https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • m

    mysterious-australia-14256

    04/06/2020, 3:23 PM
    Hi All Can I configure the Azure App Service diagnostic settings though Pulumi? In particular I want to send HTTP and Console logs and All Metrics to a Log Analytics Workspace.
    • 1
    • 1
  • f

    future-kite-91191

    04/06/2020, 7:15 PM
    Hi! Since the introduction of the Azure
    WindowsVirtualMachineScaleSet
    the scale set extensions are separated into a new resource:
    VirtualMachineScaleSetExtension
    . In the now deprecated
    ScaleSet
    resource type, the
    Extensions
    could be setup inline. Problem with the new way of working, is that some virtual machine extensions need to be added to the target VM scale set at the same time. The error I get now:
    Scale Set extensions of handler '{handler name here}' can be added only at the time of VM Scale Set creation
    How can I make sure the VM extension is added to the VMSS at the moment the latter is created? Or should I go back to using the
    ScaleSet
    resource? See also https://www.terraform.io/docs/providers/azurerm/guides/2.0-upgrade-guide.html#new-resources-for-virtual-machines-and-virtual-machine-scale-sets https://discuss.hashicorp.com/t/azurerm-windows-virtual-machine-scale-set-extensions/6388 https://github.com/terraform-providers/terraform-provider-azurerm/issues/5860
  • c

    colossal-room-15708

    04/07/2020, 9:47 AM
    I'm trying to encrypt a VM disk with Pulumi using a
    DiskEncryptionSet
    and I'm facing an issue:
    des_key = keyvault.Key("des-key",
          name="des-key",
          key_vault_id=args.keyvault_id,
          key_type="RSA",
          key_size=2048,
          key_opts=[
            "decrypt",
            "encrypt",
            "sign",
            "unwrapKey",
            "verify",
            "wrapKey",
          ],
          tags=args.tags
        )
    
        des_set = compute.DiskEncryptionSet("disk_encryption_set",
          name="disk_encryption_set",
          resource_group_name=args.resource_group_name,
          key_vault_key_id=des_key.id
        )
    I receive
    TypeError: Missing required property 'identity'
    on the
    DiskEncryptionSet
    Why? According to https://www.terraform.io/docs/providers/azurerm/r/disk_encryption_set.html#identity it's optional.
    t
    • 2
    • 3
  • c

    colossal-room-15708

    04/08/2020, 1:36 PM
    Is anybody able to reproduce this here? My VM's OS disk does not show up in the disk encryption set as an encrypted resource. The "same code" (or rather scenario) works on the terraform side.
  • c

    colossal-room-15708

    04/08/2020, 1:37 PM
    Untitled
  • p

    powerful-football-81694

    04/11/2020, 10:46 AM
    Hi guys - I am unable to create a Cosmos DB account lately. The issue seems to be that Pulumi is a bit too aggressive in its polling for resource creation status, or that it should handle HTTP 503 responses more gracefully in the context of such polling, or both. Here’s what I’m consistently getting:
    Diagnostics:
      azure:cosmosdb:Account (orgflow-stacks-dev-cdb):
        error: Error creating CosmosDB Account "orgflow-stacks-dev-cdb" (Resource Group "orgflow-stacks-dev-rg"): Error waiting for the CosmosDB Account "orgflow-stacks-dev-cdb" (Resource Group "orgflow-stacks-dev-rg") to finish creating/updating: Code="ServiceUnavailable" Message="Sorry, we are currently experiencing high demand in this region, and cannot fulfill your request at this time. We work continuously to bring more and more capacity online, and encourage you to try again shortly. Please do not hesitate to contact us via Azure support at any time or for any reason using this link <http://aka.ms/azuresupport>.\r\nActivityId: a74b0d98-cc3c-44ed-b5b9-587168e7b8c2"
    To be clear: the Cosmos DB account is eventually created on the Azure side, although it doesn’t seem to be complete (I suspect this might be because Pulumi gave up waiting on some part and therefore didn’t proceed to subsequent parts). As a result, we’re left with an incomplete Cosmos DB account that Pulumi doesn’t know about and doesn’t know what to do with in the next attempt - and as we know,
    pulumi refresh
    does not help in this situation. I suspect that the fix should be: • Handle 503 responses in the resource creation status polling more gracefully and retry • Do it with a back-off strategy to poll less frequently if these responses are coming out • Possibly also start with less frequent polling from the get-go
    t
    • 2
    • 17
  • m

    melodic-byte-32771

    04/13/2020, 9:10 AM
    I have a problem with setting the error page for the storage static website settings This is what I am doing:
    storageAccount = new azure.storage.Account(`account`, {
        resourceGroupName: resourceGroup.name,
        accountReplicationType: 'LRS',
        accountTier: 'Standard',
        accountKind: 'StorageV2',
        staticWebsite: {
          indexDocument: 'index.html',
          error404Document: 'index.html'
        }
      });
    this is what I receive
    azure:storage/account:Account resource 'account' has a problem: static_website.0: invalid or unknown key: error404_document
    t
    • 2
    • 3
  • e

    enough-oil-63049

    04/13/2020, 12:11 PM
    This is probably pretty basic but I am stuck on the following Python code:
    if peer:
                org = props.config.require('org')
                project = get_project()
                peer_stack = StackReference(f'{org}/{project}/{peer}')
                peer_hub_id = peer_stack.get_output('hub_id')
                peer_hub_name = peer_stack.get_output('hub_name')
                # need a reference to the peer hub VNet but the following statement doesn't work
                peer_hub = network.VirtualNetwork.get(peer_hub_name, peer_hub_id)
                peer_fw_ip = peer_hub.hub_fw_ip
                peer_dmz_ar = peer_hub.peer_dmz_ar 
                peer_hub_as = peer_hub.peer_hub_as
    I know everything up to the point noted above works, but I need to get a reference to the peer_hub vnet in the other stack. The parameters are:
    + peer_hub_id  : "/subscriptions/subscription/resourceGroups/prod-vdc-rg-947d7dbf/providers/Microsoft.Network/virtualNetworks/hub-vn-f428d4f8"
      + peer_hub_name: "hub-vn-f428d4f8"
    But when statement:
    peer_hub = network.VirtualNetwork.get(peer_hub_name, peer_hub_id)
    executes, the result is:
    TypeError: Expected resource name to be a string
    What am I doing wrong here? Going on API
    <https://www.pulumi.com/docs/reference/pkg/azure/network/virtualnetwork/>
    t
    • 2
    • 2
  • m

    mysterious-australia-14256

    04/14/2020, 2:55 PM
    Hi. I'm after some getting started advice for working with Pulumi and Azure using C#. I am looking to roll out an Application Gateway that, over time, will have new rules (pools, listeners, routing rules etc) added to it. Rolling out the initial deploy seems straight forward enough but I am unsure how to manage the rules etc that get added to it over time. For example if tomorrow I roll out WebApp1 I will need to add some rules to the App Gateway to allow that to be published. If I later roll out WebApp2, it will need its own set of rules adding to the App Gateway. It would seem to make sense that these WebApp specific rules are handled by the Pulumi program/stack that is deploying each WebApp rather than the original project/stack that deployed the Application Gateway. How do I achieve this i.e. have one deployment that creates the Application Gateway and other projects that can add rules to it without destroying any existing rules. Ideally I would also like to be able to redeploy the original Application Gateway project itself without having it overwrite/erase any rules added by the WebApp projects.
    t
    a
    • 3
    • 11
  • t

    thousands-megabyte-97545

    04/17/2020, 4:53 PM
    Does anyone have any experience using Pulumi to manage API Management Services? Even though I can import OpenAPI 3.0 documents in the Azure Portal, when I try to do the same with Pulumi, it always chokes on 3.0 (it works fine with old Swagger 2.x documents). Is there a property I'm missing somewhere?
    t
    p
    • 3
    • 7
  • c

    colossal-room-15708

    04/18/2020, 9:51 AM
    Do you know your way around Azure? Do you know python and PowerShell? Do you know your way around Windows automation? At XIRUS we are in need of a contractor to help us migrate initially 3 customer applications to Azure in a 3 months engagement. There's a very high chance of an extension. This engagement will apply CI/CD practices to infrastructure using either GitHub Actions or Azure DevOps. Full remote, however, should be in Australian or NZ time zone. Reach out for more details.
    👍 1
  • n

    nutritious-judge-27316

    04/21/2020, 1:10 PM
    in c# best way of retrieving azure:location from config?
    t
    • 2
    • 2
  • g

    great-manchester-70568

    04/21/2020, 9:20 PM
    hi, trying to connect an iothub to an eventhub. pulumi succeeds in deploying but the custom endpoint is wrong in some way. if i create a custom endpoint in the portal and links it to the same eventhub it works. the difference i can find in the arm templates are that there is a new shared access policy, but that looks the same. I also get an error when trying to synchronize the keys for the pulumi created endpoint, where it complains about nested resourcxes. any ideas?
  • k

    kind-agency-40925

    04/22/2020, 1:00 PM
    hi
  • k

    kind-agency-40925

    04/22/2020, 1:00 PM
    Does polumi support 'Commercial Marketplace partner and customer usage attribution' for Azure? (https://docs.microsoft.com/en-us/azure/marketplace/azure-partner-customer-usage-attribution)?
    b
    b
    • 3
    • 8
  • h

    handsome-optician-50551

    04/23/2020, 9:20 AM
    Hello, my api management service has stopped working since tuesday when I updated to pulumi 2.0 locally. Here is my the service that I'm trying to create that has succeded in the past:
    let service2 = new azure.apimanagement.Service("testams", {
    resourceGroupName: "ddm-te-dev",
    skuName: "Developer_1",
    publisherName: "YourCompany",
    publisherEmail: "<mailto:api@yourcompany.com|api@yourcompany.com>"
    }, { customTimeouts: { create: "59m" } });
    The error i get it: azure:apimanagement:Service (testams): error: unexpected unknown property value When I run pulumi preview it doesn't complain. Could you help me with this?
    b
    • 2
    • 14
  • f

    fancy-jelly-61092

    04/24/2020, 4:02 PM
    I'm trying to setup Azure SQL server (and eventually PostgresSQL) with Azure AD authentication. I've got the server created + the Azure AD Administrator setup (
    azure.sql.ActiveDirectoryAdministrator
    ). I've no idea how to finish the setup and add the AD Logins to the database (i.e.
    CREATE USER "Admin Group" FROM EXTERNAL PROVIDER;
    ) I created a custom SQL resource provider that allows executing the SQL, that is successful. I get the error
    Principal 'Admin Group' could not be resolved. Error message: 'AADSTS65002: Consent between first party applications and resources must be configured via preauthorization. Visit <https://identitydocs.azurewebsites.net/static/aad/preauthorization.html> for details
    From what I can tell (https://docs.microsoft.com/en-us/azure/sql-database/sql-database-aad-authentication-configure?tabs=azure-powershell#create-contained-database-users-in-your-database-mapped-to-azure-ad-identities) I cannot use a Service Principal login (I was using access tokens to sign in to the SQL instance). That means I need a user, which stops it from being useful to be used in a CI environment for example (Azure DevOps). Has anybody found a workaround for this issue?
    c
    • 2
    • 6
  • b

    breezy-answer-83664

    04/24/2020, 7:12 PM
    Hello, In one stack, I'm deploying a VNet (Spoke) in subscription A / resource group B. Now, I would like to peer this VNet (Spoke) to another VNet (Hub) in subscription C / resource group D. The service principal I'm using to run pulumi up has Contributor role on both resource groups B and D. I'm able to deploy the peering from VNet (Spoke) to VNet (Hub) as the pulumi up config is using subscription A. Of course when trying to deploy the peering in the other way, it's not working, resource group D is not known in subscription A. How could I deploy in multiple subscriptions inside the same stack? is it possible?
    t
    • 2
    • 3
  • m

    millions-journalist-34868

    04/27/2020, 2:21 PM
    What are the recommanded roles / permissions to give to the azure service principal that needs to be created to deploy azure ressources with Pulumi ? I was using my administrator account with az cli for pulumi deployments until now but now that I am using Azure DevOps, I had to create a Service Principal. However there are some permissions missing for my Service Principal.
    b
    • 2
    • 6
  • l

    little-kangaroo-50941

    04/27/2020, 3:30 PM
    Hi all! Seems that it is not possible to assign a FunctionAppIdentity, is it true?
    c
    • 2
    • 8
  • l

    limited-rainbow-51650

    04/28/2020, 4:12 PM
    Anyone an idea why a bump in AKS version leads to a changed
    kubeconfig
    output?
    b
    g
    • 3
    • 3
  • c

    colossal-room-15708

    04/29/2020, 2:46 AM
    Anybody already got a pattern to use github actions with pulumi in staged deployments to multiple subscriptions? Some sort of approval?
  • b

    breezy-answer-83664

    04/29/2020, 8:57 AM
    Hello, Is it possible to list the Azure resource groups in a subscription. I looked at Azure/core and can see getSubscriptions or getResources but there'e no getResourceGroups. Thanks for your help.
  • b

    better-rainbow-14549

    04/29/2020, 5:23 PM
    warning: getEventhubNamespace is deprecated: azure.getEventhubNamespace has been deprecated in favour of azure.getNamespace
        warning: getEventhubNamespace is deprecated: azure.getEventhubNamespace has been deprecated in favour of azure.getNamespace
        warning: UserAssignedIdentity is deprecated: azure.UserAssignedIdentity has been deprecated in favour of azure.UserAssignedIdentity
        warning: Assignment is deprecated: azure.Assignment has been deprecated in favour of azure.Assignment
        warning: Assignment is deprecated: azure.Assignment has been deprecated in favour of azure.Assignment
        warning: Assignment is deprecated: azure.Assignment has been deprecated in favour of azure.Assignment
    any ideas why this has just started, also that first one about eventhubnamespace seems peculiar
    b
    t
    • 3
    • 17
  • l

    little-kangaroo-50941

    04/29/2020, 7:02 PM
    Hi all! after the first deploy of a function app using a blob with a FileArchive I have this error when I try the next
    pulumi up
    :
    System.InvalidOperationException: Expected Pulumi.AssetOrArchive but got System.String deserializing Pulumi.Azure.Storage.Blob.source
    at Pulumi.Serialization.Converter.ConvertObject(String context, Object val, Type targetType)
    at Pulumi.Serialization.Converter.ConvertValue(String context, Value value, Type targetType)
    `at Pulumi.Deployment.CompleteResourceAsync(Resource resource, ResourceArgs args, ResourceOptions options, ImmutableDictionary`2 completionSources)`
    at Pulumi.Deployment.Runner.WhileRunningAsync()
    var blob = new Blob("zipdeploy", new BlobArgs
    {
    StorageAccountName = storageAccount.Name,
    StorageContainerName = container.Name,
    Type = "Block",
    Source = new FileArchive("../HRToolBot/bin/Debug/netcoreapp3.1/publish")
    });
  • f

    fierce-eye-99133

    04/30/2020, 11:01 AM
    Hey! Someone knows why after I updated Pulumi to from v1 -> v2 and Azure provider from v1 -> v3 it's trying to replace all my Azure Functions? Is there a way to avoid it? Created a new test project with v1, just a subscription, storage, service plan and azure function. Updated to v2/v3 and having the same behavior.
    c
    • 2
    • 2
  • r

    rhythmic-lighter-17156

    05/04/2020, 12:28 PM
    Hi team, Can someone explain how I can create a 'Modify' policy assignment for enforcing tag creation please using the InBuilt Microsoft policy definition in Azure? When I try and do this through the Pulumi API I can create the policy assignment correctly as follows:
    const createAutoTaggingPolicyAssignment = (tag: string, 
            resourceGroup: azure.core.ResourceGroup, context: ExecutionContext) => {
                const policy = getPolicyDefintion({displayName: 'Inherit a tag from the resource group if missing'});
                new azure.policy.Assignment(`tag-${tag}`, {
                    displayName: `enforce tagging with ${tag}`,
                    description: `enforce the tagging of resources with the ${tag} tag`,
                    location: context.region,
                    identity: {
                        type: 'SystemAssigned'
                    },
                    policyDefinitionId: pulumi.interpolate`/subscriptions/${context.subscriptionId}${policy.then(p => p.id)}`,
                    scope: pulumi.interpolate`/subscriptions/${context.subscriptionId}/resourceGroups/${resourceGroup.name}`, 
                    parameters: `{"tagName" : {"value": "${tag}"} }`
                });
            }
    The policy assignment is created however, it is not linked to the policy definition correctly? If i run the equivalent command through the az cli the policy gets created and is associated with the definition ok?
    az policy assignment create --name tag-platform --scope /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/xxxxx --policy "ea3f2387-9b95-492a-a190-fcdc54f7b070" --params "{'tagName':{'value': 'tag'}}" --location northeurope --assign-identity
    It has to be to do with how the policyDefinitionId is setup within the Pulumi createAssignment script, but it parses the Up process correctly? Many thanks.
  • n

    nice-guitar-97142

    05/05/2020, 5:58 PM
    Any idea why replacing of an aks cluster is failing with unknown provider error? it almost seems as if it’s attempting to recreate all of the k8s resources using the old provider urn.
    g
    • 2
    • 3
  • b

    better-rainbow-14549

    05/06/2020, 10:18 AM
    has anybody had any issues with eventhubs / servicebus? I got the deprecation warning about azure.eventhub.EventHubNamespace being replace with azure.eventhub.Namespace so I changed that... now I'm getting
    warning: Namespace is deprecated: azure.eventhub.Namespace has been deprecated in favour of azure.servicebus.Namespace
    which seems odd but ok... but an actual error I'm now getting is that calls to eventhub.getNamespace are failing with a 404 because it's trying to find a servicebus
  • b

    better-rainbow-14549

    05/06/2020, 11:02 AM
    https://github.com/pulumi/pulumi-azure/issues/550
Powered by Linen
Title
b

better-rainbow-14549

05/06/2020, 11:02 AM
https://github.com/pulumi/pulumi-azure/issues/550
View count: 3