https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • h

    handsome-state-59775

    04/05/2021, 2:27 PM
    with azure-native (python), how can i add a dns zone in a resource group that is to be a child zone of a pre-existing, unmanaged zone from another pre-existing, unmanaged resource group?
    ✅ 1
    b
    t
    • 3
    • 18
  • b

    brainy-ocean-92780

    04/05/2021, 4:47 PM
    Hello Ya'll, I'm trying to perform a pulumi up against a stack which already has an existing SqlServer (created via pulumi) and I'm getting the following error even before it I get the question asking if I'd like to move forward:
    error: azure:sql/sqlServer:SqlServer resource '<server name>' has a problem: "identity.0.principal_id": this field cannot be set
    I don't see an attempt to set that anywhere. I was curious if this might be a known issue?
    g
    • 2
    • 2
  • b

    better-shampoo-48884

    04/06/2021, 9:26 AM
    So.. in the process of correcting an omission of mine (leaving PublicIpName out of the config, thus ending up with a random suffix i didn't want in the publicip name) - I noted that it's really hard to change the publicip of an ApplicationGateway:
    +-  ├─ azure-native:network:PublicIPAddress     <id>appgw-publicIp                   replaced                [diff: ~publicIpAddressName]
     ~   └─ azure-native:network:ApplicationGateway  <id>appgw                            **updating failed**     [diff: ]; 1 error
    
    Diagnostics:
      pulumi:pulumi:Stack (baseline-infra-dev.infra.infratesting):
        error: update failed
    
      azure-native:network:ApplicationGateway (n10272appgw):
        error: Code="ApplicationGatewayFrontendIpPublicIpAddressCannotBeChanged" Message="PublicIPAddress property of FrontendIpConfiguration /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Network/applicationGateways/<id>appgw/frontendIPConfigurations/appGwPublicFrontendIp cannot be changed." Details=[]
    And of course any following operation is to try to delete the IP that is still connected to the AppGW that I cannot disconnect because it "cannot be changed":
    Updating (dev.infra.infratesting):
         Type                                     Name                                   Status                  Info
         pulumi:pulumi:Stack                      baseline-infra-dev.infra.infratesting  **failed**              1 error
     -   └─ azure-native:network:PublicIPAddress  <id>appgw-publicIp                   **deleting failed**     1 error
    
    Diagnostics:
      azure-native:network:PublicIPAddress (<id>appgw-publicIp):
        error: Code="PublicIPAddressCannotBeDeleted" Message="Public IP address /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Network/publicIPAddresses/<id>appgw-publicIpb861f3ce can not be deleted since it is still allocated to resource /subscriptions/<sub>/resourceGroups/<rg>/providers/Microsoft.Network/applicationGateways/<id>appgw/frontendIPConfigurations/appGwPublicFrontendIp. In order to delete the public IP, disassociate/detach the Public IP address from the resource.  To learn how to do this, see <http://aka.ms/deletepublicip|aka.ms/deletepublicip>." Details=[]
    I might be presuming too much - especially considering the intricacies involved in all this - but pulumi would have to be aware of all the different edge cases of all the different kinds of operations on all the different resources to be able to handle this stuff. Is it at all to be expected that pulumi would ever be able to predictably handle these kinds of changes when the underlying provider is so fundamentally blind to how things should work?
    t
    h
    • 3
    • 3
  • g

    glamorous-helmet-50600

    04/06/2021, 10:24 AM
    What's the best way to unwrap all the outputs of a component to then apply some custom logic (e.g., seed a database container)? What I'm trying to do is to seed a cosmos container when the CosmosComponent (ComponentResource) is created..feels like I need to chain Apply() methods in order to unwrap all the properties I need for the CosmosClient
    t
    • 2
    • 5
  • b

    breezy-salesmen-85534

    04/07/2021, 7:49 AM
    I am working in a big organisation, and I don’t know what my colleagues are doing… Every now and then I get a message from pulumi stating: …” already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for “azurerm_key_vault_access_policy” for more information.” I know what is the problem, but I don’t know how to solve it. Sometimes the deleting the resource, and recrate it with pulumi is a quick fix, but sometimes it is not.
    g
    • 2
    • 2
  • p

    powerful-football-81694

    04/07/2021, 10:49 AM
    Hi everyone! I’m trying to figure out how to configure long term backup retention policies for an Azure SQL Database using the native provider. In ARM terms (according to the portal) it looks like this:
    {
                "type": "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies",
                "apiVersion": "2020-08-01-preview",
                "name": "[concat(parameters('servers_***_dev_sql_name'), '/licensing-dev-db/default')]",
                "dependsOn": [
                    "[resourceId('Microsoft.Sql/servers/databases', parameters('servers_***_dev_sql_name'), 'licensing-dev-db')]",
                    "[resourceId('Microsoft.Sql/servers', parameters('servers_***_dev_sql_name'))]"
                ],
                "properties": {
                    "weeklyRetention": "PT0S",
                    "monthlyRetention": "PT0S",
                    "yearlyRetention": "PT0S",
                    "weekOfYear": 0
                }
            },
    I cannot find any resource types that look even remotely similar in any of the namespaces I’ve checked. Neither in the default, nor in
    Latest
    nor in
    V20200801Preview
    which seems to be what the portal uses for these. Can anyone point me in the right direction?
    t
    • 2
    • 5
  • d

    dry-window-34186

    04/07/2021, 4:08 PM
    Hi, I'm looking for the ability to create. App Service --> Function App --> Host Keys This the Azure CLI for it:
    az functionapp keys set
    Can someone point me to the azure-native documentation where we can create those?
    e
    t
    • 3
    • 3
  • r

    ripe-eve-62815

    04/07/2021, 4:35 PM
    Hi, I'm looking to leverage the pulumi ado library and create a service endpoint with a custom variableGroup. variable group based on the documentation should obtain secrets from a keyvault. however i cannot seem to configure this to work, pulumi complains about conflicts. Documentation defines the variables block as required. 1 i've tried an empty array 2 tried with names not related to keyvault value //     new ado.VariableGroup(
    sp-credentials-${resourceConfigs.env}
    , { //         projectId: adoProject.id, //         description: "Elevated Service Principals Credentials for Migrations", //         allowAccess: true, //         variables: [{name: "foo", value: "bar", isSecret: false}], //         keyVault: {name: keyVault.name, serviceEndpointId: serviceEndpoint.id}, //     }, //     { //       dependsOn: [serviceEndpoint, servicePrincipal, keyVault] //     }); Can somebody offer some help?
    g
    • 2
    • 6
  • r

    refined-tomato-5322

    04/08/2021, 6:51 AM
    Hi all. I'm still wrestling with setting up endpoints. I'm getting an InvalidResource error along with the message "Invalid @odata.type property value". I'm sure I'm certain I'm doing something ridiculously stupid here. I've attempted using the Microsoft.Azure.Management.Cdn.Models NameSpace classes from here: MS Docs, and of course from the Pulumi Docs with no luck. Any insights would be appreciated. Here is my code (TypeScript):
    addCdnEndpoint(cdnProfile: cdn.Profile, durationOfCache?: string) {
            this.endpoint = new cdn.Endpoint(this.baseName, {
                endpointName: this.storageAccount.name.apply(sa => `cdn-endpnt-${sa}`),
                location: cdnProfile.location,
                resourceGroupName: this.resourceGroup.name,
                isHttpAllowed: false,
                isHttpsAllowed: true,
                originHostHeader: this.endpointOrigin,
                profileName: cdnProfile.name,
                origins: [{
                    hostName: this.endpointOrigin,
                    httpsPort: 443,
                    name: "blobstorage",
                }],
                deliveryPolicy: {
                    description: "Test description for a policy.",
                    rules: [{
                        name: "httptohttps",
                        order: 1,
                        conditions: [{
                            name: "RequestScheme",
                            parameters: {
                                matchValues: [ "HTTP" ],
                                odataType: "#Microsoft.Azure.Cdn.Models.DeliveryRuleRequestSchemeConditionResponse",
                                operator: "Any",
                            },
                        }],
                        actions: [
                            {
                                name: "UrlRedirect",
                                parameters: {
                                    destinationProtocol: "https",
                                    redirectType: "PermanentRedirect",
                                    odataType: "#Microsoft.Azure.Cdn.Models.UrlRewriteAction",
                                },
                            }
                        ],
                        },
                        {
                        name: "cachebehavior",
                        order:2,
                        actions: [
                            durationOfCache ? {
                                name: "CacheExpiration",
                                parameters: {
                                    cacheBehavior: "Override",
                                    cacheDuration: durationOfCache,
                                    cacheType: "All",
                                    odataType: "#Microsoft.Azure.Cdn.Models.DeliveryRuleCacheExpirationActionParameters",
                                },
                            } :
                            {
                                name: "CacheExpiration",
                                parameters: {
                                    cacheBehavior: "BypassCache",
                                    cacheType: "All",
                                    odataType: "#Microsoft.Azure.Cdn.Models.DeliveryRuleCacheExpirationActionParameters",
                                },
                            },                             
                        ]    
                        },
                    ],
                },
                
            });
    Thank you in advance for any help.
    t
    • 2
    • 8
  • p

    polite-shoe-79877

    04/08/2021, 8:22 PM
    Someone had this problem while using github action to run
    pulumi up
    FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
  • b

    breezy-apartment-46543

    04/09/2021, 11:49 AM
    If I use a custom npm dependency inside an Azure function, will the dependency be uploaded to Azure by Pulumi or do I have to do that manually somehow?
    t
    • 2
    • 3
  • f

    future-kite-91191

    04/11/2021, 7:04 PM
    Hi @tall-librarian-49374, is this fix deployed to NPM for pickup? Or schould I use beta NPM package? https://github.com/pulumi/pulumi-azure-native/commit/44c5afdcba682cd98d3787bc9fc2c914eaf32f3c
    b
    t
    • 3
    • 3
  • b

    brave-winter-60074

    04/12/2021, 12:48 PM
    Hi all, is there any C# examples on securing Azure Functions i.e. Enable App service authentication for functions and associate them with an App registration. Thanx in advance! /Steffen
  • g

    glamorous-helmet-50600

    04/12/2021, 4:28 PM
    Afternoon guys, this is a bit weird but when trying to retrieve a resource that doesn't exist (in my case it's a Web.Certificate) I get an RpcException as expected BUT the status is "Unkown" instead of "ResourceNotFound", however on the Detail property of the RpcException I can see the correct Status and Statuscode...I want to catch specifically when the resource is not found but seems a bit weird to do
    catch(Grpc.Core.RpcException ex) when ex.Status.Detail.Contains("ResourceNotFound")
    t
    • 2
    • 8
  • g

    glamorous-helmet-50600

    04/12/2021, 4:31 PM
    Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:web:getCertificate returned an error: request failed /subscriptions/..../resourceGroups/rg-identity-dev/providers/Microsoft.Web/certificates/certtesddt-identity-dev: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound"
  • p

    purple-train-14007

    04/12/2021, 9:19 PM
    Anyone else still getting that access denied blob storage error for accessing your state even though you’re accessing it and updating the state with no issues?
  • b

    broad-dog-22463

    04/12/2021, 10:02 PM
    @purple-train-14007 you are referring to when using Azure Storage blob right?
    p
    • 2
    • 1
  • b

    broad-dog-22463

    04/12/2021, 10:02 PM
    If so, I have an open issue with google/go-cloud upstream - the way to unblock yourself right now is to not use SAS_TOKEN and use STORAGE_KEY instead
    p
    • 2
    • 12
  • b

    broad-dog-22463

    04/12/2021, 10:03 PM
    (I know it's not the best solution but the issue relates to SAS_TOKEN only)
    p
    • 2
    • 1
  • b

    better-shampoo-48884

    04/13/2021, 7:23 AM
    I know we have the ability to add `keyvault.Key`and
    keyvault.Secret
    with azure-native (which is really great!) - but is there any plan of getting a
    keyvault.Certificate
    resource any time soon? It would be really really great 😄
    t
    • 2
    • 2
  • m

    miniature-leather-70472

    04/13/2021, 10:21 AM
    I'm attempting to create a method to call the Azure Rest API directly following this example https://github.com/pulumi/pulumi-azure-native/issues/601 by @tall-librarian-49374 it used to work fine, but now it seems that it's stopping at this line:
    var token = await Pulumi.AzureNative.Authorization.GetClientToken.InvokeAsync();
    I don't get any error, it just does not proceed past this line in my async method. Any ideas why, or what I can do to try and find the issue? I am calling this async method from the main Pulumi code using getawaiter, so my understanding is that it should wait.
    t
    • 2
    • 8
  • f

    future-kite-91191

    04/13/2021, 12:04 PM
    Hey guys, after creating a
    azure-native/web/WebApp
    , how can I get the public/virtual IP address? Need it to create an DNS A Record with the App Service ip address. I tried
    webApp.hostNameSslStates
    but no valid
    virtualIP
    in there.
    t
    • 2
    • 5
  • s

    swift-hamburger-98290

    04/13/2021, 1:24 PM
    Does anyone know how to deploy a python
    App Service
    with ZIP? How to make Azure (Oryx?) create the virtualenv? Have this now:
    ...
    let app = new web.WebApp("app", {
      resourceGroupName: rg.name,
      serverFarmId: asp.id,
      siteConfig: {
        alwaysOn: true,
        appCommandLine: "python /home/site/wwwroot/__init__.py",
        appSettings: [
          {
            name: "WEBSITE_RUN_FROM_PACKAGE",
            value: codeUrl,
          },
        ],
        linuxFxVersion: "PYTHON|3.8",
      },
    });
    But the virtual env is not created, and dependencies are not installed.
    c
    • 2
    • 3
  • r

    rough-tomato-98795

    04/13/2021, 2:17 PM
    Is there a way how to get resource group of storage account if i only have storage account in azure-native package.?
    g
    • 2
    • 5
  • g

    glamorous-helmet-50600

    04/13/2021, 3:29 PM
    Afternoon! With AzureNative is it possible to create/register active directory apps like it's possible with the Terraform provider? I couldn't find it on the docs
    t
    • 2
    • 3
  • w

    worried-knife-31967

    04/13/2021, 5:42 PM
    Related to the above really... has anyone tried to add AzureAD authentication to a WebApp/FunctionApp using AzureNative?
  • p

    polite-shoe-79877

    04/14/2021, 7:19 AM
    Hey, iam trying to create an azuread.Application with a Service Principal, but iam getting this error
    Building AzureAD Client: obtain tenant() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: No subscription found. Run 'az account set' to select a subscription.
    I can create other resoruces but not an AzureAd Application, It works on Linux not Windows. Anyone know how to fix?
    w
    c
    • 3
    • 3
  • p

    purple-train-14007

    04/14/2021, 9:50 PM
    I keep getting this error when building the AADDS endpoint in Azure. Idk what appId this thing is talking about as it doesnt exist in the directory.
  • p

    purple-train-14007

    04/14/2021, 9:50 PM
    error: Code="InternalError" Message="The service principal with appId '2565bd9d-da50-47d4-8b85-4c97f669dc36' could not be found in the Azure Active Directory tenan
    t. Please retry the operation."
  • p

    purple-train-14007

    04/14/2021, 9:50 PM
    Anyone else have this issue?
Powered by Linen
Title
p

purple-train-14007

04/14/2021, 9:50 PM
Anyone else have this issue?
View count: 3