Here’s the code I’m trying to use for this, in case it helps understand the problem in context.

Hi Guys, In case I’d like to use buil-in role for

authorization.RoleAssignment

. Is there any way to get

roleDefinitionId

by the name? For example I’d like to use DNS Zone Contributor. How can I get it can roleDefinitionId for my subscription?

can we rollback a successfully deployed stack without deleting the whole resource group? like I have one stack to deploy app service plan A and app service A and anther stack to deploy app service plan B and app service B in one resource group and due to some reason I want to only rollback/destroy app service plan A and app service A but not app service plan B and app service B.

Hi, I'm trying to create an ExportConfiguration for our appInsights using pulumi, when I run the script I get a not found message back from Azure about the ExportConfiguration, any ideas ?. Snippet of code below -

const storageAccountName = `storage${pulumi.getStack()}`;

const storage = new azure.storage.Account(
    storageAccountName, 
    {
        resourceGroupName: resourceGroup.name,
        accountTier: "standard",
        accountReplicationType: "LRS",
        accountKind: "BlobStorage",
    },
    {
        deleteBeforeReplace: true,
    }
);

const appInsightsContainer = new azure.storage.Container("appinsights", {
    storageAccountName: storage.name,
    containerAccessType: "private",
});

const exportConfiguration = new azure_native.insights.ExportConfiguration(`export-configuration`, {
    destinationAccountId: storage.id,
    destinationAddress: storage.primaryBlobEndpoint,
    destinationType: "Blob",
    isEnabled: "true",
    notificationQueueEnabled: "false",
    notificationQueueUri: "",
    recordTypes: "Requests, Event, Exceptions, Metrics, PageViews, PageViewPerformance, Rdd, PerformanceCounters, Availability,Messages",
    resourceGroupName: resourceGroup.name,
    resourceName: appInsights.name,
});

Hi folks, does anyone know how to get to the actual error message behind:

error: autorest/azure: error response cannot be parsed: "" error: EOF

when Pulumi fails to create a resource? I turned on verbose logging to file but it doesn’t reveal more that what’s already shown in the output.

Hi, I am trying to get secret value from KeyVault so that I can inject them into the others, but under

KeyVault

module, the only thing I can find is the

getSecret

but it shows as below, not sure how to get the actual value then Do I have to call the data plane rest API myself manually?

How can I import or query and use an existing App Service Certificate in my Pulumi script? I’ve spent the last few hours doing this, but unfortunately these attempts tend to produce errors rather than the desired result.

Hi trying to add sticky deployment slot app setting in azure app service, having trouble finding it in pulumi azure:native library anyone can help.

Is there a location for all the config items I can set as azure-native? Is that the azure api itself or is there something else I need to wrap my head around?

is it ok to repost my question if I didn't get a response before?

Hi Guys, I’m creating AKS cluster with user assigned identity and on first run I get an error

error: Code="CustomKubeletIdentityMissingPermissionError" Message="The cluster user assigned identity must be given permission to assign kubelet identity...

even so I have dependency on it. I have something like this in my code:

const cpIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {
  location: `${location}`,
  resourceGroupName: resourceGroup.name,
  resourceName: `${controlPlaneIdentity}`,
});

const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {
  location: config.location,
  resourceGroupName: resourceGroup.name,
  resourceName: `${kubeletIdentity}`,
});

const identityRoleAssignment = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
  principalId: cpIdentity.principalId,
  principalType: "ServicePrincipal",
  roleDefinitionId: `/subscriptions/${config.subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${config.managedIdentityOperatorId}`,
  scope: resourceGroup.id,
});

const cluster = new containerservice.ManagedCluster(
  "aks-cluster",
  {
    ...
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: cpIdentity.id.apply((id) => {
        const dict: { [key: string]: any } = {};
        dict[id] = {};
        return dict;
      }),
    },
    identityProfile: {
      kubeletidentity: {
        clientId: kubeletIdentity.clientId,
        resourceId: kubeletIdentity.id,
        objectId: kubeletIdentity.principalId,
      },
    },
   ....
  },
  { dependsOn: [cpIdentity] }
);

Second re-run successfully deploy cluster. Is there any wait to build a proper dependency on it?

Hi Anyone knows why I cannot see the integration runtimes after being created in Pulumi in .Net in integrations view in ADF?

Hi, I recently had to import a bunch of Azure App Config settings into my stack, and the Pulumi CLI did two things: • Gave incorrect reports of timings (see below) • Left a bunch of pulumi executables running that were doing nothing except chew up memory Is it possible to have the Pulumi CLI not wait an hour to complete it's command? (and preferably not leave behind exe's?)

hi 🙂 ,how do you create a DiagnosticSettings for NSG that sends logs to Log analytics like this. Could not find any documentation for this NOTE fixed this using the https://www.pulumi.com/registry/packages/azure-native/api-docs/insights/diagnosticsetting/#creates-or-updates-the-diagnostic-setting

Hi, I guess it's more of a Typescript thing but For type like

*readonly* identity: pulumi.Output<outputs.web.ManagedServiceIdentityResponse | undefined>;

How do I put them into another

Input

type? I would get

Type 'Output<string | undefined>' is not assignable to type 'Input<string>'.
  Type 'OutputInstance<string | undefined>' is not assignable to type 'Input<string>'.
    Type 'OutputInstance<string | undefined>' is not assignable to type 'OutputInstance<string>'.
      Type 'string | undefined' is not assignable to type 'string'.
        Type 'undefined' is not assignable to type 'string'.ts(2322)

Anyone that has automated creation of azure sharepoint sites? Which sdk is it that I should use for it if anyone knows.

Any plans on supporting the Entitlement management API for Azure AD? https://docs.microsoft.com/en-us/graph/api/resources/entitlementmanagement-root?view=graph-rest-beta

Hi everyone, I have an issue with Azure-native : certificateregistration.AppServiceCertificateOrderCertificate. azure-native.certificateregistration | Pulumi This method never ended. I make a very complete Github issue for explain. If you have an idea, I’m interested

Hi, I'm working through some new infra and I have a Vnet with a subnet, I originally created the Vnet and then added the subnet. When I look in the console I can see the vnet resource, but not the subnet in it. I can add tag, but it's ignoring the subnet section

virtual_network = azure_native.network.VirtualNetwork("My-Vnet-10-3-0-0",

address_space=azure_native.network.AddressSpaceArgs(

address_prefixes=["10.3.0.0/16"],

),

tags={

"Company": "Company Group",

"ENVCODE": "DEV",

"Environment": "Development",

"Owner": "PMM"

},

location="somewhere",

resource_group_name="DEV-ARG-Networks",

virtual_network_name="DEV-ADS-Vnet-001"),

subnets = [azure_native.network.SubnetArgs(

address_prefix="10.3.2.0/27",

name='DEV-ADS-Subnet-10-3-2-0',

service_endpoints=[azure_native.network.ServiceEndpointPropertiesFormatArgs(

service="Microsoft.Sql",

)]

)]

Hi everyone! I am working on a test project in Azure DevOps Classic where my goal is to create resources via Pulumi Azure Pipeline Tasks and then destroy them. I am currently using the pulumi.access.token variable which has the token value created from Pulumi, to allow unattended use of my account in this pipeline. reading the documentation, i wanted to try to use the connection services as proposed but i don't see what type to use when i create it. here are the documentation links: https://www.pulumi.com/blog/cd-made-easy-with-pulumi-and-azure-pipelines/, https://www.pulumi.com/docs/guides/continuous-delivery/azure-devops/ so this is not a problem but more a request for guidance, thanks in advance!

I want to enable Azure Policy Add-on for Kubernetes on some k8s-clusters provisioned with pulumi. I can't find any parameter to do that in the documentation; https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/ Anyone that knows how to achieve this through pulumi?

Has anyone come across this issue with AxureNative.DocumentDb.DatabaseAccount where the BackupPolicy response is always ContinuousMode?

BackupPolicy = new PeriodicModeBackupPolicyArgs

{

PeriodicModeProperties = new PeriodicModePropertiesArgs

{

BackupIntervalInMinutes = 1440,

BackupRetentionIntervalInHours = 168

},

Type = "Periodic"

},

This is my code where I am setting it to be periodic but I want to have tests to check these values, however when getting the BackupPolicy.Value it is always of type ContinuousModeBackupPolicyResponse so I am unable to test minutes/hours values. These will change depending on environment. It does deploy correctly to azure as periodic with those values but don't want to have a manual check around this. For Azure.Core it worked as expected.

I'm trying to get the Log Analytics agent (OMS agent) installed in centos pod's in a AKS cluster, but seems like it don't start when it's being installed. Anyone with experience in doing this?

Hi! I am trying to grant Directory Reader role to an Azure SQL Server instance, but I stuck.

var sqlServerManagedIdentity = sqlServer.Identity.Apply(x => x.PrincipalId);

new AppRoleAssignment("SqlServerDirectoryReader", new AppRoleAssignmentArgs
{
    AppRoleId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
    PrincipalObjectId = sqlServerManagedIdentity,
    ResourceObjectId = sqlServerManagedIdentity
});

I dont' know the difference between PrincipalObjectId and ResourceObjectId 😕 Does any one has an idea?

Is it possible to deploy an App Service (WebApp) and get it's Publish Profile w/ Pulumi? I have the WebApp deploying just fine, but I'm not seeing that I can get the value of the Publishing Profile from the result. My goal is to set a Github Action Secret with the publishing profile value in my repo so my build scripts can subsequently use it for deployments. I'm not seeing it in the documentation.

how do I set the scaling properties for an app service (what you find under "Scale out (App Service plan)" in the portal) for an app service or an app service plan, using the azure native provider?

What is the principles I need to follow, when I provision two resources that are dependent on each other? Apparently I cannot modify a resource after it has been declared. So, I have an Azure Functions application that is accessing a Cosmos DB container. I want to restrict the Cosmos DB account to allow only the system assigned identity of the Azure Functions account from the IP's defined on the Function Application's possible outbound IPs, and I want to configure the Functions Application with either the primary or secondary key from the Cosmos DB account. To get this information, I need to declare both of the resources, at which point I can't figure out how to modify the resources again in my stack. How should I accomplish this?

I'm working on setting up Azure Data Factory, but getting stuck on connecting to the repository. As I can't find any worked examples, I've trawled the source code and it would appear for Azure DevOps one would use the FactoryVSTSConfiguration, however it appears deprecated from the system. Only FactoryGitHubConfiguration is available Does Azure DevOps use the Github config?

Hi @tall-librarian-49374 I am trying to set up authentication for a FunctionApp using WebAppAuthSettingsV2. How do I set the "Client secret value", aka the value for the MICROSOFT_PROVIDER_AUTHENTICATION_SECRET? Previously, I was able to set it with WebAppAuthSettings.MicrosoftAccountClientSecret, but I cannot find any relevant properties in WebAppAuthSettingsV2.

Is sentinel set up in the Azure Native library?