Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pulumiservice:index:Webhook fails with 401 API error: Unauthorized: No credentials provided or are invalid. #160

Closed
GhzTNFj2b19HRNAJBDKSGFYqIctv4 opened this issue Aug 15, 2023 · 3 comments
Closed

pulumiservice:index:Webhook fails with 401 API error: Unauthorized: No credentials provided or are invalid. #160

GhzTNFj2b19HRNAJBDKSGFYqIctv4 opened this issue Aug 15, 2023 · 3 comments
Labels
kind/bug Some behavior is incorrect or out of spec resolution/no-repro This issue wasn't able to be reproduced

Comments

@GhzTNFj2b19HRNAJBDKSGFYqIctv4
Copy link

What happened?

I want to send a slack notification when running pulumi.

The webhook works fine with below curl:

Curl test
curl -X POST https://hooks.slack.com/services/....... \
--header 'Content-Type: application/json' \
--data '{"text": "Hello, world."}'
ok

${SLACK_WEBHOOK_URL} is set within gitlab CI variables.

.gitlab-ci.yml

default:
  image:
    name: pulumi/pulumi:3.77.1

stages:
  - preview
  - update

preview:
  stage: preview
  script:
    - pulumi login ${BOOM_PULUMI_STATE_BUCKET}
    - pulumi stack select $STACK
    - pulumi config set google-native:project ${BOOM_GCP_PROJECT}
    - pulumi config set gcp:project ${BOOM_GCP_PROJECT}
    - pulumi config set gcp:region ${BOOM_GCP_REGION}
    - pulumi config set SLACK_WEBHOOK_URL ${SLACK_WEBHOOK_URL} --secret
    - pulumi preview --diff

update:
  stage: update
  script:
    - pulumi login ${BOOM_PULUMI_STATE_BUCKET}
    - pulumi stack select $STACK
    - pulumi config set google-native:project ${BOOM_GCP_PROJECT}
    - pulumi config set gcp:project ${BOOM_GCP_PROJECT}
    - pulumi config set gcp:region ${BOOM_GCP_REGION}
    - pulumi config set SLACK_WEBHOOK_URL ${SLACK_WEBHOOK_URL} --secret
    - pulumi update --yes

pulumi.yaml - I removed all other resources deployed.

name: Boom
runtime: yaml

resources:

  stackWebhook:
    type: pulumiservice:index:Webhook
    properties:
      active: true
      displayName: "#channel-test"
      organizationName: Company
      payloadUrl: $SLACK_WEBHOOK_URL
      format: slack

Expected Behavior

Pulumi should send a slack notification when running pulumi preview acording to the docs: https://www.pulumi.com/registry/packages/pulumiservice/api-docs/webhook/ and https://www.pulumi.com/blog/slack-integration/

Steps to reproduce

create above pulumi.yaml with correct variables and run pulumi preview.

Output of pulumi about

CLI          
Version      3.77.1
Go Version   go1.20.6
Go Compiler  gc
Plugins
NAME           VERSION
gcp            unknown
google-native  unknown
kubernetes     unknown
pulumiservice  unknown
yaml           unknown
Host     
OS       debian
Version  11.7
Arch     x86_64
This project is written in yaml
Current Stack: organization/Boom/[MASKED]
TYPE                                     URN
pulumi:pulumi:Stack                      urn:pulumi:[MASKED]::Boom::pulumi:pulumi:Stack::Boom-[MASKED]
pulumi:providers:gcp                     urn:pulumi:[MASKED]::Boom::pulumi:providers:gcp::default
gcp:serviceAccount/account:Account       urn:pulumi:[MASKED]::Boom::gcp:serviceAccount/account:Account::gke-cluster-sa
gcp:compute/network:Network              urn:pulumi:[MASKED]::Boom::gcp:compute/network:Network::gke-cluster-vpc
pulumi:providers:pulumiservice           urn:pulumi:[MASKED]::Boom::pulumi:providers:pulumiservice::default
gcp:compute/subnetwork:Subnetwork        urn:pulumi:[MASKED]::Boom::gcp:compute/network:Network$gcp:compute/subnetwork:Subnetwork::gke-cluster-primary-range-services
gcp:compute/subnetwork:Subnetwork        urn:pulumi:[MASKED]::Boom::gcp:compute/network:Network$gcp:compute/subnetwork:Subnetwork::gke-cluster-primary-range-nodes
gcp:compute/subnetwork:Subnetwork        urn:pulumi:[MASKED]::Boom::gcp:compute/network:Network$gcp:compute/subnetwork:Subnetwork::gke-cluster-primary-range-pods
pulumi:providers:google-native           urn:pulumi:[MASKED]::Boom::pulumi:providers:google-native::default
pulumi:providers:gitlab                  urn:pulumi:[MASKED]::Boom::pulumi:providers:gitlab::default
google-native:container/v1beta1:Cluster  urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster::gke-cluster-native
gcp:serviceAccount/account:Account       urn:pulumi:[MASKED]::Boom::gcp:serviceAccount/account:Account::gke-cluster-nodepool-sa
gcp:container/nodePool:NodePool          urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster$gcp:container/nodePool:NodePool::gke-[MASKED]-a
gcp:container/nodePool:NodePool          urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster$gcp:container/nodePool:NodePool::ray-2-[MASKED]-c
pulumi:providers:kubernetes              urn:pulumi:[MASKED]::Boom::pulumi:providers:kubernetes::provider
kubernetes:helm.sh/v3:Release            urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster$kubernetes:helm.sh/v3:Release::ingress-nginx
kubernetes:helm.sh/v3:Release            urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster$kubernetes:helm.sh/v3:Release::kuberay-apiserver
kubernetes:helm.sh/v3:Release            urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster$kubernetes:helm.sh/v3:Release::kuberay-operator
kubernetes:helm.sh/v3:Release            urn:pulumi:[MASKED]::Boom::google-native:container/v1beta1:Cluster$kubernetes:helm.sh/v3:Release::ingress-nginx-vpn
Found no pending operations associated with [MASKED]
Backend        
Name           runner-concurrent
URL            gs://<pulumi-state-bucket>
User           root
Organizations  
No dependencies found
Pulumi locates its logs in /tmp by default

Additional context

Also, from the docs this should be triggered when running pulumi preview. This doesn't seem to be the case.

There is a filter for preview in the docs: https://www.pulumi.com/registry/packages/pulumiservice/api-docs/webhook/

"preview_succeeded" - Trigger a webhook when a stack preview succeeds.

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
@GhzTNFj2b19HRNAJBDKSGFYqIctv4 GhzTNFj2b19HRNAJBDKSGFYqIctv4 added the kind/bug Some behavior is incorrect or out of spec label Aug 15, 2023
@justinvp justinvp transferred this issue from pulumi/pulumi Aug 15, 2023
@justinvp
Copy link
Member

This looks specific to the pulumiservice provider, so I've transferred the issue to the pulumi-pulumiservice repo.

@komalali komalali added the resolution/no-repro This issue wasn't able to be reproduced label Aug 29, 2023
@komalali
Copy link
Member

komalali commented Aug 29, 2023
edited
Loading

Hi @GhzTNFj2b19HRNAJBDKSGFYqIctv4 - it looks like you're missing the config section of your yaml program - https://www.pulumi.com/docs/concepts/config/#code

401 API error: Unauthorized: No credentials provided or are invalid.

This error happens if your Pulumi API token is invalid, are you sure you have a valid token? From your pulumi about it looks like you are not using the Pulumi Cloud backend - this functionality is only available if using Pulumi Cloud.

I'm going to close this issue but please feel free to reopen if you have more information to add or I have misunderstood.

@GhzTNFj2b19HRNAJBDKSGFYqIctv4
Copy link
Author

We don't use pulumi cloud. That explains. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Some behavior is incorrect or out of spec resolution/no-repro This issue wasn't able to be reproduced
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@justinvp @komalali @GhzTNFj2b19HRNAJBDKSGFYqIctv4