https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • l

    limited-carpenter-34991

    07/12/2021, 12:24 PM
    I cannot finde the service principal and its scecret object inside the azure-native.
    l
    • 2
    • 2
  • m

    mysterious-australia-14256

    07/13/2021, 10:05 AM
    Is there an example anywhere on how to configure the diagnostic settings for a service bus? I want to be able to specify what I want logging (OpperationalLogs and AllMetrics) and what I want to do with the logs (send to a log analytics workspace in this case)?
    • 1
    • 1
  • m

    mysterious-australia-14256

    07/13/2021, 2:05 PM
    I am trying to create a new Web.Connection object for connecting to a Service Bus. The Service Bus is created earlier in the stack and when I create the Connection I need to specify the PrimaryConnectionString from the this Service Bus as a ParameterValue. I am trying to look up the PrimaryConnectionString using Pulumi.AzureNative.ServiceBus.ListNamespaceKeys but this fails if the Service Bus doesn't already exist. Is there a way around this i.e. to look up the string only after the Service Bus has been created and not progress the creation of the Connection until this has been done?
    t
    • 2
    • 4
  • m

    mysterious-australia-14256

    07/13/2021, 6:11 PM
    What is the correct way to handle dependencies when the parent object is created by a template? For example, I have used a template deployment to create a Web.CustomApi. This returns a Pulimi.AzureNative.Resources.Deployment object. I then want to create a Web.Connection that depends on the Web.CustomApi. Am I OK to specify the returned Deployment object of the Web.CustomApi in the DependsOn property of the CustomResourceOptions parameter when creating the Web.Connection or do I need to try and pull back a reference to the resource actually created by the Deployment?
    c
    s
    • 3
    • 3
  • m

    mysterious-australia-14256

    07/14/2021, 10:06 AM
    Hi All, I'm still struggling with using ARM template deployment to create a Web.CustomApi connector and then a Web.Connection that uses the API. The main issue is that the connection never shows up when I run a Pulumi Preview. It does however deploy if I run a Pulumi Up. I have code that creates the API via a deployment along the lines of
    var connectorDeployment = new Pulumi.AzureNative.Resources.Deployment( .... )
    I then create the connection using an expanded version of the following where I am retrieving the CustomApi object created by the above deployment and using that when creating the connection.
    var outputResources = connectorDeployment.Properties.Apply(props => 
    {
        Pulumi.AzureNative.Web.CustomApi bamConnector = Pulumi.AzureNative.Web.CustomApi.Get(connectorDeploymentResourceName, props.OutputResources[0].Id);
    	var connection = Pulumi.AzureNative.Web.Connection(name, args, new CustomResourceOptions
        {
            DependsOn = bamConnector,
            Parent = bamConnector
        });
        return props;
    }
    This does deploy correctly and everything works but I would like to get Pulumi Preview to pick up this operation. How can I tweak my code so that Pulumi Preview is picking up the connection correctly? I also have an issue where a Pulumi Destroy is only removing the deployment and not the actual object that was created.
    t
    • 2
    • 9
  • a

    ancient-eve-13947

    07/14/2021, 1:37 PM
    maybe better here than in general: how does one get the connection string for a
    NamespaceAuthorizationRule
    for an Azure servicebus via Typescript? the documentation states
    NamespaceAuthorizationRule
    should have an output
    primaryConnectionString
    , but the d.ts says it has only name, rights and type as outputs.
    t
    • 2
    • 4
  • a

    ancient-eve-13947

    07/14/2021, 5:28 PM
    when trying to create a b2c tenant, on
    pulumi up
    I get the following error:
    Diagnostics:
      pulumi:pulumi:Stack (Cloud-dev):
        error: update failed
    
      azure-native:azureactivedirectory:B2CTenant (b2c):
        error: cannot check existence of resource '/subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgdevc54575e2/providers/Microsoft.AzureActiveDirectory/b2cDirectories/deonfunction%20getStack%28%29%20%7B%0A%20%20%20%20return%20runtime.getStack%28%29%3B%0A%7Ddirectory': status code 400, <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""<http://www.w3.org/TR/html4/strict.dtd>">
        <HTML><HEAD><TITLE>Bad Request</TITLE>
        <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
        <BODY><h2>Bad Request - Invalid URL</h2>
        <hr><p>HTTP Error 400. The request URL is invalid.</p>
        </BODY></HTML>
    the code I use is:
    const tenant= new azure.azureactivedirectory.B2CTenant("b2c", {
            resourceGroupName: resourceGroup.name,
            sku: {
                name: "Standard",
                tier: "A0"
            },
            properties: {
                countryCode: "DE",
                displayName: `DEON-${pulumi.getStack}`
            },
            resourceName: `deon${pulumi.getStack}directory`
        });
    any idea what's going on here?
    t
    • 2
    • 4
  • a

    ancient-eve-13947

    07/14/2021, 6:35 PM
    is there a way to tell Pulumi "completely throw away what you think you know about the state of my Azure resources", while keeping everything in my Pulumi.dev.yaml? so that afterwards, when I do a
    pulumi up
    , it will just create a new resource group etc? background: something went wrong with destroying and now some Azure resources take ages to get deleted, and I'd like to continue testing meanwhile.
    t
    • 2
    • 5
  • a

    ancient-eve-13947

    07/14/2021, 7:04 PM
    I try to deploy a B2C tenant like this:
    let suffix= pulumi.getStack();
        suffix= suffix=="production" ? "" : suffix;
        const displayName= pulumi.interpolate `DEON - ${suffix}`;
        const resourceName= pulumi.interpolate `deon${suffix}directory`;
        const tenant= new azure.azureactivedirectory.B2CTenant("b2c", {
            resourceGroupName: resourceGroup.name,
            location: "europe", // because B2C has other, fewer possible locations
            sku: {
                name: "Standard",
                tier: "A0"
            },
            properties: {
                countryCode: "DE",
                displayName
            },
            resourceName
        });
    and on
    pulumi up
    I get this error:
    b2c (azure-native:azureactivedirectory:B2CTenant)
    error: autorest/azure: Service returned an error. Status=404 Code="NotFound" Message="Resource with ID '25110286-d288-4e46-851b-4e2bc880672f/rgdev9a38f1a5/deondevdirectory' does not exist." Target="resource"
    what am I doing wrong?
    t
    • 2
    • 8
  • a

    ancient-eve-13947

    07/15/2021, 11:55 AM
    for a B2C tenant, how can I upload custom policies (Identity Experience Framework)? and how can I edit the manifest (download/upload it) for app registrations?
    @pulumi/azuread
    seems to allow me to create app registrations, but I can't see anything related to manifests?
  • v

    victorious-exabyte-70545

    07/15/2021, 4:26 PM
    Hi all, I have a question about managing stack states. Yesterday I prematurely killed pulumi up and it resulted in the state of the stack being lost. I am using blob storage to hold state. When I typed pulumi preview, no stack was found. Is there documentation on how to restore from blob storage? Also, is it better to check in state into the project code in git (vs using s3 or blob storage)? What is best practice for production use of pulumi? I am new to Pulumi so any advice or direction is appreciated. Thanks!
  • v

    victorious-exabyte-70545

    07/15/2021, 5:12 PM
    So it looks like I should be able to restore from the history right?
  • v

    victorious-exabyte-70545

    07/15/2021, 5:13 PM
    .pulumi/history/dev/dev-1626238159454148000.checkpoint.json
    c
    • 2
    • 4
  • l

    limited-mouse-98047

    07/16/2021, 2:51 PM
    Hi folks. Did anyone else come across the typescript
    azuread.ServicePrincipalPassword
    resource generating passwords that are incompatible with
    azure_native.containerservice.ManagedCluster
    ? The latter apparently cannot accept characters like a backtick (`), which the former will apparently generate if you're lucky. I'm wondering whether this is a bug within the provider on on the azure end.
    👀 1
    b
    r
    • 3
    • 4
  • m

    miniature-leather-70472

    07/19/2021, 12:17 PM
    Does the old Azure provider have anything similar to the GetClientToken in the Azure Native provider?
    t
    • 2
    • 5
  • p

    powerful-football-81694

    07/19/2021, 1:06 PM
    Hi folks, do all stacks in the same project necessarily need to be deployed to the same Azure subscription? Or is Pulumi completely “agnostic” to this, i.e., does it simply deploy to whatever subscription happens to be the selected one in Azure CLI at the time when you do
    pulumi up
    ?
    b
    m
    • 3
    • 5
  • w

    wet-noon-14291

    07/20/2021, 9:40 PM
    Any example of how to configure Cosmos DB with integrated cache using pulumi? Azure docs: https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-configure-integrated-cache
    t
    • 2
    • 1
  • h

    handsome-state-59775

    07/21/2021, 5:34 AM
    Any plans for Crosswalk for Azure? I'm specifically interested in Python.
    t
    • 2
    • 2
  • m

    mysterious-australia-14256

    07/22/2021, 10:13 AM
    Hello, can anyone point me towards guidance on how stackreference works between projects when using an azure storage backend? When I start a new project I typically run "pulumi login azblob://pulumi/<projectname>" e.g. "pulumi login azblob://pulumi/project1". Does this mean that I will only be able to reference other stacks created while logged in to "azblob://pulumi/project1" or can I also reference stacks in other projects sharing the same storage account e.g. project 2 created when logged in to "pulumi login azblob://pulumi/project2"? Thanks , Alan
    b
    b
    • 3
    • 16
  • l

    little-notebook-32921

    07/22/2021, 11:35 PM
    All, any chance anyone could assist me with understanding this message? "error: Duplicate resource URN 'urn😛ulumi:hess-net-dev::basevnet:😛ulumi:pulumi:Stack::basevnet-hess-net-dev'; try giving it a unique name". I'm looping through a YAML file with GoLang and there seems to be some sort of collision. Any ideas would be much appreciated!
    b
    • 2
    • 9
  • m

    miniature-leather-70472

    07/26/2021, 12:54 PM
    I'm guessing this is an Azure thing rather than Pulumi, but is there any way to get a consistent order when an object containers a list? For example, when an object has a firewall with a list of allowed IP's, the order on this can change with each apply, and so Pulumi thinks there is a change. I could ignore changes for that, but I do want the option to add more IP's at a later date
  • m

    melodic-student-71781

    07/27/2021, 6:36 PM
    Hi, I'm trying to emulate
    az aks create [...] --attach-acr $MYACR
    where the cluster uses a managed identity instead of an explicit service principal. As far as I understand it, I need to add a
    RoleAssignment
    with
    scope
    =containerRegistryId and
    roleDefinitionId
    ="AcrPull". RoleAssignment contains `principalId`(required) and
    delegatedManagedIdentityResourceId
    (optional). How do I fill these two fields? I'm guessing
    delegatedManagedIdentityResourceId
    should be the id of the AKS cluster, but what's the
    principalId
    if there is no principal?
    b
    • 2
    • 1
  • k

    kind-mechanic-53546

    07/28/2021, 1:29 AM
    Has anyone else had problems with autocomplete being extremely slow with azure-native?
    p
    b
    • 3
    • 8
  • i

    icy-jordan-58549

    07/28/2021, 1:42 PM
    Hi, team. Could someone help me understand why this is happening?
    azure-native:network:FrontDoor (frontDoor):
        error: autorest/azure: Service returned an error. Status=<nil> Code="Conflict" Message="Cannot delete frontend endpoint \"<http://fed2test.test.io|fed2test.test.io>\" because it is still directly or indirectly (using \"afdverify\" prefix) CNAMEd to front door \"<http://emtkfed2testprodcmsfd.azurefd.net|emtkfed2testprodcmsfd.azurefd.net>\". Please remove the DNS CNAME records and try again."
    m
    • 2
    • 2
  • p

    proud-dusk-33872

    07/28/2021, 1:54 PM
    Is there a way for a stack to contribute to the resource of another stack? For example, a subscription to an Event Grid topic, where the topic itself is owned by another stack. Another example might be a rule / backend on a Front Door instance.
    f
    • 2
    • 3
  • m

    melodic-easter-82419

    07/29/2021, 3:55 PM
    Interesting issue. Creating a shared dashboard from pulumi, I see the resource and can view properties. The problem I run into is when I goto the dashboard I get a dashboard does not exist error.
  • m

    melodic-easter-82419

    07/29/2021, 3:56 PM
    It looks like I do have owner permission for the dashboard. Curious if anyone else has ran into this issue>?
  • c

    cuddly-spring-60602

    07/30/2021, 7:53 AM
    Hi #azure, I'm writing a program to deploy a VM and register it within a Automation Account with a pre-existing, but it fails when I want to add a specific option:
    Settings: pulumi.ArrayMap{
                            "advancedOptions": pulumi.Array{
                                pulumi.Map{
                                    "Name":     pulumi.String("forcePullAndApply"),
                                    "TypeName": pulumi.String("System.Boolean"),
                                    "Value":    pulumi.Bool(false),
                                },
                            },
                            "Properties": pulumi.Array{
                                pulumi.Map{
                                    "Name":     pulumi.String("RegistrationKey"),
                                    "TypeName": pulumi.String("System.Management.Automation.PSCredential"),
                                    "Value": pulumi.StringMap{
                                        "Password": pulumi.String("PrivateSettingsRef:registrationKeyPrivate"),
                                        "UserName": pulumi.String("PLACEHOLDER_DONOTUSE"),
                                    },
                                },
                                pulumi.StringMap{
                                    "Name":     pulumi.String("RegistrationUrl"),
                                    "TypeName": pulumi.String("System.String"),
                                    "Value":    pulumi.String(registrationUrl),
                                },
                                pulumi.StringMap{
                                    "Name":     pulumi.String("NodeConfigurationName"),
                                    "TypeName": pulumi.String("System.String"),
                                    "Value":    pulumi.String(existingConfigurationName),
                                },
                                pulumi.Map{
                                    "Name":     pulumi.String("RebootNodeIfNeeded"),
                                    "TypeName": pulumi.String("System.Boolean"),
                                    "Value":    pulumi.Bool(true),
                                },
                                pulumi.Map{
                                    "Name":     pulumi.String("ActionAfterReboot"),
                                    "TypeName": pulumi.String("System.String"),
                                    "Value":    pulumi.String("continueConfiguration"),
                                },
                            },
                        },
                        TypeHandlerVersion: pulumi.String("2.77"),
    This will lead to an error:
    I0730 08:18:59.628372    6476 provider_plugin.go:739] Provider[azure-native, 0xc000650780].Create(urn:pulumi:dev::TosMarketing::azure-native:compute:VirtualMachineExtension::vm-ext-Gaming-VM1) failed: Code="VMExtensionProvisioningError" Message="VM has reported a failure when processing extension 'vm-ext-Gaming-VM1'. Error message: \"The DSC Extension failed to execute: Cannot convert value \"downloadMappings\" to type \"System.Int32\". Error: \"Input string was not in a correct format.\".\nMore information about the failure can be found in the logs located under 'C:\\WindowsAzure\\Logs\\Plugins\\Microsoft.Powershell.DSC\\2.77.0.0' on the VM.\"\r\n\r\nMore information on troubleshooting is available at <https://aka.ms/VMExtensionDSCWindowsTroubleshoot> "
    Without the advancedOptions Block, it works fine...Any ideas?
  • a

    ancient-eve-13947

    07/30/2021, 12:39 PM
    Hi, I got a stack consisting of about 20 resources. I used it in the past and it worked fine. Now I'm trying to run
    pulumi preview
    on a clean slate, ie with no resources up yet and I get the following error:
    Diagnostics:
      pulumi:pulumi:Stack (Cloud-dev):
        error: Running program 'C:\Projects\Deon\infrastructure\azureresources' failed with an unhandled exception:
        Error: invocation of azure-native:cache:listRedisKeys returned an error: request failed /subscriptions/25110286-d288-4e46-851b-4e2bc880672f/resourceGroups/rgDEV/providers/Microsoft.Cache/redis/redis2f94d61f/listKeys: autorest/azure: Service returned an error. Status=404 Code="ResourceNotFound" Message="The Resource 'Microsoft.Cache/Redis/redis2f94d61f' under resource group 'rgDEV' was not found. For more details please go to <https://aka.ms/ARMResourceNotFoundFix>"
            at Object.callback (C:\Projects\Deon\infrastructure\azureresources\node_modules\@pulumi\pulumi\runtime\invoke.js:139:33)
            at Object.onReceiveStatus (C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\client.ts:338:26)
            at Object.onReceiveStatus (C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\client-interceptors.ts:426:34)
            at Object.onReceiveStatus (C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\client-interceptors.ts:389:48)
            at C:\Projects\Deon\infrastructure\azureresources\node_modules\@grpc\grpc-js\src\call-stream.ts:276:24
            at processTicksAndRejections (internal/process/task_queues.js:79:11)
    The code for that passage is
    function createRedis() : azure.types.input.web.NameValuePairArgs[]{
        var cache= new redis.Redis("redis", {
            resourceGroupName,
            enableNonSslPort: true,
            minimumTlsVersion: redis.TlsVersion.TlsVersion_1_2,
            sku: {
                name: "Basic",
                family: "C",
                capacity: cfg.requireNumber("Redis.Size")
            }
        });
        
        const keys= pulumi.all([resourceGroupName, cache.name])
                     .apply(([resourceGroupName, name])=>redis.listRedisKeys({resourceGroupName, name}))
        const connectionString= pulumi.interpolate `${cache.hostName}:6380,password=${keys.primaryKey},ssl=True,abortConnect=False`;
        return [
            {
                name: "Redis:ConnectionString",
                value: connectionString
            },
        ];
    }
    Now what I don't get is: of course when doing preview, the redis instance isn't there yet. But I kinda expected that Pulumi somehow deals with this in the background, maybe not calling apply if cache.Name is not available yet. Also, I think I didn't have the problem before - but that might just be because I called it incrementally, never on a completely clean slate. Note the same thing happens when I execute
    pulumi up
    when it's in the preview stage. So this is currently a big blocker for me. Any ideas, anyone?
    t
    • 2
    • 27
  • p

    powerful-football-81694

    07/30/2021, 6:07 PM
    Hi everyone. Does anyone know if it’s possible to look up resources from another Azure subscription than the one currently being deployed to? For example, we use code like this to find a shared key vault:
    // Get a reference to our centralized key vault service which lives
    // in another resource group. The key vault service itself is not created or maintained
    // by this program.
    var keyVault =
      Output.Create(GetVault.InvokeAsync(
        new GetVaultArgs()
        {
          ResourceGroupName = sharedResourceGroupName,
          VaultName = sharedKeyVaultName
        }));
    Is there any way to do this if that key vault is in a different subscription?
    • 1
    • 1
Powered by Linen
Title
p

powerful-football-81694

07/30/2021, 6:07 PM
Hi everyone. Does anyone know if it’s possible to look up resources from another Azure subscription than the one currently being deployed to? For example, we use code like this to find a shared key vault:
// Get a reference to our centralized key vault service which lives
// in another resource group. The key vault service itself is not created or maintained
// by this program.
var keyVault =
  Output.Create(GetVault.InvokeAsync(
    new GetVaultArgs()
    {
      ResourceGroupName = sharedResourceGroupName,
      VaultName = sharedKeyVaultName
    }));
Is there any way to do this if that key vault is in a different subscription?
Figured it out. For anyone else wondering, here’s how to do this:
var sharedSubscriptionProvider = new Provider(sharedSubscriptionName, new ProviderArgs() { SubscriptionId = sharedSubscriptionId });

var keyVault =
	Output.Create(GetVault.InvokeAsync(
		new GetVaultArgs()
		{
			ResourceGroupName = sharedResourceGroupName,
			VaultName = sharedKeyVaultName
		},
		new InvokeOptions()
		{
			Provider = sharedSubscriptionProvider
		}));
View count: 3