling (#7919)
• Add replaceOnChange to schema (#7874)
• Don't fail if one subset fails (#7917)
• Fix 7913 Python codegen issue with double-quote inside docstrings (#7914)
• Retry http downloads that intermittently fail builds (#7916)
• Prepare for v3.12.0 release
• Upgrade pulumi docker image to use NodeJS 14.x (#7904)
• Implemented file reading support for Go code generator (#7806)
• Fixed "unknown property '0'" error (#7912)
• Add CodegenUtilities to C# SDK in prep for 5758 (#7934)
• Revert "Fixed "unknown property '0'" error (#7912)" (#7939)
• Fix license badge in readme (#7941)
• Implemented sha1() support for Code Generator (#7834)
• feat: Improve error messages for (un)marshalling (#7936)
• Lower the BrokenDynamicProvider regression test from integration to mock (#7951)
• Fixup for 7874 (#7921)
• Implemented filebase64() support for Code Generator (#7863)
• Initial support for (un)marshaling output values (#7861)
• Use json.Unmarshal instead of custom parser (#7954)
• Run type checker against all languages (#7931)
• Add monitor feature for output values (#7870)
• Iwahbe/7881/thread replace on chages through sdks (#7967)
• [sdk/nodejs] Marshal output values (#7925)
• [sdk/go] Add RegisterInputType and register built-in types (#7928)
• [sdk/python] Marshal output values (#7926)
• [automation-api] Exclude tests from test_fast. (#7986)
• Fix python lint issues (#7988)
• Validate Name, Version and Enviroment (#7896)
• [sdk/go] Unmarshal output values in component provider (#7975)
• [sdk/python] Fix serializing output values within dicts (#7996)
• Emit schema.Package.Version when possible (#7938)
• Rename PermaLink to Permalink (#7999)
• iwahbe/7858/fix nodejs hypen imports (#7993)
• [schema] Add the Pulumi Package metaschema. (#7952)
• Switch from golint to revive (#8010)
• [testing] Add rapid generators for PropertyValues. (#8009)
• Cancel checks on outdated PR commits (#8016)
• Faster CI PR verification on Mac OS: run fewer tests, use fewer workers (#8004)
• Clean up diagnostic messages in event log (#7998)
• Use case insensitive checks when detecting duplicate type tokens (#8017)
• [apitype] Add a JSON schema for deployments. (#8002)
• Codegen testing upgrades (#7989)
• Fix master build (#8025)
• Prep for 3.13.0 release (#8026)
• Update SDK version in pulumi/pkg (#8027)
• post-release (#8028)
• [auto/python] - Fix a bug in printing stack. (#8032)
• Revert "Emit schema.Package.Version when possible (#7938)" (#8035)
• [codegen/nodejs] - Don't import types for functions if they don't exist (#8038)
• Simplify output-funcs codegen test (#8039)
• Fix build by accepting nodejs codegen output (#8045)
• iwahbe/turn on dotnet compile checks (#8044)
• [codegen/go] - Resolve type name collisions (#7985)
• [sdk/{nodejs,python}] Fix errors when testing remote components with mocks (#8053)
• Enable output values by default (#8014)
• Do report stdout and stderr in case of failure (#8055)
• [codegen/nodejs] - Fix provider enum with env var (#8051)
• Change Docker build to use Pulumi's fork of action-docker-build.
• [sdk/go] Marshal output values (#7958)
• [sdk/go] Fix unmarshaling known output values in provider (#8082)
• Prepare for v3.13.1 release (#8083)
• Update pkg -> sdk dependency
• Update tests/go.mod (#8085)
• Tidy pkg/go.sum (#8086)
• Prepare for v3.13.2 release (#8087)
• Update pkg -> sdk dependency (#8088)
• [codegen/go] Rewrite cyclic types. (#8049)
• Release cleanup (#8094)
• Bold in-progress diffs diffrently (#7918)
• Check worktree is clean before releasing (#8093)
• [cli] Add the ability to control auto-refresh of stacks by Pulumi.yaml (#8071)
• iwahbe/7802/compile program generator test output (#8036)
• Update doc alias
• [developer-docs] Add preliminary type system docs. (#8096)
• [engine/test] Add a repro for #7786. (#8097)
• Use setup-go@v2 for the docs generation PR workflow
• Fix typo in matrix ref
• [codegen] Rename the PCL package. (#8103)
• [developer-docs] Change some type system terms.
• Go codegen flag to disable fnOutput generation to save space (#8106)
• [testing] Stack context for value generation (#8108)
• [codegen/docs] Generate a package tree that can be serialized as JSON (#8102)
• Support "lifting" single-valued method returns to their return type (#8111)
• Revert "Cancel checks on outdated PR commits (#8016)" (#8118)
• Update gen.go
• [sdk/python] Add a smoke test for output deps (#8113)
• Disable ConcurrentUpdateError test (#7953)
• Fix Go automation API --target / --replace args (#8109)
• Fix 8110 (#8116)
• Fix typo in Output.apply docstring (#8133)
• [codegen/docs] Add Nomad to the docs gen title lookup (#8128)
• [sdk/python] - Python 3.10 compatibility (#8130)
• Do not share maps so tests can run in parallel (#8136)
• Turn off grpc info log in Provider (#7891)
• Bring back PR automatic outdated commit check pre-emption (#8145)
• Prepare for v3.14.0 release (#8149)
• Updating version of pulumi sdk used to v3.14.0 (#8150)
• update go.sum files (#8151)
• cleanup changelog pending (#8152)
• Improve concurrent ID computation for /run-acceptance-tests (#8148)
• Change CI and prerelease builds to send dispatches. (#8135)
• Minimally extend .NET SDK to support 5758 (#8142)
• Use importBasePath before name if specified (#8159)
• [developer-docs] Document resource import. (#8137)
• 5758 for Node JS (#8047)
• Add more package names
• [codegen/go] Emit input type registrations (#7959)
• Ensure the command dispatch has correct access to new docker repo (#8167)
• Determine secretness by checking raw string for the secret sentinel (#8179)
• Iwahbe/8000/uprgade go versions (#8171)
• Only prune the trailing spaces in Python automation result (#8160)
• Clarify error message language (#8188)
• Fix default package name (#8187)
• Accommodate - in base segments for baseImportPaths (#8190)
• Add that pulumictl is needed to make pulumi (#8196)
• Add flag for input registration to the go schema (#8198)
• Pin grpc version (#8214)
• Enable workaround for Yarn workspaces for inline functions

For Yarn >=v2 you can do this in the .yarnrc.yml file by doing the following:

nodeLinker: node-modules
nmHoistingLimits: workspaces

Unfortunately, this doesn't work for us as a yarn install now takes 15 minutes (and counting) on the link step. Which, as we use the Pulumi operator means this is not an option for us.

So yarn recently added the nmHoistingLimits option, this ensures that the workspace has a local node_modules.

By adding the following to your project (that is deploying inline lamdas) package.json, this gets us a bit further towards a solution:

  "installConfig": {
    "hoistingLimits": "workspaces"
  }

Note: you may have to clear your yarn cache.

The problem I'm facing now is that the way Yarn does this for all local workspaces is to add a symlink.

ls -lart node_modules/@tetrateio-components
total 0
lrwxr-xr-x   1 liamwhite   42 Oct 10 11:12 aws-lambda -> ../../../../../../../components/aws/lambda
...

When Pulumi tries to bundle these it gets confused and thinks that is a file. So throws the following error:

Diagnostics:
  pulumi:pulumi:Stack (test-organization.test.managementplane.api.azure-alpha):
    error: Error: failed to register new resource azure-alpha-delete-tenants [aws:lambda/function:Function]: 2 UNKNOWN: failed to compute asset hash: asset path 'node_modules/@tetrateio-components/aws-aurora' is a directory; try using an archive
        at Object.registerResource (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/node_modules/@pulumi/aws/node_modules/@pulumi/pulumi/runtime/resource.js:219:27)
        at new Resource (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/node_modules/@pulumi/aws/node_modules/@pulumi/pulumi/resource.js:217:24)
        at new CustomResource (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/node_modules/@pulumi/aws/node_modules/@pulumi/pulumi/resource.js:309:9)
        at new Function (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/node_modules/@pulumi/lambda/function.ts:467:9)
        at new CallbackFunction (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/node_modules/@pulumi/lambda/lambdaMixins.ts:362:9)
        at new CronLambda (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/components/aws/lambda/cron.ts:26:28)
        at Object.<anonymous> (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/projects/organization/test/managementplane/api/index.ts:61:1)
        at Module._compile (node:internal/modules/cjs/loader:1092:14)
        at Module.m._compile (/Users/liamwhite/src/github.com/tetrateio/tetrate/cloud/projects/organization/test/managementplane/api/node_modules/ts-node/src/index.ts:439:23)
        at Module._extensions..js (node:internal/modules/cjs/loader:1121:10)

So I think if we can get the asset library to handle symlinks, this should just work?

Hello!

<!-- Please leave this section as-is, it's designed to help others in the community know how to interact with our GitHub issues. -->

• Vote on this issue by adding a 👍 reaction
• To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)

Issue details

If I run pulumi stack output the secrets are redacted. However, they are still in clear text in the stack output status.

Steps to reproduce

My stack config is:

apiVersion: pulumi.com/v1alpha1
kind: Stack
...
spec:
  backend: s3://cloud-pulumi-state
  branch: refs/heads/master
...
  projectRepo: git@github.com:tetrateio/tetrate.git
  repoDir: cloud/projects/operations/storage/aws
  secretsProvider: <REDACTED>
  stack: operations.storage.aws
  useLocalStackOnly: true

Signed-off-by: Liam White liam@tetrate.io

Proposed changes

Fixes a bug where the project directory is cleaned up but not the things above it, leading to runaway storage consumption.

• Fix stack refresh for BYO backend (#200)
• Fix clean up logic on reconcile

• Fix stack refresh for BYO backend (#200)
• Fix clean up logic on reconcile

Hello!

<!-- Please leave this section as-is, it's designed to help others in the community know how to interact with our GitHub issues. -->

• Vote on this issue by adding a 👍 reaction
• To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already)

Issue details

As discussed in Slack, when a stack exists and a custom secrets provider is set in the stack config updates fail with:

{"level":"debug","ts":1632772421.0293512,"logger":"controller_stack","msg":"stackConfig loaded","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","stack":{},"stackConfig":{"secretsprovider":"awskms://alias/REDACTED","encryptedk
ey":"REDACTED","config":{"tetrat
e:metadata":{"owner":"maintainability","source":"cloud/projects/operations/storage/aws"}}}}
{"level":"debug","ts":1632772421.770783,"logger":"controller_stack","msg":"Updated stack config","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","Stack.Name":"operations.storage.aws","config":{}}
{"level":"debug","ts":1632772421.771033,"logger":"controller_stack","msg":"InstallProjectDependencies","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","workspace":"/tmp/pulumi_auto636600156/cloud/projects/operations/storage/aws"}
{"level":"debug","ts":1632772422.9292898,"logger":"controller_stack","msg":"NPM/Yarn","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","Dir":"/tmp/pulumi_auto636600156/cloud/projects/operations/storage/aws","Path":"/usr/bin/yarn","Args":["/usr
/bin/yarn","install"],"Stdout":"➤ YN0000: ┌ Resolution step"}
...
{"level":"debug","ts":1632772426.5784225,"logger":"controller_stack","msg":"NPM/Yarn","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","Dir":"/tmp/pulumi_auto636600156/cloud/projects/operations/storage/aws","Path":"/usr/bin/yarn","Args":["/usr
/bin/yarn","install"],"Stdout":"➤ YN0000: Done with warnings in 3s 651ms"}
{"level":"info","ts":1632772426.6382632,"logger":"controller_stack","msg":"Checking current HEAD commit hash","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","Current commit":"REDACTED"}
{"level":"info","ts":1632772426.6382985,"logger":"controller_stack","msg":"New commit hash found","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","Current commit":"REDACTED","Last commit":""}
{"level":"error","ts":1632772428.426037,"logger":"controller_stack","msg":"Failed to refresh stack","Request.Namespace":"pulumi-operator","Request.Name":"operations.storage.aws","Stack.Name":"operations.storage.aws","error":"refreshing stack \"operations.storage.aws\": fa
iled to refresh stack: exit status 255\ncode: 255\nstdout: \nstderr: warning: A new version of Pulumi is available. To upgrade from version '3.11.0' to '3.13.0', visit https://pulumi.com/docs/reference/install/ for manual instructions and release notes.\nerror: getting se
crets manager: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables\n\n","errorVerbose":"failed to refresh stack: exit status 255\ncode: 255\nstdout: \nstderr: warning: A new version of Pulumi is available. To upgrade
 from version '3.11.0' to '3.13.0', visit https://pulumi.com/docs/reference/install/ for manual instructions and release notes.\nerror: getting secrets manager: passphrase must be set with PULUMI_CONFIG_PASSPHRASE or PULUMI_CONFIG_PASSPHRASE_FILE environment variables\n\n
\nrefreshing stack \"operations.storage.aws\"\ngithub.com/pulumi/pulumi-kubernetes-operator/pkg/controller/stack.(*reconcileStackSession).RefreshStack\n\t/home/runner/work/pulumi-kubernetes-operator/pulumi-kubernetes-operator/pkg/controller/stack/stack_controller.go:814\n
github.com/pulumi/pulumi-kubernetes-operator/pkg/controller/stack.(*ReconcileStack).Reconcile\n\t/home/runner/work/pulumi-kubernetes-operator/pulumi-kubernetes-operator/pkg/controller/stack/stack_controller.go:237\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*
Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:298\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/control
ler-runtime@v0.9.0/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:214\nruntime.goexit\n\t/
opt/hostedtoolcache/go/1.16.2/x64/src/runtime/asm_amd64.s:1371","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:298\n
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:253\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.
func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/controller-runtime@v0.9.0/pkg/internal/controller/controller.go:214"}

I was able to work around this by adding the secret provider in the stack CR, but this shouldn't be required as it's already in the stack yaml file.

Steps to reproduce

Stack config:

spec:
  backend: s3://REDACTED
  branch: refs/heads/master
  gitAuth:
    sshAuth:
      sshPrivateKey:
        type: Secret
        ...
  projectRepo: ...
  refresh: true
  repoDir: cloud/REDACTED/REDACTED/REDACTED/aws
  stack: operations.storage.aws
  useLocalStackOnly: true

Expected: Update to succeed. Actual: See error ^^

Signed-off-by: Liam White liam@tetrate.io

Proposed changes

As discussed on Slack, refresh doesn't work for non-Pulumi backends. This changes the refresh behaviour to that of update when using a non-Pulumi backend.