pulumi-community #azure

mysterious-australia-14256

07/13/2021, 2:05 PM

I am trying to create a new Web.Connection object for connecting to a Service Bus. The Service Bus is created earlier in the stack and when I create the Connection I need to specify the PrimaryConnectionString from the this Service Bus as a ParameterValue. I am trying to look up the PrimaryConnectionString using Pulumi.AzureNative.ServiceBus.ListNamespaceKeys but this fails if the Service Bus doesn't already exist. Is there a way around this i.e. to look up the string only after the Service Bus has been created and not progress the creation of the Connection until this has been done?

mysterious-australia-14256

07/13/2021, 6:11 PM

What is the correct way to handle dependencies when the parent object is created by a template? For example, I have used a template deployment to create a Web.CustomApi. This returns a Pulimi.AzureNative.Resources.Deployment object. I then want to create a Web.Connection that depends on the Web.CustomApi. Am I OK to specify the returned Deployment object of the Web.CustomApi in the DependsOn property of the CustomResourceOptions parameter when creating the Web.Connection or do I need to try and pull back a reference to the resource actually created by the Deployment?

mysterious-australia-14256

07/14/2021, 10:06 AM

Hi All, I'm still struggling with using ARM template deployment to create a Web.CustomApi connector and then a Web.Connection that uses the API. The main issue is that the connection never shows up when I run a Pulumi Preview. It does however deploy if I run a Pulumi Up. I have code that creates the API via a deployment along the lines of

Copy code

var connectorDeployment = new Pulumi.AzureNative.Resources.Deployment( .... )

I then create the connection using an expanded version of the following where I am retrieving the CustomApi object created by the above deployment and using that when creating the connection.

Copy code

var outputResources = connectorDeployment.Properties.Apply(props => 
{
    Pulumi.AzureNative.Web.CustomApi bamConnector = Pulumi.AzureNative.Web.CustomApi.Get(connectorDeploymentResourceName, props.OutputResources[0].Id);
	var connection = Pulumi.AzureNative.Web.Connection(name, args, new CustomResourceOptions
    {
        DependsOn = bamConnector,
        Parent = bamConnector
    });
    return props;
}

This does deploy correctly and everything works but I would like to get Pulumi Preview to pick up this operation. How can I tweak my code so that Pulumi Preview is picking up the connection correctly? I also have an issue where a Pulumi Destroy is only removing the deployment and not the actual object that was created.

ancient-eve-13947

07/14/2021, 1:37 PM

maybe better here than in general: how does one get the connection string for a

NamespaceAuthorizationRule

for an Azure servicebus via Typescript? the documentation states

NamespaceAuthorizationRule

should have an output

primaryConnectionString

, but the d.ts says it has only name, rights and type as outputs.

ancient-eve-13947

07/14/2021, 5:28 PM

when trying to create a b2c tenant, on

pulumi up

I get the following error:

Copy code

Diagnostics:
  pulumi:pulumi:Stack (Cloud-dev):
    error: update failed

  azure-native:azureactivedirectory:B2CTenant (b2c):
    error: cannot check existence of resource '/subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgdevc54575e2/providers/Microsoft.AzureActiveDirectory/b2cDirectories/deonfunction%20getStack%28%29%20%7B%0A%20%20%20%20return%20runtime.getStack%28%29%3B%0A%7Ddirectory': status code 400, <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""<http://www.w3.org/TR/html4/strict.dtd>">
    <HTML><HEAD><TITLE>Bad Request</TITLE>
    <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
    <BODY><h2>Bad Request - Invalid URL</h2>
    <hr><p>HTTP Error 400. The request URL is invalid.</p>
    </BODY></HTML>

the code I use is:

Copy code

const tenant= new azure.azureactivedirectory.B2CTenant("b2c", {
        resourceGroupName: resourceGroup.name,
        sku: {
            name: "Standard",
            tier: "A0"
        },
        properties: {
            countryCode: "DE",
            displayName: `DEON-${pulumi.getStack}`
        },
        resourceName: `deon${pulumi.getStack}directory`
    });

any idea what's going on here?

ancient-eve-13947

07/14/2021, 6:35 PM

is there a way to tell Pulumi "completely throw away what you think you know about the state of my Azure resources", while keeping everything in my Pulumi.dev.yaml? so that afterwards, when I do a

pulumi up

, it will just create a new resource group etc? background: something went wrong with destroying and now some Azure resources take ages to get deleted, and I'd like to continue testing meanwhile.

ancient-eve-13947

07/14/2021, 7:04 PM

I try to deploy a B2C tenant like this:

Copy code

let suffix= pulumi.getStack();
    suffix= suffix=="production" ? "" : suffix;
    const displayName= pulumi.interpolate `DEON - ${suffix}`;
    const resourceName= pulumi.interpolate `deon${suffix}directory`;
    const tenant= new azure.azureactivedirectory.B2CTenant("b2c", {
        resourceGroupName: resourceGroup.name,
        location: "europe", // because B2C has other, fewer possible locations
        sku: {
            name: "Standard",
            tier: "A0"
        },
        properties: {
            countryCode: "DE",
            displayName
        },
        resourceName
    });

and on

pulumi up

I get this error:

Copy code

b2c (azure-native:azureactivedirectory:B2CTenant)
error: autorest/azure: Service returned an error. Status=404 Code="NotFound" Message="Resource with ID '25110286-d288-4e46-851b-4e2bc880672f/rgdev9a38f1a5/deondevdirectory' does not exist." Target="resource"

what am I doing wrong?

ancient-eve-13947

07/15/2021, 11:55 AM

for a B2C tenant, how can I upload custom policies (Identity Experience Framework)? and how can I edit the manifest (download/upload it) for app registrations?

@pulumi/azuread

seems to allow me to create app registrations, but I can't see anything related to manifests?

victorious-exabyte-70545

07/15/2021, 4:26 PM

Hi all, I have a question about managing stack states. Yesterday I prematurely killed pulumi up and it resulted in the state of the stack being lost. I am using blob storage to hold state. When I typed pulumi preview, no stack was found. Is there documentation on how to restore from blob storage? Also, is it better to check in state into the project code in git (vs using s3 or blob storage)? What is best practice for production use of pulumi? I am new to Pulumi so any advice or direction is appreciated. Thanks!

victorious-exabyte-70545

07/15/2021, 5:12 PM

So it looks like I should be able to restore from the history right?

victorious-exabyte-70545

07/15/2021, 5:13 PM

Copy code

.pulumi/history/dev/dev-1626238159454148000.checkpoint.json

limited-mouse-98047

07/16/2021, 2:51 PM

Hi folks. Did anyone else come across the typescript

azuread.ServicePrincipalPassword

resource generating passwords that are incompatible with

azure_native.containerservice.ManagedCluster

? The latter apparently cannot accept characters like a backtick (`), which the former will apparently generate if you're lucky. I'm wondering whether this is a bug within the provider on on the azure end.

👀 1

miniature-leather-70472

07/19/2021, 12:17 PM

Does the old Azure provider have anything similar to the GetClientToken in the Azure Native provider?

powerful-football-81694

07/19/2021, 1:06 PM

Hi folks, do all stacks in the same project necessarily need to be deployed to the same Azure subscription? Or is Pulumi completely “agnostic” to this, i.e., does it simply deploy to whatever subscription happens to be the selected one in Azure CLI at the time when you do

pulumi up

wet-noon-14291

07/20/2021, 9:40 PM

Any example of how to configure Cosmos DB with integrated cache using pulumi? Azure docs: https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-integrated-cache

handsome-state-59775

07/21/2021, 5:34 AM

Any plans for Crosswalk for Azure? I'm specifically interested in Python.

mysterious-australia-14256

07/22/2021, 10:13 AM

Hello, can anyone point me towards guidance on how stackreference works between projects when using an azure storage backend? When I start a new project I typically run "pulumi login azblob://pulumi/<projectname>" e.g. "pulumi login azblob://pulumi/project1". Does this mean that I will only be able to reference other stacks created while logged in to "azblob://pulumi/project1" or can I also reference stacks in other projects sharing the same storage account e.g. project 2 created when logged in to "pulumi login azblob://pulumi/project2"? Thanks , Alan

little-notebook-32921

07/22/2021, 11:35 PM

All, any chance anyone could assist me with understanding this message? "error: Duplicate resource URN 'urnpulumihess-net-dev:basevnetpulumipulumiStack:basevnet-hess-net-dev'; try giving it a unique name". I'm looping through a YAML file with GoLang and there seems to be some sort of collision. Any ideas would be much appreciated!

miniature-leather-70472

07/26/2021, 12:54 PM

I'm guessing this is an Azure thing rather than Pulumi, but is there any way to get a consistent order when an object containers a list? For example, when an object has a firewall with a list of allowed IP's, the order on this can change with each apply, and so Pulumi thinks there is a change. I could ignore changes for that, but I do want the option to add more IP's at a later date

melodic-student-71781

07/27/2021, 6:36 PM

Hi, I'm trying to emulate

Copy code

az aks create [...] --attach-acr $MYACR

where the cluster uses a managed identity instead of an explicit service principal. As far as I understand it, I need to add a

RoleAssignment

with

scope

=containerRegistryId and

roleDefinitionId

="AcrPull". RoleAssignment contains `principalId`(required) and

delegatedManagedIdentityResourceId

(optional). How do I fill these two fields? I'm guessing

delegatedManagedIdentityResourceId

should be the id of the AKS cluster, but what's the

principalId

if there is no principal?

kind-mechanic-53546

07/28/2021, 1:29 AM

Has anyone else had problems with autocomplete being extremely slow with azure-native?

icy-jordan-58549

07/28/2021, 1:42 PM

Hi, team. Could someone help me understand why this is happening?

Copy code

azure-native:network:FrontDoor (frontDoor):
    error: autorest/azure: Service returned an error. Status=<nil> Code="Conflict" Message="Cannot delete frontend endpoint \"<http://fed2test.test.io|fed2test.test.io>\" because it is still directly or indirectly (using \"afdverify\" prefix) CNAMEd to front door \"<http://emtkfed2testprodcmsfd.azurefd.net|emtkfed2testprodcmsfd.azurefd.net>\". Please remove the DNS CNAME records and try again."

proud-dusk-33872

07/28/2021, 1:54 PM

Is there a way for a stack to contribute to the resource of another stack? For example, a subscription to an Event Grid topic, where the topic itself is owned by another stack. Another example might be a rule / backend on a Front Door instance.

melodic-easter-82419

07/29/2021, 3:55 PM

Interesting issue. Creating a shared dashboard from pulumi, I see the resource and can view properties. The problem I run into is when I goto the dashboard I get a dashboard does not exist error.

melodic-easter-82419

07/29/2021, 3:56 PM

It looks like I do have owner permission for the dashboard. Curious if anyone else has ran into this issue>?

cuddly-spring-60602

07/30/2021, 7:53 AM

Hi #azure, I'm writing a program to deploy a VM and register it within a Automation Account with a pre-existing, but it fails when I want to add a specific option:

Copy code

Settings: pulumi.ArrayMap{
                        "advancedOptions": pulumi.Array{
                            pulumi.Map{
                                "Name":     pulumi.String("forcePullAndApply"),
                                "TypeName": pulumi.String("System.Boolean"),
                                "Value":    pulumi.Bool(false),
                            },
                        },
                        "Properties": pulumi.Array{
                            pulumi.Map{
                                "Name":     pulumi.String("RegistrationKey"),
                                "TypeName": pulumi.String("System.Management.Automation.PSCredential"),
                                "Value": pulumi.StringMap{
                                    "Password": pulumi.String("PrivateSettingsRef:registrationKeyPrivate"),
                                    "UserName": pulumi.String("PLACEHOLDER_DONOTUSE"),
                                },
                            },
                            pulumi.StringMap{
                                "Name":     pulumi.String("RegistrationUrl"),
                                "TypeName": pulumi.String("System.String"),
                                "Value":    pulumi.String(registrationUrl),
                            },
                            pulumi.StringMap{
                                "Name":     pulumi.String("NodeConfigurationName"),
                                "TypeName": pulumi.String("System.String"),
                                "Value":    pulumi.String(existingConfigurationName),
                            },
                            pulumi.Map{
                                "Name":     pulumi.String("RebootNodeIfNeeded"),
                                "TypeName": pulumi.String("System.Boolean"),
                                "Value":    pulumi.Bool(true),
                            },
                            pulumi.Map{
                                "Name":     pulumi.String("ActionAfterReboot"),
                                "TypeName": pulumi.String("System.String"),
                                "Value":    pulumi.String("continueConfiguration"),
                            },
                        },
                    },
                    TypeHandlerVersion: pulumi.String("2.77"),

This will lead to an error:

Copy code

I0730 08:18:59.628372    6476 provider_plugin.go:739] Provider[azure-native, 0xc000650780].Create(urn:pulumi:dev::TosMarketing::azure-native:compute:VirtualMachineExtension::vm-ext-Gaming-VM1) failed: Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'vm-ext-Gaming-VM1'. Error message: \"The DSC Extension failed to execute: Cannot convert value \"downloadMappings\" to type \"System.Int32\". Error: \"Input string was not in a correct format.\".\nMore information about the failure can be found in the logs located under 'C:\\WindowsAzure\\Logs\\Plugins\\Microsoft.Powershell.DSC\\2.77.0.0' on the VM.\"\r\n\r\nMore information on troubleshooting is available at <https://aka.ms/VMExtensionDSCWindowsTroubleshoot> "

Without the advancedOptions Block, it works fine...Any ideas?

ancient-eve-13947

07/30/2021, 12:39 PM

Hi, I got a stack consisting of about 20 resources. I used it in the past and it worked fine. Now I'm trying to run

pulumi preview

on a clean slate, ie with no resources up yet and I get the following error:

Copy code

Diagnostics:
  pulumi:pulumi:Stack (Cloud-dev):
    error: Running program 'C:\Projects\Deon\infrastructure\azureresources' failed with an unhandled exception:
    Error: invocation of azure-native:cache:listRedisKeys returned an error: request failed /subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgDEV/providers/Microsoft.Cache/redis/redis2f94d61f/listKeys: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The Resource 'Microsoft.Cache/Redis/redis2f94d61f' under resource group 'rgDEV' was not found. For more details please go to <https://aka.ms/ARMResourceNotFoundFix>"
        at Object.callback (C:\Projects\Deon\infrastructure\azureresources\node_modules\@pulumi\pulumi\runtime\invoke.js:139:33)
        at Object.onReceiveStatus (C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\client.ts:338:26)
        at Object.onReceiveStatus (C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\client-interceptors.ts:426:34)
        at Object.onReceiveStatus (C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\client-interceptors.ts:389:48)
        at C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\call-stream.ts:276:24
        at processTicksAndRejections (internal/process/task_queues.js:79:11)

The code for that passage is

Copy code

function createRedis() : azure.types.input.web.NameValuePairArgs[]{
    var cache= new redis.Redis("redis", {
        resourceGroupName,
        enableNonSslPort: true,
        minimumTlsVersion: redis.TlsVersion.TlsVersion_1_2,
        sku: {
            name: "Basic",
            family: "C",
            capacity: cfg.requireNumber("Redis.Size")
        }
    });
    
    const keys= pulumi.all([resourceGroupName, cache.name])
                 .apply(([resourceGroupName, name])=>redis.listRedisKeys({resourceGroupName, name}))
    const connectionString= pulumi.interpolate `${cache.hostName}:6380,password=${keys.primaryKey},ssl=True,abortConnect=False`;
    return [
        {
            name: "Redis:ConnectionString",
            value: connectionString
        },
    ];
}

Now what I don't get is: of course when doing preview, the redis instance isn't there yet. But I kinda expected that Pulumi somehow deals with this in the background, maybe not calling apply if cache.Name is not available yet. Also, I think I didn't have the problem before - but that might just be because I called it incrementally, never on a completely clean slate. Note the same thing happens when I execute

pulumi up

when it's in the preview stage. So this is currently a big blocker for me. Any ideas, anyone?

powerful-football-81694

07/30/2021, 6:07 PM

Hi everyone. Does anyone know if it’s possible to look up resources from another Azure subscription than the one currently being deployed to? For example, we use code like this to find a shared key vault:

Copy code

// Get a reference to our centralized key vault service which lives
// in another resource group. The key vault service itself is not created or maintained
// by this program.
var keyVault =
  Output.Create(GetVault.InvokeAsync(
    new GetVaultArgs()
    {
      ResourceGroupName = sharedResourceGroupName,
      VaultName = sharedKeyVaultName
    }));

Is there any way to do this if that key vault is in a different subscription?

proud-dusk-33872

07/31/2021, 12:31 AM

Is Azure DNS supported by the Azure native provider?

acoustic-answer-89272

07/31/2021, 4:51 PM

Hi There, I’m learning Pulumi. I wrote a sample code that creates an #azure web app in #dotnet(C#). I need to access the web app instance I created in my code inside of an ‘if’ statement so that I can add AppSettings based on a given condition. Anyone can help me with that or point me to a code sample? I’m using the Azure-Native library. I guess it starts somehow like this:

webapp.SiteConfig.Apply(cfg => cfg.AppSettings.Add(?????));

Thanks !