https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • g

    glamorous-helmet-50600

    04/24/2021, 1:18 PM
    Hello everyone. Question about setting up redis cache using AzureNative and C#. In the documentation the SkuArgs (Pulumi.AzureNative.Cache.Inputs) have a "Family" property but it doesn't seem to exist anymore on the latest version and when trying to create the resource I get a "InvalidRequest" response due to missing Family parameter.
    t
    • 2
    • 4
  • g

    glamorous-helmet-50600

    04/25/2021, 9:32 PM
    Hey guys is it normal to get this type of error when destroying a stack?
    autorest/azure: Service returned an error. Status=429 Code="429" Message="Cannot acquire exclusive lock to create, update or delete this site. Retry the request later. (...)
    I'm having to run pulumi destroy a few times to get the environment down
    b
    • 2
    • 6
  • g

    glamorous-helmet-50600

    04/25/2021, 9:32 PM
    the stack in question has around 90 resources in total
  • r

    rhythmic-activity-46295

    04/25/2021, 10:18 PM
    hello, can someone please confirm if a "Pulumi Azure Pipelines Task" works with service principals and certificates (with password). Currently have an Azure Cli task working on my pipeline against a certificate and password but try what I may, could not get the pulumi task to work. IF it works , can someone please send me the required environment configuration?!
  • l

    little-portugal-30629

    04/26/2021, 5:49 AM
    Hi, How can it be that
    pulumi stack ls
    does not show any stacks while the states are inside Azure Storage Account. If I run
    az storage blob list
    using the same container / account / key. I can view the files? I did just create another storage account for testing, and everything works fine. How can I find out what is wrong with the first storage Account?
    • 1
    • 1
  • b

    bland-lunch-5883

    04/26/2021, 1:15 PM
    hi 🙂 I'm having trouble using the file archive in pulumi, and keep getting this error:
    Error: Invalid archive encountered when unmarshaling resource property
            at deserializeProperty (C:\...\node_modules\@pulumi\azure-native\node_modules\@pulumi\pulumi\runtime\rpc.js:482:31)
    I think it has something to do with Pulumi not being able to read a blob in a storage account correct. (Which is weird due to it being made in an earlier iteration by the same Pulumi-script.) But I have no idea on how to fix this. Has anyone encountered this error before?
  • b

    bland-lunch-5883

    04/26/2021, 1:21 PM
    I've noticed that this might be linked to me first executing
    pulumi refresh
    , after that any `pulumi up`seems to fail consistent - can it be that the refresh is not able to validate blobs and corrupts the pulumi state after that?
  • h

    handsome-state-59775

    04/26/2021, 2:00 PM
    How do I bypass autonaming for an azure-native containerservice.ManagedCluster in Python?
    ✅ 1
    b
    t
    • 3
    • 15
  • t

    tall-scientist-89115

    04/26/2021, 9:38 PM
    Hey I'm having a hard time finding the ARM type
    Microsoft.OperationalInsights/workspaces/providers/diagnosticSettings
    in azure native. It's in the azure library at
    azure.monitoring.DiagnosticSetting
    This is not a huge deal, the old provider does update every
    pulumi up
    thanks to an inexplicable "logs" diff, and weirdness like that makes me want to purge all non-azure-native. I was able to find LogAnalytics right where it should be so it's weird to me that this one bit wouldn't exist.
    t
    • 2
    • 4
  • g

    gorgeous-country-43026

    04/27/2021, 9:46 AM
    Hi! I'm working in a restricted customer environment but we've managed to get us at least some privileges to do stuff in their Azure. I'm trying to setup an AKS there and I've managed to confirm that yes, I have necessary privileges to do just that but only when binding AKS to managed identities instead of service principals (which is apparently also the recommended way these days). I've been going around Pulumi documentation, examples etc and haven't yet found a reasonable way to create an AKS cluster with Pulumi which uses managed identities. I'm pretty certain this should be possible so I decided to ask here if someone could just point me in the correct direction with this. Cheers!
    • 1
    • 2
  • b

    billowy-army-68599

    04/27/2021, 3:59 PM
    https://pulumi-community.slack.com/archives/CB36DSVSA/p1619539165119200
  • b

    bland-lunch-5883

    04/28/2021, 1:01 PM
    hi 🙂 I'm having trouble using the file archive in pulumi, and keep getting this error:
    Error: Invalid archive encountered when unmarshaling resource property
            at deserializeProperty (C:\...\node_modules\@pulumi\azure-native\node_modules\@pulumi\pulumi\runtime\rpc.js:482:31)
    I think it has something to do with Pulumi not being able to read a blob in a storage account correct. It might be caused by me first executing 
    pulumi refresh
    , after that any `pulumi up`seems to fail consistent - can it be that the refresh is not able to validate blobs and corrupts the pulumi state after that? Which is weird due to it being made in an earlier iteration by the same Pulumi-script. Has anyone encountered this error before?
    c
    • 2
    • 5
  • b

    bland-lunch-5883

    04/28/2021, 1:23 PM
    hi 🙂 another completely unrelated question to the one above: How do you guys deal with race conditions? I've a pulumi script to make an event grid topic, upload a function, and subscribe the function the grid. This doesn't work when updating the function already exists. Then the upload / update function isn't finished yet when pulumi tries to make the subscription. However, Azure points out that it cannot make the subscription yet due to that the function hook does not exist (yet). As a result, the pulumi script crashes. Is there a prefered way to deal with these kind of sequential constraints?
    b
    t
    • 3
    • 7
  • b

    bland-lunch-5883

    04/28/2021, 2:26 PM
    I'm having a few issues with Pulumi on Azure. Would this be the right place to ask questions? If not, where would be the correct place? I don't want to spam you guys in this channel 🙂
    b
    • 2
    • 1
  • i

    important-flower-8259

    04/28/2021, 6:18 PM
    Is there an official migration path from azure nextgen to azure native without having to run
    pulumi import
    statements? Can aliases work?
    r
    t
    • 3
    • 3
  • l

    little-orange-65618

    04/28/2021, 7:16 PM
    Attempting to use a ManagedIdentity.principalID as the string input for a KeyVault access policy but getting the error
    <pulumi.output.Output object> has type Output, but expected one of: bytes, unicode
    . I've tried with and without .apply lambda's (
    self.principal_id = self.identity.principal_id.apply(lambda v: v or "<preview>")
    ) but it aways errors.
    s
    • 2
    • 3
  • w

    worried-knife-31967

    04/30/2021, 1:19 PM
    Question about deployments beyond the initial one. In this example... https://github.com/pulumi/examples/tree/master/azure-cs-functions If the deployment zip is updated, would the function pick up the change? I've not seen anything that suggests it would, so I'm curious as to how that would work.
    t
    • 2
    • 18
  • b

    better-shampoo-48884

    05/02/2021, 9:36 AM
    So this is somewhat bothersome.. Not quite sure how or why this is happening now, I could have sworn I've been able to do this before - but essentially I do not have permissions to delete keys I myself have created:
    Destroying (internal.infra.test-one):
         Type                          Name                                    Status                  Info
         pulumi:pulumi:Stack           baseline-infra-internal.infra.test-one  **failed**              1 error
     -   └─ azure-native:keyvault:Key  N77701-aks-des-key                      **deleting failed**     1 error
    
    Diagnostics:
      azure-native:keyvault:Key (N77701-aks-des-key):
        error: keyvault.BaseClient#DeleteKey: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Forbidden" Message="Caller is not authorized to perform action on resource.\r\nIf role assignments, deny assignments or role definitions were changed recently, please observe propagation time.\r\nCaller: appid=04b07795-8ddb-461a-bbee-02f9e1bf7b46;oid=89e2f048-d079-42f2-8267-0565e431ba96;iss=<https://sts.windows.net/bf7cb870-b378-42ab-a618-31704bc2e9b7/>\r\nAction: 'Microsoft.KeyVault/vaults/keys/delete'\r\nResource: '/subscriptions/xx/resourcegroupsyy/providers/microsoft.keyvault/vaults/n70771vaultprimary/keys/aks-des-key-redsjiee'\r\nAssignment: (not found)\r\nVault: n70771vaultprimary;location=westeurope\r\n" InnerError={"code":"ForbiddenByRbac"}
    t
    s
    • 3
    • 7
  • w

    worried-knife-31967

    05/03/2021, 12:56 PM
    I'm looking at function app deployments, and there's a note on using the
    WEBSITE_RUN_FROM_PACKAGE
    method with windows app services:
    When running a function app on Windows, the external URL option yields worse cold-start performance. When deploying your function app to Windows, you should set WEBSITE_RUN_FROM_PACKAGE to 1 and publish with zip deployment.
    All the pulumi examples show this method. Is there anything within pulumi to publish in that way? I'm not sure "how" that works, but it seems like an important usecase for windows publishing.
    t
    • 2
    • 2
  • r

    rough-tomato-98795

    05/03/2021, 2:25 PM
    Hello, in old azure provider there was a way how to add access policies to Keyvault after it was created. We are struggling to find similliar option in in azure-native. Is there a way how we can achieve that?
    t
    • 2
    • 1
  • p

    purple-train-14007

    05/03/2021, 8:03 PM
    Im really confuse on how to build out an expressroute to talk to my companies datacenter. Can someone help me understand what I need? There are a lot of express route options here and I dont know what Im doing 😅 https://www.pulumi.com/docs/reference/pkg/azure-native/network/
  • p

    purple-train-14007

    05/03/2021, 9:39 PM
    Alright, after doing a few tests I have made the conclusion that pulumi doesnt seem to have the ability to create ExpressRoutes circuits. I used the documentation and found that it doesnt work even though if done via Bash, Powershell, Python and BICEP it does indeed work. Is there any built in way to debug pulumi itself?
    t
    • 2
    • 26
  • a

    astonishing-intern-99200

    05/04/2021, 3:20 PM
    Hi everyone, new here! At a big bank in the Netherlands we’re starting to adopt Pulumi, but in our first PoC we’re running into some strange issues that we cannot explain. Here it goes: We deploy a small stack that contains storage accounts, databricks, vnets, subnets, log analytics and some diagnostic settings. The latter, the diagnostic settings, prove a bit… buggy. While deploying everything is deployed correctly in Azure, and all the stack information is persisted. There’s one exception: the diagnostic settings. We create 2 (with unique names) of them, but after the first one
    pulumi up
    fails with the message:
    cannot create already existing resource
    Note: we start with an empty state, and an empty resources group. The diagnostic settings are created successfully in Azure but are not written to the state. And it fails complaining it already exists. We use the latest release of pulumi (3.1.0) and the azure-native provider (1.3.0). We’ve tried with a storage container as backend, as well as local storage. We also use KeyVault as encryption provider and run everything in Azure Pipelines. What could be the cause of that? We noticed it specifically in the diagnostic settings, nowhere else….
    g
    b
    • 3
    • 15
  • p

    polite-shoe-79877

    05/04/2021, 8:23 PM
    having trouble deploying Azure Storage Account with nfs
    const storageAccount = new azure_native.storage.StorageAccount(`storage-account`, {
                accountName: accountName,
                enableNfsV3: true,
                kind: "FileStorage",
                location: "westeurope",
                minimumTlsVersion: "TLS1_2",
                resourceGroupName: resourceGroupName,
                sku: {
                    name: "Premium_LRS"
                },
                networkRuleSet: {
                    bypass: "AzureServices",
                    defaultAction: "Allow",
                    ipRules: [],
                    virtualNetworkRules: [{
                        virtualNetworkResourceId: subnetId,
                    }],
                }
            }
    Getting following error Code="InvalidRequestPropertyValue" Message="The value 'True' is not allowed for property isNfsv3Enabled."
    b
    • 2
    • 2
  • g

    gorgeous-country-43026

    05/05/2021, 10:35 AM
    How should I apply
    PodNodeSelector
    admission controller to AKS with Pulumi? AKS supports it. I'm looking through Pulumi typescript types and docs and can't find anything related to it
    t
    b
    • 3
    • 7
  • b

    brave-winter-60074

    05/05/2021, 12:35 PM
    I upgraded to Azure Native 1.3.0 and are now getting this error when I try to run my Pulumi code that lists the storage account access keys error: Running program ‘/Users/sejensen/dev/chipper-incident-aggregate/infra/bin/Debug/netcoreapp3.1/services-incident.dll’ failed with an unhandled exception: System.TypeLoadException: Could not load type ‘Pulumi.AzureNative.Storage.Outputs.StorageAccountKeyResponseResult’ from assembly ‘Pulumi.AzureNative, Version=1.3.0.0, Culture=neutral, PublicKeyToken=null’. at Dk.Nuuday.PulumiHelper.Domain.<>c__DisplayClass14_0.<GetConnectionString>b__1(ListStorageAccountKeysResult keys) at Pulumi.Output`1.ApplyHelperAsync[U](Task`1 dataTask, Func`2 func) at Pulumi.Output`1.Pulumi.IOutput.GetDataAsync() Code: Any thoughts
    t
    • 2
    • 3
  • g

    glamorous-helmet-50600

    05/05/2021, 3:31 PM
    Hi guys, I'm using
    AzureNative.Web.GetCertificate.InvokeAsync(...)
    to retrieve an existing certificate, and the expected output has a "PfxBlob" but it's coming always empty - I'm wondering if this is expected at all? On the first pulumi run I create the certificate and include the PfxBlob so I was expecting to be able to retrieve it.
    t
    • 2
    • 5
  • t

    tall-scientist-89115

    05/05/2021, 7:52 PM
    Hey folks, I'm trying to find a particular key
    WorkspaceResourceId
    on
    azureNative.insights.Component
    . This would let me tie it to a particular LogAnalytics workspace..
    ✅ 1
    t
    • 2
    • 2
  • e

    enough-butcher-66045

    05/09/2021, 1:17 AM
    I've just ran into a scenario where one of my resources was depending on azure-native plugin 1.4.0 and other resources were depending on version 1.5.0 for which I've lost a good part of the last 2 hours trying to fix 🙃 I'd like to understand: a) The only resource that still had 1.4.0 was marked as protected -- is this why it didn't get updated? b) I'm running pulumi up while testing in my local (deploying to test environment) and I also run the same commands on the CICD pipeline. Was this what caused the plugin upgrade? c) How can I prevent plugin upgrades? thank you!
    r
    • 2
    • 1
  • e

    enough-butcher-66045

    05/09/2021, 1:20 AM
    (the error caused by the above scenario is that it was saying it couldn't find the plugin, even when both of them were installed)
Powered by Linen
Title
e

enough-butcher-66045

05/09/2021, 1:20 AM
(the error caused by the above scenario is that it was saying it couldn't find the plugin, even when both of them were installed)
View count: 3