wet-noon-14291
09/14/2021, 7:56 AMwooden-receptionist-75654
09/14/2021, 8:16 AMcontainerservice.ManagedCluster
with SystemAssigned MI. Something like:
const cluster = new containerservice.ManagedCluster(managedClusterName, {
...
identity: {
type: "SystemAssigned",
}
...
});
How can I get it principalId
for creating authorization.RoleAssignment
?mysterious-piano-88140
09/14/2021, 7:34 PMexport const databaseResourceGroup = new ResourceGroup(
'resource-group-dev',
{
resourceGroupName: 'resource-group-dev',
location: 'germanywestcentral',
tags: {
project: 'test',
env: 'dev',
type: 'resourcegroup'
}
}
)
My problem is that in the second project the ResourceGroup is not linked no matter how (getResourceGroup, Import, StackReference) but is always recreated, which leads to a fail because it just already exists.
// const resourceGroup = await getResourceGroup({
// resourceGroupName: databaseResourceGroupName
// })
const resourceGroup = new ResourceGroup(
'resource-group-dev',
{
resourceGroupName: 'resource-group-dev',
location: 'germanywestcentral',
tags: {
project: 'test',
env: 'dev',
type: 'resourcegroup'
}
},
{
import: `/subscriptions/<subscription-id>/resourceGroups/<resourcegroupname>`
}
)
Do any of you here have an idea how I can link between resources without recreating them.
I would now expect a similar pattern as in the AWS CDK where I can access ARN with from methods.millions-journalist-34868
09/15/2021, 7:26 PMhandsome-state-59775
09/16/2021, 10:59 AMfew-ocean-24625
09/16/2021, 12:22 PMadorable-soccer-30455
09/17/2021, 1:10 PMbillions-carpet-89629
09/20/2021, 7:22 AMusing ApiManagement = Pulumi.AzureNative.ApiManagement.V20210101Preview;
...
var operation2 = new ApiManagement.ApiOperation($"{apiName}/send",
new ApiManagement.ApiOperationArgs
{
ApiId = api.Id,
ResourceGroupName = resourceGroup.Name,
ServiceName = apiManagementService.Name,
DisplayName = "send",
Method = "GET",
OperationId = Output.Format($"{apiManagementService.Name}/PushNotificationApi/send"),
UrlTemplate = "/send",
TemplateParameters = new InputList<ParameterContractArgs>(),
Responses = new InputList<ApiManagement.Inputs.ResponseContractArgs>()
});
It fails with an error:
error: autorest/azure: error response cannot be parsed: "" error: EOF
I could deploy it only via ARM Template deployment:
var operation = CreateApiOperation($"{apiName}/push",
new ApiManagement.ApiOperationArgs
{
ApiId = api.Id,
ResourceGroupName = resourceGroup.Name,
ServiceName = apiManagementService.Name,
DisplayName = "Push",
Method = "GET",
//OperationId = Output.Format($"{apiManagementService.Name}/PushNotificationApi/push"),
UrlTemplate = "/push",
TemplateParameters = new InputList<ParameterContractArgs>(),
Responses = new InputList<ApiManagement.Inputs.ResponseContractArgs>()
});
...
private Output<string> CreateApiOperation(string name, ApiManagement.ApiOperationArgs args)
{
var deployment = new AzureNative.Resources.Deployment($"deployment",
new AzureNative.Resources.DeploymentArgs
{
DeploymentName = Output.Format($"deployment_operation_{args.DisplayName}"),
Properties = new AzureNative.Resources.Inputs.DeploymentPropertiesArgs
{
Mode = DeploymentMode.Incremental,
Template = new Dictionary<string, object>()
{
{
"$schema",
"<http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#>"
},
{"contentVersion", "1.0.0.0"},
{"parameters", new Dictionary<string, object>()},
{
"resources", new[]
{
new Dictionary<string, object>()
{
{"type", "Microsoft.ApiManagement/service/apis/operations"},
{"apiVersion", "2021-01-01-preview"},
{"name", Output.Format($"{args.ServiceName}/{name}")},
{
"properties", new Dictionary<string, object>()
{
{"displayName", args.DisplayName},
{"method", args.Method},
{"urlTemplate", args.UrlTemplate},
{"templateParameters", args.TemplateParameters},
{"responses", args.Responses}
}
}
}
}
}
},
},
ResourceGroupName = args.ResourceGroupName,
});
return null;
}
I suspect the problem is in OperationId. I tried all possible combinations. I appreciate any help. Thanks a lot.handsome-state-59775
09/20/2021, 12:48 PMpulumi_azure_native.containerservice.ManagedCluster
, how can I know which API version is being used?
pulumi_azure_native==1.28.0
gorgeous-country-43026
09/21/2021, 5:33 AMpulumi up
gets stuck into this. Waited yesterday for several HOURS but it did not proceed. I'm assuming it's due to this code const dnsZone = azure.dns.Zone.get("thename", DNS_ZONE_ID);
but I'm not sure. Any ideas would be most welcome at this pointwooden-receptionist-75654
09/21/2021, 9:22 AM...
const controlPlaneIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {...});
const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {...});
const cpManagedIdentityOperator = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
principalId: controlPlaneIdentity.principalId,
principalType: "ServicePrincipal",
roleDefinitionId:
"/subscriptions/xxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
scope: resourceGroup.id,
});
const cluster = new containerservice.ManagedCluster( "cluster", {
...
identity: {
type: "UserAssigned",
userAssignedIdentities: controlPlaneIdentity.id.apply((id) => {
const dict: { [key: string]: any } = {};
dict[id] = {};
return dict;
}),
},
identityProfile: {
kubeletidentity: {
clientId: kubeletIdentity.clientId,
resourceId: kubeletIdentity.id,
objectId: kubeletIdentity.principalId,
},
},
...
},
{ dependsOn: [cpManagedIdentityOperator, kubeletDnsZoneContributor] }
);
Even thou I have dependencies on cluster resources I got an error on fresh stack creation:
The cluster user assigned identity must be given permission to assign kubelet identity /subscriptions/xxxxxxxxxx/resourcegroups/poc-aks/providers/Microsoft.ManagedIdentity/userAssignedIdentities/poc-aks-kubeletIdentity. Check access result not allowed for action Microsoft.ManagedIdentity/userAssignedIdentities/assign/action.
Am I missing something?victorious-exabyte-70545
09/21/2021, 4:47 PMminiature-leather-70472
09/22/2021, 1:43 PMglamorous-helmet-50600
09/22/2021, 3:46 PMrefined-tent-12187
09/23/2021, 7:13 PMrefined-tent-12187
09/23/2021, 7:15 PMmysterious-australia-14256
09/24/2021, 10:00 AMstrong-park-55853
09/27/2021, 1:00 PMazure-native
“Contacts” block for the existing azure
provider option https://www.pulumi.com/docs/reference/pkg/azure/keyvault/keyvault/#contacts_csharp
I want to utilise the UI feature for adding email addresses for certificate expiration notifications, however I can’t seem to find an equivalent for the new providers. Or if anyone knows if this will be supported going forward with the API?
https://www.pulumi.com/docs/reference/pkg/azure-native/keyvault/vault/
The cli command for configuring this email notification list is:
https://docs.microsoft.com/bs-cyrl-ba/cli/azure/keyvault/certificate/contact?view=azure-cli-latestelegant-stone-54832
09/27/2021, 7:43 PMvar sqlServer = new Server("myServer", new ServerArgs
{
AdministratorLogin = administratorLogin,
AdministratorLoginPassword = administratorLoginPassword,
ResourceGroupName = resourceGroup.Name,
Identity = new ResourceIdentityArgs { Type = IdentityType.SystemAssigned },
Administrators = new ServerExternalAdministratorArgs { PrincipalType = PrincipalType.User, Login = "MyLoginAADAccountName", Sid = "SomeGuid" } // I added this line
});
Why did pulumi removed my Azure SQL Server and recreated it?flat-laptop-90489
09/27/2021, 11:22 PMrapid-soccer-98878
09/30/2021, 2:38 AMrotateWhenChanged
input to trigger a rotation but it deletes the existing resource when it rotates causing any services using those credentials to fail.
Is there a way to not remove the existing resource when the app password is being rotated or is there a better approach to this problem?
This is the code that creates the app passwords
const appPassword = new azad.ApplicationPassword(
`app-client-credentials`,
{
applicationObjectId: app.objectId,
displayName: 'App',
endDateRelative: '4380h', // 6 months
// When the endTimestamp changes which is every 2 months,
// it will trigger the resource to be recreated
rotateWhenChanged: {
endTimestamp: futureEndTimestamp(2),
},
}
)
mysterious-australia-14256
09/30/2021, 12:21 PMintegrationRuntime.Name.Apply(n =>
{
var authKey = Pulumi.AzureNative.DataFactory.ListIntegrationRuntimeAuthKeys.InvokeAsync(new Pulumi.AzureNative.DataFactory.ListIntegrationRuntimeAuthKeysArgs
{
FactoryName = runtimeSettings.DataFactoryName,
ResourceGroupName = runtimeSettings.DataFactoryResourceGroup,
IntegrationRuntimeName = n
}).Result.AuthKey1;
return n;
});
polite-shoe-79877
10/01/2021, 8:55 AMpanic: Unknown kind: bool
goroutine 33 [running]:
<http://github.com/hashicorp/terraform-plugin-sdk/v2/terraform.(*ResourceConfig).get(0xc0008a14d0|github.com/hashicorp/terraform-plugin-sdk/v2/terraform.(*ResourceConfig).get(0xc0008a14d0>, 0xc0008aeba0, 0x1f, 0xc0008a13b0, 0x0, 0x1f, 0x17791560598)
/home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-
Someone else experience this?brief-machine-10802
10/04/2021, 11:24 AMvar cliAppInsights = new Component(
$"xxx-{stackName}-cli-ai",
new ComponentArgs()
{
ResourceName = $"xxx-{stackName}-cli-ai",
Location = location,
ResourceGroupName = resourceGroup.Name,
Kind = "web",
ApplicationType = ApplicationType.Web,
RetentionInDays = config.GetInt32("CliApplicationInsightsRetentionInDays"),
});
mysterious-australia-14256
10/04/2021, 11:52 AMimportant-holiday-25047
10/04/2021, 5:26 PMpolite-shoe-79877
10/04/2021, 6:13 PMgreat-breakfast-56601
10/06/2021, 8:38 AMazuread:index:Application (flsrcaks):
error: 1 error occurred:
* Could not create application: json.Marshal(): json: error calling MarshalJSON for type msgraph.Application: json: error calling MarshalJSON for type *msgraph.Owners: marshaling Owners: encountered DirectoryObject with nil ODataId
quaint-toothbrush-75472
10/06/2021, 8:15 PMhandsome-state-59775
10/07/2021, 6:19 AM