pulumi-community #azure

better-shampoo-48884

04/06/2021, 9:26 AM

So.. in the process of correcting an omission of mine (leaving PublicIpName out of the config, thus ending up with a random suffix i didn't want in the publicip name) - I noted that it's really hard to change the publicip of an ApplicationGateway:

Copy code

+-  ├─ azure-native:network:PublicIPAddress     <id>appgw-publicIp                   replaced                [diff: ~publicIpAddressName]
 ~   └─ azure-native:network:ApplicationGateway  <id>appgw                            **updating failed**     [diff: ]; 1 error

Diagnostics:
  pulumi:pulumi:Stack (baseline-infra-dev.infra.infratesting):
    error: update failed

  azure-native:network:ApplicationGateway (n10272appgw):
    error: Code="ApplicationGatewayFrontendIpPublicIpAddressCannotBeChanged" Message="PublicIPAddress property of FrontendIpConfiguration /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Network/applicationGateways/<id>appgw/frontendIPConfigurations/appGwPublicFrontendIp cannot be changed." Details=[]

And of course any following operation is to try to delete the IP that is still connected to the AppGW that I cannot disconnect because it "cannot be changed":

Copy code

Updating (dev.infra.infratesting):
     Type                                     Name                                   Status                  Info
     pulumi:pulumi:Stack                      baseline-infra-dev.infra.infratesting  **failed**              1 error
 -   └─ azure-native:network:PublicIPAddress  <id>appgw-publicIp                   **deleting failed**     1 error

Diagnostics:
  azure-native:network:PublicIPAddress (<id>appgw-publicIp):
    error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Network/publicIPAddresses/<id>appgw-publicIpb861f3ce can not be deleted since it is still allocated to resource /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Network/applicationGateways/<id>appgw/frontendIPConfigurations/appGwPublicFrontendIp. In order to delete the public IP, disassociate/detach the Public IP address from the resource.  To learn how to do this, see <http://aka.ms/deletepublicip|aka.ms/deletepublicip>." Details=[]

I might be presuming too much - especially considering the intricacies involved in all this - but pulumi would have to be aware of all the different edge cases of all the different kinds of operations on all the different resources to be able to handle this stuff. Is it at all to be expected that pulumi would ever be able to predictably handle these kinds of changes when the underlying provider is so fundamentally blind to how things should work?

glamorous-helmet-50600

04/06/2021, 10:24 AM

What's the best way to unwrap all the outputs of a component to then apply some custom logic (e.g., seed a database container)? What I'm trying to do is to seed a cosmos container when the CosmosComponent (ComponentResource) is created..feels like I need to chain Apply() methods in order to unwrap all the properties I need for the CosmosClient

breezy-salesmen-85534

04/07/2021, 7:49 AM

I am working in a big organisation, and I don’t know what my colleagues are doing… Every now and then I get a message from pulumi stating: …” already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for “azurerm_key_vault_access_policy” for more information.” I know what is the problem, but I don’t know how to solve it. Sometimes the deleting the resource, and recrate it with pulumi is a quick fix, but sometimes it is not.

powerful-football-81694

04/07/2021, 10:49 AM

Hi everyone! I’m trying to figure out how to configure long term backup retention policies for an Azure SQL Database using the native provider. In ARM terms (according to the portal) it looks like this:

Copy code

{
            "type": "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies",
            "apiVersion": "2020-08-01-preview",
            "name": "[concat(parameters('servers_***_dev_sql_name'), '/licensing-dev-db/default')]",
            "dependsOn": [
                "[resourceId('Microsoft.Sql/servers/databases', parameters('servers_***_dev_sql_name'), 'licensing-dev-db')]",
                "[resourceId('Microsoft.Sql/servers', parameters('servers_***_dev_sql_name'))]"
            ],
            "properties": {
                "weeklyRetention": "PT0S",
                "monthlyRetention": "PT0S",
                "yearlyRetention": "PT0S",
                "weekOfYear": 0
            }
        },

I cannot find any resource types that look even remotely similar in any of the namespaces I’ve checked. Neither in the default, nor in

Latest

nor in

V20200801Preview

which seems to be what the portal uses for these. Can anyone point me in the right direction?

dry-window-34186

04/07/2021, 4:08 PM

Hi, I'm looking for the ability to create. App Service --> Function App --> Host Keys This the Azure CLI for it:

az functionapp keys set

Can someone point me to the azure-native documentation where we can create those?

ripe-eve-62815

04/07/2021, 4:35 PM

Hi, I'm looking to leverage the pulumi ado library and create a service endpoint with a custom variableGroup. variable group based on the documentation should obtain secrets from a keyvault. however i cannot seem to configure this to work, pulumi complains about conflicts. Documentation defines the variables block as required. 1 i've tried an empty array 2 tried with names not related to keyvault value // new ado.VariableGroup(

sp-credentials-${resourceConfigs.env}

, { // projectId: adoProject.id, // description: "Elevated Service Principals Credentials for Migrations", // allowAccess: true, // variables: [{name: "foo", value: "bar", isSecret: false}], // keyVault: {name: keyVault.name, serviceEndpointId: serviceEndpoint.id}, // }, // { // dependsOn: [serviceEndpoint, servicePrincipal, keyVault] // }); Can somebody offer some help?

refined-tomato-5322

04/08/2021, 6:51 AM

Hi all. I'm still wrestling with setting up endpoints. I'm getting an InvalidResource error along with the message "Invalid @odata.type property value". I'm sure I'm certain I'm doing something ridiculously stupid here. I've attempted using the Microsoft.Azure.Management.Cdn.Models NameSpace classes from here: MS Docs, and of course from the Pulumi Docs with no luck. Any insights would be appreciated. Here is my code (TypeScript):

Copy code

addCdnEndpoint(cdnProfile: cdn.Profile, durationOfCache?: string) {
        this.endpoint = new cdn.Endpoint(this.baseName, {
            endpointName: this.storageAccount.name.apply(sa => `cdn-endpnt-${sa}`),
            location: cdnProfile.location,
            resourceGroupName: this.resourceGroup.name,
            isHttpAllowed: false,
            isHttpsAllowed: true,
            originHostHeader: this.endpointOrigin,
            profileName: cdnProfile.name,
            origins: [{
                hostName: this.endpointOrigin,
                httpsPort: 443,
                name: "blobstorage",
            }],
            deliveryPolicy: {
                description: "Test description for a policy.",
                rules: [{
                    name: "httptohttps",
                    order: 1,
                    conditions: [{
                        name: "RequestScheme",
                        parameters: {
                            matchValues: [ "HTTP" ],
                            odataType: "#Microsoft.Azure.Cdn.Models.DeliveryRuleRequestSchemeConditionResponse",
                            operator: "Any",
                        },
                    }],
                    actions: [
                        {
                            name: "UrlRedirect",
                            parameters: {
                                destinationProtocol: "https",
                                redirectType: "PermanentRedirect",
                                odataType: "#Microsoft.Azure.Cdn.Models.UrlRewriteAction",
                            },
                        }
                    ],
                    },
                    {
                    name: "cachebehavior",
                    order:2,
                    actions: [
                        durationOfCache ? {
                            name: "CacheExpiration",
                            parameters: {
                                cacheBehavior: "Override",
                                cacheDuration: durationOfCache,
                                cacheType: "All",
                                odataType: "#Microsoft.Azure.Cdn.Models.DeliveryRuleCacheExpirationActionParameters",
                            },
                        } :
                        {
                            name: "CacheExpiration",
                            parameters: {
                                cacheBehavior: "BypassCache",
                                cacheType: "All",
                                odataType: "#Microsoft.Azure.Cdn.Models.DeliveryRuleCacheExpirationActionParameters",
                            },
                        },                             
                    ]    
                    },
                ],
            },
            
        });

Thank you in advance for any help.

polite-shoe-79877

04/08/2021, 8:22 PM

Someone had this problem while using github action to run

Copy code

pulumi up

FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory

breezy-apartment-46543

04/09/2021, 11:49 AM

If I use a custom npm dependency inside an Azure function, will the dependency be uploaded to Azure by Pulumi or do I have to do that manually somehow?

future-kite-91191

04/11/2021, 7:04 PM

Hi @tall-librarian-49374, is this fix deployed to NPM for pickup? Or schould I use beta NPM package? https://github.com/pulumi/pulumi-azure-native/commit/44c5afdcba682cd98d3787bc9fc2c914eaf32f3c

brave-winter-60074

04/12/2021, 12:48 PM

Hi all, is there any C# examples on securing Azure Functions i.e. Enable App service authentication for functions and associate them with an App registration. Thanx in advance! /Steffen

glamorous-helmet-50600

04/12/2021, 4:28 PM

Afternoon guys, this is a bit weird but when trying to retrieve a resource that doesn't exist (in my case it's a Web.Certificate) I get an RpcException as expected BUT the status is "Unkown" instead of "ResourceNotFound", however on the Detail property of the RpcException I can see the correct Status and Statuscode...I want to catch specifically when the resource is not found but seems a bit weird to do

catch(Grpc.Core.RpcException ex) when ex.Status.Detail.Contains("ResourceNotFound")

glamorous-helmet-50600

04/12/2021, 4:31 PM

Copy code

Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:web:getCertificate returned an error: request failed /subscriptions/..../resourceGroups/rg-identity-dev/providers/Microsoft.Web/certificates/certtesddt-identity-dev: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound"

purple-train-14007

04/12/2021, 9:19 PM

Anyone else still getting that access denied blob storage error for accessing your state even though you’re accessing it and updating the state with no issues?

broad-dog-22463

04/12/2021, 10:02 PM

@purple-train-14007 you are referring to when using Azure Storage blob right?

broad-dog-22463

04/12/2021, 10:02 PM

If so, I have an open issue with google/go-cloud upstream - the way to unblock yourself right now is to not use SAS_TOKEN and use STORAGE_KEY instead

broad-dog-22463

04/12/2021, 10:03 PM

(I know it's not the best solution but the issue relates to SAS_TOKEN only)

better-shampoo-48884

04/13/2021, 7:23 AM

I know we have the ability to add `keyvault.Key`and

keyvault.Secret

with azure-native (which is really great!) - but is there any plan of getting a

keyvault.Certificate

resource any time soon? It would be really really great 😄

miniature-leather-70472

04/13/2021, 10:21 AM

I'm attempting to create a method to call the Azure Rest API directly following this example https://github.com/pulumi/pulumi-azure-native/issues/601 by @tall-librarian-49374 it used to work fine, but now it seems that it's stopping at this line:

Copy code

var token = await Pulumi.AzureNative.Authorization.GetClientToken.InvokeAsync();

I don't get any error, it just does not proceed past this line in my async method. Any ideas why, or what I can do to try and find the issue? I am calling this async method from the main Pulumi code using getawaiter, so my understanding is that it should wait.

future-kite-91191

04/13/2021, 12:04 PM

Hey guys, after creating a

azure-native/web/WebApp

, how can I get the public/virtual IP address? Need it to create an DNS A Record with the App Service ip address. I tried

webApp.hostNameSslStates

but no valid

virtualIP

in there.

swift-hamburger-98290

04/13/2021, 1:24 PM

Does anyone know how to deploy a python

App Service

with ZIP? How to make Azure (Oryx?) create the virtualenv? Have this now:

Copy code

...
let app = new web.WebApp("app", {
  resourceGroupName: rg.name,
  serverFarmId: asp.id,
  siteConfig: {
    alwaysOn: true,
    appCommandLine: "python /home/site/wwwroot/__init__.py",
    appSettings: [
      {
        name: "WEBSITE_RUN_FROM_PACKAGE",
        value: codeUrl,
      },
    ],
    linuxFxVersion: "PYTHON|3.8",
  },
});

But the virtual env is not created, and dependencies are not installed.

rough-tomato-98795

04/13/2021, 2:17 PM

Is there a way how to get resource group of storage account if i only have storage account in azure-native package.?

glamorous-helmet-50600

04/13/2021, 3:29 PM

Afternoon! With AzureNative is it possible to create/register active directory apps like it's possible with the Terraform provider? I couldn't find it on the docs

worried-knife-31967

04/13/2021, 5:42 PM

Related to the above really... has anyone tried to add AzureAD authentication to a WebApp/FunctionApp using AzureNative?

polite-shoe-79877

04/14/2021, 7:19 AM

Hey, iam trying to create an azuread.Application with a Service Principal, but iam getting this error

Copy code

Building AzureAD Client: obtain tenant() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: No subscription found. Run 'az account set' to select a subscription.

I can create other resoruces but not an AzureAd Application, It works on Linux not Windows. Anyone know how to fix?

purple-train-14007

04/14/2021, 9:50 PM

I keep getting this error when building the AADDS endpoint in Azure. Idk what appId this thing is talking about as it doesnt exist in the directory.

purple-train-14007

04/14/2021, 9:50 PM

Copy code

error: Code="InternalError" Message="The service principal with appId '2565bd9d-da50-47d4-8b85-4c97f669dc36' could not be found in the Azure Active Directory tenan
t. Please retry the operation."

purple-train-14007

04/14/2021, 9:50 PM

Anyone else have this issue?

purple-train-14007

04/14/2021, 9:58 PM

For more context this is what I building. https://www.pulumi.com/docs/reference/pkg/azure-native/aad/domainservice/#outputs

purple-train-14007

04/15/2021, 4:19 AM

Hey All, I found the answer to the issue I was having with my pulumi error. This error is caused by a missing built in service principal in azure AD that happens. Here is the doc for that, hopefully this will help others that may have this issue as well. https://docs.microsoft.com/en-us/azure/active-directory-domain-services/alert-service-principal#recreate-a-missing-service-principal