https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • t

    tall-needle-56640

    12/07/2020, 11:37 PM
    #azure #dotnet I'm trying to create a factory that returns resources with a logical set of defaults. In order for this to work in
    Pulumi.Azure
    , I did this:
    args.AppSettings = InputMap<string>.Merge(defaultAppSettings, args.AppSettings);
    Now I'm trying to migrate that code to
    AzureNextGen
    , but I'm not sure how to get it to work. I tried:
    var appSettings = args.SiteConfig.Apply(c => c.AppSettings);
    args.SiteConfig.Apply(s => 
        s.AppSettings = InputMap<string>.Merge(defaultAppSettings, appSettings));
    But I get an error:
    Argument 2: cannot convert from 'Pulumi.Output<Pulumi.InputList<Pulumi.AzureNextGen.Web.Latest.Inputs.NameValuePairArgs>>' to 'Pulumi.InputMap<string>'
    So what do I do to make this work? Note
    defaultAppSettings
    is of type
    Dictionary<string, string>
    .
    t
    • 2
    • 8
  • f

    future-kite-91191

    12/08/2020, 7:47 AM
    Hey guys, I'm working on a new stack (involding Azure AKS) and keep getting these error messages when trying to
    pulumi up
    . I'm logged in successfully to Azure via
    az login
    still the
    pulumi up
    command keeps asking for interactive sign-in via web page:
    To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code {code here} to authenticate.
        E1208 08:11:52.773315   15608 azure.go:154] Failed to acquire a token: failed acquiring new token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Code Expired
    Eventually the command times out. I'm on Pulumi version 2.15.3 and latest npm packages Additional details: I can get a correct preview of the stack:
    i
    • 2
    • 6
  • f

    future-kite-91191

    12/08/2020, 7:50 AM
  • a

    adventurous-keyboard-93905

    12/09/2020, 8:30 AM
    Hi there! I am trying Pulumi for a toy project, with the intention of using it in serious projects in the future. About once a week I have had problems with the azure provider, usually with errors coming from terraform. Using
    pulumi destroy
    and
    pulumi up
    is all right at this stage, but soon I won't be able to fix it that way. Are there other people facing this kind of problems? How do you solve them?
    w
    t
    • 3
    • 8
  • a

    adventurous-keyboard-93905

    12/09/2020, 1:58 PM
    I'm trying to retrieve the Virtual IP address from my AppService in my pulumi
    index.ts
    , but can't find a way to do it as it is not a field of the
    AppService
    class (see picture for how it looks like in the Azure Portal). Any hints?
    t
    • 2
    • 3
  • p

    prehistoric-nail-50687

    12/09/2020, 5:02 PM
    why is
    DiagnosticSetting
    only available in
    v20170501preview
    of
    nextgen
    ? https://www.pulumi.com/docs/reference/pkg/azure-nextgen/insights/diagnosticsetting/ has this been dropped again?
    t
    • 2
    • 6
  • a

    adventurous-keyboard-93905

    12/09/2020, 8:48 PM
    I'm trying to make sense of the types in
    nextgen
    , but could use some help. For instance, I want to create an
    AppService
    , but there is no such resource in
    nextgen
    . Instead, I found a WebApp resource that seems similar. Is there a logic behind the name?
    t
    b
    • 3
    • 4
  • a

    adventurous-keyboard-93905

    12/09/2020, 8:49 PM
    I am also having trouble to find the equivalent of
    ApplicationInsights
    . Is there a guide or an explanation somewhere that I can use to map from the old names to the ones in
    nextgen
    ?
    t
    • 2
    • 11
  • w

    wet-noon-14291

    12/09/2020, 11:38 PM
    Hello. Does anyone know what happens if I change pricing tier for a SQL db, will a new one be provisioned or will the existing one be up- or down graded?
    t
    • 2
    • 1
  • p

    prehistoric-nail-50687

    12/11/2020, 12:34 PM
    I just updated to
    @pulumi/azure-nextgen
    from
    ^0.2.8
    to
    ^0.3.0
    and now I get this:
    azure-nextgen:web/latest:WebApp (yoo-ci-hooks):
        error: Code="NoRegisteredProviderFound" Message="No registered resource provider found for location 'switzerlandnorth' and API version '2020-09-01' for type 'sites'. The supported api-versions are '2020-06-01, 2019-08-01, 2018-11-01, 2018-02-01, 2016-08-01, 2015-08-01-preview, 2016-03-01, 2015-08-01, 2015-07-01, 2015-06-01, 2015-05-01, 2015-04-01, 2015-02-01, 2014-11-01, 2014-06-01, 2014-04-01, 2014-04-01-preview, 2015-01-01, 2015-11-01, 2016-09-01, 2017-08-01, 2018-12-01-alpha'. The supported locations are 'southcentralus, msftwestus, msfteastus, msfteastasia, msftnortheurope, eastus2stage, centralusstage, southafricanorth, westus, australiaeast, brazilsouth, southeastasia, centralus, japanwest, centralindia, uksouth, canadaeast, koreacentral, francecentral, northeurope, westus2, eastus, westindia, eastus2, australiacentral, germanywestcentral, norwayeast, uaenorth, switzerlandnorth, northcentralus, ukwest, australiasoutheast, koreasouth, canadacentral, westeurope, southindia, westcentralus, eastasiastage, northcentralusstage, eastasia, japaneast'."
    I have to say that I don’t quite understand the versioning behind all this, but does this say that my region
    switzerlandnorth
    does not support the api version required by
    pulumi nextgen 0.3.0
    ?
    t
    t
    • 3
    • 18
  • t

    tall-needle-56640

    12/11/2020, 9:03 PM
    In
    Pulumi.Azure
    , I could get the
    tenantId
    by doing
    var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
    var tenantId = clientConfig.Apply(c => c.TenantId);
    How do I do this in
    AzureNextGen
    ?
    t
    • 2
    • 1
  • a

    adventurous-keyboard-93905

    12/14/2020, 9:14 AM
    Is there a way to re-sync the state from azure? Pulumi is trying to delete Key Vault secrets, but they don't even exist, so
    pulumi up
    fails with bad request errors
    t
    • 2
    • 2
  • b

    billions-spoon-83449

    12/14/2020, 10:22 PM
    Anyone know a way to import resources from Azure in the new AzureNextGen format?
    t
    • 2
    • 10
  • t

    tall-needle-56640

    12/15/2020, 10:23 PM
    @tall-librarian-49374 I noticed that KeySource is required in the SDK, but per the specs, it should have a default value. Why are they different?
    t
    • 2
    • 5
  • b

    brave-winter-60074

    12/16/2020, 9:26 AM
    Hi everyone, we are evaluating Pulumi Azure Nexte Gen and have successfully created many of the resources that we need, but a simple Azure App Function I have not been able to locate or configure correctly in the docs -> https://www.pulumi.com/docs/reference/pkg/azure-nextgen/ what part should I use for such a function and do Pulumi or someone have a short example for such a important part of a serverless stack. Have been searching the docs for two days now, and if i use the old provider I get a version 1 function instead of v3. Thank you very much in advance
    t
    t
    • 3
    • 9
  • f

    future-kite-91191

    12/16/2020, 7:37 PM
    Hey guys, are we already on Terraform Azure Provider v.2.40.0? It fixes a bug I was banging my head against all afternoon. https://github.com/terraform-providers/terraform-provider-azurerm/issues/9699#issuecomment-742774944
    g
    b
    • 3
    • 7
  • b

    brave-winter-60074

    12/17/2020, 10:39 AM
    Hi is there some changes that we should void when using azure next gen. Had a typo in the resource name and by changing that it failed completely so now I am rebuilding our stacks and upping them with pulumi…
    t
    t
    • 3
    • 8
  • b

    brave-winter-60074

    12/17/2020, 10:39 AM
    or is there a workaround for changes like this?
  • b

    brave-winter-60074

    12/17/2020, 10:40 AM
    we use a random suffix across a resource group, so should this be random pr resource, can see that it is what causes the problem
  • p

    powerful-football-81694

    12/18/2020, 2:09 PM
    Hi everyone! Excited by the news of a truly first-class Azure provider, we have now started the work of trying to migrate our programs over to AzureNextGen. We could use some guidance on a couple of things. I’ll post them as separate messages here to allow them to be discussed in separate threads. First topic is about the versioning. I have not been able to make full sense of it yet, so for my understanding: 1. Is it correct that the versions are basically “per ARM resource provider”, i.e. each resource provider on the Azure side versions independently of all the others? 2. To which version does “latest” actually resolve? My experience so far indicates that it is neither the latest, nor the latest preview, at least for the
    authorization
    module which I’ve been struggling with a bit (more on that later). 3. Does the meaning of “latest” always stay the same as long as we don’t update to a new version of the
    Pulumi.AzureNextGen
    NuGet package? 4. What is the general guidance on which version to use? Should we generally use “latest” whenever possible?
    s
    t
    +2
    • 5
    • 17
  • p

    powerful-football-81694

    12/18/2020, 2:18 PM
    Second topic is about the
    authorization
    module which can be used to create RBAC role assignments. I cannot make sense of the API surfaces of this module. Some of the API versions are only about roles. Other API versions are only about policies (which are a different thing). Some API versions contain varying amounts of both. Some are neither, but seem to only contain stuff about management locks! See attached a couple of examples. I’m very confused. 😅 Are these API versions somehow supposed to be used in combination, even for the same module? Like, create a role assignment using this API version, then a policy assignment using this other API version, etc.?
    t
    • 2
    • 1
  • p

    powerful-football-81694

    12/18/2020, 2:24 PM
    Third topic is about the same module. In the Terraform-based provider, it was possible to create a role assignment specifying the name of the role, like so:
    var configRoleAssignment = new Assignment(
    	$"orgflow-download-{stackName}-configRoleAssignment",
    	new AssignmentArgs()
    	{
    		PrincipalId = app.Identity.Apply(x => x.PrincipalId),
    		RoleDefinitionName = "App Configuration Data Reader", // Use textual name of role
    		Scope = configService.Resources.Single().Id,
    		SkipServicePrincipalAadCheck = true
    	});
    I cannot find any way to accomplish the same using AzureNextGen, it seems like we can only resolve role definitions using their GUID IDs and some awkward string concatenation:
    var configRoleAssignment = new RoleAssignment(
    	$"orgflow-download-{stackName}-configRoleAssignment",
    	new RoleAssignmentArgs()
    	{
    		RoleAssignmentName = "200DA71F-80F9-4D5F-90AB-FCE5CE72FA97",
    		PrincipalId = app.Identity.Apply(x => x!.PrincipalId),
    		// TODO: Resolve subscription ID, and if possible also role definition ID
    		RoleDefinitionId = "/subscriptions/1788357e-d506-4118-9f88-092c1dcddc16/providers/Microsoft.Authorization/roleDefinitions/516239f1-63e1-4d78-a4de-a74fb236a071", //configDataReaderRole.Id,
    		Scope = configStore.Id,
    	});
    Even doing a
    GetRoleDefinition.InvokeAsync()
    does not help, as that one also takes this ID as its only possible input. Does anyone know how to avoid hard-coding the role ID, and instead resolve it from the role name as was possible with the old provider?
    s
    • 2
    • 2
  • p

    powerful-football-81694

    12/18/2020, 2:28 PM
    And finally, fourth topic: there is an issue with the new provider when creating
    Certificate
    resources.
    var certificate = new Pulumi.AzureNextGen.Web.V20190801.Certificate(
    	$"orgflow-download-{stackName}-cert",
    	new Pulumi.AzureNextGen.Web.V20190801.CertificateArgs()
    	{
    		Name = $"orgflow-download-{stackName}-cert",
    		ResourceGroupName = resourceGroup.Name,
    		Location = location,
    		CanonicalName = publicHostname,
    		ServerFarmId = appServicePlan.Id,
    		Password = ""
    	},
    	new ResourceOptions()
    	{
    		// App Service Managed Certificates cannot be created unless a hostname binding has already
    		// been added to the corresponding app service.
    		DependsOn = hostnameBinding
    	});
    This creates an Azure-managed app service certificate for a web app. However,
    pulumi up
    fails on this resource with the following error:
    azure-nextgen:web/v20190801:Certificate (orgflow-download-dev-cert):
      error: autorest/azure: error response cannot be parsed: "" error: EOF
    Pulumi exits with a failure, and thinks the resource has not been created, but the certificate is actually created successfully in Azure. Next time we do
    pulumi up
    it fails because the resource is already there. So this one seems to be more of an issue with how Pulumi is handling a response from the API. (Also for some reason the
    Password
    property has to be set to something (it doesn’t matter what) which I think is a bug because for a managed certificate there are no passwords to worry about.)
    p
    t
    • 3
    • 22
  • j

    jolly-camera-35709

    12/22/2020, 5:47 AM
    I replaced azure.compute.VirtualMachine() with azure.compute.LinuxVirtualMachine(), when running pulumi up, I thought it should first delete the current VM which would release the network interface, and then create new VM, then attach the existing network interface to the new VM. However, I got the following error msg
  • j

    jolly-camera-35709

    12/22/2020, 5:48 AM
    azure:compute:LinuxVirtualMachine (WebVM):   error: creating Linux Virtual Machine "webvm8d7e0af0" : compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="NicInUse" Message="Network Interface networkinterface15ff9458 is used by existing resource /subscriptions/xxxxx/resourceGroups/xxxx/providers/Microsoft.Compute/virtualMachines/webvm8b564ed5. In order to delete the network interface, it must be dissociated from the resource. To learn more, see aka.ms/deletenic." Details=[]
  • j

    jolly-camera-35709

    12/22/2020, 5:49 AM
    don't understand why it wanted to delete the network interface attached to the current VM, any idea?
  • j

    jolly-camera-35709

    12/22/2020, 5:55 AM
    what I end up doing is comment out the lines of virtualmachine, run pulumi up, let it delete the vm, then remove comment, run pulumi up again to create the vm. Thought pulumi could have handled it more efficiently
  • j

    jolly-camera-35709

    12/22/2020, 6:30 AM
    every time change custom data of the vm, run pulumi up, got the same error of network interface is in use, this can't be right, I shouldn't have to comment out code every time to delete the current vm first and recreate vm, did I do anything wrong?
  • b

    billowy-army-68599

    12/22/2020, 6:37 AM
    can you share some of the code you used to define the VM?
  • s

    swift-hamburger-98290

    12/22/2020, 4:45 PM
    I am running into an
    insufficient privileges
    issue on Azure when trying to create/change an Azure Active Directory Application, deploying using pulumi's DevOps task. I have the following:
    task: Pulumi@1
    inputs:
      azureSubscription: <azure-resource-manager>
      ... 
    env:
      PULUMI_ACCESS_TOKEN: $(pulumi.access.token)
    And on AAD I added the following
    API permissions
    , with type Application (not Delegated):
    Application.Read.All
    Application.ReadWrite.All
    Application.ReadWrite.OwnedBy
    Directory.Read.All
    Directory.ReadWrite.All
    Error:
    * updating urn:pulumi:test::<>::azuread:index/application:Application::<>: patching Application with ID "<id>": graphrbac.ApplicationsClient#Patch: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-12-22T15:28:11","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"<>"}}]
    What I am missing?
    c
    • 2
    • 3
Powered by Linen
Title
s

swift-hamburger-98290

12/22/2020, 4:45 PM
I am running into an
insufficient privileges
issue on Azure when trying to create/change an Azure Active Directory Application, deploying using pulumi's DevOps task. I have the following:
task: Pulumi@1
inputs:
  azureSubscription: <azure-resource-manager>
  ... 
env:
  PULUMI_ACCESS_TOKEN: $(pulumi.access.token)
And on AAD I added the following
API permissions
, with type Application (not Delegated):
Application.Read.All
Application.ReadWrite.All
Application.ReadWrite.OwnedBy
Directory.Read.All
Directory.ReadWrite.All
Error:
* updating urn:pulumi:test::<>::azuread:index/application:Application::<>: patching Application with ID "<id>": graphrbac.ApplicationsClient#Patch: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2020-12-22T15:28:11","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"<>"}}]
What I am missing?
c

cool-fireman-90027

12/22/2020, 4:48 PM
Does this help: https://stackoverflow.com/questions/58104257/failed-to-create-an-app-in-azure-active-directory-insufficient-privileges
s

swift-hamburger-98290

12/22/2020, 4:53 PM
Hmm I don't think so. I can do
pulumi up
just fine locally, and everything works. The problem is when I run it on the pipeline (Azure DevOps) with a service connection (azure resource manager), to which I gave the permissions I wrote on the original post.
I had to set the permissions under
Azure Active Directory Graph
, which Azure marked as legacy but are still required for the time being apparently.
View count: 3