https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • m

    miniature-leather-70472

    03/17/2021, 8:50 AM
    Are there any plans or thoughts around having Pulumi be able to generate ARM templates? Before you wonder why on earth you would want to do that, I am thinking about where you want to create Azure MarketPlace offerings for an Azure Service, the resources for this have to be defined as an ARM template, I'd much rather write this in Pulumi and just export an ARM template rather than writing in ARM.
    t
    • 2
    • 1
  • m

    magnificent-television-29869

    03/17/2021, 8:52 AM
    message has been deleted
    w
    t
    • 3
    • 10
  • m

    magnificent-television-29869

    03/17/2021, 10:20 AM
    I am confusing myself right now, Currently I have CustomDomain working on a cdn, however I need to enable ssl on that, and it seems that I need to use AFDCustomDomain for this, am I correct in this ?, and if so, can anyone provide me with an example, currently I tried this with the example from the docs, but I get a server error when doing that, with no other error messages than the server encountered a problem
  • m

    magnificent-television-29869

    03/17/2021, 1:10 PM
    Anyone ?
  • a

    average-dinner-84543

    03/17/2021, 1:42 PM
    Hi everybody! Just wondering if there is a SDK for accessing SQL SERVER no matters where it is (Azure or VM). Because the only thing I could find is cloud specific : https://www.pulumi.com/docs/reference/pkg/azure-native/sqlvirtualmachine/sqlvirtualmachine/
    g
    • 2
    • 2
  • m

    magnificent-television-29869

    03/17/2021, 2:40 PM
    Is there currently no way to enable ssl on a cdn customdomain without a FrontDoor endpoint ?
    b
    • 2
    • 9
  • p

    prehistoric-nail-50687

    03/17/2021, 3:15 PM
    I have question related to the migration of
    @pulumi/azure-nextgen
    to
    @pulumi/azure-native
    … If I have an import like
    import * as operationalinsights from "@pulumi/azure-nextgen/operationalinsights/v20200801";
    is it save to change it to the new version-less import:
    import * as operationalinsights from "@pulumi/azure-native/operationalinsights";
    or should I keep the version in the import?
    t
    • 2
    • 30
  • b

    breezy-apartment-46543

    03/17/2021, 4:11 PM
    Is there any good way to share an Azure Insights instrumentation key between two pulumi projects without hardcoding a name for it and using get() in the second project? In other words, how do you share resources between two different pulumi projects?
  • w

    worried-knife-31967

    03/17/2021, 5:27 PM
    @breezy-apartment-46543 are you aware of "Stack References"?
    b
    • 2
    • 1
  • a

    ambitious-jewelry-18011

    03/17/2021, 5:47 PM
    Hi, has anyone worked with Pulumi and Azure DevOps? I'm trying to set group permissions and I've found how to do it for some of them, but I'm missing "Create tag definition" and the ones related to Analytics. I've found how to do some fairly black magic with az cli, but have no clue as to how I could do the equivalent with Pulumi. My references are: https://cloudstack.ninja/premier-developer/azure-devops-security-api-demystified/ and https://docs.microsoft.com/en-us/azure/devops/organizations/security/namespace-reference?view=azure-devops https://www.pulumi.com/docs/reference/pkg/azuredevops/projectpermissions/ - Does anyone have any ideas that may help me?
  • h

    hundreds-receptionist-31352

    03/17/2021, 7:32 PM
    Hi, I'm starting using azure libraries in pulumi, I wonder if is there something similar to "pulumi/awsx" library in azure?
    t
    • 2
    • 2
  • p

    proud-dusk-33872

    03/19/2021, 1:46 AM
    Hi guys, how can I create a CosmosDB/MongoDB desending index?
    w
    • 2
    • 2
  • w

    worried-knife-31967

    03/19/2021, 11:55 AM
    @proud-dusk-33872 we're all about building people up here, not bringing people down...
  • w

    worried-knife-31967

    03/19/2021, 11:56 AM
    sorry, it's a friday, had to say it...
  • c

    creamy-crowd-26033

    03/19/2021, 1:53 PM
    I have a question for proper way to use Pulumi in conjuction with app service slots. My typical deployment before Pulumi was to first update the binaries on a slot, warm up the app, and then swap the slot. Most of the Pulumi examples for app service show using
    WEBSITE_RUN_FROM_PACKAGE
    and specifying a blob storage url for deployment. When using Azure Pipelines to build my app and then deploying via same or Octopus Deploy, etc., I already have my binaries so uploading them to a storage account is a little redundant. If I wanted to achieve a similar process with Pulumi - what is the recommendation? If it matters I am using dotnet.
    w
    • 2
    • 1
  • b

    better-shampoo-48884

    03/19/2021, 3:07 PM
    is there any way of enabling azure feature preview things in pulumi? got hit with "Message="aadProfile.enableAzureRBAC requires Microsoft.ContainerService/EnableAzureRBACPreview feature flag."" and i'd rather not have to try to remember to run some cli command when moving between subscriptions..
    t
    • 2
    • 3
  • s

    sparse-intern-71089

    03/19/2021, 7:52 PM
    This message was deleted.
    b
    t
    • 3
    • 2
  • c

    clever-byte-21551

    03/20/2021, 8:08 PM
    I’m trying to create ACR tokens (preview feature) and generate them passwords I’m getting this error:
    pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap running
     ~  pulumi:providers:azure-native wiz-azure updating [diff: ~clientSecret]
     ~  pulumi:providers:azure-native wiz-azure updated
     +  azure-native:containerregistry/v20201101preview:Token acr-token creating
     +  azure-native:containerregistry/v20201101preview:Token acr-token creating error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
     +  azure-native:containerregistry/v20201101preview:Token acr-token **creating failed** error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
        pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap running error: update failed
        pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap **failed** 1 error
    
    Diagnostics:
      pulumi:pulumi:Stack (wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap):
        error: update failed
    
      azure-native:containerregistry/v20201101preview:Token (acr-token):
        error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
    My creation code looks like this:
    token, err := acr.NewToken(ctx, "acr-token", &acr.TokenArgs{
    		Credentials: &acr.TokenCredentialsPropertiesArgs{
    			Passwords: acr.TokenPasswordArray{
    				acr.TokenPasswordArgs{
    					Name: pulumi.String("password1"),
    				},
    				acr.TokenPasswordArgs{
    					Name: pulumi.String("password2"),
    				},
    			}},
    		RegistryName:      pulumi.String(parsedID.ResourceName),
    		ResourceGroupName: pulumi.String(parsedID.ResourceGroup),
    		ScopeMapId: pulumi.String(
    			fmt.Sprintf(
    				"/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ContainerRegistry/registries/%s/scopeMaps/_repositories_push",
    				parsedID.SubscriptionID,
    				parsedID.ResourceGroup,
    				parsedID.ResourceName,
    			)),
    		TokenName: pulumi.String(fmt.Sprintf("wiz-%s", s.Outpost.GetId())), // must start with a letter
    	}, pulumi.Provider(azureProvider))
    I’m also not sure how pulumi will manage the passwords - they are returned only once when generated
    t
    • 2
    • 11
  • b

    better-shampoo-48884

    03/21/2021, 11:47 AM
    Just hit on an issue where the example for a resource omits a required parameter (https://www.pulumi.com/docs/reference/pkg/azure-native/compute/disk/#create-a-managed-disk-from-an-existing[…]-in-the-same-or-different-subscription) the output of running that gives:
    azure-native:compute:Disk (xxxxx-scaleset-linuxagents-disksource):
        error: Code="BadRequest" Message="Required parameter 'storageAccountId' is missing (null)."
    Which makes sense, because looking at docs for `CreationData`it states:
    storageAccountId string
        Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk.
    This is easy to fix of course, and for once errors made it easy to check as well 🙂 It seems that there is no difference api-wise if you're in the same or different subscription relating to "importing an unmanaged blob" examples - Should I make an issue in /docs or a PR?
    t
    • 2
    • 6
  • b

    better-shampoo-48884

    03/21/2021, 12:06 PM
    Also, just randomly for a #TWIL comment - since my new infra needs to coexist (for a while at least) with the way previous infra has been set up, I realized I needed trust between AKS and ACR so that AKS can pull images without requiring containerPullSecret and suchlike. So a bit of research brought me to https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration That just won't do. So I tried figuring out what it actually does, what the equivalent operation would be.. so after some hunting I found an issue with this not working for a period of time, and found the workaround that was proposed was just as good if not better. So - to avoid having to run AZ CLI to "attach" an ACR instance to an AKS cluster - this is all ya need to do:
    const aksToACRRoleAssignment = new azure.authorization.RoleAssignment("aks-to-acr", {
                roleAssignmentName: new random.RandomUuid("aks-to-acr-RA").result,
                scope: myACR.id
                roleDefinitionId: "/subscriptions/<insert_sub_here>/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",  // acrpull Role Defenition
                principalId: myAKS.identityProfile.apply(identityProfile => identityProfile?.kubeletidentity.objectId).apply(objectId => objectId ?? "<preview>") // gets the kubelet managed identity :)
            })
    For the roleDefenitionId - I just did
    az role definition list --output json --query "[].{roleName:roleName, description:description, id:id}" > roleDefenitions.json
    once and found the role id from there 🙂
  • b

    better-shampoo-48884

    03/21/2021, 12:17 PM
    Is there any plan to improve the create / update / recreate / destroy reasoning for azure-native by the way? I keep running into issues forcing me to destroy resources before updating them, for instance:
    azure-native:compute:VirtualMachineScaleSet (xxxxx-scaleset-linuxagents):
        error: autorest/azure: Service returned an error. Status=<nil> Code="PropertyChangeNotAllowed" Message="Changing property 'osDisk.managedDisk' is not allowed." Target="osDisk.managedDisk"
    In this case, pulumi shouldn't propose to
    update
    but suggest to
    recreate
    right?
    k
    • 2
    • 1
  • m

    melodic-byte-32771

    03/21/2021, 1:38 PM
    Hello 😉 Does someone know how to set a github repository and a custom path to the azure pipeline file?
    b
    • 2
    • 3
  • b

    better-shampoo-48884

    03/21/2021, 1:55 PM
    What's the right course of action when I hit this perpetually?
    azure-native:compute:VirtualMachineScaleSet (xxxxx-scaleset-linuxagents):
        error: Code="InternalOperationError" Message="An internal error occurred in the operation."
    Essentially trying to create a scaleset from a vhd in a blob with disk-encryption enabled (and ephemeral disks). I'm happy to get an error message - but running
    pulumi up -y --suppress-outputs -v=9 --debug --logflow --logtostderr 1> scaleSetCreate.log 2>&1
    just repeats the same issue without any context - the log shows my config (correct) going out, then it takes ~3.5m before azure responds with 500: internal error.. each time.
    t
    • 2
    • 11
  • b

    better-shampoo-48884

    03/21/2021, 1:56 PM
    I mean - my original plan was to ditch the disk-encryption + ephemeral disk, and that worked fine. Now I want them. So I tried converting the damned thing to a managed disk, and couldn't figure out how to get that to fly either (managed disk was fine - creating the scaleset with it was not). Almost wondering if I need to go via gallery or something like that..
  • t

    tall-scientist-89115

    03/22/2021, 4:35 AM
    trying to use the
    azure_native.cache.Redis
    object and am getting this error:
    azure-native:cache:Redis (redis):
        error: Code="InvalidRequestBody" Message="The value of the parameter 'properties.sku.family' is invalid.
    When I try to add "family: C" to the
    sku
    property I get:
    TSError: ⨯ Unable to compile TypeScript:
        redis/azure-cache.ts(23,7): error TS2322: Type '{ name: string; capacity: number; family: string; }' is not assignable to type 'Input<Sku>'.
    I thought these type definitions were automatically generated to match the API? Any insight is appreciated.
    t
    • 2
    • 7
  • p

    polite-shoe-79877

    03/22/2021, 7:12 AM
    How do i create an azure subscription. Iam using this: https://www.pulumi.com/docs/reference/pkg/azure/core/subscription/ when i try
    const subscription = new Subscription("subscription", 
    {
            subscriptionName: "subscription"
    })
    i get the following error: error: azure:core/subscription:Subscription resource 'sub' has a problem: "subscription_id": one of
    billing_scope_id,subscription_id
    must be specified
    when i try to specify with either subscription_id or billing_scope_id it must be specified with an already exisiting subscription id.
    t
    w
    • 3
    • 6
  • t

    tall-scientist-89115

    03/22/2021, 2:53 PM
    hey I'm trying to stand up a postgres 12 instance with azure_native.dbforpostgresql.Server (11 works fine) and am getting api errors when I try to create one in westus and useast2. I do see the 'flexible server' feature is in preview still but don't see anything about region restrictions on 12...does anyone have more info on what's going on here?
    azure-native:dbforpostgresql:Server (postgres-server):
        error: Code="InvalidVersion" Message="Version '12' is not supported."
    Edit: The answer was to use
    azure_native.dbforpostgresql.v20200214preview.Server
  • b

    better-shampoo-48884

    03/22/2021, 5:03 PM
    Anyone else noticed some intermittent issues where azure-native decides to suddenly uppercase some of your resource references? just had one error where it uppercased the name of the resourcegroup and the loadbalancer I just provisioned (was provisioned correctly with lowercase, just the scaleset references to that load balancer were all in upper case..)
  • g

    glamorous-helmet-50600

    03/22/2021, 8:19 PM
    Hey guys, is it possible to create/add index to a search service using pulumi? Looking at the docs I don't see how so I suspect it's not possible. How do you guys manage that?
    t
    • 2
    • 3
  • c

    colossal-room-15708

    03/22/2021, 9:38 PM
    What's the expected way to create a new revision for an APIM API?
    const api = new azure.apimanagement.Api(`${prefix}-fn`, {
        resourceGroupName: resourceGroup.name,
        apiManagementName: apimService.name,
        revision: "1",
        displayName: "API",
        path: `${prefix}-fn`,
        protocols: ["https"],
        "import": {
            contentFormat: "swagger-link-json",
            contentValue: "<https://url/api/swagger.json>",
        },
      });
    This is the original API. We now updated the swagger with an additional endpoint and want to create a new revision. Or do we want a new version? Changing the
    revision
    value fails. Do we add a whole new API resource and increment the revision? So have the same as above again just with a new revision? I feel like that will fail as well.
    • 1
    • 1
Powered by Linen
Title
c

colossal-room-15708

03/22/2021, 9:38 PM
What's the expected way to create a new revision for an APIM API?
const api = new azure.apimanagement.Api(`${prefix}-fn`, {
    resourceGroupName: resourceGroup.name,
    apiManagementName: apimService.name,
    revision: "1",
    displayName: "API",
    path: `${prefix}-fn`,
    protocols: ["https"],
    "import": {
        contentFormat: "swagger-link-json",
        contentValue: "<https://url/api/swagger.json>",
    },
  });
This is the original API. We now updated the swagger with an additional endpoint and want to create a new revision. Or do we want a new version? Changing the
revision
value fails. Do we add a whole new API resource and increment the revision? So have the same as above again just with a new revision? I feel like that will fail as well.
ah, for "update" it seems I need to use the portal. Still not sure how I would create a revision via pulumi. So far all my tests failed. That said, a revision doesn't actually import the swagger again. So any changes to the swagger only seem to be imported via the portal.
View count: 3