pulumi-community #azure

Channels

azure

quaint-toothbrush-75472

10/06/2021, 8:15 PM

Hello!! I need to deploy an App Service Plan, a WebApp and then push the nodejs application to this appservice, can i do this with pulumi?

handsome-state-59775

10/07/2021, 6:19 AM

How can I get the URL of an NFS File share?

great-breakfast-56601

10/07/2021, 10:06 AM

Hi Has anyone had difficulty getting an internal loadbalancer to create using a managedidentity?

great-breakfast-56601

10/07/2021, 10:06 AM

Living in pending state

worried-knife-31967

10/11/2021, 6:30 PM

Anyone seen any issues with role assigments and a race condition? It seems the deletion of role assignments completes asynchronously, and if you're doing Cosmos RBAC, there is as lock applied. That means that if there's a change applied and it needs to delete the role, you get an exception due to the delete locking the resource asynchronously.

👀 1

rhythmic-activity-46295

10/13/2021, 11:05 PM

Hello, anyone here know how to achieve deny role assignments with pulumi? I've a keyvault in our dev environment which all developers have access to but I want to deny access to a certificate?!

curved-pencil-86122

10/15/2021, 6:08 AM

When trying to create BlobServiceProperties I'm getting the following error with strange looking 10-starting ip address. Any ideas? What I'm doing wrong? self.my_storage_account = storage.StorageAccount( account_name=mystorageaccount, ... blob_service_properties.BlobServiceProperties( account_name=self.my_storage_account.name, ... error: autorest/azure: Service returned an error. Status=404 Code="HttpResourceNotFound" Message="The request url http://10.0.14.52:30044/...my_storageaccount?api-version=2021-04-01 is not found."

future-kite-91191

10/15/2021, 10:00 AM

When running a Pulumi program in Azure Devops against an AKS cluster, we see

To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code CG*****QW to authenticate.

How can I ensure the pipeline can run without interactive logins? Background: • The AKS cluster has "local k8s account" feature disabled, only AAD accounts can authenticate • The Azure Devops pipeline Service Principal is member of the AAD Group that has admin rights/roles assigned to it for the AKS cluster

many-dress-54535

10/15/2021, 6:34 PM

Hello, I am trying to update a

pulumi_azure_native.network.IpGroup()

by setting the

ip_addresses

and I am getting

AttributeError: can't set attribute

error, not sure if I am doing this right because it's the first time I try to set a property...

steep-addition-26630

10/18/2021, 7:35 AM

Hi, this was asked before but there was no conslusion. I have a function app where the code seems to be deleted on every update from pulumi, even minor changes to the configuration. I'd expect an app restart, but instead the entire application code seems to disappear. Is this expected? The pulumi preview is like this, and is what I would expect:

~  azure-native:web:WebApp foo-func update [diff: ~siteConfig]
~  azure-native:web:WebAppSlot foo-func update [diff: ~siteConfig]

It's worth mentioning that I'm currently pushing the code via another pipeline. I'd like to use WebAppSourceControl but it seems we need a bit more setup for that to work (and a documented example wouldn't hurt...)

white-bear-32497

10/19/2021, 7:06 AM

Hi, I’m working with the example of app service with my simple nodejs app, all of the examples upload package to blob and use

WEBSITE_RUN_FROM_ZIP

to deploy, is there any way to directly deploy from local disk?

victorious-exabyte-70545

10/19/2021, 6:41 PM

Hi All, Question: Is there a way to unit test my pulumi azure IOC without network connectivity. When I worked with AWS I used a python library called boto to mock AWS's api. It was awesome because every cloud formation template generated was tested (all resources mock created). Would love to do this with pulumi and azure.

wet-noon-14291

10/20/2021, 10:01 PM

I based a small demo of deploying a typescript cloud function on this, https://github.com/pulumi/examples/blob/master/azure-ts-functions/index.ts example. It works fine if everything is done correct first time, but for me changing the value https://github.com/pulumi/examples/blob/master/azure-ts-functions/index.ts#L35 didn't update the actual cloud function it seemed. So to test it I had to delete the whole stack (just a demo) and deploy again. What is the right approach to update the function if the content of the blob is changed? @tall-librarian-49374 I noticed that you are one of the contributors to that example.

many-dress-54535

10/20/2021, 10:08 PM

message has been deleted

chilly-magazine-4507

10/21/2021, 12:11 AM

Hi all, I am specifying a name on the azure resource group, but I am still getting and autonamed resource group

witty-airport-81009

10/21/2021, 10:25 AM

If i add a provider to an azure-native stack that's already been deployed before the provider was added Pulumi wants to replace resources instead of just updating them. For a lot of resources in the stack that's fine, but for others, like db's this is not optimal. Is there anything I can do to make Pulumi think these are still the same resources, and all it needs to do is update the provider? The provider was added as we moved some resources in a stack across to a different azure subscription, whilst others (e.g. dns zone) remained in the old subscription.

blue-hair-13625

10/21/2021, 3:25 PM

Hi, is there a C# sample showing the correct format to assign a user assigned identity to a container instance? I've tried to follow the docs but no luck..

millions-journalist-34868

10/21/2021, 8:51 PM

Hi. How do you use existing Azure resources from your Pulumi program. In my context I would like to create the resource group that will contain my resources outside of my pulumi stack. The aim is to to the development team Contributor permissions but only on the resource group I created and not on the whole subscription. I have read about Resource getters in the documentation but it seems very specific to AWS. I also found this method on the docs I don't know if it's what I should use. If you have other suggestions, other ways of doing these kinds of things I am listening.

enough-butcher-66045

10/24/2021, 11:03 PM

👋 is there any way to specify the certificate management type for a FrontDoor Frontend Endpoint?

hallowed-traffic-28168

10/25/2021, 10:03 AM

Hi All, I am provisioning the azure storage account with pulumi (python and azure )and want to enforce the below security and best practice for an azure storage account. Please help. 1. Ensure that public access level is set to Private for a blob container. 2. Ensure that “Secure transfer required” is set to “Enabled”. 3. Ensure that Audit missing blob encryption for storage account is set to On. Thanks, Ravi

wooden-receptionist-75654

10/25/2021, 2:29 PM

Hi Guys, I’m using a

azure-native.containerservice

lib to create AKS cluster and I also would like deploy k8s RBAC objects with

kubernetes

lib. I have something like:

# Creating AKS
const cluster = new containerservice.ManagedCluster(...)

# Getting a kubectlconfig
const creds = pulumi.all([cluster.name, resourceGroup.name]).apply(([clusterName, rgName]) => {
  return containerservice.listManagedClusterUserCredentials({
      resourceGroupName: rgName,
      resourceName: clusterName,
  });
});
const encoded = creds.kubeconfigs[0].value;
const kubeconfig = encoded.apply(enc => Buffer.from(enc, "base64").toString());

# Creating provider
const aksProvider = new k8s.Provider("aks", {
  kubeconfig: kubeconfig
})
# And deploying a role
const devsGroupRole = new k8s.rbac.v1.Role("pulumi-devs",{...},  {provider: aksProvider})

And it appears that

kubeconfig

is required

browser-based authentication

for first time. I got

To sign in, use a web browser to open the page <https://microsoft.com/devicelogin>

I have tried it with user auth (az login) and got the same in CI with Service Principal. Is there any way to skip it?

narrow-helmet-6313

10/25/2021, 5:44 PM

Hi Team,

narrow-helmet-6313

10/25/2021, 5:45 PM

Hi Team, is there any pulumi api to get the region for the given subscription or location for azure cloud.

proud-appointment-22284

10/27/2021, 6:56 PM

Hello everyone, It is possible to exclude the subnet resource from imported virtualnetwork in pulumi? (I cannot afford just re-create vnet resource through the pulumi) When I ran pulumi import "azure-native:network:VirtualNetwork name id", I got all resources associated with the vnet resource such as subnets.

I want to take the subnets part outside of the virtualnetwork resource but the pulumi is not able to handle such extractions, so I end up with this configuration.                                                                   const VirtualNetwork = new network.VirtualNetwork("VirtualNetwork-test", {
    addressSpace: {
        addressPrefixes: ["10.49.184.0/23"],
    },
    enableDdosProtection: false,
    location: "westeurope",
    resourceGroupName: "rsg-network",
    subnets: [{
        addressPrefix: "10.49.185.0/27",
        name: "subnet-test",
        privateEndpointNetworkPolicies: "Enabled",
        privateLinkServiceNetworkPolicies: "Enabled",
        type: "Microsoft.Network/virtualNetworks/subnets",
    }],
    virtualNetworkName: "VirtualNetwork-test",
},);    

const subnet = new network.Subnet("subnet-test", {
    addressPrefix: "10.49.185.0/27",
    name: "subnet-test",
    privateEndpointNetworkPolicies: "Enabled",
    privateLinkServiceNetworkPolicies: "Enabled",
    resourceGroupName: "rsg-network",
    subnetName: "subnet-test",
    type: "Microsoft.Network/virtualNetworks/subnets",
    virtualNetworkName: "VirtualNetwork-test",
}, {
    parent: VirtualNetwork,
});
My goal is to achieve that the subnets part information would be just removed from the virtaulnetwork resource and I will have only standalone subnet resource, so the code should look like:                                           const VirtualNetwork = new network.VirtualNetwork("VirtualNetwork-test", {
    addressSpace: {
        addressPrefixes: ["10.49.184.0/23"],
    },
    enableDdosProtection: false,
    location: "westeurope",
    resourceGroupName: "rsg-network",
    virtualNetworkName: "VirtualNetwork-test",
},);    

const subnet = new network.Subnet("subnet-test", {
    addressPrefix: "10.49.185.0/27",
    name: "subnet-test",
    privateEndpointNetworkPolicies: "Enabled",
    privateLinkServiceNetworkPolicies: "Enabled",
    resourceGroupName: "rsg-network",
    subnetName: "subnet-test",
    type: "Microsoft.Network/virtualNetworks/subnets",
    virtualNetworkName: "VirtualNetwork-test",
}, {
    parent: VirtualNetwork,
});

brash-quill-35776

10/28/2021, 2:28 AM

Hi, just start to use azure-native, but seems like the args type are incorrect. Basically, the input type is now

string

, so I can't put

input

type to that then

output

type is

string

, which I think should be

output

type Please take a look If it's a legit issue, I can then create issue in Github

great-breakfast-56601

10/28/2021, 9:35 AM

Can anyone offer any reference for the correct casing of AddonProfiles?

great-breakfast-56601

10/28/2021, 9:35 AM

{ "KubeDashboard", new ManagedClusterAddonProfileArgs
                {
                    Enabled = false,
                }
               },
               { "Azurepolicy", new ManagedClusterAddonProfileArgs
                {
                    Enabled = true,
                    Config = new InputMap<string>{ {"version", "v2"} }
                }
               },
               { "omsagent", new ManagedClusterAddonProfileArgs
                {
                    Enabled = true,
                    Config = new InputMap<string>{ {"logAnalyticsWorkspaceResourceID", partnerAnalyticsWorkspace.Id} }
                }
               },

great-breakfast-56601

10/28/2021, 9:36 AM

Are any of these valid?

great-breakfast-56601

10/28/2021, 9:37 AM

Working in C#. Does the casing change by language?

proud-dusk-33872

10/28/2021, 11:35 PM

Hi all - trying to better understand how Pulumi works under the good. Given the call

Pulumi.Deployment.Instance.InvokeAsync<ListConfigurationStoreKeysResult>("azure-native:appconfiguration:listConfigurationStoreKeys", ...)

, where is

azure-native:appconfiguration:listConfigurationStoreKeys

coming from? Is there a config/manifest file somewhere that is used to generate all the code that would contain those references? I couldn't find the string reference outside of code files.

Title

proud-dusk-33872

10/28/2021, 11:35 PM

Hi all - trying to better understand how Pulumi works under the good. Given the call

Pulumi.Deployment.Instance.InvokeAsync<ListConfigurationStoreKeysResult>("azure-native:appconfiguration:listConfigurationStoreKeys", ...)

, where is

azure-native:appconfiguration:listConfigurationStoreKeys

coming from? Is there a config/manifest file somewhere that is used to generate all the code that would contain those references? I couldn't find the string reference outside of code files.

billowy-army-68599

10/28/2021, 11:59 PM

the SDK product comes from the APi using codegen we create. So we read the API and generate SDK calls. The thing that actually makes the calls themselves is the provider binary in

~/.pulumi/plugins

proud-dusk-33872

10/29/2021, 12:03 AM

Ah perfect, thanks.

Is there any reason why things like restarting web apps (https://docs.microsoft.com/en-us/rest/api/appservice/web-apps/restart) isn't mapped to an invokable static class?

(just curious, since it's all generated from the schemas)

billowy-army-68599

10/29/2021, 12:05 AM

I'll have to defer to @tall-librarian-49374 or @sparse-park-68967 for that, but it's more than likely because it only has one operation and doesn't create a "resource" You can of course just use the azure SDK in your particular language

proud-dusk-33872

10/29/2021, 12:06 AM

Ah ok, that makes sense

Yeah that's the direction I've gone in

Thanks very much

sparse-park-68967

10/29/2021, 12:40 AM

yes, we expose some of the get operations but most posts which may mutate state are not exposed. As @billowy-army-68599 mentioned, you could leverage the azure sdk in your language of choice. Its quite easy to initialize an SDK client from within a pulumi program. See https://github.com/pulumi/examples/blob/master/azure-ts-call-azure-sdk/index.ts#L11 for instance.

proud-dusk-33872

10/29/2021, 12:51 AM

Legend, thanks

View count: 3