https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • i

    icy-jordan-58549

    11/17/2020, 4:02 PM
    Hi everyone, just curious why there are separate components in the old azure provider for Firewall
    azure.network.FirewallNatRuleCollection
    azure.network.FirewallApplicationRuleCollection
    azure.network.FirewallNetworkRuleCollection
    but not inside
    nextgen
    ? Is it due to the structure of ARM templates? Is it possible to decouple those components outside from the large https://www.pulumi.com/docs/reference/pkg/azure-nextgen/network/azurefirewall/ ?
    b
    t
    • 3
    • 3
  • c

    colossal-school-15171

    11/19/2020, 5:23 AM
    hey all, I’m having a hard time getting my pulumi program to authenticate into an existing Azure Container Registry to grab the image it needs to build and deploy to an AKS cluster.
    let coreLabels = { app: "core" };
    let coreDeployment = new k8s.apps.v1.Deployment("core", {
        spec: {
            selector: { matchLabels: coreLabels },
            replicas:  1,
            template: {
                metadata: { labels: coreLabels },
                spec: {
                    containers: [{
                        name: "core",
                        image:"<http://mappeddev.azurecr.io.blob.core.windows.net|mappeddev.azurecr.io.blob.core.windows.net>",
                        ports: [{ containerPort: 80 }]
                    }],
                },
            },
        },
    });
    which gives this error diagnostic:
    Type                                                          Name                       Status                  Info
         pulumi:pulumi:Stack                                           mapped_infrastructure-aks  **failed**              1 error
     ~   ├─ kubernetes:apps/v1:Deployment                              core                       **updating failed**     1 error
     ~   ├─ azure-nextgen:containerregistry/v20190501preview:ScopeMap  acrScopeMap                **updating failed**     [diff: ~actions]; 1 error
     ~   └─ azure:containerservice:KubernetesCluster                   aksCluster                 updated                 [diff: ~addonProfile]
     
    Diagnostics:
      kubernetes:apps/v1:Deployment (core):
        error: 5 errors occurred:
            * the Kubernetes API server reported that "core-1je2id4a" failed to fully initialize or become live: 'core-1je2id4a' timed out waiting to be Ready
            * [MinimumReplicasUnavailable] Deployment does not have minimum availability.
            * [ProgressDeadlineExceeded] ReplicaSet "core-1je2id4a-cd7d9599d" has timed out progressing.
            * Minimum number of live Pods was not attained
            * [Pod core-1je2id4a-cd7d9599d-k4n9v]: containers with unready status: [core] -- [ImagePullBackOff] Back-off pulling image "<http://mappeddev.azurecr.io.blob.core.windows.net|mappeddev.azurecr.io.blob.core.windows.net>"
    I’ve tried creating a token using the example code here: https://www.pulumi.com/docs/reference/pkg/azure-nextgen/containerregistry/token/ it gives me this error
    azure-nextgen:containerregistry/v20190501preview:Token (token):
        error: Code="CertificateAuthNotSupported" Message="Certificate authentication is not yet supported. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
    t
    a
    r
    • 4
    • 15
  • s

    sparse-dream-33326

    11/19/2020, 11:23 AM
    I am running azure-cs-aks-private-container-registry on Azure devops using a service principal.This sample creates a service principal on Azure.
    • 1
    • 1
  • s

    sparse-dream-33326

    11/19/2020, 11:23 AM
    error: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-11-19T11:21:33","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"06ba91b6-f8dd-4c13-ad44-3edd92d780b9"}}]
  • s

    sparse-dream-33326

    11/19/2020, 11:24 AM
    I have granted all permissions to
  • s

    sparse-dream-33326

    11/19/2020, 4:19 PM
    Is there example on Pulumi building a mixed node cluster i.e windows and linux nodes in Azure?
  • a

    ancient-painter-14846

    11/19/2020, 4:29 PM
    Hello everyone, anyone knows why Pulumi is detecting a change/delete in the "id" property of a cosmosdb container? This change doesn't even show up in the CLI, just in the portal. This ends causing the following error during pulumi up:
    error: 1 error occurred: updating urn:pulumi:dev::*****-infrastructure::azure:cosmosdb/sqlContainer:SqlContainer::dev: ID was missing the 'sqlDatabases' element
    Using CLI 2.13.2. Dependencies:
    "dependencies": {
            "@pulumi/azure": "^3.30.1",
            "@pulumi/kubernetes": "^2.7.1",
            "@pulumi/pulumi": "^2.14.0"
        }
    • 1
    • 1
  • e

    early-sugar-1496

    11/22/2020, 2:49 PM
    has anyone had any luck with the next gen provider and aks clusters? mostly around adding / removing agent pools and conflicting diffs when trying to replace the pool created with the
    ManagedClusterArgs.AgentPoolProfiles
    t
    s
    • 3
    • 7
  • c

    calm-motorcycle-72397

    11/23/2020, 8:36 PM
    Hi everyone. Testing the new Azure-Nextgen, and I'm wondering what replaces the removed PrimaryConnectionString from Account (now StorageAccount) object?
    t
    • 2
    • 2
  • c

    calm-motorcycle-72397

    11/24/2020, 2:22 PM
    Azure-Nextgen: I think I've found an issue: dbforpostgresql/latest attempts to recreate a FirewallRule though no changes have been done to it, and when it attempts to delete old, I get Code="ResourceNotFound" . Create issue in github or is it likely I'm doing something wrong?
    t
    • 2
    • 3
  • e

    early-television-40911

    11/24/2020, 4:46 PM
    Hi, I`m using azure-nextgen to try to create an app service plan and a metric alert,
    const plan = new web.AppServicePlan("plan", {
        resourceGroupName: resourceGroup.name,
        name: "linux-asp",
        location: resourceGroup.location,
        kind: "Linux",
        sku: selectedSku,
    });
    
    const cpuAlert = new insights.MetricAlert(
        "cpuAlertName",
        {
            actions: [],
            autoMitigate: false,
            criteria: cpuCriteria,
            description: "description",
            enabled: true,
            evaluationFrequency: "Pt1m",
            location: "global",
            resourceGroupName: resourceGroup.name,
            ruleName: "cpuAlertName",
            scopes: [plan.id],
            severity: 3,
            tags: {},
            windowSize: "Pt15m",
        },
        { dependsOn: plan },
    );
    if I try to create them together I get the error on the preview:
    panic: fatal: A failure has occurred: Unrecognized structpb value kind in RPC[Provider[azure-nextgen, 0xc00052d7a0]
    but if create the app service plan first then add the metric alert it works. Does anyone have any ideas on how to create them together?
    t
    • 2
    • 1
  • a

    ancient-painter-14846

    11/25/2020, 3:37 PM
    Hello everyone. Looks like there's some API changes in the CosmosDB SqlContainers. I have a resource created that has the following id:
    /subscriptions/*********-****-****-****-************/resourceGroups/rg-dev/providers/Microsoft.DocumentDB/databaseAccounts/regionalcosmos/apis/sql/databases/regionaldb/containers/dev
    But if I do an
    az cosmos sql container list
    , now this resource have the following ID:
    /subscriptions/*********-****-****-****-************/resourceGroups/rg-dev/providers/Microsoft.DocumentDB/databaseAccounts/regionalcosmos/sqlDatabases/regionaldb/containers/dev
    Because if this, I have the following error when trying to do a `pulumi up`:
    ID was missing the 'sqlDatabases' element
    Is there any way of fixing it? Maybe deleting from the state and re-importing it?
    t
    • 2
    • 3
  • c

    calm-motorcycle-72397

    11/27/2020, 7:13 AM
    Azure-Nextgen: Due to slot swapping, what pulumi expects to exist wrt. appsettings and stuff is wrong, and this causes issues. Is there any way to force it to set certain variables?
    t
    n
    • 3
    • 5
  • b

    billowy-carpenter-15652

    11/27/2020, 6:31 PM
    Hi team, I'm trying to create an AutoscaleSetting and cannot figure out how to set a recurrence such that a rule is in effect from 6AM to 6PM. The only option in RecurrenceArgs seems to be Hours and Minutes, which seems to be defined as an interval, whereas the Azure Portal allows a start and end time on recurrences. Can someone please let me know what I'm doing wrong? Thank you!
    b
    • 2
    • 3
  • b

    bitter-policeman-94135

    11/28/2020, 1:41 AM
    Does anyone have any examples of accessing the Azure SDK/API directly from within Pulumi? I want to use Pulumi to set up SendGrid on Azure. I'm wondering what it will take to do it.
    t
    • 2
    • 2
  • r

    red-lighter-44012

    11/28/2020, 2:32 PM
    I am provisioning an Azure Postgres DB and im having trouble outputting the admin username and password. The console output includes the FQDN, but neither the username nor the password are available.
    PostgresAdminLogin = dbServer.AdministratorLogin;
    PostgresAdminPassword = dbServer.AdministratorLoginPassword;
    PostgresFqdn = dbServer.Fqdn;
    Edit: I fell in my own trap, the output properties were static 😄 the method creating the DB is static so people return the new resource and not assign Output<> in the methods all over the place but only in the constructor. So yeah, I just shot myself in the foot. "senior dev" haha
  • p

    prehistoric-nail-50687

    11/30/2020, 10:30 AM
    anyone has an idea how to configure container logging with
    nextgen
    ? The cli command is this:
    az webapp log config --name "$APP_NAME" --resource-group "$RG_NAME" --docker-container-logging filesystem
    But I can’t find any equivalent for it in pulumi
    t
    • 2
    • 2
  • f

    future-kite-91191

    11/30/2020, 11:04 AM
    Hi! Q regarding `nextgen`; where can I find the implementation for https://docs.microsoft.com/en-us/azure/templates/microsoft.kusto/clusters/databases/dataconnections
    t
    • 2
    • 8
  • e

    early-sugar-1496

    11/30/2020, 11:22 AM
    Hi, I'm trying to create a roleAssignment but preview keeps telling me
    missing required property 'properties.principalId'
    , is it because i'm using apply?
    using AzureAuth = Pulumi.AzureNextGen.Authorization.Latest;
    
                new AzureAuth.RoleAssignment(
                    $"NetworkContributor",
                    new AzureAuth.RoleAssignmentArgs
                    {
                        Scope = _cluster.NodeResourceGroup!,
                        RoleAssignmentName = "Network Contributor",
                        Properties = new AzureAuth.Inputs.RoleAssignmentPropertiesArgs
                        {
                            PrincipalId = _cluster.Identity.Apply(identity => identity!.PrincipalId),
                            RoleDefinitionId = "",
                        },
                    });
    t
    • 2
    • 5
  • c

    clever-byte-21551

    12/01/2020, 7:48 AM
    I’m trying to use
    keyvault
    with
    azure-nextgen
    plugin and I couldn’t find how I can create secrets, the
    keyvault
    module only has methods for creating the actual vault but there’s no way to interact with it. (I’m using golang)
    t
    • 2
    • 1
  • n

    nice-oyster-71086

    12/01/2020, 9:44 PM
    Is there an equivalent for Blob in AzureNextGen? I'm trying to replicate this workflow (in c#).
    t
    • 2
    • 3
  • t

    tall-needle-56640

    12/02/2020, 10:09 PM
    I'm confused with the generated code vs. the API spec. The API spec has a delete for PolicyExemption, but the generated code does not.
    t
    • 2
    • 3
  • i

    icy-jordan-58549

    12/04/2020, 11:37 AM
    Can anyone help me, changed my az user to SP and keep getting this:
    error: building auth config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
    t
    • 2
    • 10
  • a

    adorable-cricket-58611

    12/05/2020, 6:54 PM
    @here I am getting the error while using the Pulumi Azure Pipelines Task, the error is error: problem logging in: rename credentials-460464347.json C:\Users\VssAdministrator\.pulumi\credentials.json: The system cannot move the file to a different disk drive.
    a
    • 2
    • 1
  • a

    adorable-cricket-58611

    12/05/2020, 6:54 PM
    can anyone please help here
  • w

    wet-noon-14291

    12/05/2020, 9:01 PM
    I'm trying to set up a API in Azure management using the nextgen. I can't find how to add a "product" to an API, https://www.pulumi.com/docs/reference/pkg/azure-nextgen/apimanagement/api/. In the "old" azure provider I think you would use ProductApi, https://www.pulumi.com/docs/reference/pkg/azure/apimanagement/productapi/, but is there something for nextgen?
    t
    • 2
    • 2
  • c

    cool-jewelry-33023

    12/06/2020, 11:23 PM
    Sooo... here's a fun situation 🙂 When you update the Azure Traffic Manager monitor config (I've changed the health probing protocol & port - HTTP => HTTPS & 80 => 443) the Traffic Manager looses all of its Endpoints 🙂 Haven't really had time to debug this properly cause it happened on a deploy to PROD, so I've hot fixed it by deleting all the endpoints (we're adding them through a for loop so I've set the limit to 0), and then adding new ones 🙂 I'm using C# Pulumi version is 2.15.1 Pulumi nuget version 2.7.1 Pulumi.Azure nuget version 3.13.1
    t
    • 2
    • 2
  • p

    prehistoric-nail-50687

    12/07/2020, 10:13 AM
    I’m using
    WebAppHostNameBinding
    from
    azure-nextgen
    to add new domains to a
    WebApp
    . This works fine, as long as I only have one domain to add, but if I add multiple domains, then it does not work, because the previous
    WebAppHostNameBinding
    must be finished before I can add a new one. I currently have this:
    const subdomains = ["aa", "bb", "cc"];
    for (var subd of subdomains) {
      var nameBinding = newHostNameBinding(subd, app.name, "<http://topdomain.com|topdomain.com>");
    }
    
    function newHostNameBinding(subdomain: string, appName: Input<string>, topdomain: string) {
      return new nextgen.WebAppHostNameBinding(
        `${environment}-web-host-name-binding-${subdomain}`,
        {
          name: appName,
          resourceGroupName: resourceGroup.name,
          hostName: `${subdomain}.${topdomain}`,
        },
        { parent: app }
      );
    }
    Ho can I ensure the calls to create a
    WebAppHostNameBinding
    are finished on the Azure site before creating the next one? The error I currently get is this:
    Cannot modify this site because another operation is in progress. Details: Id: 79e4dbe5-ae0e-44a2-9006-13b3e85e4e23, OperationName: Update, CreatedTime: 12/7/2020 9:53:20 AM, RequestId: d371a3b1-9503-4635-8289-2477a33ac7aa, EntityType: 3
  • b

    boundless-airport-99052

    12/07/2020, 12:54 PM
    Hello, I’m trying to debug an issue introduced by the
    terraform azurerm - v2.34.0
    provider. I downgraded to
    @pulumi/azure - v3.28.0
    which uses
    terraform azurerm v2.33.0
    according to https://github.com/pulumi/pulumi-azure/blob/master/CHANGELOG.md But I still got the same error message
    error: azure:operationalinsights/analyticsWorkspace:AnalyticsWorkspace resource 'log-f-stack-s-a-sb' has a problem: expected daily_quota_gb to be at least (0.000000), got -1.000000
    The
    daily_quota_gb
    property was not present before`terraform azurerm v2.34.0` so I wonder why I still got this error. Terraform changelog: https://github.com/terraform-providers/terraform-provider-azurerm/releases/tag/v2.34.0
    azurerm_log_analytics_workspace
     - support for the 
    daily_quota_gb
     property (#8861)
    I can also confirm this with this commit which in only present in v2.34
    b
    • 2
    • 42
  • t

    tall-needle-56640

    12/07/2020, 6:44 PM
    The new versioning namespaces create a lot of (what I feel is) unnecessary noise. Also, I can find no precedent for this kind of organization as even the official Azure SDK doesn't do anything like this. I realize that it opens up some interesting scenarios, but it also makes a lot of normal scenarios more challenging.
    t
    e
    • 3
    • 17
Powered by Linen
Title
t

tall-needle-56640

12/07/2020, 6:44 PM
The new versioning namespaces create a lot of (what I feel is) unnecessary noise. Also, I can find no precedent for this kind of organization as even the official Azure SDK doesn't do anything like this. I realize that it opens up some interesting scenarios, but it also makes a lot of normal scenarios more challenging.
Example 1: Someone want to create a library for setting smart defaults (think reset.css). In 
Pulumi.Azure
 , this could be done by something like:
public class ResourceFactory
{
    public Account StorageAccount(string name, AccountArgs? args = null)
    {
        args ??= new AccountArgs();

        args.ResourceGroupName = _resourceGroupName;
        args.Location ??= _locationInput;
        args.AccountKind ??= "StorageV2";
        args.AccountReplicationType ??= "LRS";
        args.AccountTier ??= "Standard";

        return new Account(name, args);
    }
}
But in order to do this with 
Pulumi.AzureNextGen
 , the developer now has to create an overload for every version? And even if they did, when a new API version was released, the library would be broken until the developer add additional overloads.
t

tall-librarian-49374

12/07/2020, 7:04 PM
Yeah, that’s a trade-off to make. 1. Azure Go SDK does that. 2. arm2pulumi would be really challenging without multiple versions. 3. “Latest” is quite often a lemon as Azure rolls out new versions. We’d have to manually pick “the best version”. 4. We’d also have to force upgrades on everyone as we make those decisions, which creates friction. High-level libraries likely need to pick a version for each resource and stick with it for a while.
t

tall-needle-56640

12/07/2020, 8:28 PM
@tall-librarian-49374 What do you think of this? Packages: Packages are broken up, like the below. Note that non-version-named packages like
Pulumi.AzureNextGen.Web
represent the latest stable releases, but drop the identifier since it should be obvious now (and ideally is dropped from the namespace as well). Pulumi.AzureNextGen.Web Pulumi.AzureNextGen.Web.V20180201 Pulumi.AzureNextGen.Web.V20200601 Pulumi.AzureNextGen.Storage Pulumi.AzureNextGen.Storage.V20190601 Pulumi.AzureNextGen.Storage.V20200801Preview Pulimi.AzureNextGen - Contains the latest packages - Pulumi.AzureNextGen.Storage - Pulumi.AzureNextGen.Web - ... Pulumi.AzureNextGen.All - Contains all old and new sub-packages - Pulumi.AzureNextGen.Web - Pulumi.AzureNextGen.Web.V20180201 - Pulumi.AzureNextGen.Web.V20200601 - Pulumi.AzureNextGen.Storage - Pulumi.AzureNextGen.Storage.V20190601 - Pulumi.AzureNextGen.Storage.V20200801Preview - ... Versioning: [Update] The major version of "latest" packages corresponds to the newest API version 20200601.0.0 20210601.0.0 The major version of "latest" packages updates with each API version change. Using the above
Pulumi.AzureNextGen.Web
as an example
v1.0.0 contains latest (which would be V20200601) v1.x.x contains minor/patch changes to the API v2.0.0 contains the next API release (i.e. V20210601) ... Developers should understand SemVer and thus realize that major version changes could mean breaking changes. For
Pulumi.AzureNextGen.Web.V20180201
, maybe continue to use the same versioning scheme in place. Results - Removing
.Latest
makes it much easier to migrate from Pulumi.Azure - Users who just want to use the latest can easily do so - Users are not blindly updated to a new version - Users who want to pin versions can easily do so - Users are not forced to upgrade - Old version-named packages do not need to be republished every time - arm2pulumi can continue as-is without any significant change
t

tall-librarian-49374

12/07/2020, 8:48 PM
What is the benefit of two naming convensions used in parallel (v1.0.0 and V20180201)? Why is semver easier to use?
t

tall-needle-56640

12/07/2020, 9:23 PM
1.0.0
is not for naming, that is just a potential versioning scheme as
1.0.0
seems more digestible version than
20180201
. But having
20180201
as the major version number is fine too.
I don't know if SemVer is "easier", but with SemVer, developers know that a new major version number means that there may be breaking changes. So if
Web.Latest
represents
V20200601
in some package version x.1, I would not expect
Web.Latest
to represent
V20210601
in version x.2. The APIs are (potentially) now incompatible. (On a side note, I thought SemVer was pretty industry standard.)
e

early-sugar-1496

12/08/2020, 12:04 AM
Azure-nextgen resources follow the same versioning as the actual azure apis. If the provider were to use semver for the resources instead of, for example, V20200601, pulumi would then be making the decision across the entire azure api surface on what is a breaking change. That decision should be made by the azure team responsible for that api, not pulumi
As a user of the provider, my only confusion is when a resource only exists in latest and not in a dated namespace but I'm not sure if that's a provider bug
t

tall-needle-56640

12/08/2020, 1:13 AM
I don't care if the major version numbers are 1, 2, 3. That was one suggestion and can be ignored. But the major version number should be changed whenever the Azure team puts out a new API version.
20200601
is fine as a major version number.
t

tall-librarian-49374

12/08/2020, 7:11 AM
@early-sugar-1496
a resource only exists in latest and not in a dated namespace
Can you point me to an example? I’m relatively sure that’s not possible and happy to take a look.
@tall-needle-56640 There are cases when users need to use two versions of the same resource provider (namespace). This sounds impossible in the package-per-version model?
t

tall-needle-56640

12/08/2020, 3:07 PM
@tall-librarian-49374 The package-per-version model would retain the version number in the namespace. I do think we should drop
Latest
from the namespace as it makes migration easier and seems unnecessary for a package that only represents the latest, but that's just my opinion. And ignoring that suggestion doesn't eliminate the other benefits.
t

tall-librarian-49374

12/08/2020, 3:12 PM
Ah I see. So, mostly, everything is the same, just multiple packages.
I see how this makes
Users who just want to use the latest can easily do so
a bit more straightforward but I’m not sure I see other benefits.
t

tall-needle-56640

12/08/2020, 3:29 PM
It also reduces noise and bloat. Why would I want a package that has X different versions, starting from 6 years ago, when I only want one or two of the most recent? It can slow down development as shown in this image. Visual Studio is trying to be helpful by finding namespaces that contain the type name. But it's recommending old versions, because there are just too many options. If I could pin the one or two versions, then it would recommend to me what I actually want.
t

tall-librarian-49374

12/08/2020, 3:32 PM
Makes sense. I wonder if that outweighs the process of discovery of all the NuGet packages that one wants to bring in.
t

tall-needle-56640

12/08/2020, 4:23 PM
You could always set the meta-package as the default, but searching "Pulumi" in a package feed is pretty easy.
View count: 3