Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
azure
- q
quiet-hairdresser-18834
01/12/2022, 5:32 PMThis current version where I just set "gateway" as a field gives me a different error of "The gateway reference connection parameter is missing for the on-premise connection request." which does not help me a lot 😄 - r
rich-businessperson-35436
01/15/2022, 9:06 PMHey all. Is there a way to set what manifests as ServicePrincipalOauth2PermissionScope on service principals? - r
rich-businessperson-35436
01/15/2022, 9:06 PMI need to endow a ServicePrincipal with such power but am failz - b
bulky-oil-97030
01/17/2022, 12:04 PMHello everyone, I'm trying to import a B2C App Registration.
gives me the application I want with:az ad app list
However the import{ "acceptMappedClaims": null, "addIns": [], "allowGuestsSignIn": null, "allowPassthroughUsers": null, "appId": "0b89550a-4c40-4d95-91a3-753d8a823564", "appLogoUrl": null, "appPermissions": null, "appRoles": [], "applicationTemplateId": null, "availableToOtherTenants": true, "deletionTimestamp": null, "displayName": "analyticsapi", ..... "objectId": "8366522d-204a-41b4-ba30-ef01c99c9fdf", "objectType": "Application", "odata.type": "Microsoft.DirectoryServices.Application", .... }
comes back empty with:$ pulumi import azuread:index/application:Application analyticsapi 8366522d-204a-41b4-ba30-ef01c99c9fdf
What am I doing wrong?Previewing import (qa): Type Name Plan Info pulumi:pulumi:Stack iam-import-qa 1 error = └─ azuread:index:Application analyticsapi import 1 error Diagnostics: pulumi:pulumi:Stack (iam-import-qa): error: preview failed azuread:index:Application (analyticsapi): error: Preview failed: resource '8366522d-204a-41b4-ba30-ef01c99c9fdf' does not exist - b
bulky-oil-97030
01/17/2022, 3:12 PMHey everyone, another question about azuread: When creating an application secret, trying to write its value to the output just gives me
e.g.:[secret]
What am I doing wrong?Outputs: .... + graphApiApplicationSecretFull : { + applicationObjectId: "<the-app-id>" + displayName : "User Onboarding Secret" + endDate : "2024-01-17T14:33:11Z" + id : "<the-pw-id>" + keyId : "<the-key-id>" + startDate : "2022-01-17T14:33:11Z" + urn : "urn:pulumi:qa::ti-iam-tenant-auth::azuread:index/applicationPassword:ApplicationPassword::graphApiAplicationSecret" + value : "[secret]" } ....- 1
- 1
- a
abundant-potato-97520
01/20/2022, 2:31 PMHi, I'm trying to create an access policy for an existing keyvault. I'm using GetVault.Invoke from azure native using a different provider (our keyvaults are on a different subscription to the one I'm creating webapps on etc.) and then using the original azure package to create the access policy and everything works nicely when I pulumi up from my command line. I can find the access policies using resources.azure.com. However, when running the stack via azure pipelines this step fails claiming that it can't find the resource group that the keyvault belongs to:
anyone an ideas why this is?retrieving Key Vault "xxxxx-xxx-xx" (Resource Group "xxxxxx-xxxxx-xx"): keyvault.VaultsClient#Get: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceGroupNotFound" Message="Resource group 'xxxxxx-xxxxx-xx' could not be found."- 1
- 2
- h
high-leather-15669
01/21/2022, 12:50 PMHello, I am trying to create a Disk Encryption Set in Azure, and get the following error:
Any idea why?cannot check existence of resource '/subscriptions/xxx/resourceGroups/%2Fsubscriptions%xx%2FresourceGroups%2Fxxx/providers/Microsoft.Compute/diskEncryptionSets/des-xxx': status code 400, {"error":{"code":"InvalidApiVersionParameter","message":"The api-version '2020-12-01' is invalid. The supported versions are '2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04'."}}- 1
- 1
- b
big-sugar-92932
01/21/2022, 8:26 PMI'm trying to create a role assignment that gives an existing app service access to a storage account. How do I get the principal id of that existing app service. #azurec- 2
- 10
- b
big-sugar-92932
01/23/2022, 9:23 PMOk, now I'm trying to figure out how to configure the autoscale settings/rules for an AppServicePlan. Can't find any docs or samples on how to do that,g- 2
- 1
- w
wet-noon-14291
01/24/2022, 1:26 PM@tall-librarian-49374, looking at one example you posted, https://github.com/pulumi/pulumi-azure-native/blob/ae7f380268c97b951a76848ec45b3bafa22d4338/examples/postgres/index.ts, is it the SKU that defines that it is a flexible server?t- 2
- 20
- r
refined-sugar-8079
01/26/2022, 1:28 PMHas anyone tried applying a BlobContainerImmutabilityPolicy to a a AzureNative.Storage.BlobContainer? It appears whenever a BlobContainer is created it also creates the default BlobContainerImmutabilityPolicy but puts it in a Deleted state which prevents us for trying to import it, but it also fails when trying to create a new Policy. Even following the sample in https://www.pulumi.com/registry/packages/azure-native/api-docs/storage/blobcontainerimmutabilitypolicy/ will always result in:
The only alternative I've found was to use Local Command to execute az using CLI, but that is not really an ideal solutioncannot create already existing resource '/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.Storage/storageAccounts/xxx/blobServices/default/containers/container42/immutabilityPolicies/default - g
great-manchester-70568
01/27/2022, 7:45 AMcan anyone here verify if pulumi with azure native stack can provision azure keyvaults into an Azure lighthouse managed subscription. We have our application configured in Terraform and they cannot as they touch the data plane when creating the keyvault. - c
clean-alarm-24426
01/27/2022, 2:23 PMI apologize if this is already addressed somewhere, I wasn't able to locate it. I'm on a project now where the client wants to provide some self-service options that match some reference architectures. It appears that the best option for what their trying to do is some Azure Managed Application Service Catalog offerings. I've been doing a bit of a five into Managed Applications. As best I can tell, the only format supported in a Managed Application definition is an ARM template. Please correct me and point me to some documentation if I'm wrong on this. Pulumi clearly provides a mechanism to create the offering, which is terrific. Most of the infrastructure that would be used in these offerings is already defined using Pulumi and I'd really like to avoid having to replicate the infrastructure as ARM templates, especially by hand. I have two main questions. 1. Am I missing something? Can I create an Azure Managed Application definition that refers to a Pulumi project instead of an ARM template? 2. If not, is there a viable way to simply generate an ARM template from a Pulumi project? This would allow the client to maintain Pulumi as the main definition and simply regenerate ARM templates for Managed Applications as needed.t- 2
- 1
- q
quiet-hairdresser-18834
01/29/2022, 4:10 PMHaving issues with azure login via a service principal. Things were working but my secret expired. I created a new one and set it both in azure:clientSecret for my config and the $env:ARM_CLIENT_SECRET. Is there some sort of cache for this or am I missing something?- 1
- 1
- s
swift-hamburger-98290
01/31/2022, 9:07 AMIs there a way to restart a WebApp after assigning a
(https://www.pulumi.com/registry/packages/azure-native/api-docs/authorization/roleassignment/)? We run into the following problem: 1. Create KeyVault and a secret; 2. Create WebApp; 3. GiveRoleAssignment
to WebApp on the KeyVault; 4. WebApp crashes because it starts without having the permission yet. Is there a way to solve this?Key Vault Secrets Userf- 2
- 9
- m
millions-journalist-34868
01/31/2022, 10:54 PMWhat is the proper way to grant permissions to add azure ad users/ applications on an azure sql database using Pulumi ? Doing that requires to execute an sql command on the database and I don't know where to put this code in my Pulumi program:
I have seen there is a new Command package in Pulumi, could this be a good idea to use that? What are the other options? Dynamic provider?CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER; ALTER ROLE db_datareader ADD MEMBER [<identity-name>]; ALTER ROLE db_datawriter ADD MEMBER [<identity-name>]; GOd- 2
- 9
- a
ancient-eve-13947
02/03/2022, 11:23 AMcan anyone point me to an example or at least some hints how to upload a file to an Azure FileShare? I'm using the azure native provider.- 1
- 1
- a
ancient-eve-13947
02/04/2022, 9:26 AMdoes anyone have a sample for how to set up an event-grid subscription to a web hook (not an Azure Function) for writes to a storage account?t- 2
- 11
- a
ancient-eve-13947
02/04/2022, 10:37 AMmaybe this is worth a separate question: how do I make a pulumi resource depend on a (Azure native) `WebApp`not just having been provisioned, but having started?th- 3
- 6
- h
high-leather-15669
02/04/2022, 5:04 PMHello all, We have the need that we need to move a "KeyVault" from one subscription to another. I thought I could probably use
but it seems that it is only used if you want to move resources from one region to another? Is there any suggest approach to do this with pulumi?azure_native.migrate.MoveResource - m
millions-journalist-34868
02/06/2022, 9:00 AMDo you have plans to create a native provider for Microsoft Graph? Microsoft Graph is heavily used when working with Microsoft and Azure so it would definitively make sense for Pulumi to support it. Moreover, provisioning resources in Azure Active Directory (User, App Registration, Groups) is now done through the Microsoft Graph so it would me more appropriate to do that through a native provider instead of using the current AzureAD provider which is a bridge from Terraform Provider. When creating a stack to provision resources on Azure it is really great to use a native provider for Azure (RM) with all the advantages it brings, yet we also have to use the "old" AzureAD provider alongside.❤️ 2at- 3
- 6
- s
shy-leather-86285
02/06/2022, 6:32 PMHi all, I tried deploying an Azure RedHat OpenShift (aro) cluster using the example in the API-Docs. When deploying the cluster, I get an azure "internal error 500". Has someone a working example? Creating a cluster via az-cli is working w/o issues. Unfortunately, even verbose output is not showing a better error:I0206 18:48:08.909918 11014 provider_plugin.go:796] Provider[azure-native, 0xc000523860].Create(urn:pulumi:dev::aro-test::azure-native:redhatopenshift:OpenShiftCluster::aro2) success: id=/subscriptions/<subscription>/resourceGroups/aro2-test/providers/Microsoft.RedHatOpenShift/openShiftClusters/aro2; #outs=14I0206 18:48:08.909956 11014 eventsink.go:86] eventSink::Error(<{%reset%}>1 error occurred:* Code="InternalServerError" Message="Internal server error." - s
straight-sunset-92336
02/08/2022, 12:00 PMI'm trying to achieve the same as this github-integration does: https://github.com/Azure/manage-azure-policy/blob/main/tutorial/azure-policy-as-code.md Any ideas how to solve this using Pulumi? - m
mysterious-australia-14256
02/09/2022, 4:34 PMHi all, has anyone noticed a performance issue recently running deployments from Azure DevOps on a hosted agent? "Pulumi ups" that take 20 seconds on my dev box are taking 20 minutes from DevOps. - m
mysterious-australia-14256
02/10/2022, 11:59 AMI am experiencing an issue where my stack file is getting bloated i.e. it has jumped from 1.3MB to 430MB. This is causing very slow stack operations suck as pulumi up. If I export the stack and look inside the issue seems to be Azure service bus related. I have thousands of lines all relating to various service bus components repeated over and over for each combination of versions. This is a small section for one Service Bus Topic Rule)
How can I clean this up and prevent it from happening? Thanks Alan"urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus:Subscription$azure-native:servicebus/v20210101preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus:Subscription$azure-native:servicebus/v20210601preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus:Subscription$azure-native:servicebus/v20211101:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20170401:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20180101preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20210101preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20210601preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20211101:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20170401:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20180101preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20210101preview:Rule::<rulename>", "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20210601preview:Rule::<rulename>",- 1
- 4
- o
orange-whale-70892
02/10/2022, 4:08 PMhow can I attach a container instance group to a virtual network/subnet? - o
orange-whale-70892
02/10/2022, 4:10 PMin the yaml example https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet#example---yaml you can add subnetIds. But i cannot find that settings in the ContainerGroupArgs- 1
- 5
- v
victorious-exabyte-70545
02/10/2022, 8:19 PMHey guys, I am wondering if anyone has experience using pulumi executing powershell scripts as a part of a deployment. I am trying to run the following:m- 2
- 1
- v
victorious-exabyte-70545
02/10/2022, 8:19 PM# Download the update script $baseUri="<https://raw.githubusercontent.com/DataDog/datadog-aas-extension/master/management-scripts/extension>"; Invoke-WebRequest -Uri "$baseUri/update-all-site-extensions.ps1" -OutFile "update-all-site-extensions.ps1"; Invoke-WebRequest -Uri "$baseUri/install-latest-extension.ps1" -OutFile "install-latest-extension.ps1" Run the following command. All arguments are required. # Run .\update-all-site-extensions.ps1 -SubscriptionId <SUBSCRIPTION_ID> -ResourceGroup <RESOURCE_GROUP_NAME> -Username <USERNAME> -Password <PASSWORD> - v
victorious-exabyte-70545
02/10/2022, 8:20 PMWhat resource should I use to run this?
Title
v
victorious-exabyte-70545
02/10/2022, 8:20 PMWhat resource should I use to run this?
View count: 4