Hi, I’m using Azure key-vault as encryption provider. But after initialising , whenever i’m selecting stack, it’s throwing an error. Can anyone please help me with this. Has anyone faced the similar issue

error: constructing secrets manager of type "cloud": secrets (code=InvalidArgument): keyvault.BaseClient#Decrypt: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadParameter" Message="The parameter is incorrect.\r\n

Hi, anyone know if it is possible to set up an event hub api connection in an LogicApp in Pulumi? I’ve set the connectionString in ParameterValues, but I still get an error message in the logic app designer in the portal: Failed to save logic app la-my-logicapp. Some of the connections are not authorized yet. If you just created a workflow from a template, please add the authorized connections to your workflow before saving. Am I maybe missing some ParameterValues?

//event hub connection
var eventHubConnection = new AzureNative.Web.Connection("eventHubs", new AzureNative.Web.ConnectionArgs
        {
            ConnectionName = "eventhubs",
            ResourceGroupName = resourceGroup.Name,
            Location = resourceGroup.Location,
            Tags = config.Tags,
            Properties = new AzureNative.Web.Inputs.ApiConnectionDefinitionPropertiesArgs
            {
                Api = new AzureNative.Web.Inputs.ApiReferenceArgs
                {
                    DisplayName = "myEventHub",
                    Id = eventhubsApiId,
                    Name = "eventhubs",
                    Type = "Microsoft.Web/locations/managedApis"
                    
                },
                DisplayName = "eventHubBattery12VEvents",
                ParameterValues =
                {
                    { "connectionString", eventHub.EventHubNameSpaceRootPrimaryConnectionString },
                },

            }
        });
// logic app
var laMyLogicApp = new Logic.Workflow("my-logic-app, new Logic.WorkflowArgs
        {
            Location = resourceGroup.Location,
            ResourceGroupName = resourceGroup.Name,
            Tags = config.Tags,
            
            Parameters =
            {
                { "$connections", new AzureNative.Logic.Inputs.WorkflowParameterArgs
                    {
                        Value = new Dictionary<string, object>
                        {
                            { "eventHubs", new Dictionary<string, object>
                            {
                                { "connectionId", eventHubConnection.Id },
                                { "connectionName", "eventHubs" },
                                { "id", eventhubsApiId }
                            } }
                        }
                    }
                }
            },

Hey There o/ I'm trying to use Pulumi to create a FrontDoor. The issue we are having is that we cannot get the ID's for healthprobe or loadbalancer to be accepted. Here's what we tried: • Referring to the Output<string> ID of the created items • Using the simple

name

assigned to the items • Building the full ID (as seen in the current snippet) These are the vein of error we see:

@ Updating....
azure-native:network:FrontDoor frontdoor-mycocom-production creating error: Code="BadRequest" Message="Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/loadBalancingSettings/DefaultLoadBalancer detected for property Frontdoor.BackendPools[0].LoadBalancingSettings.Id; 
Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/healthProbeSettings/DefaultHealthCheck detected for property Frontdoor.BackendPools[0].HealthProbeSettings.Id; 
Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/loadBalancingSettings/DefaultLoadBalancer detected for property Frontdoor.BackendPools[1].LoadBalancingSettings.Id; 
Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/healthProbeSettings/DefaultHealthCheck detected for property Frontdoor.BackendPools[1].HealthProbeSettings.Id; 
Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/frontendEndpoints/fe-myco-cdn-myco-com detected for property Frontdoor.RoutingRules[0].FrontendEndpoints[0].Id"

Has anyone successfully created a FD with multiple front ends with Pulumi? What are we missing?

Hey, how do we update KeyVault Access Policies once a vault has been created?

Hey, is there a way to assign a system assigned identity to a SignalR service?

trying to create a container app and get this odd error - any ideas?

azure-native:app:ContainerApp elaway-easee-src-cnx creating 
@ Updating....
 +  azure-native:app:ContainerApp elaway-easee-src-cnx creating error: autorest/azure: Service returned an error. Status=<nil> <nil>
 +  azure-native:app:ContainerApp elaway-easee-src-cnx **creating failed** error: autorest/azure: Service returned an error. Status=<nil> <nil>
    pulumi:pulumi:Stack elaway-easee-src-cnx-staging running error: update failed
    pulumi:pulumi:Stack elaway-easee-src-cnx-staging **failed** 1 error; 18 messages

found the issue was our quota was reached, is there a way for pulumi to expose the underlying error, I had to go to the Azure UI and manually try and create it for me to see the error. cheers. @broad-dog-22463

Hi, does anyone have a working example of creating a subnet with delegation? I’m looking to add a delegation for integration with an App Service. The example provided in the docs doesn’t have the details: https://www.pulumi.com/registry/packages/azure-native/api-docs/network/subnet/#create-subnet-with-a-delegation and I’m aware there’s an open Pulumi + MS docs issue for MS to provide example params. I stumbled upon this SO post but unfortunately it doesn’t include the working solution. Stuck on what other params should be beyond the service name:

new DelegationArgs
{
    ServiceName = "Microsoft.Web/serverFarms",
}

hi , I’m trying to import a CDN Rule , but the current API version on Azure-Native doesn’t seem to support the RouteConfigurationOverride action …. My goal is to modify the Caching behaviour on some Azure Front Door Routes by using RuleSets and Rules …. Here’s the error I’m getting when trying to Pulumi Import:

this is the rule I am trying to import created via Azure Portal:

anyone faced similar issue when managing Front Door caching via Pulumi ?

Hello. we are using pulumi to deploy some AKS environments, and suddenly Pulumi wants to recreate the cluster. however i dont undestand why. Pulumi wants to change a value to the same value and that triggers the replace?

Is there a way to have Pulumi yml interact with Azure using Azure-Login? It works now by specifically adding each property of Azure credentials (Tenant ID, Sub ID, App ID, Cleint Secret) but to save space and time I wonder if this would work with Azure Login (with one GitHub secret for AZURE_CREDENTIALS) instead?

Hey, I'm trying to deploy VPN in Azure (OpenVPN + Certificates) but I cannot make the connection after all. If I generate certs manually with https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux it's fine. I'm using the TLS package: https://www.pulumi.com/registry/packages/tls/ Anyony has a working code maybe?

is there a way to add to a container app’s env vars the url of the container app that is being created? You can get the url like so

Url      = Output.Format($"https://{app.Configuration.Apply(x => x!.Ingress).Apply(x => x!.Fqdn)}");

but obviously it’s cyclic dependency issue, you’re trying to add the url to the envvars but the url doesn’t exist yet

Has anyone added

IdentityProviders

to a

WebApp

. I've got it set up, but the portal says that no identity provider has been added

let createWebAppAuthSettingsV2 
        resourceNamer 
        resourceGroupName
        webAppName 
        webAppAuthSettings =
    WebAppAuthSettingsV2(resourceNamer "authsettings", WebAppAuthSettingsV2Args(
        Name = input webAppName,
        ResourceGroupName = input resourceGroupName,
        IdentityProviders = input (IdentityProvidersArgs(
            AzureActiveDirectory = input (AzureActiveDirectoryArgs(
                Enabled = input true,
                Registration = input (AzureActiveDirectoryRegistrationArgs(
                    ClientId = input webAppAuthSettings.ClientId,
                    ClientSecretSettingName = input webAppAuthSettings.ClientSecretSettingName,
                    OpenIdIssuer = input webAppAuthSettings.OpenIdIssuer
                ))
            ))
        )),
        Login = input (LoginArgs(
            TokenStore = input (TokenStoreArgs(
                Enabled = input true,
                FileSystem = input (FileSystemTokenStoreArgs(
                    Directory = input "tokens"
                ))
            ))
        )),
        HttpSettings = input (HttpSettingsArgs(
            RequireHttps = input true    
        )),
        GlobalValidation = input (GlobalValidationArgs(
            RequireAuthentication = input true,
            RedirectToProvider = input "Microsoft",
            UnauthenticatedClientAction = input (UnauthenticatedClientActionV2.Return403)
        ))
    ))

Clearly one has... what am I missing?

Is anyone facing issues when you create an AKS cluster and then run it again? Here it's trying to update the subnet, even if no updates were done in code. When some pool is added, there are some changes to the vnet regarding ipconfig. Pulumi is refreshing then, and it's trying to delete the subnet to recreate. What is non-sense, as the subnet is attached. For anyone interested in this. When you activate the virtual-node addon, Azure will enable private links and endpoints. Pulumi will recognize this change and it will try to recreate the vnet. After all, azure-native will try to recreate the vnet if any node_pool is added (which make changes to the ipConfiguration) and a refresh is triggered:

azure-native:network:Subnet ferrajoli-subnet updated [diff: +ipConfigurations~etag]

azure-native:network:VirtualNetwork ferrajoli-vnet updating [diff: -subnets]

To avoid an error in each run, we had to set ignore_changes to subnets in vnet.

Hi everyone! Using the pulumi automation API to run some tests - but up'ping one of my stacks. I often get the following errors: + azure-native:authorization:RoleAssignment role-assignment-IntTwkzlRG-acr-push creating error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal a284d038836544ce8b186690db150566 does not exist in the directory 2b1d14a0-2c64-4c0f-ae25-b3195783fced. Check that you have the correct principal ID. If you are creating this principal and then immediately assigning a role, this error might be related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group. Now, I'm aware it is telling me to wait... is there a reasonable way to achieve this magically/automatically with Pulumi? Thank you!

Is there any more movement on https://github.com/pulumi/pulumi-azure-native/discussions/1834 ?

Hey folks! I'm curious if anyone else has run into this issue. I'm trying to import some manually created resources into my stack: an Azure virtual network gateway, local network gateway, and connection config for a VPN setup. However, when I try to import them (or indeed anything at all), the CLI throws an error from the Azure API:

azure-native:network:V20201101:subnet (GatewaySubnet):
    error: Preview failed: autorest/azure: Service returned an error. Status=400 Code="MissingApiVersionParameter" Message="The api-version query parameter (?api-version=) is required for all requests."

It looks like the Azure Native plugin for

pulumi.exe

isn't passing along the API version parameter, and I can't for the life of me figure out if I can provide that myself. I've tried supplying a provider version when giving the import command, but that hasn't worked. The Azure CLI doesn't seem to accept an environment variable to append such a value to all requests, either. Am I missing something, or is this a bug?

This message was deleted.

Hey all, Does anyone have a working example of creating an App Service with custom domain and free Azure cert? It’s not clear how to go about this, but I’ve assumed it is to create a

web.Certificate

and then apply it to the App Service using a

web.WebAppHostNameBinding

, however there are no enum values for the cert

DomainValidationMethod

arg, and I can’t find any worked examples. Unfortunately Azure doesn’t return a helpful error message to help track this one down:

autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="The parameter Properties.DomainValidationMethod has an invalid value."

Any idea how to deal with circular dependencies like these? • The domain cert requires a binding to exist for the domain, or else cannot create the cert. • The binding cannot set the thumbprint at creation time because of the above If there was a way of updating the binding with thumbprint after cert has been created, I would be all set.

var binding = new WebAppHostNameBinding($"binding.api{stack}.<http://domain.app|domain.app>", new WebAppHostNameBindingArgs
{
    Name = app.Name,
    ResourceGroupName = resourceGroup.Name,
    CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
    HostName = fulldomain,
    SiteName = app.Name,
    // Thumbprint = certificate.Thumbprint // Cannot set, need to create the managed domain cert first
    // SslState = SslState.SniEnabled // Cannot set, need to create the managed domain cert first
    
}, new CustomResourceOptions{ DependsOn = new CustomResource[] { txtRecord, cnameRecord }});

var certificate = new Certificate($"domain-app-cert-{stack}", new CertificateArgs
{
    ServerFarmId = appServicePlan.Id,
    ResourceGroupName = resourceGroup.Name,
    CanonicalName = fulldomain,
    HostNames = new[] { fulldomain }
}, new CustomResourceOptions {  DependsOn = binding}); // requires a hostname binding to exist for the domain

I don't know if you have heard of the Azure Developer CLI (azd, not to be confused with azure cli) which was released in public preview recently. It's a command line tool that can help you create, build, provision, and deploy a new application. Part of its scope is Infrastructure as Code of course, but it currently only supports bicep. Support for Terraform is coming next in their roadmap but support for Pulumi is currently not planned. One of the Azure Developer CLI PM has created an issue here to track the request for Pulumi support but it won't be prioritized without upvotes. This Azure Developer CLI looks promising and something I want to use it in the future, but with Pulumi code, not bicep or terraform code. Could you please upvote the issue to make this happen? Moreover, I think having support for Pulumi in such a tool would help Pulumi adoption for Azure users.

Has anyone got workload identity going with an AKS cluster? I’m looking for a way to do the equivalent of the following CLI command, but via Pulumi : az aks update \ --name $aksClusterName \ --resource-group $aksResourceGroupName \ --enable-oidc-issuer Thanks!

Does anyone know how I set the App Settings of a Static Site? I can't see the option in the docs.. https://www.pulumi.com/registry/packages/azure-native/api-docs/web/staticsite/#properties

Trying to create a storage account, I end up with this error. Am I doing something very wrong here (code in thread)?

azure-native:storage:StorageAccount (prometheus):
    error: resource partially created but read failed autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account xfgewrprometheus was not found.": autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account xfgewrprometheus was not found."

Hi there. I faced with an issue related to kubernetes provider. I have ManagedCluster configured and deployed to Azure. This cluster is used for Provider creation:

var aksProvider = new K8s.Provider("k8s-provider-dev", new ProviderArgs
            {
                KubeConfig = kubeConfig,
                Cluster = kubernetesCluster.Name,
            });

which I use for creation of kubernetes dashboard:

var kubeDashboard = new ConfigFile("my-kubernetes-dashboard", new ConfigFileArgs
            {
                File = "<https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml>"
            },
            new ComponentResourceOptions
            {
                Provider = aksProvider,
                DependsOn = aksProvider!
            });

It works fine when deployment of cluster happens for the first time but if I'm trying to change Virtual Machine size (which requires recreation of cluster) and deploy this update I get an error:

error: resource complete event returned an error: failed to verify snapshot: resource urn:pulumi:dev::MyProject::kubernetes:yaml:ConfigFile$kubernetes:core/v1:Namespace::kubernetes-dashboard refers to unknown provider urn:pulumi:dev::MyProject::pulumi:providers:kubernetes::k8s-provider-dev::650f67b5-a3be-423f-81be-5e8453bf9c4f
    error: update failed

Is there any workaround how to fix this issue or maybe I'm doing something wrong? Thank you!

Q about azure-native: KeyVault & Certificates. I’ve created a cert in a KeyVault, which I can fetch via

GetSecret.Invoke()

. But I don’t see any function to retrieve the Certificate (I need the thumbprint, for example. Any ideas?