pulumi-community #azure

magnificent-television-29869

03/17/2021, 10:20 AM

I am confusing myself right now, Currently I have CustomDomain working on a cdn, however I need to enable ssl on that, and it seems that I need to use AFDCustomDomain for this, am I correct in this ?, and if so, can anyone provide me with an example, currently I tried this with the example from the docs, but I get a server error when doing that, with no other error messages than the server encountered a problem

magnificent-television-29869

03/17/2021, 1:10 PM

Anyone ?

average-dinner-84543

03/17/2021, 1:42 PM

Hi everybody! Just wondering if there is a SDK for accessing SQL SERVER no matters where it is (Azure or VM). Because the only thing I could find is cloud specific : https://www.pulumi.com/docs/reference/pkg/azure-native/sqlvirtualmachine/sqlvirtualmachine/

magnificent-television-29869

03/17/2021, 2:40 PM

Is there currently no way to enable ssl on a cdn customdomain without a FrontDoor endpoint ?

prehistoric-nail-50687

03/17/2021, 3:15 PM

I have question related to the migration of

@pulumi/azure-nextgen

@pulumi/azure-native

… If I have an import like

import * as operationalinsights from "@pulumi/azure-nextgen/operationalinsights/v20200801";

is it save to change it to the new version-less import:

import * as operationalinsights from "@pulumi/azure-native/operationalinsights";

or should I keep the version in the import?

breezy-apartment-46543

03/17/2021, 4:11 PM

Is there any good way to share an Azure Insights instrumentation key between two pulumi projects without hardcoding a name for it and using get() in the second project? In other words, how do you share resources between two different pulumi projects?

worried-knife-31967

03/17/2021, 5:27 PM

@breezy-apartment-46543 are you aware of "Stack References"?

ambitious-jewelry-18011

03/17/2021, 5:47 PM

Hi, has anyone worked with Pulumi and Azure DevOps? I'm trying to set group permissions and I've found how to do it for some of them, but I'm missing "Create tag definition" and the ones related to Analytics. I've found how to do some fairly black magic with az cli, but have no clue as to how I could do the equivalent with Pulumi. My references are: https://cloudstack.ninja/premier-developer/azure-devops-security-api-demystified/ and https://docs.microsoft.com/en-us/azure/devops/organizations/security/namespace-reference?view=azure-devops https://www.pulumi.com/docs/reference/pkg/azuredevops/projectpermissions/ - Does anyone have any ideas that may help me?

hundreds-receptionist-31352

03/17/2021, 7:32 PM

Hi, I'm starting using azure libraries in pulumi, I wonder if is there something similar to "pulumi/awsx" library in azure?

proud-dusk-33872

03/19/2021, 1:46 AM

Hi guys, how can I create a CosmosDB/MongoDB desending index?

worried-knife-31967

03/19/2021, 11:55 AM

@proud-dusk-33872 we're all about building people up here, not bringing people down...

worried-knife-31967

03/19/2021, 11:56 AM

sorry, it's a friday, had to say it...

creamy-crowd-26033

03/19/2021, 1:53 PM

I have a question for proper way to use Pulumi in conjuction with app service slots. My typical deployment before Pulumi was to first update the binaries on a slot, warm up the app, and then swap the slot. Most of the Pulumi examples for app service show using

WEBSITE_RUN_FROM_PACKAGE

and specifying a blob storage url for deployment. When using Azure Pipelines to build my app and then deploying via same or Octopus Deploy, etc., I already have my binaries so uploading them to a storage account is a little redundant. If I wanted to achieve a similar process with Pulumi - what is the recommendation? If it matters I am using dotnet.

better-shampoo-48884

03/19/2021, 3:07 PM

is there any way of enabling azure feature preview things in pulumi? got hit with "Message="aadProfile.enableAzureRBAC requires Microsoft.ContainerService/EnableAzureRBACPreview feature flag."" and i'd rather not have to try to remember to run some cli command when moving between subscriptions..

sparse-intern-71089

03/19/2021, 7:52 PM

This message was deleted.

clever-byte-21551

03/20/2021, 8:08 PM

I’m trying to create ACR tokens (preview feature) and generate them passwords I’m getting this error:

Copy code

pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap running
 ~  pulumi:providers:azure-native wiz-azure updating [diff: ~clientSecret]
 ~  pulumi:providers:azure-native wiz-azure updated
 +  azure-native:containerregistry/v20201101preview:Token acr-token creating
 +  azure-native:containerregistry/v20201101preview:Token acr-token creating error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
 +  azure-native:containerregistry/v20201101preview:Token acr-token **creating failed** error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."
    pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap running error: update failed
    pulumi:pulumi:Stack wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap **failed** 1 error

Diagnostics:
  pulumi:pulumi:Stack (wiz-diskanalyzer-dev_aws_7b976757-b010-44f5-be1b-aa4153b86dbe_global_bootstrap):
    error: update failed

  azure-native:containerregistry/v20201101preview:Token (acr-token):
    error: Code="PasswordCannotBeAdded" Message="New passwords can be added only through 'generateCredentials'. For more information on repository permissions, please visit <https://aka.ms/acr/repo-permissions>."

My creation code looks like this:

Copy code

token, err := acr.NewToken(ctx, "acr-token", &acr.TokenArgs{
		Credentials: &acr.TokenCredentialsPropertiesArgs{
			Passwords: acr.TokenPasswordArray{
				acr.TokenPasswordArgs{
					Name: pulumi.String("password1"),
				},
				acr.TokenPasswordArgs{
					Name: pulumi.String("password2"),
				},
			}},
		RegistryName:      pulumi.String(parsedID.ResourceName),
		ResourceGroupName: pulumi.String(parsedID.ResourceGroup),
		ScopeMapId: pulumi.String(
			fmt.Sprintf(
				"/subscriptions/%s/resourceGroups/%s/providers/Microsoft.ContainerRegistry/registries/%s/scopeMaps/_repositories_push",
				parsedID.SubscriptionID,
				parsedID.ResourceGroup,
				parsedID.ResourceName,
			)),
		TokenName: pulumi.String(fmt.Sprintf("wiz-%s", s.Outpost.GetId())), // must start with a letter
	}, pulumi.Provider(azureProvider))

I’m also not sure how pulumi will manage the passwords - they are returned only once when generated

better-shampoo-48884

03/21/2021, 11:47 AM

Just hit on an issue where the example for a resource omits a required parameter (https://www.pulumi.com/docs/reference/pkg/azure-native/compute/disk/#create-a-managed-disk-from-an-existing[…]-in-the-same-or-different-subscription) the output of running that gives:

Copy code

azure-native:compute:Disk (xxxxx-scaleset-linuxagents-disksource):
    error: Code="BadRequest" Message="Required parameter 'storageAccountId' is missing (null)."

Which makes sense, because looking at docs for `CreationData`it states:

Copy code

storageAccountId string
    Required if createOption is Import. The Azure Resource Manager identifier of the storage account containing the blob to import as a disk.

This is easy to fix of course, and for once errors made it easy to check as well 🙂 It seems that there is no difference api-wise if you're in the same or different subscription relating to "importing an unmanaged blob" examples - Should I make an issue in /docs or a PR?

better-shampoo-48884

03/21/2021, 12:06 PM

Also, just randomly for a #TWIL comment - since my new infra needs to coexist (for a while at least) with the way previous infra has been set up, I realized I needed trust between AKS and ACR so that AKS can pull images without requiring containerPullSecret and suchlike. So a bit of research brought me to https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration That just won't do. So I tried figuring out what it actually does, what the equivalent operation would be.. so after some hunting I found an issue with this not working for a period of time, and found the workaround that was proposed was just as good if not better. So - to avoid having to run AZ CLI to "attach" an ACR instance to an AKS cluster - this is all ya need to do:

Copy code

const aksToACRRoleAssignment = new azure.authorization.RoleAssignment("aks-to-acr", {
            roleAssignmentName: new random.RandomUuid("aks-to-acr-RA").result,
            scope: myACR.id
            roleDefinitionId: "/subscriptions/<insert_sub_here>/providers/Microsoft.Authorization/roleDefinitions/7f951dda-4ed3-4680-a7ca-43fe172d538d",  // acrpull Role Defenition
            principalId: myAKS.identityProfile.apply(identityProfile => identityProfile?.kubeletidentity.objectId).apply(objectId => objectId ?? "<preview>") // gets the kubelet managed identity :)
        })

For the roleDefenitionId - I just did

az role definition list --output json --query "[].{roleName:roleName, description:description, id:id}" > roleDefenitions.json

once and found the role id from there 🙂

better-shampoo-48884

03/21/2021, 12:17 PM

Is there any plan to improve the create / update / recreate / destroy reasoning for azure-native by the way? I keep running into issues forcing me to destroy resources before updating them, for instance:

Copy code

azure-native:compute:VirtualMachineScaleSet (xxxxx-scaleset-linuxagents):
    error: autorest/azure: Service returned an error. Status=<nil> Code="PropertyChangeNotAllowed" Message="Changing property 'osDisk.managedDisk' is not allowed." Target="osDisk.managedDisk"

In this case, pulumi shouldn't propose to

update

but suggest to

recreate

right?

melodic-byte-32771

03/21/2021, 1:38 PM

Hello 😉 Does someone know how to set a github repository and a custom path to the azure pipeline file?

better-shampoo-48884

03/21/2021, 1:55 PM

What's the right course of action when I hit this perpetually?

Copy code

azure-native:compute:VirtualMachineScaleSet (xxxxx-scaleset-linuxagents):
    error: Code="InternalOperationError" Message="An internal error occurred in the operation."

Essentially trying to create a scaleset from a vhd in a blob with disk-encryption enabled (and ephemeral disks). I'm happy to get an error message - but running

pulumi up -y --suppress-outputs -v=9 --debug --logflow --logtostderr 1> scaleSetCreate.log 2>&1

just repeats the same issue without any context - the log shows my config (correct) going out, then it takes ~3.5m before azure responds with 500: internal error.. each time.

better-shampoo-48884

03/21/2021, 1:56 PM

I mean - my original plan was to ditch the disk-encryption + ephemeral disk, and that worked fine. Now I want them. So I tried converting the damned thing to a managed disk, and couldn't figure out how to get that to fly either (managed disk was fine - creating the scaleset with it was not). Almost wondering if I need to go via gallery or something like that..

tall-scientist-89115

03/22/2021, 4:35 AM

trying to use the

azure_native.cache.Redis

object and am getting this error:

Copy code

azure-native:cache:Redis (redis):
    error: Code="InvalidRequestBody" Message="The value of the parameter 'properties.sku.family' is invalid.

When I try to add "family: C" to the

sku

property I get:

Copy code

TSError: ⨯ Unable to compile TypeScript:
    redis/azure-cache.ts(23,7): error TS2322: Type '{ name: string; capacity: number; family: string; }' is not assignable to type 'Input<Sku>'.

I thought these type definitions were automatically generated to match the API? Any insight is appreciated.

polite-shoe-79877

03/22/2021, 7:12 AM

How do i create an azure subscription. Iam using this: https://www.pulumi.com/docs/reference/pkg/azure/core/subscription/ when i try

Copy code

const subscription = new Subscription("subscription", 
{
        subscriptionName: "subscription"
})

i get the following error: error: azurecore/subscriptionSubscription resource 'sub' has a problem: "subscription_id": one of
billing_scope_id,subscription_id
must be specified when i try to specify with either subscription_id or billing_scope_id it must be specified with an already exisiting subscription id.

tall-scientist-89115

03/22/2021, 2:53 PM

hey I'm trying to stand up a postgres 12 instance with azure_native.dbforpostgresql.Server (11 works fine) and am getting api errors when I try to create one in westus and useast2. I do see the 'flexible server' feature is in preview still but don't see anything about region restrictions on 12...does anyone have more info on what's going on here?

Copy code

azure-native:dbforpostgresql:Server (postgres-server):
    error: Code="InvalidVersion" Message="Version '12' is not supported."

Edit: The answer was to use

azure_native.dbforpostgresql.v20200214preview.Server

better-shampoo-48884

03/22/2021, 5:03 PM

Anyone else noticed some intermittent issues where azure-native decides to suddenly uppercase some of your resource references? just had one error where it uppercased the name of the resourcegroup and the loadbalancer I just provisioned (was provisioned correctly with lowercase, just the scaleset references to that load balancer were all in upper case..)

glamorous-helmet-50600

03/22/2021, 8:19 PM

Hey guys, is it possible to create/add index to a search service using pulumi? Looking at the docs I don't see how so I suspect it's not possible. How do you guys manage that?

colossal-room-15708

03/22/2021, 9:38 PM

What's the expected way to create a new revision for an APIM API?

Copy code

const api = new azure.apimanagement.Api(`${prefix}-fn`, {
    resourceGroupName: resourceGroup.name,
    apiManagementName: apimService.name,
    revision: "1",
    displayName: "API",
    path: `${prefix}-fn`,
    protocols: ["https"],
    "import": {
        contentFormat: "swagger-link-json",
        contentValue: "<https://url/api/swagger.json>",
    },
  });

This is the original API. We now updated the swagger with an additional endpoint and want to create a new revision. Or do we want a new version? Changing the

revision

value fails. Do we add a whole new API resource and increment the revision? So have the same as above again just with a new revision? I feel like that will fail as well.

refined-tomato-5322

03/23/2021, 12:39 AM

Hello all! Newbie here. Thanks in advance for any help! I'm attempting to set a cname record (via pulumi) with an alias pointing to an azure CDN endpoint. Setting the CNAME record is no issue:

Copy code

this.cnameRecord = new network.RecordSet(this.baseName, {
            cnameRecord: {
                cname: "<http://domain.io|domain.io>",
            },
            privateZoneName: "<http://domain.io|domain.io>",
            recordType: "CNAME",
            relativeRecordSetName: "recordCNAME",
            resourceGroupName: "<http://domain.io|domain.io>", 
            ttl: 3600,
        }, { parent: this.endpoint });

However, I seem unable to find any way to add an alias here. Prior to assure-native, this seems to have been done with 'targetResourceId: "some.endpoint"'. This doesn't exist in the azure-native RecordSetArgs interface. I'm hoping somebody could point me in the right direction. I've been trying to find some other way of doing it with no success. Thank you so much!

breezy-apartment-46543

03/23/2021, 7:20 PM

What’s the difference between the npm packages @pulumi/azure and @pulumi/azure-native?