https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • p

    proud-dusk-33872

    10/28/2021, 11:54 PM
    Separate question: my deployment requires that I perform an action after something has been deployed (eg. call an API endpoint on a webapp after it's deployed) but that action has no explicit return value. How does that work in terms of using Output? Should I still use Output.Apply for the dependency, but just return a dummy value (like bool / Unit) for my custom action?
    b
    • 2
    • 10
  • p

    powerful-football-81694

    10/31/2021, 12:07 PM
    Hi everyone! Does any one know how to create additional function app host keys using the native provider? I’ve figured out that we can query for existing ones using
    Pulumi.AzureNative.Web.ListWebAppHostKeys
    but I cannot seem to find how to create new one, neither during the initial deployment (using some options on
    WebAppArgs
    or
    SiteConfigArgs
    ) nor as any kind of separate resource. It seems very easy to do this using ARM (see https://blog.eldert.net/create-and-retrieve-azure-functions-function-keys-in-arm-template/) so I’m guessing there’s a simple way also through Pulumi and I’m just struggling to find it… thankful for any help!
    s
    • 2
    • 2
  • p

    powerful-football-81694

    10/31/2021, 6:25 PM
    Next stumbling block in automating APIM creation… a bit of a deadlock. Our Pulumi program: 1. creates
    ApiManagementService
    and configures it to have a system-assigned managed identity 2. must specify the custom hostname at creation time in the
    HostnameConfigurationArgs
    property, which references a certificate in key vault 3. but APIM fails to create because to read the cert from key vault, it needs an access policy… 4. but the
    KeyVaultAccessPolicy
    to give the APIM managed identity access to read secrets from key vault can only be created after the APIM service has been created, which can’t happen… So, APIM resource creation depends on the key vault access policy, which depends on the APIM resource… deadlock. Any advice on what do do in this situation?
    g
    • 2
    • 3
  • p

    powerful-football-81694

    10/31/2021, 6:27 PM
    Here’s the code I’m trying to use for this, in case it helps understand the problem in context.
    OrgFlowStack.cs
  • w

    wooden-receptionist-75654

    11/01/2021, 1:48 PM
    Hi Guys, In case I’d like to use buil-in role for
    authorization.RoleAssignment
    . Is there any way to get
    roleDefinitionId
    by the name? For example I’d like to use DNS Zone Contributor. How can I get it can roleDefinitionId for my subscription?
    p
    • 2
    • 6
  • c

    chilly-magazine-4507

    11/01/2021, 2:40 PM
    can we rollback a successfully deployed stack without deleting the whole resource group? like I have one stack to deploy app service plan A and app service A and anther stack to deploy app service plan B and app service B in one resource group and due to some reason I want to only rollback/destroy app service plan A and app service A but not app service plan B and app service B.
  • b

    brainy-eve-42271

    11/01/2021, 6:03 PM
    Hi, I'm trying to create an ExportConfiguration for our appInsights using pulumi, when I run the script I get a not found message back from Azure about the ExportConfiguration, any ideas ?. Snippet of code below -
    const storageAccountName = `storage${pulumi.getStack()}`;
    
    const storage = new azure.storage.Account(
        storageAccountName, 
        {
            resourceGroupName: resourceGroup.name,
            accountTier: "standard",
            accountReplicationType: "LRS",
            accountKind: "BlobStorage",
        },
        {
            deleteBeforeReplace: true,
        }
    );
    
    const appInsightsContainer = new azure.storage.Container("appinsights", {
        storageAccountName: storage.name,
        containerAccessType: "private",
    });
    
    const exportConfiguration = new azure_native.insights.ExportConfiguration(`export-configuration`, {
        destinationAccountId: storage.id,
        destinationAddress: storage.primaryBlobEndpoint,
        destinationType: "Blob",
        isEnabled: "true",
        notificationQueueEnabled: "false",
        notificationQueueUri: "",
        recordTypes: "Requests, Event, Exceptions, Metrics, PageViews, PageViewPerformance, Rdd, PerformanceCounters, Availability,Messages",
        resourceGroupName: resourceGroup.name,
        resourceName: appInsights.name,
    });
  • p

    powerful-football-81694

    11/01/2021, 7:07 PM
    Hi folks, does anyone know how to get to the actual error message behind:
    error: autorest/azure: error response cannot be parsed: "" error: EOF
    when Pulumi fails to create a resource? I turned on verbose logging to file but it doesn’t reveal more that what’s already shown in the output.
    • 1
    • 3
  • b

    brash-quill-35776

    11/02/2021, 2:07 AM
    Hi, I am trying to get secret value from KeyVault so that I can inject them into the others, but under
    KeyVault
    module, the only thing I can find is the
    getSecret
    but it shows as below, not sure how to get the actual value then Do I have to call the data plane rest API myself manually?
    p
    • 2
    • 6
  • m

    mysterious-piano-88140

    11/02/2021, 2:34 PM
    How can I import or query and use an existing App Service Certificate in my Pulumi script? I’ve spent the last few hours doing this, but unfortunately these attempts tend to produce errors rather than the desired result.
    p
    • 2
    • 22
  • g

    gorgeous-match-99659

    11/03/2021, 4:16 PM
    Hi trying to add sticky deployment slot app setting in azure app service, having trouble finding it in pulumi azure:native library anyone can help.
  • a

    abundant-book-94104

    11/04/2021, 3:55 AM
    Is there a location for all the config items I can set as azure-native? Is that the azure api itself or is there something else I need to wrap my head around?
    b
    • 2
    • 4
  • c

    chilly-magazine-4507

    11/08/2021, 10:09 AM
    is it ok to repost my question if I didn't get a response before?
  • w

    wooden-receptionist-75654

    11/08/2021, 10:43 AM
    Hi Guys, I’m creating AKS cluster with user assigned identity and on first run I get an error
    error: Code="CustomKubeletIdentityMissingPermissionError" Message="The cluster user assigned identity must be given permission to assign kubelet identity...
    even so I have dependency on it. I have something like this in my code:
    const cpIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {
      location: `${location}`,
      resourceGroupName: resourceGroup.name,
      resourceName: `${controlPlaneIdentity}`,
    });
    
    const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {
      location: config.location,
      resourceGroupName: resourceGroup.name,
      resourceName: `${kubeletIdentity}`,
    });
    
    const identityRoleAssignment = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
      principalId: cpIdentity.principalId,
      principalType: "ServicePrincipal",
      roleDefinitionId: `/subscriptions/${config.subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${config.managedIdentityOperatorId}`,
      scope: resourceGroup.id,
    });
    
    const cluster = new containerservice.ManagedCluster(
      "aks-cluster",
      {
        ...
        identity: {
          type: "UserAssigned",
          userAssignedIdentities: cpIdentity.id.apply((id) => {
            const dict: { [key: string]: any } = {};
            dict[id] = {};
            return dict;
          }),
        },
        identityProfile: {
          kubeletidentity: {
            clientId: kubeletIdentity.clientId,
            resourceId: kubeletIdentity.id,
            objectId: kubeletIdentity.principalId,
          },
        },
       ....
      },
      { dependsOn: [cpIdentity] }
    );
    Second re-run successfully deploy cluster. Is there any wait to build a proper dependency on it?
    g
    • 2
    • 2
  • m

    millions-candle-46687

    11/09/2021, 7:51 AM
    Hi Anyone knows why I cannot see the integration runtimes after being created in Pulumi in .Net in integrations view in ADF?
  • f

    full-winter-70537

    11/10/2021, 6:09 AM
    Hi, I recently had to import a bunch of Azure App Config settings into my stack, and the Pulumi CLI did two things: • Gave incorrect reports of timings (see below) • Left a bunch of pulumi executables running that were doing nothing except chew up memory Is it possible to have the Pulumi CLI not wait an hour to complete it's command? (and preferably not leave behind exe's?)
  • p

    polite-shoe-79877

    11/10/2021, 10:05 AM
    hi 🙂 ,how do you create a DiagnosticSettings for NSG that sends logs to Log analytics like this. Could not find any documentation for this NOTE fixed this using the https://www.pulumi.com/registry/packages/azure-native/api-docs/insights/diagnosticsetting/#creates-or-updates-the-diagnostic-setting
  • b

    brash-quill-35776

    11/11/2021, 12:27 AM
    Hi, I guess it's more of a Typescript thing but For type like
    *readonly* identity: pulumi.Output<outputs.web.ManagedServiceIdentityResponse | undefined>;
    How do I put them into another
    Input
    type? I would get
    Type 'Output<string | undefined>' is not assignable to type 'Input<string>'.
      Type 'OutputInstance<string | undefined>' is not assignable to type 'Input<string>'.
        Type 'OutputInstance<string | undefined>' is not assignable to type 'OutputInstance<string>'.
          Type 'string | undefined' is not assignable to type 'string'.
            Type 'undefined' is not assignable to type 'string'.ts(2322)
    b
    • 2
    • 2
  • w

    wet-noon-14291

    11/11/2021, 4:41 PM
    Anyone that has automated creation of azure sharepoint sites? Which sdk is it that I should use for it if anyone knows.
  • w

    wet-noon-14291

    11/12/2021, 11:21 AM
    Any plans on supporting the Entitlement management API for Azure AD? https://docs.microsoft.com/en-us/graph/api/resources/entitlementmanagement-root?view=graph-rest-beta
    h
    • 2
    • 1
  • r

    refined-tent-12187

    11/12/2021, 11:33 AM
    Hi everyone, I have an issue with Azure-native : certificateregistration.AppServiceCertificateOrderCertificate. azure-native.certificateregistration | Pulumi This method never ended. I make a very complete Github issue for explain. If you have an idea, I’m interested
  • a

    abundant-book-94104

    11/15/2021, 4:59 AM
    Hi, I'm working through some new infra and I have a Vnet with a subnet, I originally created the Vnet and then added the subnet. When I look in the console I can see the vnet resource, but not the subnet in it. I can add tag, but it's ignoring the subnet section
    virtual_network = azure_native.network.VirtualNetwork("My-Vnet-10-3-0-0",
    address_space=azure_native.network.AddressSpaceArgs(
    address_prefixes=["10.3.0.0/16"],
    ),
    tags={
    "Company": "Company Group",
    "ENVCODE": "DEV",
    "Environment": "Development",
    "Owner": "PMM"
    },
    location="somewhere",
    resource_group_name="DEV-ARG-Networks",
    virtual_network_name="DEV-ADS-Vnet-001"),
    subnets = [azure_native.network.SubnetArgs(
    address_prefix="10.3.2.0/27",
    name='DEV-ADS-Subnet-10-3-2-0',
    service_endpoints=[azure_native.network.ServiceEndpointPropertiesFormatArgs(
    service="Microsoft.Sql",
    )]
    )]
    • 1
    • 1
  • s

    some-ram-70663

    11/15/2021, 10:19 AM
    Hi everyone! I am working on a test project in Azure DevOps Classic where my goal is to create resources via Pulumi Azure Pipeline Tasks and then destroy them. I am currently using the pulumi.access.token variable which has the token value created from Pulumi, to allow unattended use of my account in this pipeline. reading the documentation, i wanted to try to use the connection services as proposed but i don't see what type to use when i create it. here are the documentation links: https://www.pulumi.com/blog/cd-made-easy-with-pulumi-and-azure-pipelines/, https://www.pulumi.com/docs/guides/continuous-delivery/azure-devops/ so this is not a problem but more a request for guidance, thanks in advance!
    g
    • 2
    • 1
  • a

    adorable-soccer-30455

    11/16/2021, 3:13 PM
    I want to enable Azure Policy Add-on for Kubernetes on some k8s-clusters provisioned with pulumi. I can't find any parameter to do that in the documentation; https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/ Anyone that knows how to achieve this through pulumi?
    b
    g
    +2
    • 5
    • 6
  • i

    important-book-47803

    11/16/2021, 3:31 PM
    Has anyone come across this issue with AxureNative.DocumentDb.DatabaseAccount where the BackupPolicy response is always ContinuousMode?
    BackupPolicy = new PeriodicModeBackupPolicyArgs
    {
    PeriodicModeProperties = new PeriodicModePropertiesArgs
    {
    BackupIntervalInMinutes = 1440,
    BackupRetentionIntervalInHours = 168
    },
    Type = "Periodic"
    },
    This is my code where I am setting it to be periodic but I want to have tests to check these values, however when getting the BackupPolicy.Value it is always of type ContinuousModeBackupPolicyResponse so I am unable to test minutes/hours values. These will change depending on environment. It does deploy correctly to azure as periodic with those values but don't want to have a manual check around this. For Azure.Core it worked as expected.
  • a

    adorable-soccer-30455

    11/19/2021, 11:50 AM
    I'm trying to get the Log Analytics agent (OMS agent) installed in centos pod's in a AKS cluster, but seems like it don't start when it's being installed. Anyone with experience in doing this?
  • e

    elegant-stone-54832

    11/21/2021, 8:13 PM
    Hi! I am trying to grant Directory Reader role to an Azure SQL Server instance, but I stuck.
    var sqlServerManagedIdentity = sqlServer.Identity.Apply(x => x.PrincipalId);
    
    new AppRoleAssignment("SqlServerDirectoryReader", new AppRoleAssignmentArgs
    {
        AppRoleId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
        PrincipalObjectId = sqlServerManagedIdentity,
        ResourceObjectId = sqlServerManagedIdentity
    });
    I dont' know the difference between PrincipalObjectId and ResourceObjectId 😕 Does any one has an idea?
    a
    • 2
    • 4
  • f

    faint-tiger-16075

    11/22/2021, 5:48 PM
    Is it possible to deploy an App Service (WebApp) and get it's Publish Profile w/ Pulumi? I have the WebApp deploying just fine, but I'm not seeing that I can get the value of the Publishing Profile from the result. My goal is to set a Github Action Secret with the publishing profile value in my repo so my build scripts can subsequently use it for deployments. I'm not seeing it in the documentation.
    f
    • 2
    • 2
  • a

    ancient-eve-13947

    11/24/2021, 1:33 PM
    how do I set the scaling properties for an app service (what you find under "Scale out (App Service plan)" in the portal) for an app service or an app service plan, using the azure native provider?
    t
    • 2
    • 19
  • a

    adamant-motherboard-21586

    11/26/2021, 8:27 AM
    What is the principles I need to follow, when I provision two resources that are dependent on each other? Apparently I cannot modify a resource after it has been declared. So, I have an Azure Functions application that is accessing a Cosmos DB container. I want to restrict the Cosmos DB account to allow only the system assigned identity of the Azure Functions account from the IP's defined on the Function Application's possible outbound IPs, and I want to configure the Functions Application with either the primary or secondary key from the Cosmos DB account. To get this information, I need to declare both of the resources, at which point I can't figure out how to modify the resources again in my stack. How should I accomplish this?
    t
    • 2
    • 6
Powered by Linen
Title
a

adamant-motherboard-21586

11/26/2021, 8:27 AM
What is the principles I need to follow, when I provision two resources that are dependent on each other? Apparently I cannot modify a resource after it has been declared. So, I have an Azure Functions application that is accessing a Cosmos DB container. I want to restrict the Cosmos DB account to allow only the system assigned identity of the Azure Functions account from the IP's defined on the Function Application's possible outbound IPs, and I want to configure the Functions Application with either the primary or secondary key from the Cosmos DB account. To get this information, I need to declare both of the resources, at which point I can't figure out how to modify the resources again in my stack. How should I accomplish this?
t

tall-librarian-49374

11/26/2021, 8:40 AM
I want to configure the Functions Application with either the primary or secondary key from the Cosmos DB account
You can set web app (function app) settings as a separate resource which would go the last in your program.
a

adamant-motherboard-21586

11/26/2021, 12:46 PM
Thanks! So first the function app, then Cosmos DB and lastly the function app configuration as a separate resource. Is this the "standard" way of handling similar situations in Pulumi? Configuration of a resource can either be set when the actual resource is declared, or as a separate "child" resource?
t

tall-librarian-49374

11/26/2021, 1:11 PM
I can’t say if it’s standard… Our current model in azure-native maps ARM resources 1:1 so it’s up to the Azure service teams how they design resource models.
a

adamant-motherboard-21586

11/26/2021, 4:58 PM
So there is not a built-in mechanism in Pulumi that can handle situations where the creation of resource 1 is dependent on outputs from resource 2, which in turn is dependent on outputs from resource 1?
t

tall-librarian-49374

11/26/2021, 8:51 PM
No
a

adamant-motherboard-21586

11/27/2021, 6:04 AM
OK, thanks!
View count: 3