https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • l

    lively-whale-42645

    05/17/2022, 9:06 AM
    Is there any way to swap a App Services deployment slots with Pulumi?
    • 1
    • 1
  • m

    mysterious-australia-14256

    05/17/2022, 1:08 PM
    Duplicate URN Error I am routinely seeing the following when trying to run pulumi up pulumi😛roviders:azure-native <azure subscription guid> error: Duplicate resource URN 'urn😛ulumi:<stack_name>:😛ulumi:providers:azure-native::<azure subscription guid>'; try giving it a unique name I'm not quite sure what resource this is for as it doesn't seem to include a resource name, just the subscription guid. Also, if I run the pulumi up enough times it will eventually work without error. Anyone know what is going on here?
    b
    • 2
    • 1
  • c

    crooked-stone-6532

    05/20/2022, 5:42 AM
    Is there a way to add AccessPolicyEntry to Azure Keyvault/Vault after the initial creation? Im aware of this open issue on github, but hoping that someone has a workaround or similar: https://github.com/pulumi/pulumi-azure-native/issues/594
    c
    • 2
    • 4
  • d

    damp-honey-93158

    05/23/2022, 5:11 AM
    has anyone encountered this exception before - and knows what's going on? Diagnostics: pulumi😛ulumi:Stack (soxes-infra-ef-dev-cluster): error: Running program 'G:\src\src_x25_exploration\projects\cluster\bin\Debug\net6.0\cluster.dll' failed with an unhandled exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. at object RuntimeType.CreateInstanceOfT() at T Activator.CreateInstance<T>() at Task<int> Pulumi.Deployment+Runner.Pulumi.IRunner.RunAsync<TStack>(IServiceProvider serviceProvider)+() => { } at Task<int> Pulumi.Deployment+Runner.RunAsync<TStack>(Func<TStack> stackFactory) ---> Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authori zation:getClientConfig returned an error: getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running Azure CLI: WARNING: The underlying Active D irectory Graph API will be replaced by Microsoft Graph API in Azure CLI 2.37.0. Please carefully review all breaking changes introduced during this migration: https://docs.microsoft.com/cli /azure/microsoft-graph-migration") at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request) at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2 at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult) at async Task<Output<string>> Soxes.Azure.Components.AttachAcrToAks.GetAcrPullRoleDefinitionId() in G😕src/src_x25_exploration/ComponentLibrary/AcrAttachedToAks.cs:line 30 at new Soxes.Azure.Components.AttachAcrToAks(string name, Output<string> registryId, Output<string> clusterPrincipalId, CustomResourceOptions opts) in G:/src/src_x25_exploration/Comp onentLibrary/AcrAttachedToAks.cs:line 16 at new ClusterStack() in G😕src/src_x25_exploration/projects/cluster/ClusterStack.cs:line 25 at object RuntimeType.CreateInstanceOfT() --- End of inner exception stack trace ---
    t
    • 2
    • 4
  • d

    damp-honey-93158

    05/23/2022, 5:12 AM
    it happens during a call to this code, the GetClientConfig part...
  • d

    damp-honey-93158

    05/23/2022, 5:12 AM
    private async Task<Output<string>> GetAcrPullRoleDefinitionId()
    {
        var configResult = await GetClientConfig.InvokeAsync();
        return RoleHelper.ScopedRoleId(configResult.SubscriptionId, RoleHelper.AcrPullRoleDefinitionId);
    }
  • w

    worried-knife-31967

    05/23/2022, 9:06 AM
    https://github.com/pulumi/pulumi-azure-native/issues/1324 Anyone come across this? and have a workaround?
  • w

    worried-knife-31967

    05/23/2022, 1:52 PM
    Anyone? @tall-librarian-49374 maybe?
  • w

    worried-knife-31967

    05/24/2022, 11:10 AM
    Is it possible to override the AuthorizationManagementClient for .NET like this post? https://leebriggs.co.uk/blog/2022/01/23/gha-cloud-credentials
  • w

    worried-knife-31967

    05/24/2022, 11:10 AM
    @billowy-army-68599 maybe you can advise seeing as it's your post?
  • c

    creamy-fall-88031

    05/24/2022, 4:45 PM
    Hi everyone, Quite new to Pulumi. Doing my first Azure (AKS) project with it. Everything so far went quite ok, but I got stuck on Application Gateway + Ingress Controller (AGIC). Is there anyone here who already worked on this resource? Maybe share the code ?
    c
    • 2
    • 1
  • r

    rough-helicopter-14190

    05/25/2022, 3:39 PM
    Hi everyone 🙂 , I am trying to set up ContainerApps with Pulumi but I am running into issues enabling the azure container api when executing
    pulumi up
    . See code snippet below. Any help is greatly appreciated! 🎉
    from pulumi_azure_native import web
    
    container_app = web.ContainerApp("containerApp",
        configuration=web.ConfigurationArgs(
            ingress=web.IngressArgs(
                external=True,
                target_port=3000,
            ),
        ),
        kind="containerApp",
        kube_environment_id=managed_environment.id,
        location="East US",
        name="supacoda",
        resource_group_name=resource_group.name,
        template=web.TemplateArgs(
            containers=[web.ContainerArgs(
                image=f"{os.getenv('DOCKERHUB_USERNAME')}/image:latest",
                name="supacoda",
            )],
            scale=web.ScaleArgs(
                max_replicas=5,
                min_replicas=1,
                rules=[web.ScaleRuleArgs(
                    custom=web.CustomScaleRuleArgs(
                        metadata={
                            "concurrentRequests": "50",
                        },
                        type="http",
                    ),
                    name="httpscalingrule",
                )],
            ),
        ))
    I get the following error even after following azure instructions here to enable the extension and register resources. • I have looked everywhere and cannot find how to enable this api for the pulumi process. • Running via the AZ CLI works • By the way container apps is in preview but this feels more like an issue downstream with pulumi since I can set up container apps just fine via the CLI.
    Diagnostics:
      azure-native:web:ContainerApp (containerApp):
        error: Code="NotFound" Message="ContainerApps APIs are not enabled." Details=[{"Message":"ContainerApps APIs are not enabled."},{"Code":"NotFound"},{"ErrorEntity":{"Code":"NotFound","ExtendedCode":"67003","Message":"ContainerApps APIs are not enabled.","MessageTemplate":"ContainerApps APIs are not enabled.","Parameters":[]}}]
    t
    h
    • 3
    • 5
  • r

    rough-window-15889

    05/25/2022, 8:07 PM
    Anyone have recommendations for AD authentication with Azure Sql Server? Any modules or resources out there that support it natively?
    m
    • 2
    • 2
  • l

    little-library-54601

    05/26/2022, 6:16 PM
    I need some direction on the right way to
    pulumi import
    an Azure SQL Server. I'm following the docs at: https://www.pulumi.com/registry/packages/azure-native/api-docs/azuredata/sqlserver/ The example import there is:
    pulumi import azure-native:azuredata:SqlServer testsqlserver /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/testrg/providers/Microsoft.AzureData/SqlServerRegistrations/testsqlregistration/sqlServers/testsqlserver
    Note in particular the portion following
    /providers
    . In the Azure portal for the Azure SQL Server instance I'm trying to import, I can't find anything that includes
    Microsoft.AzureData
    or anything following that. The closest I can find is the "Resource ID", which for me looks like:
    /subscriptions/{subscription-guid}/resourceGroups/{rg-name}/providers/Microsoft.Sql/servers/{azure-sql-server-resource-name}
    I could try to synthesize what's shown in the Pulumi docs example, but I don't now what value I should use (or where I would find it) for the example value
    testsqlregistration
    . Any guidance or suggestions?? Thanks.
    • 1
    • 2
  • l

    little-library-54601

    05/27/2022, 2:39 PM
    I have a couple of questions about firewall rules for Azure SQL Servers: 1. Per these docs: https://www.pulumi.com/registry/packages/azure-native/api-docs/sql/firewallrule/ - is setting the "ServerName" property on the args object sufficient to "connect" the firewall rule to the desired Azure SQL Server instance? 2. Using Pulumi, how do I accomplish the equivalent of checking the "Allow Azure services and resources..." checkbox as seen in this Azure portal screenshot:
    c
    s
    • 3
    • 10
  • r

    rich-airplane-20830

    06/01/2022, 1:06 PM
    Hi, I created an aks cluster with two nodepools (used pulumi_azure_native for it). It is only possible to set the kubernetes version on cluster level. If I change the kubernetes version to upgrade the cluster, the configuration kubernetes version is updated to the new version, but the nodepools are not upgraded. Can someone tell me, how I upgrade the kubernetes version of a nodepool by pulumi?
    l
    • 2
    • 11
  • a

    agreeable-notebook-99278

    06/06/2022, 8:45 PM
    Hey all, new to pulumi and also this side of azure — hope asking here is ok. I have a greenfield project at hand and want to implement rigorous continues delivery principles. I’m however new to infrastructure as code (but absolutely love the idea). • What I am struggling with, is how to deal with the data side of things (replicating data into staging, backups, migration). • In simple terms, I struggle to wrap my head around my (naive) idea: ◦ create a copy of the production system incl. data, users etc as “test group” ▪︎ apply database migrations / schema changes ▪︎ have tests run in that resource group (which changes data, adds, removes records) and ▪︎ if everything works fine, delete that “testing group” ◦ create a new resource group that again copies from production but only applies schema changes ▪︎ gets promoted to the new production system ◦ the old production system gets destroyed The stack is “simple”: Github Actions, Azure PostGres SQL, Codebase pure TypeScript / Node.js / React, Services are maybe Containers with Red Panda (kafka) and Materialize I’d like to implement this in a deterministic fashion with pulumi 😒weaty-ham: … but really have never pushed CI/CD through to infrastructure before. thank you very much
    c
    d
    • 3
    • 9
  • a

    abundant-florist-34275

    06/07/2022, 12:24 PM
    Hey all, we are creating an aks cluster by using the azure_native package. We create the aks with
    aks = containerservice.ManagedCluster( ... )
    and different nodepools by using
    ManagedClusterAgentPoolProfileArgs
    . Now Pulumi creates the different virtualmachine scale sets for us. We also are setting
    auto_upgrade_profile=ManagedClusterAutoUpgradeProfileArgs(upgrade_channel=UpgradeChannel.NODE_IMAGE)
    which does`nt propagate an upgrade policy to the scaleset config. Finally we want to activate the auto reimaging process via pulumi, which seems to be in this property:
    pulumi_azure_native.compute.VirtualMachineScaleSetArgs.upgrade_policy
    But in the end we do not find a way set it directly while creation or later. Any Idea? Thanks a lot
  • c

    crooked-king-6351

    06/08/2022, 11:16 AM
    I think the subscription id shouldn't be there in this doc reference, shouldn't it be replaced with
    {subscription-id}
    ?
  • m

    many-dress-54535

    06/08/2022, 3:50 PM
    Hi All, I am having an issue with creating a pulumi_azure_native.sql.server (python) and having this error
    status code 400, {"error":{"code":"InvalidApiVersionParameter","message":"The api-version '2020-11-01-preview' is invalid. The supported versions are "..<other api versions>.."
    do I need to specify the version explicitly for that to work?
    c
    • 2
    • 2
  • f

    few-diamond-68626

    06/09/2022, 9:44 AM
    Hello there! I have two security related questions: 1. If we deploy to Azure with a Service Principal, the deployment engine certainly needs to have those credentails. My question is: Is it guaranteed that those credentials are never transmitted or stored at Pulumi? So even if Pulumi was hacked, the only thing that would leak is the encrypted states and not the service principal credentials? 2. The documentation for secrets (https://www.pulumi.com/docs/intro/concepts/secrets/) details how to use an external encryption providers (e.g. Azure KeyVault) for secrets and this works obviously for inputs. But how does Pulumi handle sensitive output? Is that output stored directly to the encryption provider or will the output always end at Pulumi?
    m
    a
    d
    • 4
    • 6
  • m

    most-mouse-38002

    06/10/2022, 12:18 PM
    Hi all! We are considering a move to Pulumi for our IaC (while rolling out our new platform). However, for compliance reasons we have to run our k8s user nodes with confidential nodes. This creates an issue for us, because I cannot find the option to add the
    ACCSGXDevicePlugin
    /
    confcom
    addon when creating a cluster. Is it possible to define AKS addons that are not already defined by Pulumi?
    b
    • 2
    • 4
  • a

    agreeable-notebook-99278

    06/12/2022, 6:13 AM
    Hi all, what do you do on long running set-ups? One the first run it fails sometimes. On the second run it works. I.e. I’m adding a cname record to a generated azure static web apps — it did add it and its validating in the; but the an error is still occurring in CI (flaky). There is a
    --no-wait
    option in the azure CLI documentation, but on pulumis side there seems no such property available for
    StaticSiteCustomDomain
    resource. Is there a way to add that?
    // Linking custom domain to DNS zone
        return new azure_native.web.StaticSiteCustomDomain(
          tw.DOMAIN,
          {
            domainName: tw.DOMAIN,
            name: staticWebAppName,
            resourceGroupName: resourceGroupName,
            validationMethod: "cname-delegation",
          },
          {
            dependsOn: [systemDnsRecord],
          },
  • s

    straight-sunset-92336

    06/13/2022, 12:06 PM
    I'm having some trouble with a Function App I'm trying to create. The Function App is created, but AlwaysOn is not enabled on it. This is the code I use to create the Function App:
    const defaultfunctionAppArgs = {
                name: name,
                resourceGroupName: args.resourcegroupname,
                serverFarmId: args.WebAppPlanID,
                kind: "functionapp,linux",
                isDisabled: false,
                linuxFxVersion: 'Python|3.9',
                alwaysOn: true,
                use32BitWorkerProcess: false,
                siteConfig: {
                    appSettings: [
                        {
                            name: 'FUNCTIONS_WORKER_RUNTIME',
                            value: 'python'
                        },
                        {
                            name: 'FUNCTIONS_EXTENSION_VERSION',
                            value: '~4'
                        },
                        {
                            name: 'APPINSIGHTS_INSTRUMENTATIONKEY',
                            value: appinsightscomponent.instrumentationKey
                        },
                        {
                            name: 'AzureWebJobsStorage',
                            value: storageConnectionString
                        },
                        {
                            name: "WEBSITE_RUN_FROM_PACKAGE",
                            value: codeBlobUrl
                        },
                        {
                            name: 'WORKSPACE_ID',
                            value: args.wrkspaceid
                        },
                    ]
                },
            };
            const functionAppArgs = FunctionAppModifier ? FunctionAppModifier(defaultfunctionAppArgs) : defaultfunctionAppArgs;
            const functionapp = new web.WebApp("Policycompliance-webapp", functionAppArgs, { deleteBeforeReplace: true });
    • 1
    • 3
  • g

    gentle-camera-53119

    06/13/2022, 1:45 PM
    Hi Team, I am trying to create Azure Service principles in C# but I am getting this error
    error CS0234: The type or namespace name 'AzureAD' does not exist in the namespace 'Pulumi' (are you missing an assembly reference?) [/Users/XXXXX/XXX/pulumi/cazure/cazure.csproj
    t
    • 2
    • 8
  • m

    most-mouse-38002

    06/13/2022, 1:55 PM
    Is it not possible to use a service principal to access Azure Blob Storage as the backend? All other requests will run through this principal, why can’t we use the same principal to store state?
  • p

    powerful-printer-57241

    06/15/2022, 3:16 PM
    How does one refer to Diagnostic Settings? Let's say I need to import an existing one to Pulumi. In Azure Portal, you can't see its URI anywhere, so I'm not sure what I should pass to the import command.
    t
    l
    • 3
    • 3
  • c

    clever-address-74879

    06/15/2022, 8:52 PM
    Hi #azure! I'm having issues authenticating using Workload Identity federation. I tried it out last week and everything worked great. When I run it now, I get a error 255
    Error: code: 255
    ... 
          error: building auth config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
      
          To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal'
          auth method - instructions for which can be found here: <https://www.pulumi.com/docs/intro/cloud-providers/azure/setup/#service-principal-authentication>
      
          Alternatively you can authenticate using the Azure CLI by using a User Account.
    I ran this last week and everything worked. Now It's just impossible to get through. I noticed the pulumi cli got bumped a patch version since last week, but I tried to downgrade and that also did nothing. Does anyone have an idea what's going on?
  • c

    clever-address-74879

    06/15/2022, 8:55 PM
    The whole point is to not have client secrets anywhere, so following the usual guide will not help 🙂
  • p

    prehistoric-plumber-4881

    06/16/2022, 5:30 PM
    Hey there - if anyone is already using federated credentials - Is it possible to use federated credentials in Azure with branch wildcards?
    c
    d
    • 3
    • 14
Powered by Linen
Title
p

prehistoric-plumber-4881

06/16/2022, 5:30 PM
Hey there - if anyone is already using federated credentials - Is it possible to use federated credentials in Azure with branch wildcards?
c

clever-address-74879

06/16/2022, 7:36 PM
Hey John. AFAIK you are not able to do wildcards. You could do environments instead if you have the enterprise plan.
d

damp-honey-93158

06/18/2022, 7:13 PM
Hmmm, how do people then use federated credentials to handle all the builds for a non-master branch? Kinda assumes we're all living in a world of trunk based development, which sure as heck ain't what I've experienced in the field 🙂
and no, I don't wanna create a federated credential per branch.... hmmmmm... I wonder if I could get my azure devops system to tell me via webhook and then auto-create a federated credential that way... hmmmm...
c

clever-address-74879

06/19/2022, 6:35 PM
Did you manage to get it working at all? A few weeks back it worked for me, but after a while the Pulumi cli started complaining about using the CLI to login instead of a Service Principal 😒
p

prehistoric-plumber-4881

06/19/2022, 6:40 PM
I got it working for a main branch - but only ran it a couple of times before coming across the feature branch problem which made me stop in my tracks.
c

clever-address-74879

06/19/2022, 6:41 PM
Hmm It's just so weird. I started getting a
azure-native:resources:ResourceGroup rg-app-test  error: building auth config: Authenticating using the Azure CLI is only supported as a User (not a Service Principal).
... out of the blue
It worked the prior week and then suddenly not.
Do you mind me asking how you are authenticating to azure using workload identity federation?
p

prehistoric-plumber-4881

06/19/2022, 6:42 PM
Isn't that related to another env var, I've seen this. Can't reply right now as I'm at a swimming g pool. Hah.
😄 1
I've set a reminder in this chat for tomorrow.
c

clever-address-74879

06/19/2022, 6:44 PM
Hmm It might be, but doesn't make any sense I think 😄 Awesome, thanks for that. I would appreciate that.
I figured it out, finally!
This works:
Deployment.RunAsync<BigDayStack>();
This does not work
await Pulumi.Deployment.RunAsync(() => { ... });
View count: 19