https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • q

    quiet-hairdresser-18834

    01/12/2022, 5:32 PM
    This current version where I just set "gateway" as a field gives me a different error of "The gateway reference connection parameter is missing for the on-premise connection request." which does not help me a lot 😄
  • r

    rich-businessperson-35436

    01/15/2022, 9:06 PM
    Hey all. Is there a way to set what manifests as ServicePrincipalOauth2PermissionScope on service principals?
  • r

    rich-businessperson-35436

    01/15/2022, 9:06 PM
    I need to endow a ServicePrincipal with such power but am failz
  • b

    bulky-oil-97030

    01/17/2022, 12:04 PM
    Hello everyone, I'm trying to import a B2C App Registration.
    az ad app list
      gives me the application I want with:
    {
        "acceptMappedClaims": null,
        "addIns": [],
        "allowGuestsSignIn": null,
        "allowPassthroughUsers": null,
        "appId": "0b89550a-4c40-4d95-91a3-753d8a823564",
        "appLogoUrl": null,
        "appPermissions": null,
        "appRoles": [],
        "applicationTemplateId": null,
        "availableToOtherTenants": true,
        "deletionTimestamp": null,
        "displayName": "analyticsapi",
        .....
        "objectId": "8366522d-204a-41b4-ba30-ef01c99c9fdf",
        "objectType": "Application",
        "odata.type": "Microsoft.DirectoryServices.Application",
        ....
    }
    However the import
    $ pulumi import azuread:index/application:Application analyticsapi 8366522d-204a-41b4-ba30-ef01c99c9fdf
    comes back empty with:
    Previewing import (qa):
         Type                          Name           Plan       Info
         pulumi:pulumi:Stack           iam-import-qa             1 error
     =   └─ azuread:index:Application  analyticsapi   import     1 error
     
    Diagnostics:
      pulumi:pulumi:Stack (iam-import-qa):
        error: preview failed
     
      azuread:index:Application (analyticsapi):
        error: Preview failed: resource '8366522d-204a-41b4-ba30-ef01c99c9fdf' does not exist
    What am I doing wrong?
  • b

    bulky-oil-97030

    01/17/2022, 3:12 PM
    Hey everyone, another question about azuread: When creating an application secret, trying to write its value to the output just gives me
    [secret]
    e.g.:
    Outputs:
    ....
      + graphApiApplicationSecretFull : {
          + applicationObjectId: "<the-app-id>"
          + displayName        : "User Onboarding Secret"
          + endDate            : "2024-01-17T14:33:11Z"
          + id                 : "<the-pw-id>"
          + keyId              : "<the-key-id>"
          + startDate          : "2022-01-17T14:33:11Z"
          + urn                : "urn:pulumi:qa::ti-iam-tenant-auth::azuread:index/applicationPassword:ApplicationPassword::graphApiAplicationSecret"
          + value              : "[secret]"
        }
    ....
    What am I doing wrong?
    • 1
    • 1
  • a

    abundant-potato-97520

    01/20/2022, 2:31 PM
    Hi, I'm trying to create an access policy for an existing keyvault. I'm using GetVault.Invoke from azure native using a different provider (our keyvaults are on a different subscription to the one I'm creating webapps on etc.) and then using the original azure package to create the access policy and everything works nicely when I pulumi up from my command line. I can find the access policies using resources.azure.com. However, when running the stack via azure pipelines this step fails claiming that it can't find the resource group that the keyvault belongs to:
    retrieving Key Vault "xxxxx-xxx-xx" (Resource Group "xxxxxx-xxxxx-xx"): keyvault.VaultsClient#Get: Failure responding to request: StatusCode=404 -- Original Error: autorest/azure: Service returned an error. Status=404 Code="ResourceGroupNotFound" Message="Resource group 'xxxxxx-xxxxx-xx' could not be found."
    anyone an ideas why this is?
    • 1
    • 2
  • h

    high-leather-15669

    01/21/2022, 12:50 PM
    Hello, I am trying to create a Disk Encryption Set in Azure, and get the following error:
    cannot check existence of resource '/subscriptions/xxx/resourceGroups/%2Fsubscriptions%xx%2FresourceGroups%2Fxxx/providers/Microsoft.Compute/diskEncryptionSets/des-xxx': status code 400, {"error":{"code":"InvalidApiVersionParameter","message":"The api-version '2020-12-01' is invalid. The supported versions are '2021-04-01,2021-01-01,2020-10-01,2020-09-01,2020-08-01,2020-07-01,2020-06-01,2020-05-01,2020-01-01,2019-11-01,2019-10-01,2019-09-01,2019-08-01,2019-07-01,2019-06-01,2019-05-10,2019-05-01,2019-03-01,2018-11-01,2018-09-01,2018-08-01,2018-07-01,2018-06-01,2018-05-01,2018-02-01,2018-01-01,2017-12-01,2017-08-01,2017-06-01,2017-05-10,2017-05-01,2017-03-01,2016-09-01,2016-07-01,2016-06-01,2016-02-01,2015-11-01,2015-01-01,2014-04-01-preview,2014-04-01,2014-01-01,2013-03-01,2014-02-26,2014-04'."}}
    Any idea why?
    • 1
    • 1
  • b

    big-sugar-92932

    01/21/2022, 8:26 PM
    I'm trying to create a role assignment that gives an existing app service access to a storage account. How do I get the principal id of that existing app service. #azure
    c
    • 2
    • 10
  • b

    big-sugar-92932

    01/23/2022, 9:23 PM
    Ok, now I'm trying to figure out how to configure the autoscale settings/rules for an AppServicePlan. Can't find any docs or samples on how to do that,
    g
    • 2
    • 1
  • w

    wet-noon-14291

    01/24/2022, 1:26 PM
    @tall-librarian-49374, looking at one example you posted, https://github.com/pulumi/pulumi-azure-native/blob/ae7f380268c97b951a76848ec45b3bafa22d4338/examples/postgres/index.ts, is it the SKU that defines that it is a flexible server?
    t
    • 2
    • 20
  • r

    refined-sugar-8079

    01/26/2022, 1:28 PM
    Has anyone tried applying a BlobContainerImmutabilityPolicy to a a AzureNative.Storage.BlobContainer? It appears whenever a BlobContainer is created it also creates the default BlobContainerImmutabilityPolicy but puts it in a Deleted state which prevents us for trying to import it, but it also fails when trying to create a new Policy. Even following the sample in https://www.pulumi.com/registry/packages/azure-native/api-docs/storage/blobcontainerimmutabilitypolicy/ will always result in:
    cannot create already existing resource '/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.Storage/storageAccounts/xxx/blobServices/default/containers/container42/immutabilityPolicies/default
    The only alternative I've found was to use Local Command to execute az using CLI, but that is not really an ideal solution
  • g

    great-manchester-70568

    01/27/2022, 7:45 AM
    can anyone here verify if pulumi with azure native stack can provision azure keyvaults into an Azure lighthouse managed subscription. We have our application configured in Terraform and they cannot as they touch the data plane when creating the keyvault.
  • c

    clean-alarm-24426

    01/27/2022, 2:23 PM
    I apologize if this is already addressed somewhere, I wasn't able to locate it. I'm on a project now where the client wants to provide some self-service options that match some reference architectures. It appears that the best option for what their trying to do is some Azure Managed Application Service Catalog offerings. I've been doing a bit of a five into Managed Applications. As best I can tell, the only format supported in a Managed Application definition is an ARM template. Please correct me and point me to some documentation if I'm wrong on this. Pulumi clearly provides a mechanism to create the offering, which is terrific. Most of the infrastructure that would be used in these offerings is already defined using Pulumi and I'd really like to avoid having to replicate the infrastructure as ARM templates, especially by hand. I have two main questions. 1. Am I missing something? Can I create an Azure Managed Application definition that refers to a Pulumi project instead of an ARM template? 2. If not, is there a viable way to simply generate an ARM template from a Pulumi project? This would allow the client to maintain Pulumi as the main definition and simply regenerate ARM templates for Managed Applications as needed.
    t
    • 2
    • 1
  • q

    quiet-hairdresser-18834

    01/29/2022, 4:10 PM
    Having issues with azure login via a service principal. Things were working but my secret expired. I created a new one and set it both in azure:clientSecret for my config and the $env:ARM_CLIENT_SECRET. Is there some sort of cache for this or am I missing something?
    • 1
    • 1
  • s

    swift-hamburger-98290

    01/31/2022, 9:07 AM
    Is there a way to restart a WebApp after assigning a
    RoleAssignment
    (https://www.pulumi.com/registry/packages/azure-native/api-docs/authorization/roleassignment/)? We run into the following problem: 1. Create KeyVault and a secret; 2. Create WebApp; 3. Give
    Key Vault Secrets User
    to WebApp on the KeyVault; 4. WebApp crashes because it starts without having the permission yet. Is there a way to solve this?
    f
    • 2
    • 9
  • m

    millions-journalist-34868

    01/31/2022, 10:54 PM
    What is the proper way to grant permissions to add azure ad users/ applications on an azure sql database using Pulumi ? Doing that requires to execute an sql command on the database and I don't know where to put this code in my Pulumi program:
    CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
    ALTER ROLE db_datareader ADD MEMBER [<identity-name>];
    ALTER ROLE db_datawriter ADD MEMBER [<identity-name>];
    GO
    I have seen there is a new Command package in Pulumi, could this be a good idea to use that? What are the other options? Dynamic provider?
    d
    • 2
    • 9
  • a

    ancient-eve-13947

    02/03/2022, 11:23 AM
    can anyone point me to an example or at least some hints how to upload a file to an Azure FileShare? I'm using the azure native provider.
    • 1
    • 1
  • a

    ancient-eve-13947

    02/04/2022, 9:26 AM
    does anyone have a sample for how to set up an event-grid subscription to a web hook (not an Azure Function) for writes to a storage account?
    t
    • 2
    • 11
  • a

    ancient-eve-13947

    02/04/2022, 10:37 AM
    maybe this is worth a separate question: how do I make a pulumi resource depend on a (Azure native) `WebApp`not just having been provisioned, but having started?
    t
    h
    • 3
    • 6
  • h

    high-leather-15669

    02/04/2022, 5:04 PM
    Hello all, We have the need that we need to move a "KeyVault" from one subscription to another. I thought I could probably use
    azure_native.migrate.MoveResource
    but it seems that it is only used if you want to move resources from one region to another? Is there any suggest approach to do this with pulumi?
  • m

    millions-journalist-34868

    02/06/2022, 9:00 AM
    Do you have plans to create a native provider for Microsoft Graph? Microsoft Graph is heavily used when working with Microsoft and Azure so it would definitively make sense for Pulumi to support it. Moreover, provisioning resources in Azure Active Directory (User, App Registration, Groups) is now done through the Microsoft Graph so it would me more appropriate to do that through a native provider instead of using the current AzureAD provider which is a bridge from Terraform Provider. When creating a stack to provision resources on Azure it is really great to use a native provider for Azure (RM) with all the advantages it brings, yet we also have to use the "old" AzureAD provider alongside.
    ❤️ 2
    a
    t
    • 3
    • 6
  • s

    shy-leather-86285

    02/06/2022, 6:32 PM
    Hi all, I tried deploying an Azure RedHat OpenShift (aro) cluster using the example in the API-Docs. When deploying the cluster, I get an azure "internal error 500". Has someone a working example? Creating a cluster via az-cli is working w/o issues. Unfortunately, even verbose output is not showing a better error:
    I0206 18:48:08.909918   11014 provider_plugin.go:796] Provider[azure-native, 0xc000523860].Create(urn:pulumi:dev::aro-test::azure-native:redhatopenshift:OpenShiftCluster::aro2) success: id=/subscriptions/<subscription>/resourceGroups/aro2-test/providers/Microsoft.RedHatOpenShift/openShiftClusters/aro2; #outs=14
    I0206 18:48:08.909956   11014 eventsink.go:86] eventSink::Error(<{%reset%}>1 error occurred:
    * Code="InternalServerError" Message="Internal server error."
  • s

    straight-sunset-92336

    02/08/2022, 12:00 PM
    I'm trying to achieve the same as this github-integration does: https://github.com/Azure/manage-azure-policy/blob/main/tutorial/azure-policy-as-code.md Any ideas how to solve this using Pulumi?
  • m

    mysterious-australia-14256

    02/09/2022, 4:34 PM
    Hi all, has anyone noticed a performance issue recently running deployments from Azure DevOps on a hosted agent? "Pulumi ups" that take 20 seconds on my dev box are taking 20 minutes from DevOps.
  • m

    mysterious-australia-14256

    02/10/2022, 11:59 AM
    I am experiencing an issue where my stack file is getting bloated i.e. it has jumped from 1.3MB to 430MB. This is causing very slow stack operations suck as pulumi up. If I export the stack and look inside the issue seems to be Azure service bus related. I have thousands of lines all relating to various service bus components repeated over and over for each combination of versions. This is a small section for one Service Bus Topic Rule)
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus:Subscription$azure-native:servicebus/v20210101preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus:Subscription$azure-native:servicebus/v20210601preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus:Subscription$azure-native:servicebus/v20211101:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20170401:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20180101preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20210101preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20210601preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20140901:Subscription$azure-native:servicebus/v20211101:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20170401:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20180101preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20210101preview:Rule::<rulename>",
    "urn:pulumi:<stack>::<project>::azure-native:resources/v20190701:ResourceGroup$azure-native:servicebus/v20150801:Namespace$azure-native:servicebus:Topic$azure-native:servicebus/v20150801:Subscription$azure-native:servicebus/v20210601preview:Rule::<rulename>",
    How can I clean this up and prevent it from happening? Thanks Alan
    • 1
    • 4
  • o

    orange-whale-70892

    02/10/2022, 4:08 PM
    how can I attach a container instance group to a virtual network/subnet?
  • o

    orange-whale-70892

    02/10/2022, 4:10 PM
    in the yaml example https://docs.microsoft.com/en-us/azure/container-instances/container-instances-vnet#example---yaml you can add subnetIds. But i cannot find that settings in the ContainerGroupArgs
    • 1
    • 5
  • v

    victorious-exabyte-70545

    02/10/2022, 8:19 PM
    Hey guys, I am wondering if anyone has experience using pulumi executing powershell scripts as a part of a deployment. I am trying to run the following:
    m
    • 2
    • 1
  • v

    victorious-exabyte-70545

    02/10/2022, 8:19 PM
    # Download the update script
    
    $baseUri="<https://raw.githubusercontent.com/DataDog/datadog-aas-extension/master/management-scripts/extension>"; Invoke-WebRequest -Uri "$baseUri/update-all-site-extensions.ps1" -OutFile "update-all-site-extensions.ps1"; Invoke-WebRequest -Uri "$baseUri/install-latest-extension.ps1" -OutFile "install-latest-extension.ps1"
    Run the following command. All arguments are required.
    
    # Run
    .\update-all-site-extensions.ps1 -SubscriptionId <SUBSCRIPTION_ID> -ResourceGroup <RESOURCE_GROUP_NAME> -Username <USERNAME> -Password <PASSWORD>
  • v

    victorious-exabyte-70545

    02/10/2022, 8:20 PM
    What resource should I use to run this?
Powered by Linen
Title
v

victorious-exabyte-70545

02/10/2022, 8:20 PM
What resource should I use to run this?
View count: 4