pulumi-community #azure

azure

kind-address-14510

07/07/2020, 11:10 PM

Do subnet names have to be unique ? I am getting error below.

Diagnostics:
  azure:network:Subnet (GatewaySubnet):
    error: Duplicate resource URN 'urn:pulumi:test::vnet-a360-new::azure:network/subnet:Subnet::GatewaySubnet'; try giving it a unique name

kind-address-14510

07/08/2020, 3:14 PM

I have subscriptionId in config , how do I use it in program ? tried config.get('subscriptionId') or just azure:subscriptionId , not working

config:

azure:environment: public

azure:location: EastUS

azure:subscriptionId: xxx

numerous-processor-60508

07/09/2020, 8:38 AM

I'm trying to refactor my code so that my networks are moved from their current project / stack into a new project specifically for networking, as it's going to be referenced more often. I've tried adding an alias, but it keeps saying it wants to create new resources? Anyone got any ideas?

purple-van-45588

07/09/2020, 10:56 AM

Hi All, when applying tags in a network security group pulumi changes the case os the tags! A bug naybe?

purple-van-45588

07/09/2020, 10:56 AM

netsg = network.NetworkSecurityGroup("nsg_tags_test",
name = "nsg_tags_test",
resource_group_name = "netdcrg1",
location = "westeurope",
tags = {'boundary': 'tbd', 'business_unit': 'dev', 'environment': 'dev', 'expiration_date': "2128-01-01", 'miscellaneous': 'NA', 'owner': 'all-infra', 'platform': 'infrastructure', 'security_context': 'standard', 'service_name': 'netdc'})

purple-van-45588

07/09/2020, 10:56 AM

an the result :

purple-van-45588

07/09/2020, 10:57 AM

tall-librarian-49374

07/09/2020, 11:10 AM

I don’t see any changes in your preview… Are the names or the values changed?

purple-van-45588

07/09/2020, 11:13 AM

The names: service_name -> serviceName , expiration_date -> expirationDate !

tall-librarian-49374

07/09/2020, 11:15 AM

Ah, weird! It sounds like a bug indeed.

kind-address-14510

07/09/2020, 12:26 PM

How do I troubleshoot pulumi creating resources correctly but then timeouts waiting for completion ? I introduced timeout , but it was waiting forever before.

error: Error waiting for completion of AzureRM Virtual Network Gateway

kind-address-14510

07/09/2020, 12:33 PM

I can see #551 opened for pulumi azure but closed with alleged fix in v.3.5.1 I do use pulumi-azure 3.11.0 , I guess it is higher

better-rainbow-14549

07/09/2020, 12:36 PM

azuread:index:ServicePrincipalPassword (test-dev-eu-test1):
    error: deleting urn:pulumi:advanced-networking-test::advanced-networking-test::AzureAdApplication$azuread:index/servicePrincipalPassword:ServicePrincipalPassword::test-dev-eu-test1: Error parsing Application Password ID: Credential ID should be in the format {objectId}/{keyType}/{keyId} - but got "9481f24e-30da-4a54-a0cd-66a5a9d6d069/1ff9e85f-1909-9f9c-b451-73c0dca779da"

wut, never seen that before

nice-football-42636

07/09/2020, 3:20 PM

Hello guys! I've encountered a very weird behaviour in one of our deployments. The issue is with creating new

Sql Database

as copy from existing one. I use

C# sdk

and i use following code:

var sqlDatabase = new Database(
                $"{conf.StackResourcesPrefix}-db",
                new DatabaseArgs
                {
                    Name = $"{conf.StackResourcesPrefix}-db",
                    ResourceGroupName = resourceGroup.GetResourceName(),
                    CreateMode = "Copy",
                    ServerName = sqlServer.Name,
                    SourceDatabaseId = <FULL_ID_OF_THE_SOURCE_DB>
                }
            );

I've checked many times, that everything is correct (mainly the

sourceDatabaseId

). When i deploy the infrastructure with pulumi, the database is not copied, but it creates new one (pulumi does not fail, does not log warning that something went wrong) without any data from the existing one I'm trying to copy. everything with authorization and stuff should be ok, our solution with azure templates & powershell scripts works correctly as expected and as far as i know, pulumi should do behind the scenes almost the same stuff as the powershell scripts do (calling the Azure API). Isn't this a bug? How is it possible, that pulumi fails to create the desired resource by the configuration, but says everything is okay and doesn't show any warnings / errors? Could somebody help me please with what could get wrong?

great-flag-86735

07/09/2020, 4:07 PM

Good morning! I am attempting to set a dns name on a Aks nginx ingress controller. However it fails to stick. I can edit it directly within Azure portal. Here’s my pulumi exerpt where I tried a couple different config. Anyone know the issue?

const nginx = new k8s.helm.v2.Chart(nginxName, {
		chart: "bitnami/nginx-ingress-controller",
		values: {
			annotations: {
				// "<http://service.beta.kubernetes.io/azure-dns-label-name|service.beta.kubernetes.io/azure-dns-label-name>": k8sDnsName,
			},				
			controller: {
				publishService: {enabled: true},
				service: {
					annotations: {
						"<http://service.beta.kubernetes.io/azure-dns-label-name|service.beta.kubernetes.io/azure-dns-label-name>": k8sDnsName,
					},				
				}
			}
		},
	},
	{providers: {kubernetes: cluster.provider}},
);

witty-spring-28765

07/12/2020, 7:36 PM

Hello, I am a newbie to pulumi. I am struggling to get pulumi to work with Azure Devops. I have been following https://github.com/pulumi/pulumi-az-pipelines-task and https://github.com/pulumi/pulumi-az-pipelines-task/tree/master/examples/azure . As stated in the example, I am not getting the Pipeline to be added automatically. Please can you help, the documentation seems to be very high level for newbies like me.

better-rainbow-14549

07/16/2020, 1:57 PM

Upgrading from 3.7.0 to 3.11.0 pulumi's throwing new errors about how fields can't be specified:

{
            "urn": "urn:pulumi:deployments-infra-dev-eu::deployments-infra-dev-eu::mpp:Cluster$azure:containerservice/kubernetesCluster:KubernetesCluster::deveu2",
            "message": "error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu2' has a problem: \"addon_profile.0.http_application_routing.0.http_application_routing_zone_name\": this field cannot be set\n",
            "severity": "error"
        },
        {
            "urn": "urn:pulumi:deployments-infra-dev-eu::deployments-infra-dev-eu::mpp:Cluster$azure:containerservice/kubernetesCluster:KubernetesCluster::deveu2",
            "message": "error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu2' has a problem: Can not parse \"addon_profile.0.oms_agent.0.log_analytics_workspace_id\" as a resource id: Cannot parse Azure ID: parse \"\": empty url\n",
            "severity": "error"
        },
        {
            "urn": "urn:pulumi:deployments-infra-dev-eu::deployments-infra-dev-eu::mpp:Cluster$azure:containerservice/kubernetesCluster:KubernetesCluster::deveu2",
            "message": "error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu2' has a problem: \"addon_profile.0.oms_agent.0.oms_agent_identity\": this field cannot be set\n",
            "severity": "error"
        }

but I never specified those anyway, they've just appeared.

better-rainbow-14549

07/16/2020, 2:53 PM

i've emptied them from the state file, did refresh and they came back

wooden-branch-26004

07/20/2020, 12:15 PM

Hello! I want to attach ACR repository to a new AKS cluster. I can do that via

cli

using

--attach-acr <acr_name>

(ex.

az aks ... create --attach-acr <acr_name>

) . How can I do the same via Pulumi? I haven't found anything related to it in

KubernetesCluster

KubernetesClusterArgs

. Thanks!

enough-kite-69616

07/20/2020, 4:52 PM

Has anyone used Azure DevOps to run Pulumi to manage PostgreSQL instances? What do I need to do about firewall rules?

ripe-russia-4239

07/22/2020, 2:41 PM

Hi there, I'm trying to provision a custom hostname for an Azure Function. When I work through this in the portal, I have to complete a domain verification step to prove ownership of the host name I'm trying to provision: adding a

TXT

record to my DNS with a specific GUID. If this step is not completed, the Pulumi

CustomHostnameBinding

fails to create, and the Pulumi update as a whole fails:

Error creating/updating Custom Hostname Binding "<http://www.mywebsite.com|www.mywebsite.com>" (App Service "exampleappservice7422ec00" / Resource Group "exampleresourcegroupa1b4af45"): web.AppsClient#CreateOrUpdateHostNameBinding: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="A TXT record pointing from <http://asuid.www.mywebsite.com|asuid.www.mywebsite.com> to 2f77eba357071f06b1ae4cb900105eeb8236f2697466a15641af4fdd75f2fb49 was not found." Details=[{"Message":"A TXT record pointing from <http://asuid.www.mywebsite.com|asuid.www.mywebsite.com> to 2f77eba357071f06b1ae4cb900105eeb8236f2697466a15641af4fdd75f2fb49 was not found."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"04006","Message":"A TXT record pointing from <http://asuid.www.mywebsite.com|asuid.www.mywebsite.com> to 2f77eba357071f06b1ae4cb900105eeb8236f2697466a15641af4fdd75f2fb49 was not found.","MessageTemplate":"A TXT record pointing from asuid.{0} to {1} was not found.","Parameters":["<http://www.mywebsite.com|www.mywebsite.com>","2f77eba357071f06b1ae4cb900105eeb8236f2697466a15641af4fdd75f2fb49"]}}]

I haven't been able to catch this error, nor identify a way (from the docs, poking around the Pulumi libraries with code completion, etc. etc.) to capture the resource(s) in error and inspect the returned error. What I'd like to be able to do is intercept this error, provision the

TXT

record in CloudFlare DNS, retry the operation, then delete the

TXT

record again. I'm using the #typescript SDK.

breezy-cricket-40277

07/24/2020, 3:36 PM

Update Strategy Azure Kubernetes Service with

[diff: ~addonProfile]

. What’s the deal with this? I didn’t change any code on my Pulumi code and I get this update strategy that basically

diffs

my kubeconfig (to be the same one) and a bunch of

metadata and provider

changes without no code changes whatsoever.

kind-mechanic-53546

07/29/2020, 3:27 AM

Does anyone have a good azure service for config management? I'd like to export all my config (endpoints, secrets, connection strings, hostnames etc...) to have 1 consolidated place, currently, it's spread over 10 odd pulumi stacks In AWS, I'd use SSM Parameter store, but Azure App Configuraton is 1) not supported by Terraform or Pulumi and 2) expensive

kind-mechanic-53546

07/31/2020, 7:38 AM

Is there any programmatic way to add the

Contributor

role for a subscription to an

azuread.Application

tall-needle-56640

08/03/2020, 10:14 PM

Hello all. I just started PoC-ing Pulumi and I'm immediately struck with ambiguity and oddity in the framework. For instance, if I want to create a simple web app, I start typing WebApp, not AppService (though FunctionApp exists), or AppServicePlan, not Plan (vague). Is there any effort to clean this up in future versions of the framework?

tall-needle-56640

08/03/2020, 10:20 PM

Or ASP skus:

new PlanSkuArgs { Size="0", Tier = "S" }

results in

The parameter SKU.Name has an invalid value

. Why tell me that the name is wrong, when I didn't provide a name? Why is nothing telling me what values are allowed? Is the Azure provider just in its early days. I think Pulumi is a great idea and I have more experimentation to do, but I wish I was falling into the pit of success. 😞

kind-mechanic-53546

08/04/2020, 7:33 AM

Not specifically for azure but more Azure Devops I run an npm script as shorthand for

pulumi up

, (e.g.

npm run up

) which does

pulumi up --yes --policy-pack ./policy-pack-here

When I run this in an Azure Devops pipeline using the npm custom script, it fails with

error: getting secrets manager: passphrase must be set with PULUMI_CONFIG_PASSPHRASE environment variable

which is strange since the environment variable is set (and

pulumi version

works in a different step) Question, why would the environment variable not be propagating down to the npm task, is this expected?

bland-ice-32467

08/06/2020, 8:05 PM

Is there a way to change an object after it is created? For context: I have a service principal for a pulumi user (which will run in a CI/CD pipeline). It needs certain permissions to read the various secrets, kand keys in a key vault. In order to keep the code (somewhat) clean, I'd like add these permissions by them selves. This causes a problem when I try to "add" permissions to an existing access policy. Can you offer some tips on how to change an existing pulumi resource (

pulumi_azure.keyvault.AccessPolicy

), which may or may not exist in Azure, or how I should go about creating a service principal that has all the necessary permissions to create all resources I am able to create through the Azure Portal?

millions-dog-5491

08/12/2020, 10:02 AM

Hi. Any suggestions to how I can import a ApplicationPassword resource when I only have the name of the resource, and not the KeyId? The KeyId is necessary to compile an identifier to use with CustomResourceArgs.ImportId... but also needed to call the ApplicationPassword.Get() method to get the existing ApplicationPassword resource... Or is the design intended so that I am supposed to export the KeyId upon first run, and refer to this at subsequent runs? I want to avoid that a new password is generated and applied to the Application at every execution. I am open to the possibility I am missing something 🙂 Using C#. Thanks

future-kite-91191

08/19/2020, 2:14 PM

Hi! I'm using the Azure DevOps Pulumi Task (via Marketplace) and try to deploy our stack. We get this error. Any idea?

error: problem logging in: getting user info from pul-****************************************: performing HTTP request: Get "pul-********************************/api/user": unsupported protocol scheme ""

Title

future-kite-91191

08/19/2020, 2:14 PM

Hi! I'm using the Azure DevOps Pulumi Task (via Marketplace) and try to deploy our stack. We get this error. Any idea?

error: problem logging in: getting user info from pul-****************************************: performing HTTP request: Get "pul-********************************/api/user": unsupported protocol scheme ""

clever-sunset-76585

08/19/2020, 2:49 PM

Hi, it seems that somehow your token is being used as the API URL somehow, possibly due to misconfiguration of the pipeline. What does your Azure Pipelines config file look like? And how did you specify the token for the CLI?

future-kite-91191

08/19/2020, 5:40 PM

Correct, was a line in there that should have been removed via Git merge conflict resolve.. Thanks!

👍 1

View count: 4