future-kite-91191
12/08/2020, 7:50 AMadventurous-keyboard-93905
12/09/2020, 8:30 AMpulumi destroy
and pulumi up
is all right at this stage, but soon I won't be able to fix it that way. Are there other people facing this kind of problems? How do you solve them?adventurous-keyboard-93905
12/09/2020, 1:58 PMindex.ts
, but can't find a way to do it as it is not a field of the AppService
class (see picture for how it looks like in the Azure Portal). Any hints?prehistoric-nail-50687
12/09/2020, 5:02 PMDiagnosticSetting
only available in v20170501preview
of nextgen
? https://www.pulumi.com/docs/reference/pkg/azure-nextgen/insights/diagnosticsetting/ has this been dropped again?adventurous-keyboard-93905
12/09/2020, 8:48 PMnextgen
, but could use some help. For instance, I want to create an AppService
, but there is no such resource in nextgen
. Instead, I found a WebApp resource that seems similar. Is there a logic behind the name?adventurous-keyboard-93905
12/09/2020, 8:49 PMApplicationInsights
. Is there a guide or an explanation somewhere that I can use to map from the old names to the ones in nextgen
?wet-noon-14291
12/09/2020, 11:38 PMprehistoric-nail-50687
12/11/2020, 12:34 PM@pulumi/azure-nextgen
from ^0.2.8
to ^0.3.0
and now I get this:
azure-nextgen:web/latest:WebApp (yoo-ci-hooks):
error: Code="NoRegisteredProviderFound" Message="No registered resource provider found for location 'switzerlandnorth' and API version '2020-09-01' for type 'sites'. The supported api-versions are '2020-06-01, 2019-08-01, 2018-11-01, 2018-02-01, 2016-08-01, 2015-08-01-preview, 2016-03-01, 2015-08-01, 2015-07-01, 2015-06-01, 2015-05-01, 2015-04-01, 2015-02-01, 2014-11-01, 2014-06-01, 2014-04-01, 2014-04-01-preview, 2015-01-01, 2015-11-01, 2016-09-01, 2017-08-01, 2018-12-01-alpha'. The supported locations are 'southcentralus, msftwestus, msfteastus, msfteastasia, msftnortheurope, eastus2stage, centralusstage, southafricanorth, westus, australiaeast, brazilsouth, southeastasia, centralus, japanwest, centralindia, uksouth, canadaeast, koreacentral, francecentral, northeurope, westus2, eastus, westindia, eastus2, australiacentral, germanywestcentral, norwayeast, uaenorth, switzerlandnorth, northcentralus, ukwest, australiasoutheast, koreasouth, canadacentral, westeurope, southindia, westcentralus, eastasiastage, northcentralusstage, eastasia, japaneast'."
I have to say that I don’t quite understand the versioning behind all this, but does this say that my region switzerlandnorth
does not support the api version required by pulumi nextgen 0.3.0
?tall-needle-56640
12/11/2020, 9:03 PMPulumi.Azure
, I could get the tenantId
by doing
var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantId = clientConfig.Apply(c => c.TenantId);
How do I do this in AzureNextGen
?adventurous-keyboard-93905
12/14/2020, 9:14 AMpulumi up
fails with bad request errorsbillions-spoon-83449
12/14/2020, 10:22 PMtall-needle-56640
12/15/2020, 10:23 PMbrave-winter-60074
12/16/2020, 9:26 AMfuture-kite-91191
12/16/2020, 7:37 PMbrave-winter-60074
12/17/2020, 10:39 AMbrave-winter-60074
12/17/2020, 10:39 AMbrave-winter-60074
12/17/2020, 10:40 AMpowerful-football-81694
12/18/2020, 2:09 PMauthorization
module which I’ve been struggling with a bit (more on that later).
3. Does the meaning of “latest” always stay the same as long as we don’t update to a new version of the Pulumi.AzureNextGen
NuGet package?
4. What is the general guidance on which version to use? Should we generally use “latest” whenever possible?powerful-football-81694
12/18/2020, 2:18 PMauthorization
module which can be used to create RBAC role assignments. I cannot make sense of the API surfaces of this module. Some of the API versions are only about roles. Other API versions are only about policies (which are a different thing). Some API versions contain varying amounts of both. Some are neither, but seem to only contain stuff about management locks! See attached a couple of examples.
I’m very confused. 😅 Are these API versions somehow supposed to be used in combination, even for the same module? Like, create a role assignment using this API version, then a policy assignment using this other API version, etc.?powerful-football-81694
12/18/2020, 2:24 PMvar configRoleAssignment = new Assignment(
$"orgflow-download-{stackName}-configRoleAssignment",
new AssignmentArgs()
{
PrincipalId = app.Identity.Apply(x => x.PrincipalId),
RoleDefinitionName = "App Configuration Data Reader", // Use textual name of role
Scope = configService.Resources.Single().Id,
SkipServicePrincipalAadCheck = true
});
I cannot find any way to accomplish the same using AzureNextGen, it seems like we can only resolve role definitions using their GUID IDs and some awkward string concatenation:
var configRoleAssignment = new RoleAssignment(
$"orgflow-download-{stackName}-configRoleAssignment",
new RoleAssignmentArgs()
{
RoleAssignmentName = "200DA71F-80F9-4D5F-90AB-FCE5CE72FA97",
PrincipalId = app.Identity.Apply(x => x!.PrincipalId),
// TODO: Resolve subscription ID, and if possible also role definition ID
RoleDefinitionId = "/subscriptions/1788357e-d506-4118-9f88-092c1dcddc16/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", //configDataReaderRole.Id,
Scope = configStore.Id,
});
Even doing a GetRoleDefinition.InvokeAsync()
does not help, as that one also takes this ID as its only possible input. Does anyone know how to avoid hard-coding the role ID, and instead resolve it from the role name as was possible with the old provider?powerful-football-81694
12/18/2020, 2:28 PMCertificate
resources.
var certificate = new Pulumi.AzureNextGen.Web.V20190801.Certificate(
$"orgflow-download-{stackName}-cert",
new Pulumi.AzureNextGen.Web.V20190801.CertificateArgs()
{
Name = $"orgflow-download-{stackName}-cert",
ResourceGroupName = resourceGroup.Name,
Location = location,
CanonicalName = publicHostname,
ServerFarmId = appServicePlan.Id,
Password = ""
},
new ResourceOptions()
{
// App Service Managed Certificates cannot be created unless a hostname binding has already
// been added to the corresponding app service.
DependsOn = hostnameBinding
});
This creates an Azure-managed app service certificate for a web app. However, pulumi up
fails on this resource with the following error:
azure-nextgen:web/v20190801:Certificate (orgflow-download-dev-cert):
error: autorest/azure: error response cannot be parsed: "" error: EOF
Pulumi exits with a failure, and thinks the resource has not been created, but the certificate is actually created successfully in Azure. Next time we do pulumi up
it fails because the resource is already there. So this one seems to be more of an issue with how Pulumi is handling a response from the API.
(Also for some reason the Password
property has to be set to something (it doesn’t matter what) which I think is a bug because for a managed certificate there are no passwords to worry about.)jolly-camera-35709
12/22/2020, 5:47 AMjolly-camera-35709
12/22/2020, 5:48 AMjolly-camera-35709
12/22/2020, 5:49 AMjolly-camera-35709
12/22/2020, 5:55 AMjolly-camera-35709
12/22/2020, 6:30 AMbillowy-army-68599
swift-hamburger-98290
12/22/2020, 4:45 PMinsufficient privileges
issue on Azure when trying to create/change an Azure Active Directory Application, deploying using pulumi's DevOps task. I have the following:
task: Pulumi@1
inputs:
azureSubscription: <azure-resource-manager>
...
env:
PULUMI_ACCESS_TOKEN: $(pulumi.access.token)
And on AAD I added the following API permissions
, with type Application (not Delegated):
Application.Read.All
Application.ReadWrite.All
Application.ReadWrite.OwnedBy
Directory.Read.All
Directory.ReadWrite.All
Error:
* updating urn:pulumi:test::<>::azuread:index/application:Application::<>: patching Application with ID "<id>": graphrbac.ApplicationsClient#Patch: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-12-22T15:28:11","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"<>"}}]
What I am missing?melodic-byte-32771
12/28/2020, 3:59 AMloud-shampoo-49194
12/30/2020, 9:26 AM