pulumi-community #azure

Channels

azure

icy-jordan-58549

11/17/2020, 4:02 PM

Hi everyone, just curious why there are separate components in the old azure provider for Firewall

azure.network.FirewallNatRuleCollection
azure.network.FirewallApplicationRuleCollection
azure.network.FirewallNetworkRuleCollection

but not inside

nextgen

? Is it due to the structure of ARM templates? Is it possible to decouple those components outside from the large https://www.pulumi.com/docs/reference/pkg/azure-nextgen/network/azurefirewall/ ?

colossal-school-15171

11/19/2020, 5:23 AM

hey all, I’m having a hard time getting my pulumi program to authenticate into an existing Azure Container Registry to grab the image it needs to build and deploy to an AKS cluster.

let coreLabels = { app: "core" };
let coreDeployment = new k8s.apps.v1.Deployment("core", {
    spec: {
        selector: { matchLabels: coreLabels },
        replicas:  1,
        template: {
            metadata: { labels: coreLabels },
            spec: {
                containers: [{
                    name: "core",
                    image:"<http://mappeddev.azurecr.io.blob.core.windows.net|mappeddev.azurecr.io.blob.core.windows.net>",
                    ports: [{ containerPort: 80 }]
                }],
            },
        },
    },
});

which gives this error diagnostic:

Type                                                          Name                       Status                  Info
     pulumi:pulumi:Stack                                           mapped_infrastructure-aks  **failed**              1 error
 ~   ├─ kubernetes:apps/v1:Deployment                              core                       **updating failed**     1 error
 ~   ├─ azure-nextgen:containerregistry/v20190501preview:ScopeMap  acrScopeMap                **updating failed**     [diff: ~actions]; 1 error
 ~   └─ azure:containerservice:KubernetesCluster                   aksCluster                 updated                 [diff: ~addonProfile]
 
Diagnostics:
  kubernetes:apps/v1:Deployment (core):
    error: 5 errors occurred:
        * the Kubernetes API server reported that "core-1je2id4a" failed to fully initialize or become live: 'core-1je2id4a' timed out waiting to be Ready
        * [MinimumReplicasUnavailable] Deployment does not have minimum availability.
        * [ProgressDeadlineExceeded] ReplicaSet "core-1je2id4a-cd7d9599d" has timed out progressing.
        * Minimum number of live Pods was not attained
        * [Pod core-1je2id4a-cd7d9599d-k4n9v]: containers with unready status: [core] -- [ImagePullBackOff] Back-off pulling image "<http://mappeddev.azurecr.io.blob.core.windows.net|mappeddev.azurecr.io.blob.core.windows.net>"

I’ve tried creating a token using the example code here: https://www.pulumi.com/docs/reference/pkg/azure-nextgen/containerregistry/token/ it gives me this error

azure-nextgen:containerregistry/v20190501preview:Token (token):
    error: Code="CertificateAuthNotSupported" Message="Certificate authentication is not yet supported. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."

sparse-dream-33326

11/19/2020, 11:23 AM

I am running azure-cs-aks-private-container-registry on Azure devops using a service principal.This sample creates a service principal on Azure.

sparse-dream-33326

11/19/2020, 11:23 AM

error: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-11-19T11:21:33","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"06ba91b6-f8dd-4c13-ad44-3edd92d780b9"}}]

sparse-dream-33326

11/19/2020, 11:24 AM

I have granted all permissions to

sparse-dream-33326

11/19/2020, 4:19 PM

Is there example on Pulumi building a mixed node cluster i.e windows and linux nodes in Azure?

ancient-painter-14846

11/19/2020, 4:29 PM

Hello everyone, anyone knows why Pulumi is detecting a change/delete in the "id" property of a cosmosdb container? This change doesn't even show up in the CLI, just in the portal. This ends causing the following error during pulumi up:

error: 1 error occurred: updating urn:pulumi:dev::*****-infrastructure::azure:cosmosdb/sqlContainer:SqlContainer::dev: ID was missing the 'sqlDatabases' element

Using CLI 2.13.2. Dependencies:

"dependencies": {
        "@pulumi/azure": "^3.30.1",
        "@pulumi/kubernetes": "^2.7.1",
        "@pulumi/pulumi": "^2.14.0"
    }

early-sugar-1496

11/22/2020, 2:49 PM

has anyone had any luck with the next gen provider and aks clusters? mostly around adding / removing agent pools and conflicting diffs when trying to replace the pool created with the

ManagedClusterArgs.AgentPoolProfiles

calm-motorcycle-72397

11/23/2020, 8:36 PM

Hi everyone. Testing the new Azure-Nextgen, and I'm wondering what replaces the removed PrimaryConnectionString from Account (now StorageAccount) object?

calm-motorcycle-72397

11/24/2020, 2:22 PM

Azure-Nextgen: I think I've found an issue: dbforpostgresql/latest attempts to recreate a FirewallRule though no changes have been done to it, and when it attempts to delete old, I get Code="ResourceNotFound" . Create issue in github or is it likely I'm doing something wrong?

early-television-40911

11/24/2020, 4:46 PM

Hi, I`m using azure-nextgen to try to create an app service plan and a metric alert,

const plan = new web.AppServicePlan("plan", {
    resourceGroupName: resourceGroup.name,
    name: "linux-asp",
    location: resourceGroup.location,
    kind: "Linux",
    sku: selectedSku,
});

const cpuAlert = new insights.MetricAlert(
    "cpuAlertName",
    {
        actions: [],
        autoMitigate: false,
        criteria: cpuCriteria,
        description: "description",
        enabled: true,
        evaluationFrequency: "Pt1m",
        location: "global",
        resourceGroupName: resourceGroup.name,
        ruleName: "cpuAlertName",
        scopes: [plan.id],
        severity: 3,
        tags: {},
        windowSize: "Pt15m",
    },
    { dependsOn: plan },
);

if I try to create them together I get the error on the preview:

panic: fatal: A failure has occurred: Unrecognized structpb value kind in RPC[Provider[azure-nextgen, 0xc00052d7a0]

but if create the app service plan first then add the metric alert it works. Does anyone have any ideas on how to create them together?

ancient-painter-14846

11/25/2020, 3:37 PM

Hello everyone. Looks like there's some API changes in the CosmosDB SqlContainers. I have a resource created that has the following id:

/subscriptions/*********-****-****-****-************/resourceGroups/rg-dev/providers/Microsoft.DocumentDB/databaseAccounts/regionalcosmos/apis/sql/databases/regionaldb/containers/dev

But if I do an

az cosmos sql container list

, now this resource have the following ID:

/subscriptions/*********-****-****-****-************/resourceGroups/rg-dev/providers/Microsoft.DocumentDB/databaseAccounts/regionalcosmos/sqlDatabases/regionaldb/containers/dev

Because if this, I have the following error when trying to do a `pulumi up`:

ID was missing the 'sqlDatabases' element

Is there any way of fixing it? Maybe deleting from the state and re-importing it?

calm-motorcycle-72397

11/27/2020, 7:13 AM

Azure-Nextgen: Due to slot swapping, what pulumi expects to exist wrt. appsettings and stuff is wrong, and this causes issues. Is there any way to force it to set certain variables?

billowy-carpenter-15652

11/27/2020, 6:31 PM

Hi team, I'm trying to create an AutoscaleSetting and cannot figure out how to set a recurrence such that a rule is in effect from 6AM to 6PM. The only option in RecurrenceArgs seems to be Hours and Minutes, which seems to be defined as an interval, whereas the Azure Portal allows a start and end time on recurrences. Can someone please let me know what I'm doing wrong? Thank you!

bitter-policeman-94135

11/28/2020, 1:41 AM

Does anyone have any examples of accessing the Azure SDK/API directly from within Pulumi? I want to use Pulumi to set up SendGrid on Azure. I'm wondering what it will take to do it.

red-lighter-44012

11/28/2020, 2:32 PM

I am provisioning an Azure Postgres DB and im having trouble outputting the admin username and password. The console output includes the FQDN, but neither the username nor the password are available.

PostgresAdminLogin = dbServer.AdministratorLogin;
PostgresAdminPassword = dbServer.AdministratorLoginPassword;
PostgresFqdn = dbServer.Fqdn;

Edit: I fell in my own trap, the output properties were static 😄 the method creating the DB is static so people return the new resource and not assign Output<> in the methods all over the place but only in the constructor. So yeah, I just shot myself in the foot. "senior dev" haha

prehistoric-nail-50687

11/30/2020, 10:30 AM

anyone has an idea how to configure container logging with

nextgen

? The cli command is this:

az webapp log config --name "$APP_NAME" --resource-group "$RG_NAME" --docker-container-logging filesystem

But I can’t find any equivalent for it in pulumi

future-kite-91191

11/30/2020, 11:04 AM

Hi! Q regarding `nextgen`; where can I find the implementation for https://docs.microsoft.com/en-us/azure/templates/microsoft.kusto/clusters/databases/dataconnections

early-sugar-1496

11/30/2020, 11:22 AM

Hi, I'm trying to create a roleAssignment but preview keeps telling me

missing required property 'properties.principalId'

, is it because i'm using apply?

using AzureAuth = Pulumi.AzureNextGen.Authorization.Latest;

            new AzureAuth.RoleAssignment(
                $"NetworkContributor",
                new AzureAuth.RoleAssignmentArgs
                {
                    Scope = _cluster.NodeResourceGroup!,
                    RoleAssignmentName = "Network Contributor",
                    Properties = new AzureAuth.Inputs.RoleAssignmentPropertiesArgs
                    {
                        PrincipalId = _cluster.Identity.Apply(identity => identity!.PrincipalId),
                        RoleDefinitionId = "",
                    },
                });

clever-byte-21551

12/01/2020, 7:48 AM

I’m trying to use

keyvault

with

azure-nextgen

plugin and I couldn’t find how I can create secrets, the

keyvault

module only has methods for creating the actual vault but there’s no way to interact with it. (I’m using golang)

nice-oyster-71086

12/01/2020, 9:44 PM

Is there an equivalent for Blob in AzureNextGen? I'm trying to replicate this workflow (in c#).

tall-needle-56640

12/02/2020, 10:09 PM

I'm confused with the generated code vs. the API spec. The API spec has a delete for PolicyExemption, but the generated code does not.

icy-jordan-58549

12/04/2020, 11:37 AM

Can anyone help me, changed my az user to SP and keep getting this:

error: building auth config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).

adorable-cricket-58611

12/05/2020, 6:54 PM

@here I am getting the error while using the Pulumi Azure Pipelines Task, the error is error: problem logging in: rename credentials-460464347.json C:\Users\VssAdministrator\.pulumi\credentials.json: The system cannot move the file to a different disk drive.

adorable-cricket-58611

12/05/2020, 6:54 PM

can anyone please help here

wet-noon-14291

12/05/2020, 9:01 PM

I'm trying to set up a API in Azure management using the nextgen. I can't find how to add a "product" to an API, https://www.pulumi.com/docs/reference/pkg/azure-nextgen/apimanagement/api/. In the "old" azure provider I think you would use ProductApi, https://www.pulumi.com/docs/reference/pkg/azure/apimanagement/productapi/, but is there something for nextgen?

cool-jewelry-33023

12/06/2020, 11:23 PM

Sooo... here's a fun situation 🙂 When you update the Azure Traffic Manager monitor config (I've changed the health probing protocol & port - HTTP => HTTPS & 80 => 443) the Traffic Manager looses all of its Endpoints 🙂 Haven't really had time to debug this properly cause it happened on a deploy to PROD, so I've hot fixed it by deleting all the endpoints (we're adding them through a for loop so I've set the limit to 0), and then adding new ones 🙂 I'm using C# Pulumi version is 2.15.1 Pulumi nuget version 2.7.1 Pulumi.Azure nuget version 3.13.1

prehistoric-nail-50687

12/07/2020, 10:13 AM

I’m using

WebAppHostNameBinding

from

azure-nextgen

to add new domains to a

WebApp

. This works fine, as long as I only have one domain to add, but if I add multiple domains, then it does not work, because the previous

WebAppHostNameBinding

must be finished before I can add a new one. I currently have this:

const subdomains = ["aa", "bb", "cc"];
for (var subd of subdomains) {
  var nameBinding = newHostNameBinding(subd, app.name, "<http://topdomain.com|topdomain.com>");
}

function newHostNameBinding(subdomain: string, appName: Input<string>, topdomain: string) {
  return new nextgen.WebAppHostNameBinding(
    `${environment}-web-host-name-binding-${subdomain}`,
    {
      name: appName,
      resourceGroupName: resourceGroup.name,
      hostName: `${subdomain}.${topdomain}`,
    },
    { parent: app }
  );
}

Ho can I ensure the calls to create a

WebAppHostNameBinding

are finished on the Azure site before creating the next one? The error I currently get is this:

Cannot modify this site because another operation is in progress. Details: Id: 79e4dbe5-ae0e-44a2-9006-13b3e85e4e23, OperationName: Update, CreatedTime: 12/7/2020 9:53:20 AM, RequestId: d371a3b1-9503-4635-8289-2477a33ac7aa, EntityType: 3

boundless-airport-99052

12/07/2020, 12:54 PM

Hello, I’m trying to debug an issue introduced by the

terraform azurerm - v2.34.0

provider. I downgraded to

@pulumi/azure - v3.28.0

which uses

terraform azurerm v2.33.0

according to https://github.com/pulumi/pulumi-azure/blob/master/CHANGELOG.md But I still got the same error message

error: azure:operationalinsights/analyticsWorkspace:AnalyticsWorkspace resource 'log-f-stack-s-a-sb' has a problem: expected daily_quota_gb to be at least (0.000000), got -1.000000

The

daily_quota_gb

property was not present before`terraform azurerm v2.34.0` so I wonder why I still got this error. Terraform changelog: https://github.com/terraform-providers/terraform-provider-azurerm/releases/tag/v2.34.0

azurerm_log_analytics_workspace
- support for the
daily_quota_gb
property (#8861)

I can also confirm this with this commit which in only present in v2.34

tall-needle-56640

12/07/2020, 6:44 PM

The new versioning namespaces create a lot of (what I feel is) unnecessary noise. Also, I can find no precedent for this kind of organization as even the official Azure SDK doesn't do anything like this. I realize that it opens up some interesting scenarios, but it also makes a lot of normal scenarios more challenging.

Title

tall-needle-56640

12/07/2020, 6:44 PM

Example 1: Someone want to create a library for setting smart defaults (think reset.css). In

Pulumi.Azure

, this could be done by something like:

public class ResourceFactory
{
    public Account StorageAccount(string name, AccountArgs? args = null)
    {
        args ??= new AccountArgs();

        args.ResourceGroupName = _resourceGroupName;
        args.Location ??= _locationInput;
        args.AccountKind ??= "StorageV2";
        args.AccountReplicationType ??= "LRS";
        args.AccountTier ??= "Standard";

        return new Account(name, args);
    }
}

But in order to do this with

Pulumi.AzureNextGen

, the developer now has to create an overload for every version? And even if they did, when a new API version was released, the library would be broken until the developer add additional overloads.

tall-librarian-49374

12/07/2020, 7:04 PM

Yeah, that’s a trade-off to make. 1. Azure Go SDK does that. 2. arm2pulumi would be really challenging without multiple versions. 3. “Latest” is quite often a lemon as Azure rolls out new versions. We’d have to manually pick “the best version”. 4. We’d also have to force upgrades on everyone as we make those decisions, which creates friction. High-level libraries likely need to pick a version for each resource and stick with it for a while.

tall-needle-56640

12/07/2020, 8:28 PM

@tall-librarian-49374 What do you think of this? Packages: Packages are broken up, like the below. Note that non-version-named packages like

Pulumi.AzureNextGen.Web

represent the latest stable releases, but drop the identifier since it should be obvious now (and ideally is dropped from the namespace as well). Pulumi.AzureNextGen.Web Pulumi.AzureNextGen.Web.V20180201 Pulumi.AzureNextGen.Web.V20200601 Pulumi.AzureNextGen.Storage Pulumi.AzureNextGen.Storage.V20190601 Pulumi.AzureNextGen.Storage.V20200801Preview Pulimi.AzureNextGen - Contains the latest packages - Pulumi.AzureNextGen.Storage - Pulumi.AzureNextGen.Web - ... Pulumi.AzureNextGen.All - Contains all old and new sub-packages - Pulumi.AzureNextGen.Web - Pulumi.AzureNextGen.Web.V20180201 - Pulumi.AzureNextGen.Web.V20200601 - Pulumi.AzureNextGen.Storage - Pulumi.AzureNextGen.Storage.V20190601 - Pulumi.AzureNextGen.Storage.V20200801Preview - ... Versioning: [Update] The major version of "latest" packages corresponds to the newest API version 20200601.0.0 20210601.0.0 The major version of "latest" packages updates with each API version change. Using the above
Pulumi.AzureNextGen.Web
as an example ~~v1.0.0 contains latest (which would be V20200601)~~ ~~v1.x.x contains minor/patch changes to the API~~ ~~v2.0.0 contains the next API release (i.e. V20210601)~~ ... Developers should understand SemVer and thus realize that major version changes could mean breaking changes. For

Pulumi.AzureNextGen.Web.V20180201

, maybe continue to use the same versioning scheme in place. Results - Removing

.Latest

makes it much easier to migrate from Pulumi.Azure - Users who just want to use the latest can easily do so - Users are not blindly updated to a new version - Users who want to pin versions can easily do so - Users are not forced to upgrade - Old version-named packages do not need to be republished every time - arm2pulumi can continue as-is without any significant change

tall-librarian-49374

12/07/2020, 8:48 PM

What is the benefit of two naming convensions used in parallel (v1.0.0 and V20180201)? Why is semver easier to use?

tall-needle-56640

12/07/2020, 9:23 PM

1.0.0

is not for naming, that is just a potential versioning scheme as

1.0.0

seems more digestible version than

20180201

. But having

20180201

as the major version number is fine too.

I don't know if SemVer is "easier", but with SemVer, developers know that a new major version number means that there may be breaking changes. So if

Web.Latest

represents

V20200601

in some package version x.1, I would not expect

Web.Latest

to represent

V20210601

in version x.2. The APIs are (potentially) now incompatible. (On a side note, I thought SemVer was pretty industry standard.)

early-sugar-1496

12/08/2020, 12:04 AM

Azure-nextgen resources follow the same versioning as the actual azure apis. If the provider were to use semver for the resources instead of, for example, V20200601, pulumi would then be making the decision across the entire azure api surface on what is a breaking change. That decision should be made by the azure team responsible for that api, not pulumi

As a user of the provider, my only confusion is when a resource only exists in latest and not in a dated namespace but I'm not sure if that's a provider bug

tall-needle-56640

12/08/2020, 1:13 AM

I don't care if the major version numbers are 1, 2, 3. That was one suggestion and can be ignored. But the major version number should be changed whenever the Azure team puts out a new API version.

20200601

is fine as a major version number.

tall-librarian-49374

12/08/2020, 7:11 AM

@early-sugar-1496

a resource only exists in latest and not in a dated namespace

Can you point me to an example? I’m relatively sure that’s not possible and happy to take a look.

@tall-needle-56640 There are cases when users need to use two versions of the same resource provider (namespace). This sounds impossible in the package-per-version model?

tall-needle-56640

12/08/2020, 3:07 PM

@tall-librarian-49374 The package-per-version model would retain the version number in the namespace. I do think we should drop

Latest

from the namespace as it makes migration easier and seems unnecessary for a package that only represents the latest, but that's just my opinion. And ignoring that suggestion doesn't eliminate the other benefits.

tall-librarian-49374

12/08/2020, 3:12 PM

Ah I see. So, mostly, everything is the same, just multiple packages.

I see how this makes

Users who just want to use the latest can easily do so

a bit more straightforward but I’m not sure I see other benefits.

tall-needle-56640

12/08/2020, 3:29 PM

It also reduces noise and bloat. Why would I want a package that has X different versions, starting from 6 years ago, when I only want one or two of the most recent? It can slow down development as shown in this image. Visual Studio is trying to be helpful by finding namespaces that contain the type name. But it's recommending old versions, because there are just too many options. If I could pin the one or two versions, then it would recommend to me what I actually want.

tall-librarian-49374

12/08/2020, 3:32 PM

Makes sense. I wonder if that outweighs the process of discovery of all the NuGet packages that one wants to bring in.

tall-needle-56640

12/08/2020, 4:23 PM

You could always set the meta-package as the default, but searching "Pulumi" in a package feed is pretty easy.

View count: 3