Separate question: my deployment requires that I perform an action after something has been deployed (eg. call an API endpoint on a webapp after it's deployed) but that action has no explicit return value. How does that work in terms of using Output? Should I still use Output.Apply for the dependency, but just return a dummy value (like bool / Unit) for my custom action?

Hi everyone! Does any one know how to create additional function app host keys using the native provider? I’ve figured out that we can query for existing ones using

Pulumi.AzureNative.Web.ListWebAppHostKeys

but I cannot seem to find how to create new one, neither during the initial deployment (using some options on

WebAppArgs

or

SiteConfigArgs

) nor as any kind of separate resource. It seems very easy to do this using ARM (see https://blog.eldert.net/create-and-retrieve-azure-functions-function-keys-in-arm-template/) so I’m guessing there’s a simple way also through Pulumi and I’m just struggling to find it… thankful for any help!

Next stumbling block in automating APIM creation… a bit of a deadlock. Our Pulumi program: 1. creates

ApiManagementService

and configures it to have a system-assigned managed identity 2. must specify the custom hostname at creation time in the

HostnameConfigurationArgs

property, which references a certificate in key vault 3. but APIM fails to create because to read the cert from key vault, it needs an access policy… 4. but the

KeyVaultAccessPolicy

to give the APIM managed identity access to read secrets from key vault can only be created after the APIM service has been created, which can’t happen… So, APIM resource creation depends on the key vault access policy, which depends on the APIM resource… deadlock. Any advice on what do do in this situation?

Here’s the code I’m trying to use for this, in case it helps understand the problem in context.

Hi Guys, In case I’d like to use buil-in role for

authorization.RoleAssignment

. Is there any way to get

roleDefinitionId

by the name? For example I’d like to use DNS Zone Contributor. How can I get it can roleDefinitionId for my subscription?

can we rollback a successfully deployed stack without deleting the whole resource group? like I have one stack to deploy app service plan A and app service A and anther stack to deploy app service plan B and app service B in one resource group and due to some reason I want to only rollback/destroy app service plan A and app service A but not app service plan B and app service B.

Hi, I'm trying to create an ExportConfiguration for our appInsights using pulumi, when I run the script I get a not found message back from Azure about the ExportConfiguration, any ideas ?. Snippet of code below -

const storageAccountName = `storage${pulumi.getStack()}`;

const storage = new azure.storage.Account(
    storageAccountName, 
    {
        resourceGroupName: resourceGroup.name,
        accountTier: "standard",
        accountReplicationType: "LRS",
        accountKind: "BlobStorage",
    },
    {
        deleteBeforeReplace: true,
    }
);

const appInsightsContainer = new azure.storage.Container("appinsights", {
    storageAccountName: storage.name,
    containerAccessType: "private",
});

const exportConfiguration = new azure_native.insights.ExportConfiguration(`export-configuration`, {
    destinationAccountId: storage.id,
    destinationAddress: storage.primaryBlobEndpoint,
    destinationType: "Blob",
    isEnabled: "true",
    notificationQueueEnabled: "false",
    notificationQueueUri: "",
    recordTypes: "Requests, Event, Exceptions, Metrics, PageViews, PageViewPerformance, Rdd, PerformanceCounters, Availability,Messages",
    resourceGroupName: resourceGroup.name,
    resourceName: appInsights.name,
});

Hi folks, does anyone know how to get to the actual error message behind:

error: autorest/azure: error response cannot be parsed: "" error: EOF

when Pulumi fails to create a resource? I turned on verbose logging to file but it doesn’t reveal more that what’s already shown in the output.

Hi, I am trying to get secret value from KeyVault so that I can inject them into the others, but under

KeyVault

module, the only thing I can find is the

getSecret

but it shows as below, not sure how to get the actual value then Do I have to call the data plane rest API myself manually?

How can I import or query and use an existing App Service Certificate in my Pulumi script? I’ve spent the last few hours doing this, but unfortunately these attempts tend to produce errors rather than the desired result.

Hi trying to add sticky deployment slot app setting in azure app service, having trouble finding it in pulumi azure:native library anyone can help.

Is there a location for all the config items I can set as azure-native? Is that the azure api itself or is there something else I need to wrap my head around?

is it ok to repost my question if I didn't get a response before?

Hi Guys, I’m creating AKS cluster with user assigned identity and on first run I get an error

error: Code="CustomKubeletIdentityMissingPermissionError" Message="The cluster user assigned identity must be given permission to assign kubelet identity...

even so I have dependency on it. I have something like this in my code:

const cpIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {
  location: `${location}`,
  resourceGroupName: resourceGroup.name,
  resourceName: `${controlPlaneIdentity}`,
});

const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {
  location: config.location,
  resourceGroupName: resourceGroup.name,
  resourceName: `${kubeletIdentity}`,
});

const identityRoleAssignment = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
  principalId: cpIdentity.principalId,
  principalType: "ServicePrincipal",
  roleDefinitionId: `/subscriptions/${config.subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${config.managedIdentityOperatorId}`,
  scope: resourceGroup.id,
});

const cluster = new containerservice.ManagedCluster(
  "aks-cluster",
  {
    ...
    identity: {
      type: "UserAssigned",
      userAssignedIdentities: cpIdentity.id.apply((id) => {
        const dict: { [key: string]: any } = {};
        dict[id] = {};
        return dict;
      }),
    },
    identityProfile: {
      kubeletidentity: {
        clientId: kubeletIdentity.clientId,
        resourceId: kubeletIdentity.id,
        objectId: kubeletIdentity.principalId,
      },
    },
   ....
  },
  { dependsOn: [cpIdentity] }
);

Second re-run successfully deploy cluster. Is there any wait to build a proper dependency on it?

Hi Anyone knows why I cannot see the integration runtimes after being created in Pulumi in .Net in integrations view in ADF?

Hi, I recently had to import a bunch of Azure App Config settings into my stack, and the Pulumi CLI did two things: • Gave incorrect reports of timings (see below) • Left a bunch of pulumi executables running that were doing nothing except chew up memory Is it possible to have the Pulumi CLI not wait an hour to complete it's command? (and preferably not leave behind exe's?)

hi 🙂 ,how do you create a DiagnosticSettings for NSG that sends logs to Log analytics like this. Could not find any documentation for this NOTE fixed this using the https://www.pulumi.com/registry/packages/azure-native/api-docs/insights/diagnosticsetting/#creates-or-updates-the-diagnostic-setting

Hi, I guess it's more of a Typescript thing but For type like

*readonly* identity: pulumi.Output<outputs.web.ManagedServiceIdentityResponse | undefined>;

How do I put them into another

Input

type? I would get

Type 'Output<string | undefined>' is not assignable to type 'Input<string>'.
  Type 'OutputInstance<string | undefined>' is not assignable to type 'Input<string>'.
    Type 'OutputInstance<string | undefined>' is not assignable to type 'OutputInstance<string>'.
      Type 'string | undefined' is not assignable to type 'string'.
        Type 'undefined' is not assignable to type 'string'.ts(2322)

Anyone that has automated creation of azure sharepoint sites? Which sdk is it that I should use for it if anyone knows.

Any plans on supporting the Entitlement management API for Azure AD? https://docs.microsoft.com/en-us/graph/api/resources/entitlementmanagement-root?view=graph-rest-beta

Hi everyone, I have an issue with Azure-native : certificateregistration.AppServiceCertificateOrderCertificate. azure-native.certificateregistration | Pulumi This method never ended. I make a very complete Github issue for explain. If you have an idea, I’m interested

Hi, I'm working through some new infra and I have a Vnet with a subnet, I originally created the Vnet and then added the subnet. When I look in the console I can see the vnet resource, but not the subnet in it. I can add tag, but it's ignoring the subnet section

virtual_network = azure_native.network.VirtualNetwork("My-Vnet-10-3-0-0",

address_space=azure_native.network.AddressSpaceArgs(

address_prefixes=["10.3.0.0/16"],

),

tags={

"Company": "Company Group",

"ENVCODE": "DEV",

"Environment": "Development",

"Owner": "PMM"

},

location="somewhere",

resource_group_name="DEV-ARG-Networks",

virtual_network_name="DEV-ADS-Vnet-001"),

subnets = [azure_native.network.SubnetArgs(

address_prefix="10.3.2.0/27",

name='DEV-ADS-Subnet-10-3-2-0',

service_endpoints=[azure_native.network.ServiceEndpointPropertiesFormatArgs(

service="Microsoft.Sql",

)]

)]

Hi everyone! I am working on a test project in Azure DevOps Classic where my goal is to create resources via Pulumi Azure Pipeline Tasks and then destroy them. I am currently using the pulumi.access.token variable which has the token value created from Pulumi, to allow unattended use of my account in this pipeline. reading the documentation, i wanted to try to use the connection services as proposed but i don't see what type to use when i create it. here are the documentation links: https://www.pulumi.com/blog/cd-made-easy-with-pulumi-and-azure-pipelines/, https://www.pulumi.com/docs/guides/continuous-delivery/azure-devops/ so this is not a problem but more a request for guidance, thanks in advance!

I want to enable Azure Policy Add-on for Kubernetes on some k8s-clusters provisioned with pulumi. I can't find any parameter to do that in the documentation; https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/ Anyone that knows how to achieve this through pulumi?

Has anyone come across this issue with AxureNative.DocumentDb.DatabaseAccount where the BackupPolicy response is always ContinuousMode?

BackupPolicy = new PeriodicModeBackupPolicyArgs

{

PeriodicModeProperties = new PeriodicModePropertiesArgs

{

BackupIntervalInMinutes = 1440,

BackupRetentionIntervalInHours = 168

},

Type = "Periodic"

},

This is my code where I am setting it to be periodic but I want to have tests to check these values, however when getting the BackupPolicy.Value it is always of type ContinuousModeBackupPolicyResponse so I am unable to test minutes/hours values. These will change depending on environment. It does deploy correctly to azure as periodic with those values but don't want to have a manual check around this. For Azure.Core it worked as expected.

I'm trying to get the Log Analytics agent (OMS agent) installed in centos pod's in a AKS cluster, but seems like it don't start when it's being installed. Anyone with experience in doing this?

Hi! I am trying to grant Directory Reader role to an Azure SQL Server instance, but I stuck.

var sqlServerManagedIdentity = sqlServer.Identity.Apply(x => x.PrincipalId);

new AppRoleAssignment("SqlServerDirectoryReader", new AppRoleAssignmentArgs
{
    AppRoleId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
    PrincipalObjectId = sqlServerManagedIdentity,
    ResourceObjectId = sqlServerManagedIdentity
});

I dont' know the difference between PrincipalObjectId and ResourceObjectId 😕 Does any one has an idea?

Is it possible to deploy an App Service (WebApp) and get it's Publish Profile w/ Pulumi? I have the WebApp deploying just fine, but I'm not seeing that I can get the value of the Publishing Profile from the result. My goal is to set a Github Action Secret with the publishing profile value in my repo so my build scripts can subsequently use it for deployments. I'm not seeing it in the documentation.

how do I set the scaling properties for an app service (what you find under "Scale out (App Service plan)" in the portal) for an app service or an app service plan, using the azure native provider?