https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • t

    tall-scientist-89115

    06/09/2021, 4:36 PM
    hey the ts server in vscode kept crashing so I turned on debugging and saw this
    Exception has occurred: Error: ENOENT: no such file or directory, stat '/Users/daniel/code/infra/vault/node_modules/@pulumi/azure-native/types/enums/machinelearningservices/v20200801/index.ts'
    This is using azure-native 1.5.0 (maybe 1.10.0 will fix this?). Edit: haven't seen it since upgrading to 1.10 so you guys probably got this one already
    the extension host error
    t
    • 2
    • 5
  • h

    hundreds-receptionist-31352

    06/09/2021, 6:47 PM
    Hi, I'm trying to create a ARO cluster using this library https://www.pulumi.com/docs/reference/pkg/azure-native/redhatopenshift/openshiftcluster/, and whatever domain that I set, I'm getting this error: azure-native:redhatopenshift:OpenShiftCluster (openShiftCluster): error: Code="InvalidParameter" Message="The provided domain 'internaltest.aroapp.io' is invalid." Target="properties.clusterProfile.domain" any clues? thanks in advance.
  • m

    miniature-leather-70472

    06/10/2021, 10:53 AM
    I'm trying to migrate from Azure to Azure Native following this guide - https://www.pulumi.com/docs/intro/cloud-providers/azure/from-classic/#move-resources-from-classic-azure-to-azure-native and I must be missing something obvious. I've run pulumi import and that worked as expected, updated my code, but when I try and run Pulumi up it wants to delete the new Azure Native resource group, rather than showing no changes. What am I missing?
    t
    • 2
    • 2
  • m

    miniature-leather-70472

    06/10/2021, 11:33 AM
    How does Azure-> Azure Native migration work for component resources, do you need to import each sub resource of the component resource individually?
    t
    • 2
    • 1
  • t

    tall-librarian-49374

    06/10/2021, 11:53 AM
    Just to be sure - you don’t have to migrate if everything works with your existing resources, the classic provider isn’t going away.
    m
    • 2
    • 1
  • h

    hundreds-receptionist-31352

    06/10/2021, 7:01 PM
    has anyone had luck to use openshift with pulumi? I cant get a cluster running with this example https://www.pulumi.com/docs/reference/pkg/azure-native/redhatopenshift/openshiftcluster
    t
    • 2
    • 3
  • h

    happy-parrot-60128

    06/10/2021, 7:07 PM
    So, I’m trying to get zero-downtime deployments for Azure Functions … it appears that just changing the blob in the appSettings causes a few seconds of downtime while it starts up the new deployment. It seems like the way around this might be to use deployment slots … create a new slot, deploy to that slot, let it start up then switch the active slot. Has anyone done this before? Does this work? Is there an easier way to do something that Azure should really just do for us? 🤔 Thoughts much appreciated!
    • 1
    • 1
  • m

    miniature-leather-70472

    06/11/2021, 1:41 PM
    It seems that the ManagedServiceIdentityArgs object for App Gateway is an InputMap that expects the key to be the ID of the managed identity, which needs to be a string. As you might expect, I want to create the Managed Identity using Pulumi so the ID is Output<string>, is there any way to get this into App Gateway without having to wrap the entire App GW object in an apply statement? I really don't want to do that as the Managed Identity is an optional setting, so I'd have to have two full copies of all the app gw code.
    t
    • 2
    • 3
  • r

    rough-window-15889

    06/11/2021, 6:45 PM
    I’d like to move from one ASE to another in Azure, but problem is you can’t update an app service to move from one ASE to another if it is in a different webspace is my understanding I just get errors. I’d like to delete the underlying app services from the current app service plan and have them created in the new one but when I run the code it triggers the app service to update instead of replace and fails when it tries to update to the new app service plan. Almost seems like I’d want a “deletebeforeupdate” rather than a “deletebeforereplace” but not sure what causes the difference between an update and a replace.
    t
    • 2
    • 4
  • n

    nice-oyster-71086

    06/11/2021, 9:34 PM
    I'm looking at the typescript
    @pulumi/azure-native
    web.StaticSite and would like to deploy some appsettings along with the static site, but don't see a way to set them in the web.StaticSiteArgs object. Is there any guidance for this?
    t
    • 2
    • 3
  • i

    icy-jordan-58549

    06/14/2021, 11:00 AM
    Has anyone worked with Azure Functions Proxies? I really want to deploy it using pulumi, can’t find any examples or even what kind of resources I need to use.
    t
    • 2
    • 3
  • g

    gorgeous-country-43026

    06/14/2021, 12:33 PM
    Any plans to include support for Synapse Analytics serverless pools into Pulumi Azure provider? Or am I just blind and can't find it from docs or code?
    t
    • 2
    • 3
  • h

    happy-ability-61825

    06/14/2021, 3:12 PM
    I am trying to update an Azure ACI container group and I am getting the following error:
    azure-native:containerinstance:ContainerGroup (spl-outputs):
    error: Code="InvalidContainerGroupUpdate" Message="The updates on container group 'spl-outputs' are invalid. If you are going to update the os type, restart policy, network profile, CPU, memory or GPU resources for a container group, you must delete it first and then create a new one."
    I updated the ContainerGroup definition to include
    opts=pulumi.ResourceOptions(delete_before_replace=True)
    (as per https://www.pulumi.com/docs/intro/concepts/resources/#deletebeforereplace) but it doesn't seem to have any effect
    b
    t
    • 3
    • 11
  • r

    rough-window-15889

    06/14/2021, 6:42 PM
    Is there a better way of handling azuread calls? We end up having to run Pulumi twice; once to create the resource and then once again to have azuread call resolve to the right objectId correctly. We have used a placeholder of ‘11111111-1111-1111-1111-111111111111’ temporarily to allow the first run through but that’s an issue when creating multiple resources you get a collision with multiple resources getting the all 1s placeholder.
    t
    • 2
    • 7
  • g

    gorgeous-country-43026

    06/15/2021, 12:53 PM
    How to debug this warning? It isn't exactly informative
    pulumi:pulumi:Stack (myproject-azure-dev):
        warning: provider config warning: Deprecated Attribute
    c
    f
    • 3
    • 3
  • l

    limited-carpenter-34991

    06/17/2021, 2:15 PM
    I need help regarding the azure data explorer (kusto / adx). Inside the documentation there are several database objects. https://www.pulumi.com/docs/reference/pkg/azure-native/kusto/ What database obect is actual / newest one ? And depending on the database, what is the right one for one for the data ingestion to an eventhub? There are two object types. If i use the EventHubDataConnection, i got the error "Code="ResourceNotFound" Message="The resource with identifier" for the database.
    t
    • 2
    • 10
  • a

    able-doctor-68496

    06/17/2021, 11:47 PM
    I'm using Pulumi to configure an Azure AKS managed cluster. It's a test cluster, and so I'm using some ephemeral volumes in my pods with
    emptyDir
    , and I needed more disk space. I haven't figured out a way to do that so that the existing nodes get replaced with nodes that have the amount of disk space I need. What I've tried: • update
    os_disk_size_gb
    in
    agent_pool_profiles
    and run
    pulumi up
    - this doesn't seem to have any effect • change
    count
    to 0 in
    agent_pool_profiles
    and run
    pulumi up
    - this results in an error that
    count
    is invalid • change
    name
    in
    agent_pool_profiles
    to try to have the pool replaced - this also results in an error (see thread)
    • 1
    • 2
  • a

    able-doctor-68496

    06/18/2021, 11:30 PM
    Now I'm trying to create a
    RecordSet
    and getting this error:
    azure-native:network:RecordSet (application-record):
        error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="The request was invalid."
    This is the code in Python for the
    RecordSet
    :
    RecordSet(
        'application-record',
        cname_record=CnameRecordArgs(cname=azure_fqdn),
        record_type='CNAME',
        relative_record_set_name=seeq_subdomain,
        resource_group_name=azure_zone_resource_group,
        zone_name=azure_zone_name
    )
    Is there a good way to troubleshoot that?
    t
    • 2
    • 5
  • q

    quiet-hairdresser-18834

    06/19/2021, 2:18 PM
    If I am using a service principal to authenticate, should I need to run az login? I am getting this error: Building AzureAD Client: obtain tenant() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1: Please run 'az login' to setup account. I have tried two different service principals with the same issue
  • q

    quiet-hairdresser-18834

    06/19/2021, 3:00 PM
    same settings work if I set it via an environment variable but fail when it is set via config
    t
    • 2
    • 1
  • l

    limited-carpenter-34991

    06/21/2021, 9:37 AM
    I have a problem during deployment of an azure data explorer with
    AzureNative.Kusto.Script
    i always get the error:
    azure-native:kusto:Script (script1):
    error: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The resource with identifier
    t
    • 2
    • 4
  • a

    able-doctor-68496

    06/21/2021, 7:50 PM
    Re-posting in case people missed it before. Can someone help me get to the bottom of this?
    s
    • 2
    • 1
  • h

    hundreds-optician-54090

    06/22/2021, 3:50 PM
    Has anybody been able to deploy a storage account with customer managed keys? If I try and use the Python example from the Pulumi documentation (https://www.pulumi.com/docs/reference/pkg/azure-native/storage/storageaccount/#storageaccountcreateuserassignedencryptionidentitywithcmk) I get an error:
    error: Code="CannotSetResourceIdentity" Message="Resource type 'Microsoft.Storage/storageAccounts' does not support creation of 'UserAssigned' resource identity. The supported types are 'SystemAssigned'."
    If I change the identity to 'SystemAssigned' and remove the user_assigned_identities, the storage account them fails to build with this error instead:
    error: Code="InvalidValuesForRequestParameters" Message="Values for request parameters are invalid: properties.encryption.identity."
    Here's the proof-of-concept code I've been playing with:
    import pulumi
    
    import pulumi_azure_native as azure_native
    import pulumi_azuread as azuread
    
    
    config = pulumi.Config()
    
    tenant_id = config.get('azure-native:tenantId')
    
    resource_group = azure_native.resources.ResourceGroup("test-resource-group",
                                                          location="usgovvirginia",
                                                          resource_group_name="test-resource-group",
                                                          tags={'ENV': 'test'},
                                                          )
    
    
    storage_security_group = azuread.Group("storage_security_group", display_name="storage_security_group")
    
    
    key_vault = vault = azure_native.keyvault.Vault("Ish5booweur",
                                                    location="usgovvirginia",
                                                    properties=azure_native.keyvault.VaultPropertiesArgs(
                                                        access_policies=[azure_native.keyvault.AccessPolicyEntryArgs(
                                                                object_id=storage_security_group.id,
                                                                permissions=azure_native.keyvault.PermissionsArgs(
                                                                    certificates=[],
                                                                    keys=[
                                                                        "wrapKey",
                                                                        "unwrapKey",
                                                                        "get",
                                                                    ],
                                                                    secrets=[],
                                                                ),
                                                                tenant_id=tenant_id,
                                                            )],
                                                        enable_soft_delete=False,
                                                        soft_delete_retention_in_days=15,
                                                        enabled_for_deployment=False,
                                                        enabled_for_disk_encryption=True,
                                                        enabled_for_template_deployment=False,
                                                        network_acls=azure_native.keyvault.NetworkRuleSetArgs(
                                                            bypass="AzureServices",
                                                            default_action="Allow",
                                                        ),
                                                        sku=azure_native.keyvault.SkuArgs(
                                                            family="A",
                                                            name="Premium",
                                                        ),
                                                        tenant_id=tenant_id,
                                                    ),
                                                    resource_group_name=resource_group.name,
                                                    vault_name="Ish5booweur",
                                                    tags={'ENV': 'test'},
                                                    )
    
    
    storage_key = azure_native.keyvault.Key("storage-encryption-key",
                                            key_name="storage-encryption-key",
                                            properties=azure_native.keyvault.KeyPropertiesArgs(
                                                kty="RSA-HSM",
                                                key_size=4096,
                                            ),
                                            resource_group_name=resource_group.name,
                                            vault_name=key_vault.name,
                                            tags={'ENV': 'test'},
                                            )
    
    
    storage_account_managed_identity = azure_native.managedidentity.UserAssignedIdentity("storage-account-managed-id",
                                                                                         location="usgovvirginia",
                                                                                         resource_group_name=resource_group.name,
                                                                                         tags={'ENV': 'test'},
                                                                                         )
    
    cmk_storage_account = azure_native.storage.StorageAccount("storeaccount01",
                                                            account_name="storeaccount01",
                                                            allow_blob_public_access=False,
                                                            encryption=azure_native.storage.EncryptionArgs(
                                                                require_infrastructure_encryption=True,
                                                                encryption_identity=azure_native.storage.EncryptionIdentityArgs(
                                                                    encryption_user_assigned_identity=storage_account_managed_identity.id,
                                                                    ),
                                                                key_source="Microsoft.Keyvault",
                                                                key_vault_properties=azure_native.storage.KeyVaultPropertiesArgs(
                                                                    key_name=storage_key.name,
                                                                    key_vault_uri=key_vault.properties.vault_uri,  # "<https://Ish5booweur.vault.usgovcloudapi.net/>",
                                                                    ),
                                                                services=azure_native.storage.EncryptionServicesArgs(
                                                                    blob=azure_native.storage.EncryptionServiceArgs(
                                                                        enabled=True,
                                                                        key_type="Account",
                                                                        ),
                                                                    file=azure_native.storage.EncryptionServiceArgs(
                                                                        enabled=True,
                                                                        key_type="Account",
                                                                        ),
                                                                    ),
                                                                ),
                                                            identity=azure_native.storage.IdentityArgs(type="SystemAssigned"),
                                                            # identity=azure_native.storage.IdentityArgs(type="UserAssigned",
                                                            #                                            user_assigned_identities={str(storage_account_managed_identity.id): {}},
                                                            #                                            ),
                                                            kind="StorageV2",
                                                            location="usgovvirginia",
                                                            minimum_tls_version="TLS1_2",
                                                            network_rule_set=azure_native.storage.NetworkRuleSetArgs(bypass="AzureServices",
                                                                                                                     default_action="Deny",
                                                                                                                     ),
                                                            resource_group_name=resource_group.name,
                                                            sku=azure_native.storage.SkuArgs(name="Standard_ZRS"),
                                                            tags={'ENV': 'test'},
                                                            )
  • l

    lemon-chef-20322

    06/22/2021, 11:20 PM
    Hey there. We're using Pulumi to manage hundreds of Azure resources and so far it's been amazing. Thanks for such an awesome product. Just recently we hit an issue though that is blocking us and we can't figure it out. We are using Pulumi to provision an Azure KeyVault and some associated Access Policies. The issue is with the access policies. Provisioning access policies for "users" works just fine but when setting an access policy for an "app" things break down. Seems Azure does not recognize the provisioning as being an app and instead classifies it as unknown (see screenshot). The access policy does not work in this mode. Doing the same operation via the az command works just fine.
    g
    f
    • 3
    • 4
  • p

    proud-pizza-80589

    06/23/2021, 8:15 AM
    How do you pass --aks-custom-headers when creating an AKS cluster? To enable the CSI storage driver. https://docs.microsoft.com/en-us/azure/aks/csi-storage-drivers (azure native)
    ➕ 1
    t
    • 2
    • 13
  • r

    rough-window-15889

    06/24/2021, 1:01 AM
    Anyone ever run into an issue moving a sql database to an elastic pool? I get the error “Elastic pool ‘xxxxx’ and service level objective ‘GP_Gen5_2’ combination is invalid. Code: 40860. Google hasn’t been much help. I changed the code so that the requestedServiceObjectiveName for the DB is now set to ElasticPool but now it is stuck. Two identical DB with different names migrated over fine but one will not.
  • i

    icy-leather-68314

    06/24/2021, 10:41 AM
    Hi. I'm trying to deploy a function app with azure AD authentication, using an azure.web.WebApp and azure.web.WebAppAuthSettings. The deploy works fine, but when pulumi tries to destroy the WebAppAuthSettings resource, it fails with:
    azure-native:web:WebAppAuthSettings (func-acmebot-auth-gdbp1-dev-eastus2):
        error: autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="SiteAuthSettings object is not present in the request body." Details=[{"Message":"SiteAuthSettings object is not present in the request body."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"01008","Message":"SiteAuthSettings object is not present in the request body.","MessageTemplate":"{0} object is not present in the request body.","Parameters":["SiteAuthSettings"]}}]
    The logs show that pulumi is doing a
    PUT /subscriptions/.../resourceGroups/rg-main-gdbp1-dev-eastus26bb88e07/providers/Microsoft.Web/sites/func-acmebot-gdbp1-dev-eastus2cc94d39c/config/authsettings?api-version=2020-12-01 HTTP/1.1
    with a body of just
    {}
    , which it looks like the Azure API doesn't like. What are my options here? I don't really care if the WebAppAuthSettings resource destruction fails as it will be cleaned up when the WebApp is destroyed anyway.
    t
    • 2
    • 2
  • m

    mysterious-australia-14256

    06/25/2021, 9:38 AM
    I'm trying to create an Integration Account using the following code from the Pulumi website
    using Pulumi;
    using AzureNative = Pulumi.AzureNative;
    
    class MyStack : Stack
    {
        public MyStack()
        {
            var integrationAccount = new AzureNative.Logic.IntegrationAccount("integrationAccount", new AzureNative.Logic.IntegrationAccountArgs
            {
                IntegrationAccountName = "testIntegrationAccount",
                Location = "westus",
                ResourceGroupName = "testResourceGroup",
                Sku = new AzureNative.Logic.Inputs.IntegrationAccountSkuArgs
                {
                    Name = "Standard",
                },
            });
        }
    
    }
    I get an error back saying error: autorest/azure: Service returned an error. Status=400 Code="InvalidIntegrationAccount" Message="The provided integration account definition is not valid." Anyone know of a fix for this? Thanks Alan
    b
    • 2
    • 3
  • s

    square-salesmen-69891

    06/25/2021, 10:44 AM
    I'm trying to follow this instruction: https://discourse.ubuntu.com/t/ubuntu-ha-cluster-in-microsoft-azure-cloud/18191 and set up a cluster on azure. The ssh for accessing the gateway vm woks fine but I can not ssh to my other vm. Can anyone help?
    b
    • 2
    • 3
  • e

    enough-truck-34175

    06/25/2021, 2:22 PM
    Does anyone have a suggestion of how to associate an AKS network security group with a subnet with azure native? I have this circular dependency I don’t know how to solve for. 1. Create a virtual network with a subnet 2. Create an AKS cluster setting 
    VnetSubnetID
     to the subnet. AKS automatically creates an NSG. 3. Associate the AKS NSG to the vnet’s subnet
    p
    • 2
    • 4
Powered by Linen
Title
e

enough-truck-34175

06/25/2021, 2:22 PM
Does anyone have a suggestion of how to associate an AKS network security group with a subnet with azure native? I have this circular dependency I don’t know how to solve for. 1. Create a virtual network with a subnet 2. Create an AKS cluster setting 
VnetSubnetID
 to the subnet. AKS automatically creates an NSG. 3. Associate the AKS NSG to the vnet’s subnet
p

prehistoric-kite-30979

06/25/2021, 3:27 PM
we create the nsg with the subnet and then attach the subnet to aks
👍 1
try doing that before you create the cluster maybe?
e

enough-truck-34175

06/25/2021, 5:16 PM
Good call. I forgot that the nsg is manually created rather than being created by AKS. Clearly, I’ve been staring at this code for too long. 😆
p

prehistoric-kite-30979

06/25/2021, 5:56 PM
happens to us all 🙃
View count: 3