Hi there! I am trying Pulumi for a toy project, with the intention of using it in serious projects in the future. About once a week I have had problems with the azure provider, usually with errors coming from terraform. Using

pulumi destroy

and

pulumi up

is all right at this stage, but soon I won't be able to fix it that way. Are there other people facing this kind of problems? How do you solve them?

I'm trying to retrieve the Virtual IP address from my AppService in my pulumi

index.ts

, but can't find a way to do it as it is not a field of the

AppService

class (see picture for how it looks like in the Azure Portal). Any hints?

why is

DiagnosticSetting

only available in

v20170501preview

of

nextgen

? https://www.pulumi.com/docs/reference/pkg/azure-nextgen/insights/diagnosticsetting/ has this been dropped again?

I'm trying to make sense of the types in

nextgen

, but could use some help. For instance, I want to create an

AppService

, but there is no such resource in

nextgen

. Instead, I found a WebApp resource that seems similar. Is there a logic behind the name?

I am also having trouble to find the equivalent of

ApplicationInsights

. Is there a guide or an explanation somewhere that I can use to map from the old names to the ones in

nextgen

?

Hello. Does anyone know what happens if I change pricing tier for a SQL db, will a new one be provisioned or will the existing one be up- or down graded?

I just updated to

@pulumi/azure-nextgen

from

^0.2.8

to

^0.3.0

and now I get this:

azure-nextgen:web/latest:WebApp (yoo-ci-hooks):
    error: Code="NoRegisteredProviderFound" Message="No registered resource provider found for location 'switzerlandnorth' and API version '2020-09-01' for type 'sites'. The supported api-versions are '2020-06-01, 2019-08-01, 2018-11-01, 2018-02-01, 2016-08-01, 2015-08-01-preview, 2016-03-01, 2015-08-01, 2015-07-01, 2015-06-01, 2015-05-01, 2015-04-01, 2015-02-01, 2014-11-01, 2014-06-01, 2014-04-01, 2014-04-01-preview, 2015-01-01, 2015-11-01, 2016-09-01, 2017-08-01, 2018-12-01-alpha'. The supported locations are 'southcentralus, msftwestus, msfteastus, msfteastasia, msftnortheurope, eastus2stage, centralusstage, southafricanorth, westus, australiaeast, brazilsouth, southeastasia, centralus, japanwest, centralindia, uksouth, canadaeast, koreacentral, francecentral, northeurope, westus2, eastus, westindia, eastus2, australiacentral, germanywestcentral, norwayeast, uaenorth, switzerlandnorth, northcentralus, ukwest, australiasoutheast, koreasouth, canadacentral, westeurope, southindia, westcentralus, eastasiastage, northcentralusstage, eastasia, japaneast'."

I have to say that I don’t quite understand the versioning behind all this, but does this say that my region

switzerlandnorth

does not support the api version required by

pulumi nextgen 0.3.0

?

In

Pulumi.Azure

, I could get the

tenantId

by doing

var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantId = clientConfig.Apply(c => c.TenantId);

How do I do this in

AzureNextGen

?

Is there a way to re-sync the state from azure? Pulumi is trying to delete Key Vault secrets, but they don't even exist, so

pulumi up

fails with bad request errors

Anyone know a way to import resources from Azure in the new AzureNextGen format?

@tall-librarian-49374 I noticed that KeySource is required in the SDK, but per the specs, it should have a default value. Why are they different?

Hi everyone, we are evaluating Pulumi Azure Nexte Gen and have successfully created many of the resources that we need, but a simple Azure App Function I have not been able to locate or configure correctly in the docs -> https://www.pulumi.com/docs/reference/pkg/azure-nextgen/ what part should I use for such a function and do Pulumi or someone have a short example for such a important part of a serverless stack. Have been searching the docs for two days now, and if i use the old provider I get a version 1 function instead of v3. Thank you very much in advance

Hey guys, are we already on Terraform Azure Provider v.2.40.0? It fixes a bug I was banging my head against all afternoon. https://github.com/terraform-providers/terraform-provider-azurerm/issues/9699#issuecomment-742774944

Hi is there some changes that we should void when using azure next gen. Had a typo in the resource name and by changing that it failed completely so now I am rebuilding our stacks and upping them with pulumi…

or is there a workaround for changes like this?

we use a random suffix across a resource group, so should this be random pr resource, can see that it is what causes the problem

Hi everyone! Excited by the news of a truly first-class Azure provider, we have now started the work of trying to migrate our programs over to AzureNextGen. We could use some guidance on a couple of things. I’ll post them as separate messages here to allow them to be discussed in separate threads. First topic is about the versioning. I have not been able to make full sense of it yet, so for my understanding: 1. Is it correct that the versions are basically “per ARM resource provider”, i.e. each resource provider on the Azure side versions independently of all the others? 2. To which version does “latest” actually resolve? My experience so far indicates that it is neither the latest, nor the latest preview, at least for the

authorization

module which I’ve been struggling with a bit (more on that later). 3. Does the meaning of “latest” always stay the same as long as we don’t update to a new version of the

Pulumi.AzureNextGen

NuGet package? 4. What is the general guidance on which version to use? Should we generally use “latest” whenever possible?

Second topic is about the

authorization

module which can be used to create RBAC role assignments. I cannot make sense of the API surfaces of this module. Some of the API versions are only about roles. Other API versions are only about policies (which are a different thing). Some API versions contain varying amounts of both. Some are neither, but seem to only contain stuff about management locks! See attached a couple of examples. I’m very confused. 😅 Are these API versions somehow supposed to be used in combination, even for the same module? Like, create a role assignment using this API version, then a policy assignment using this other API version, etc.?

Third topic is about the same module. In the Terraform-based provider, it was possible to create a role assignment specifying the name of the role, like so:

var configRoleAssignment = new Assignment(
	$"orgflow-download-{stackName}-configRoleAssignment",
	new AssignmentArgs()
	{
		PrincipalId = app.Identity.Apply(x => x.PrincipalId),
		RoleDefinitionName = "App Configuration Data Reader", // Use textual name of role
		Scope = configService.Resources.Single().Id,
		SkipServicePrincipalAadCheck = true
	});

I cannot find any way to accomplish the same using AzureNextGen, it seems like we can only resolve role definitions using their GUID IDs and some awkward string concatenation:

var configRoleAssignment = new RoleAssignment(
	$"orgflow-download-{stackName}-configRoleAssignment",
	new RoleAssignmentArgs()
	{
		RoleAssignmentName = "200DA71F-80F9-4D5F-90AB-FCE5CE72FA97",
		PrincipalId = app.Identity.Apply(x => x!.PrincipalId),
		// TODO: Resolve subscription ID, and if possible also role definition ID
		RoleDefinitionId = "/subscriptions/1788357e-d506-4118-9f88-092c1dcddc16/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", //configDataReaderRole.Id,
		Scope = configStore.Id,
	});

Even doing a

GetRoleDefinition.InvokeAsync()

does not help, as that one also takes this ID as its only possible input. Does anyone know how to avoid hard-coding the role ID, and instead resolve it from the role name as was possible with the old provider?

And finally, fourth topic: there is an issue with the new provider when creating

Certificate

resources.

var certificate = new Pulumi.AzureNextGen.Web.V20190801.Certificate(
	$"orgflow-download-{stackName}-cert",
	new Pulumi.AzureNextGen.Web.V20190801.CertificateArgs()
	{
		Name = $"orgflow-download-{stackName}-cert",
		ResourceGroupName = resourceGroup.Name,
		Location = location,
		CanonicalName = publicHostname,
		ServerFarmId = appServicePlan.Id,
		Password = ""
	},
	new ResourceOptions()
	{
		// App Service Managed Certificates cannot be created unless a hostname binding has already
		// been added to the corresponding app service.
		DependsOn = hostnameBinding
	});

This creates an Azure-managed app service certificate for a web app. However,

pulumi up

fails on this resource with the following error:

azure-nextgen:web/v20190801:Certificate (orgflow-download-dev-cert):
  error: autorest/azure: error response cannot be parsed: "" error: EOF

Pulumi exits with a failure, and thinks the resource has not been created, but the certificate is actually created successfully in Azure. Next time we do

pulumi up

it fails because the resource is already there. So this one seems to be more of an issue with how Pulumi is handling a response from the API. (Also for some reason the

Password

property has to be set to something (it doesn’t matter what) which I think is a bug because for a managed certificate there are no passwords to worry about.)

I replaced azure.compute.VirtualMachine() with azure.compute.LinuxVirtualMachine(), when running pulumi up, I thought it should first delete the current VM which would release the network interface, and then create new VM, then attach the existing network interface to the new VM. However, I got the following error msg

azurecomputeLinuxVirtualMachine (WebVM):   error: creating Linux Virtual Machine "webvm8d7e0af0" : compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="NicInUse" Message="Network Interface networkinterface15ff9458 is used by existing resource /subscriptions/xxxxx/resourceGroups/xxxx/providers/Microsoft.Compute/virtualMachines/webvm8b564ed5. In order to delete the network interface, it must be dissociated from the resource. To learn more, see aka.ms/deletenic." Details=[]

don't understand why it wanted to delete the network interface attached to the current VM, any idea?

what I end up doing is comment out the lines of virtualmachine, run pulumi up, let it delete the vm, then remove comment, run pulumi up again to create the vm. Thought pulumi could have handled it more efficiently

every time change custom data of the vm, run pulumi up, got the same error of network interface is in use, this can't be right, I shouldn't have to comment out code every time to delete the current vm first and recreate vm, did I do anything wrong?

can you share some of the code you used to define the VM?

I am running into an

insufficient privileges

issue on Azure when trying to create/change an Azure Active Directory Application, deploying using pulumi's DevOps task. I have the following:

task: Pulumi@1
inputs:
  azureSubscription: <azure-resource-manager>
  ... 
env:
  PULUMI_ACCESS_TOKEN: $(pulumi.access.token)

And on AAD I added the following

API permissions

, with type Application (not Delegated):

Application.Read.All
Application.ReadWrite.All
Application.ReadWrite.OwnedBy
Directory.Read.All
Directory.ReadWrite.All

Error:

* updating urn:pulumi:test::<>::azuread:index/application:Application::<>: patching Application with ID "<id>": graphrbac.ApplicationsClient#Patch: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-12-22T15:28:11","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"<>"}}]

What I am missing?

Does someone know if this is the resource for a azure static webapp? • https://www.pulumi.com/docs/reference/pkg/azure-nextgen/web/webapp/

I'm attempting to deploy a subnet but got the following error: error: Code="InvalidRequestFormat" Message="Cannot parse the request." Details=[] any chance there are more details to be seen somewhere? Edit: Problem was caused by the subnet delegation to Microsoft.Web/serverfarms. I'll have to investigate that. The pulumi up process sometimes seems to hang even though the resources are created / updated corretly.