https://pulumi.com logo
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • m

    miniature-leather-70472

    09/10/2021, 2:00 PM
    The implementation of listStorageAccountSAS seems.... not great. Things like resource group and storage account name are strings rather than Input<string> and if you use the Enum types for permissions etc. you can only specify 1, because again their strings. Is this going to be improved?
    g
    f
    • 3
    • 2
  • m

    millions-journalist-34868

    09/13/2021, 10:55 PM
    Maybe it's me, but I find it difficult to find lot of examples of using Pulumi with Azure (especially in C#). Some sample from the classic provider have not been upgraded to Native provider so I have trouble to understand how do to do some basic things. For instance assigning a Storage Blob Data Reader role to an Azure Function (through its managed identity) seems complicated. It seems to me that RoleAssignment is what I am looking for but I am not sure how to use it, especially because I think I have to use the guid from this role. Anyone has already done that ?
    t
    • 2
    • 6
  • w

    wet-noon-14291

    09/14/2021, 7:56 AM
    Is there a way to attach ACR to AKS using pulumi as in the azure doc: https://docs.microsoft.com/en-us/azure/aks/cluster-container-registry-integration?tabs=azure-cli ?
    t
    • 2
    • 4
  • w

    wooden-receptionist-75654

    09/14/2021, 8:16 AM
    Hi Guys, I’ve provisioned AKS cluster with
    containerservice.ManagedCluster
    with SystemAssigned MI. Something like:
    const cluster = new containerservice.ManagedCluster(managedClusterName, {
      ...
      identity: {
        type: "SystemAssigned",
      }
      ...
    });
    How can I get it
    principalId
    for creating
    authorization.RoleAssignment
    ?
    g
    t
    • 3
    • 6
  • m

    mysterious-piano-88140

    09/14/2021, 7:34 PM
    Hello all, I am using Pulumi for the first time for a project hosted in Azure cloud. I am using Typescript for programming the resources. I currently have the following scenario: A project with a stack named ‘dev’ that creates a ResourceGroup in Azure. The code is as follows: Another project with a stack named ‘dev’ that should create a MariaDB database and map it to the ResourceGroup just created in the other projet. My current code is this:
    export const databaseResourceGroup = new ResourceGroup(
      'resource-group-dev',
      {
        resourceGroupName: 'resource-group-dev',
        location: 'germanywestcentral',
        tags: {
          project: 'test',
          env: 'dev',
          type: 'resourcegroup'
        }
      }
    )
    My problem is that in the second project the ResourceGroup is not linked no matter how (getResourceGroup, Import, StackReference) but is always recreated, which leads to a fail because it just already exists.
    // const resourceGroup = await getResourceGroup({
    //   resourceGroupName: databaseResourceGroupName
    // })
    
    const resourceGroup = new ResourceGroup(
          'resource-group-dev',
          {
            resourceGroupName: 'resource-group-dev',
            location: 'germanywestcentral',
            tags: {
              project: 'test',
              env: 'dev',
              type: 'resourcegroup'
            }
          },
          {
            import: `/subscriptions/<subscription-id>/resourceGroups/<resourcegroupname>`
          }
        )
    Do any of you here have an idea how I can link between resources without recreating them. I would now expect a similar pattern as in the AWS CDK where I can access ARN with from methods.
    w
    • 2
    • 1
  • m

    millions-journalist-34868

    09/15/2021, 7:26 PM
    Hi. Just sharing an article I wrote that talks about Azure Functions and where I use Azure Native provider to build and deploy a Function App using its Managed Identity to acess the storage. https://www.techwatching.dev/posts/azure-functions-without-azurewebjobsstorage
    🎉 2
  • h

    handsome-state-59775

    09/16/2021, 10:59 AM
    Any way of dumping raw ARM API call data while performing a stack.up (I'm using automation API)? I'm in conversation with Azure support and they want this to help debug an issue I'm facing with public static IP provisioning.
    b
    c
    • 3
    • 5
  • f

    few-ocean-24625

    09/16/2021, 12:22 PM
    Hey guys. Is there a way to grant access permissions to all pipelines for a service endpoint? I didn't find this option on the azuredevops.ServiceEndpointAzureRM api.
  • a

    adorable-soccer-30455

    09/17/2021, 1:10 PM
    I'm creating some VM's in Azure using pulumi and I wan't to use som certificates on thos VM's that I've already got. Anyone knowing how I easily can pass those certificates down to the VM from pulumi?
  • b

    billions-carpet-89629

    09/20/2021, 7:22 AM
    Hi to everyone. This chat is the last resort I expect to find help. After spending 2 days I cannot make work creating an API operation. When I create it using
    using ApiManagement = Pulumi.AzureNative.ApiManagement.V20210101Preview;
    ...
    var operation2 = new ApiManagement.ApiOperation($"{apiName}/send",
        new ApiManagement.ApiOperationArgs
        {
            ApiId = api.Id,
            ResourceGroupName = resourceGroup.Name,
            ServiceName = apiManagementService.Name,
            DisplayName = "send",
            Method = "GET",
            OperationId = Output.Format($"{apiManagementService.Name}/PushNotificationApi/send"),
            UrlTemplate = "/send",
            TemplateParameters = new InputList<ParameterContractArgs>(),
            Responses = new InputList<ApiManagement.Inputs.ResponseContractArgs>()
        });
    It fails with an error: error: autorest/azure: error response cannot be parsed: "" error: EOF I could deploy it only via ARM Template deployment:
    var operation = CreateApiOperation($"{apiName}/push",
        new ApiManagement.ApiOperationArgs
        {
            ApiId = api.Id,
            ResourceGroupName = resourceGroup.Name,
            ServiceName = apiManagementService.Name,
            DisplayName = "Push",
            Method = "GET",
            //OperationId = Output.Format($"{apiManagementService.Name}/PushNotificationApi/push"),
            UrlTemplate = "/push",
            TemplateParameters = new InputList<ParameterContractArgs>(),
            Responses = new InputList<ApiManagement.Inputs.ResponseContractArgs>()
        });
    
    ...
    private Output<string> CreateApiOperation(string name, ApiManagement.ApiOperationArgs args)
    {
        var deployment = new AzureNative.Resources.Deployment($"deployment",
            new AzureNative.Resources.DeploymentArgs
            {
                DeploymentName = Output.Format($"deployment_operation_{args.DisplayName}"),
                Properties = new AzureNative.Resources.Inputs.DeploymentPropertiesArgs
                {
                    Mode = DeploymentMode.Incremental,
                    Template = new Dictionary<string, object>()
                    {
                        {
                            "$schema",
                            "<http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#>"
                        },
                        {"contentVersion", "1.0.0.0"},
                        {"parameters", new Dictionary<string, object>()},
                        {
                            "resources", new[]
                            {
                                new Dictionary<string, object>()
                                {
                                    {"type", "Microsoft.ApiManagement/service/apis/operations"},
                                    {"apiVersion", "2021-01-01-preview"},
                                    {"name", Output.Format($"{args.ServiceName}/{name}")},
                                    {
                                        "properties", new Dictionary<string, object>()
                                        {
                                            {"displayName", args.DisplayName},
                                            {"method", args.Method},
                                            {"urlTemplate", args.UrlTemplate},
                                            {"templateParameters", args.TemplateParameters},
                                            {"responses", args.Responses}
                                        }
                                    }
                                }
                            }
                        }
                    },
                },
                ResourceGroupName = args.ResourceGroupName,
            });
    
        return null;
    }
    I suspect the problem is in OperationId. I tried all possible combinations. I appreciate any help. Thanks a lot.
    • 1
    • 1
  • h

    handsome-state-59775

    09/20/2021, 12:48 PM
    if i use
    pulumi_azure_native.containerservice.ManagedCluster
    , how can I know which API version is being used?
    pulumi_azure_native==1.28.0
    ✅ 1
    t
    • 2
    • 2
  • g

    gorgeous-country-43026

    09/21/2021, 5:33 AM
    Ideas? My
    pulumi up
    gets stuck into this. Waited yesterday for several HOURS but it did not proceed. I'm assuming it's due to this code
    const dnsZone = azure.dns.Zone.get("thename", DNS_ZONE_ID);
    but I'm not sure. Any ideas would be most welcome at this point
    • 1
    • 3
  • w

    wooden-receptionist-75654

    09/21/2021, 9:22 AM
    Hi Guys, I’m creating an AKS cluster with UserAssigned Managed identify and identity for kubelet as well. My code looks like:
    ...
    const controlPlaneIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {...});
    const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {...});
    
    const cpManagedIdentityOperator = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
      principalId: controlPlaneIdentity.principalId,
      principalType: "ServicePrincipal",
      roleDefinitionId:
        "/subscriptions/xxxxxxxx/providers/Microsoft.Authorization/roleDefinitions/f1a07417-d97a-45cb-824c-7a7467783830",
      scope: resourceGroup.id,
    });
    
    
    const cluster = new containerservice.ManagedCluster( "cluster", {
      ...
        identity: {
          type: "UserAssigned",
          userAssignedIdentities: controlPlaneIdentity.id.apply((id) => {
            const dict: { [key: string]: any } = {};
            dict[id] = {};
            return dict;
          }),
        },
        identityProfile: {
          kubeletidentity: {
            clientId: kubeletIdentity.clientId,
            resourceId: kubeletIdentity.id,
            objectId: kubeletIdentity.principalId,
          },
        },
        ...
      },
      { dependsOn: [cpManagedIdentityOperator, kubeletDnsZoneContributor] }
    );
    Even thou I have dependencies on cluster resources I got an error on fresh stack creation:
    The cluster user assigned identity must be given permission to assign kubelet identity /subscriptions/xxxxxxxxxx/resourcegroups/poc-aks/providers/Microsoft.ManagedIdentity/userAssignedIdentities/poc-aks-kubeletIdentity. Check access result not allowed for action Microsoft.ManagedIdentity/userAssignedIdentities/assign/action.
    Am I missing something?
  • v

    victorious-exabyte-70545

    09/21/2021, 4:47 PM
    I would like to write command line tooling to do what the pulumi cli does. Specifically the up functionality but with checks in place. Can someone point me to the python documentation on how to accomplish this? Thanks much!
    b
    • 2
    • 8
  • m

    miniature-leather-70472

    09/22/2021, 1:43 PM
    I like the Azure Native provider, I think the better coverage is great, and reflecting the ARM API directly is a good idea. However, where it does suffer is where the ARM API is either badly designed or missing a feature. In the Terraform provider the extra abstraction meant it was possible to build additional functionality to deal with this, where as the native provider doesn't have this. I appreciate that issues with the ARM api are not Pulumi's fault, but the lack of the extra layer does mean that we're having to resort to either using the old Azure provider, or call the REST api directly to work around these issues. Has there been any thought around being able to have the native api have additional features on top of the ARM API to smooth out some of these issues?
    👍 3
    t
    • 2
    • 1
  • g

    glamorous-helmet-50600

    09/22/2021, 3:46 PM
    Hi guys, has anyone done Workflows/logic apps with Pulumi azure native? The example (c#) on the docs seems to have a syntax error that's hard to spot, I'm also wondering if there's a nicer way of providing a definition for the workflow (e.g., loading from a json file for example)
  • r

    refined-tent-12187

    09/23/2021, 7:13 PM
    hi everyone, i have few question, i use pulumi since 1 year now and i love it. But in certain case, it’s very hard to understand how to code without example. see my problem : I write my code with typescript, and i’am on Azure I use web.webaap for create a function app, and i want to add an identity provider. I use azuread.Application (App registration) who its work fine, but when i want to associate my function app with this App registration, i used WebAppAuthSettingsV2. And its very hard to understand how used it. Somebody have an working example ?
    • 1
    • 2
  • r

    refined-tent-12187

    09/23/2021, 7:15 PM
    FaaS with Identity provider.ts
  • m

    mysterious-australia-14256

    09/24/2021, 10:00 AM
    Hi, I'm after some advice on how to best handle the following... I am deploying a Virtual Machine to Azure using Pulumi/C#. As part of the deployment I need to run a custom script which I am doing by deploying a VirtualMachineExtension/CustomScriptExtension. In order to do this I need to specify the Uri of the script so as part of the deployment so I plan to first upload the script file to Azure Storage and then delete it after the deployment completes. I planed to use the Azure storage sdk to upload and delete the file to blob storage. How can I ensure that the file is uploaded before the Pulumi VirtualMachineExtension/CustomScriptExtension code runs? Also how can I ensure that the VirtualMachineExtension/CustomScriptExtension deployment has finished running before I delete the file?
    t
    • 2
    • 6
  • s

    strong-park-55853

    09/27/2021, 1:00 PM
    Hi, does anyone know if there is a similar
    azure-native
    “Contacts” block for the existing
    azure
    provider option https://www.pulumi.com/docs/reference/pkg/azure/keyvault/keyvault/#contacts_csharp I want to utilise the UI feature for adding email addresses for certificate expiration notifications, however I can’t seem to find an equivalent for the new providers. Or if anyone knows if this will be supported going forward with the API? https://www.pulumi.com/docs/reference/pkg/azure-native/keyvault/vault/ The cli command for configuring this email notification list is: https://docs.microsoft.com/bs-cyrl-ba/cli/azure/keyvault/certificate/contact?view=azure-cli-latest
    r
    • 2
    • 1
  • e

    elegant-stone-54832

    09/27/2021, 7:43 PM
    Hi! I tried to update my Azure SQL Server and added "Admininstrators".
    var sqlServer = new Server("myServer", new ServerArgs
    {
        AdministratorLogin = administratorLogin,
        AdministratorLoginPassword = administratorLoginPassword,
        ResourceGroupName = resourceGroup.Name,
        Identity = new ResourceIdentityArgs { Type = IdentityType.SystemAssigned },
        Administrators = new ServerExternalAdministratorArgs { PrincipalType = PrincipalType.User, Login = "MyLoginAADAccountName", Sid = "SomeGuid" } // I added this line
    });
    Why did pulumi removed my Azure SQL Server and recreated it?
    b
    t
    c
    • 4
    • 22
  • f

    flat-laptop-90489

    09/27/2021, 11:22 PM
    I just ran into this bug in azure-ad, and I was wondering if there's any known workaround or timeline for a fix? https://github.com/pulumi/pulumi-azuread/issues/147
    w
    • 2
    • 2
  • r

    rapid-soccer-98878

    09/30/2021, 2:38 AM
    Hey 👋 I need to rotate the app password before it expires so, I’ve use the
    rotateWhenChanged
    input to trigger a rotation but it deletes the existing resource when it rotates causing any services using those credentials to fail. Is there a way to not remove the existing resource when the app password is being rotated or is there a better approach to this problem? This is the code that creates the app passwords
    const appPassword = new azad.ApplicationPassword(
                `app-client-credentials`,
                {
                    applicationObjectId: app.objectId,
                    displayName: 'App',
                    endDateRelative: '4380h', // 6 months
                    // When the endTimestamp changes which is every 2 months,
                    // it will trigger the resource to be recreated
                    rotateWhenChanged: {
                        endTimestamp: futureEndTimestamp(2),
                    },
                }
            )
  • m

    mysterious-australia-14256

    09/30/2021, 12:21 PM
    Hi, I'm hoping for some guidance on how to correctly implement the following... I am deploying an Integration Runtime to an Azure Data Factory using Pulumi.AzureNative.DataFactory.IntegrationRuntime. Once the integration runtime has been deployed I then need to obtain the AuthKey from it. There is a function for this ( Pulumi.AzureNative.DataFactory.ListIntegrationRuntimeAuthKeys) but it requires the Integration Runtime Name to be specified as a string. The Integration Runtime deployment returns an object with a Name property of type Output<string> which the ListIntegrationRuntimeAuthKeys won't accept. I am guessing that I need to make use of something like Apply here to get the name back as a string but am unsure how to do it in such a way that I get the authKey correctly returned (also as a string not an Output<string>)? This doesn't work for example as authKey is only available within the Apply block and I need it available outside of that (so I can pass it in to another deployment that also wants it as a string)
    integrationRuntime.Name.Apply(n =>
    {
        var authKey = Pulumi.AzureNative.DataFactory.ListIntegrationRuntimeAuthKeys.InvokeAsync(new Pulumi.AzureNative.DataFactory.ListIntegrationRuntimeAuthKeysArgs
        {
            FactoryName = runtimeSettings.DataFactoryName,
            ResourceGroupName = runtimeSettings.DataFactoryResourceGroup,
            IntegrationRuntimeName = n
        }).Result.AuthKey1;
        return n;
    });
    t
    • 2
    • 10
  • p

    polite-shoe-79877

    10/01/2021, 8:55 AM
    just updated azuread to newest version 5.3.0, and now I get,
    panic: Unknown kind: bool
        goroutine 33 [running]:
        <http://github.com/hashicorp/terraform-plugin-sdk/v2/terraform.(*ResourceConfig).get(0xc0008a14d0|github.com/hashicorp/terraform-plugin-sdk/v2/terraform.(*ResourceConfig).get(0xc0008a14d0>, 0xc0008aeba0, 0x1f, 0xc0008a13b0, 0x0, 0x1f, 0x17791560598)
            /home/runner/go/pkg/mod/github.com/pulumi/terraform-plugin-
    Someone else experience this?
    b
    • 2
    • 2
  • b

    brief-machine-10802

    10/04/2021, 11:24 AM
    Hi all. I am trying to enable multi-dimension metrics on an Application Insights instance (https://docs.microsoft.com/en-us/azure/azure-monitor/app/get-metric#multi-dimensional-metrics) and I can't figure out how to do it via Pulumi. Any help would be appreciated. Here's our AI instance definition:
    var cliAppInsights = new Component(
    	$"xxx-{stackName}-cli-ai",
    	new ComponentArgs()
    	{
    		ResourceName = $"xxx-{stackName}-cli-ai",
    		Location = location,
    		ResourceGroupName = resourceGroup.Name,
    		Kind = "web",
    		ApplicationType = ApplicationType.Web,
    		RetentionInDays = config.GetInt32("CliApplicationInsightsRetentionInDays"), 
    	});
  • m

    mysterious-australia-14256

    10/04/2021, 11:52 AM
    I have noticed that when specifying CustomResourceOptions for calls, depandsOn can be specified as an Input type (i.e. InputList<Resource>) but Provider can't i.e. provider has to be a ProviderResource and can't be an Input<ProviderResource). Is there a reason for this difference? I am trying to pass the ID of a resource to a function and return the appropriate provider from that. Because the resource Id is of type Output<string> the resultant provider I get back is of type Output<Provider> which I then can't pass in as an arg to CustomResourceOptions.
  • i

    important-holiday-25047

    10/04/2021, 5:26 PM
    Hi all, I am trying to create a rabbitMq bitnami chart that is needed later in some kubernetes deployments. Everything does deploy correctly, the only problem we are facing is, that the kubernetes deployments cannot access the rabbitmq on startup as it seems to be created but it's not live yet. According to the docu the helm chart does await the creation an checks the resources are available. But as said, the rabbitmq is not started on deployment. I tried to depend on the resources of the chart, but with no luck. I tried to just start the deployments when the chart is set to ready (chart.ready.apply()), but it did not lead to the wished result. I also tried to wait for a connection to be established before the kubernetes deployment, but even after 15 minutes no connection could be achieved via amqp. Does anybody have any ideas how to ensure the rabbitmq is up and running before deployment? Thanks
  • p

    polite-shoe-79877

    10/04/2021, 6:13 PM
    Hey 🙂 , will the there be a new release of the azuread provider, there is currently a bug in the existing version 5.3.0, making it impossible to create ad groups. there is a temp hack to solve this, in the 12.1.0 version of the terraform provider. https://github.com/hashicorp/terraform-provider-azuread/issues/588
    b
    g
    • 3
    • 3
  • g

    great-breakfast-56601

    10/06/2021, 8:38 AM
    Hi all. Getting this on trying to create an azure application. I have seen the issues but am quite sure I've create applications recently. Is anyone else seeing this?
    azuread:index:Application (flsrcaks):
        error: 1 error occurred:
            * Could not create application: json.Marshal(): json: error calling MarshalJSON for type msgraph.Application: json: error calling MarshalJSON for type *msgraph.Owners: marshaling Owners: encountered DirectoryObject with nil ODataId
    b
    • 2
    • 6
Powered by Linen
Title
g

great-breakfast-56601

10/06/2021, 8:38 AM
Hi all. Getting this on trying to create an azure application. I have seen the issues but am quite sure I've create applications recently. Is anyone else seeing this?
azuread:index:Application (flsrcaks):
    error: 1 error occurred:
        * Could not create application: json.Marshal(): json: error calling MarshalJSON for type msgraph.Application: json: error calling MarshalJSON for type *msgraph.Owners: marshaling Owners: encountered DirectoryObject with nil ODataId
b

billowy-army-68599

10/06/2021, 9:14 PM
@great-breakfast-56601 i see we have an issue open, it looks like it's an issue with the AzureAD API, unfortunately 😞
🙌 1
g

great-breakfast-56601

10/06/2021, 9:26 PM
There's a fix in thread: https://github.com/hashicorp/terraform-provider-azuread/issues/588 Did you see?
@billowy-army-68599 https://github.com/hashicorp/terraform-provider-azuread/issues/588#issuecomment-937802637
b

billowy-army-68599

10/07/2021, 4:45 PM
@great-breakfast-56601 we'll get this out ASAP
@great-breakfast-56601 my apologies, @broad-dog-22463 already patched this, so please update
🙏 1
g

great-breakfast-56601

10/07/2021, 5:27 PM
OK, amazing.
View count: 3