https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • d

    dry-judge-83479

    08/12/2022, 10:45 AM
    Hi, I’m using Azure key-vault as encryption provider. But after initialising , whenever i’m selecting stack, it’s throwing an error. Can anyone please help me with this. Has anyone faced the similar issue
    error: constructing secrets manager of type "cloud": secrets (code=InvalidArgument): keyvault.BaseClient#Decrypt: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="BadParameter" Message="The parameter is incorrect.\r\n
    👀 1
  • b

    brainy-mechanic-83481

    08/12/2022, 2:58 PM
    Hi, anyone know if it is possible to set up an event hub api connection in an LogicApp in Pulumi? I’ve set the connectionString in ParameterValues, but I still get an error message in the logic app designer in the portal: Failed to save logic app la-my-logicapp. Some of the connections are not authorized yet. If you just created a workflow from a template, please add the authorized connections to your workflow before saving. Am I maybe missing some ParameterValues?
    //event hub connection
    var eventHubConnection = new AzureNative.Web.Connection("eventHubs", new AzureNative.Web.ConnectionArgs
            {
                ConnectionName = "eventhubs",
                ResourceGroupName = resourceGroup.Name,
                Location = resourceGroup.Location,
                Tags = config.Tags,
                Properties = new AzureNative.Web.Inputs.ApiConnectionDefinitionPropertiesArgs
                {
                    Api = new AzureNative.Web.Inputs.ApiReferenceArgs
                    {
                        DisplayName = "myEventHub",
                        Id = eventhubsApiId,
                        Name = "eventhubs",
                        Type = "Microsoft.Web/locations/managedApis"
                        
                    },
                    DisplayName = "eventHubBattery12VEvents",
                    ParameterValues =
                    {
                        { "connectionString", eventHub.EventHubNameSpaceRootPrimaryConnectionString },
                    },
    
                }
            });
    // logic app
    var laMyLogicApp = new Logic.Workflow("my-logic-app, new Logic.WorkflowArgs
            {
                Location = resourceGroup.Location,
                ResourceGroupName = resourceGroup.Name,
                Tags = config.Tags,
                
                Parameters =
                {
                    { "$connections", new AzureNative.Logic.Inputs.WorkflowParameterArgs
                        {
                            Value = new Dictionary<string, object>
                            {
                                { "eventHubs", new Dictionary<string, object>
                                {
                                    { "connectionId", eventHubConnection.Id },
                                    { "connectionName", "eventHubs" },
                                    { "id", eventhubsApiId }
                                } }
                            }
                        }
                    }
                },
  • f

    few-processor-89505

    08/15/2022, 10:47 AM
    Hey There o/ I'm trying to use Pulumi to create a FrontDoor. The issue we are having is that we cannot get the ID's for healthprobe or loadbalancer to be accepted. Here's what we tried: • Referring to the Output<string> ID of the created items • Using the simple
    name
    assigned to the items • Building the full ID (as seen in the current snippet) These are the vein of error we see:
    @ Updating....
    azure-native:network:FrontDoor frontdoor-mycocom-production creating error: Code="BadRequest" Message="Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/loadBalancingSettings/DefaultLoadBalancer detected for property Frontdoor.BackendPools[0].LoadBalancingSettings.Id; 
    Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/healthProbeSettings/DefaultHealthCheck detected for property Frontdoor.BackendPools[0].HealthProbeSettings.Id; 
    Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/loadBalancingSettings/DefaultLoadBalancer detected for property Frontdoor.BackendPools[1].LoadBalancingSettings.Id; 
    Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/healthProbeSettings/DefaultHealthCheck detected for property Frontdoor.BackendPools[1].HealthProbeSettings.Id; 
    Invalid child resource reference /subscriptions/{RedactedSubscriptionGuid}/resourceGroups/frontdoor-b2c-rsg-production/providers/Microsoft.Network/frontDoors/mycocom-production/frontendEndpoints/fe-myco-cdn-myco-com detected for property Frontdoor.RoutingRules[0].FrontendEndpoints[0].Id"
    Has anyone successfully created a FD with multiple front ends with Pulumi? What are we missing?
    FrontDoorCreation.cs
    n
    r
    • 3
    • 4
  • a

    adamant-waiter-67103

    08/15/2022, 3:26 PM
    Hey, how do we update KeyVault Access Policies once a vault has been created?
    b
    • 2
    • 18
  • m

    magnificent-bear-48902

    08/18/2022, 8:20 AM
    Hey, is there a way to assign a system assigned identity to a SignalR service?
    c
    • 2
    • 1
  • g

    glamorous-waitress-51149

    08/18/2022, 1:15 PM
    trying to create a container app and get this odd error - any ideas?
    azure-native:app:ContainerApp elaway-easee-src-cnx creating 
    @ Updating....
     +  azure-native:app:ContainerApp elaway-easee-src-cnx creating error: autorest/azure: Service returned an error. Status=<nil> <nil>
     +  azure-native:app:ContainerApp elaway-easee-src-cnx **creating failed** error: autorest/azure: Service returned an error. Status=<nil> <nil>
        pulumi:pulumi:Stack elaway-easee-src-cnx-staging running error: update failed
        pulumi:pulumi:Stack elaway-easee-src-cnx-staging **failed** 1 error; 18 messages
  • g

    glamorous-waitress-51149

    08/19/2022, 9:55 AM
    found the issue was our quota was reached, is there a way for pulumi to expose the underlying error, I had to go to the Azure UI and manually try and create it for me to see the error. cheers. @broad-dog-22463
    b
    • 2
    • 1
  • m

    microscopic-furniture-52860

    08/20/2022, 5:04 PM
    Hi, does anyone have a working example of creating a subnet with delegation? I’m looking to add a delegation for integration with an App Service. The example provided in the docs doesn’t have the details: https://www.pulumi.com/registry/packages/azure-native/api-docs/network/subnet/#create-subnet-with-a-delegation and I’m aware there’s an open Pulumi + MS docs issue for MS to provide example params. I stumbled upon this SO post but unfortunately it doesn’t include the working solution. Stuck on what other params should be beyond the service name:
    new DelegationArgs
    {
        ServiceName = "Microsoft.Web/serverFarms",
    }
  • n

    nutritious-businessperson-26985

    08/22/2022, 2:14 AM
    hi , I’m trying to import a CDN Rule , but the current API version on Azure-Native doesn’t seem to support the RouteConfigurationOverride action …. My goal is to modify the Caching behaviour on some Azure Front Door Routes by using RuleSets and Rules …. Here’s the error I’m getting when trying to Pulumi Import:
  • n

    nutritious-businessperson-26985

    08/22/2022, 2:15 AM
    this is the rule I am trying to import created via Azure Portal:
  • n

    nutritious-businessperson-26985

    08/22/2022, 2:16 AM
    anyone faced similar issue when managing Front Door caching via Pulumi ?
  • r

    rhythmic-optician-96353

    08/22/2022, 8:21 AM
    Hello. we are using pulumi to deploy some AKS environments, and suddenly Pulumi wants to recreate the cluster. however i dont undestand why. Pulumi wants to change a value to the same value and that triggers the replace?
  • s

    swift-apple-26877

    08/23/2022, 10:31 AM
    Is there a way to have Pulumi yml interact with Azure using Azure-Login? It works now by specifically adding each property of Azure credentials (Tenant ID, Sub ID, App ID, Cleint Secret) but to save space and time I wonder if this would work with Azure Login (with one GitHub secret for AZURE_CREDENTIALS) instead?
    d
    h
    • 3
    • 7
  • b

    better-pager-83988

    08/23/2022, 1:25 PM
    Hey, I'm trying to deploy VPN in Azure (OpenVPN + Certificates) but I cannot make the connection after all. If I generate certs manually with https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-certificates-point-to-site-linux it's fine. I'm using the TLS package: https://www.pulumi.com/registry/packages/tls/ Anyony has a working code maybe?
    • 1
    • 1
  • g

    glamorous-waitress-51149

    08/24/2022, 10:53 AM
    is there a way to add to a container app’s env vars the url of the container app that is being created? You can get the url like so
    Url      = Output.Format($"https://{app.Configuration.Apply(x => x!.Ingress).Apply(x => x!.Fqdn)}");
    but obviously it’s cyclic dependency issue, you’re trying to add the url to the envvars but the url doesn’t exist yet
    f
    • 2
    • 1
  • a

    adamant-waiter-67103

    08/24/2022, 11:01 AM
    Has anyone added
    IdentityProviders
    to a
    WebApp
    . I've got it set up, but the portal says that no identity provider has been added
    let createWebAppAuthSettingsV2 
            resourceNamer 
            resourceGroupName
            webAppName 
            webAppAuthSettings =
        WebAppAuthSettingsV2(resourceNamer "authsettings", WebAppAuthSettingsV2Args(
            Name = input webAppName,
            ResourceGroupName = input resourceGroupName,
            IdentityProviders = input (IdentityProvidersArgs(
                AzureActiveDirectory = input (AzureActiveDirectoryArgs(
                    Enabled = input true,
                    Registration = input (AzureActiveDirectoryRegistrationArgs(
                        ClientId = input webAppAuthSettings.ClientId,
                        ClientSecretSettingName = input webAppAuthSettings.ClientSecretSettingName,
                        OpenIdIssuer = input webAppAuthSettings.OpenIdIssuer
                    ))
                ))
            )),
            Login = input (LoginArgs(
                TokenStore = input (TokenStoreArgs(
                    Enabled = input true,
                    FileSystem = input (FileSystemTokenStoreArgs(
                        Directory = input "tokens"
                    ))
                ))
            )),
            HttpSettings = input (HttpSettingsArgs(
                RequireHttps = input true    
            )),
            GlobalValidation = input (GlobalValidationArgs(
                RequireAuthentication = input true,
                RedirectToProvider = input "Microsoft",
                UnauthenticatedClientAction = input (UnauthenticatedClientActionV2.Return403)
            ))
        ))
    Clearly one has... what am I missing?
  • q

    quaint-match-50796

    08/26/2022, 12:19 PM
    Is anyone facing issues when you create an AKS cluster and then run it again? Here it's trying to update the subnet, even if no updates were done in code. When some pool is added, there are some changes to the vnet regarding ipconfig. Pulumi is refreshing then, and it's trying to delete the subnet to recreate. What is non-sense, as the subnet is attached. For anyone interested in this. When you activate the virtual-node addon, Azure will enable private links and endpoints. Pulumi will recognize this change and it will try to recreate the vnet. After all, azure-native will try to recreate the vnet if any node_pool is added (which make changes to the ipConfiguration) and a refresh is triggered:
    azure-native:network:Subnet ferrajoli-subnet updated [diff: +ipConfigurations~etag]
    azure-native:network:VirtualNetwork ferrajoli-vnet updating [diff: -subnets]
    To avoid an error in each run, we had to set ignore_changes to subnets in vnet.
    b
    c
    • 3
    • 3
  • d

    damp-honey-93158

    08/29/2022, 10:14 AM
    Hi everyone! Using the pulumi automation API to run some tests - but up'ping one of my stacks. I often get the following errors: + azure-native:authorization:RoleAssignment role-assignment-IntTwkzlRG-acr-push creating error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal a284d038836544ce8b186690db150566 does not exist in the directory 2b1d14a0-2c64-4c0f-ae25-b3195783fced. Check that you have the correct principal ID. If you are creating this principal and then immediately assigning a role, this error might be related to a replication delay. In this case, set the role assignment principalType property to a value, such as ServicePrincipal, User, or Group. Now, I'm aware it is telling me to wait... is there a reasonable way to achieve this magically/automatically with Pulumi? Thank you!
    i
    • 2
    • 6
  • c

    curved-pharmacist-41509

    08/29/2022, 11:16 AM
    Is there any more movement on https://github.com/pulumi/pulumi-azure-native/discussions/1834 ?
  • f

    fast-vr-6049

    08/29/2022, 5:19 PM
    Hey folks! I'm curious if anyone else has run into this issue. I'm trying to import some manually created resources into my stack: an Azure virtual network gateway, local network gateway, and connection config for a VPN setup. However, when I try to import them (or indeed anything at all), the CLI throws an error from the Azure API:
    azure-native:network:V20201101:subnet (GatewaySubnet):
        error: Preview failed: autorest/azure: Service returned an error. Status=400 Code="MissingApiVersionParameter" Message="The api-version query parameter (?api-version=) is required for all requests."
    It looks like the Azure Native plugin for
    pulumi.exe
    isn't passing along the API version parameter, and I can't for the life of me figure out if I can provide that myself. I've tried supplying a provider version when giving the import command, but that hasn't worked. The Azure CLI doesn't seem to accept an environment variable to append such a value to all requests, either. Am I missing something, or is this a bug?
  • s

    sparse-intern-71089

    08/30/2022, 4:35 PM
    This message was deleted.
  • m

    microscopic-furniture-52860

    08/30/2022, 6:26 PM
    Hey all, Does anyone have a working example of creating an App Service with custom domain and free Azure cert? It’s not clear how to go about this, but I’ve assumed it is to create a
    web.Certificate
    and then apply it to the App Service using a
    web.WebAppHostNameBinding
    , however there are no enum values for the cert
    DomainValidationMethod
    arg, and I can’t find any worked examples. Unfortunately Azure doesn’t return a helpful error message to help track this one down:
    autorest/azure: Service returned an error. Status=400 Code="BadRequest" Message="The parameter Properties.DomainValidationMethod has an invalid value."
    👀 1
    c
    • 2
    • 3
  • c

    chilly-analyst-14900

    08/31/2022, 12:20 PM
    Any idea how to deal with circular dependencies like these? • The domain cert requires a binding to exist for the domain, or else cannot create the cert. • The binding cannot set the thumbprint at creation time because of the above If there was a way of updating the binding with thumbprint after cert has been created, I would be all set.
    var binding = new WebAppHostNameBinding($"binding.api{stack}.<http://domain.app|domain.app>", new WebAppHostNameBindingArgs
    {
        Name = app.Name,
        ResourceGroupName = resourceGroup.Name,
        CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
        HostName = fulldomain,
        SiteName = app.Name,
        // Thumbprint = certificate.Thumbprint // Cannot set, need to create the managed domain cert first
        // SslState = SslState.SniEnabled // Cannot set, need to create the managed domain cert first
        
    }, new CustomResourceOptions{ DependsOn = new CustomResource[] { txtRecord, cnameRecord }});
    
    var certificate = new Certificate($"domain-app-cert-{stack}", new CertificateArgs
    {
        ServerFarmId = appServicePlan.Id,
        ResourceGroupName = resourceGroup.Name,
        CanonicalName = fulldomain,
        HostNames = new[] { fulldomain }
    }, new CustomResourceOptions {  DependsOn = binding}); // requires a hostname binding to exist for the domain
    t
    m
    • 3
    • 10
  • m

    millions-journalist-34868

    08/31/2022, 1:58 PM
    I don't know if you have heard of the Azure Developer CLI (azd, not to be confused with azure cli) which was released in public preview recently. It's a command line tool that can help you create, build, provision, and deploy a new application. Part of its scope is Infrastructure as Code of course, but it currently only supports bicep. Support for Terraform is coming next in their roadmap but support for Pulumi is currently not planned. One of the Azure Developer CLI PM has created an issue here to track the request for Pulumi support but it won't be prioritized without upvotes. This Azure Developer CLI looks promising and something I want to use it in the future, but with Pulumi code, not bicep or terraform code. Could you please upvote the issue to make this happen? Moreover, I think having support for Pulumi in such a tool would help Pulumi adoption for Azure users.
    👍 1
    👁️ 1
  • d

    damp-honey-93158

    09/02/2022, 10:23 AM
    Has anyone got workload identity going with an AKS cluster? I’m looking for a way to do the equivalent of the following CLI command, but via Pulumi : az aks update \ --name $aksClusterName \ --resource-group $aksResourceGroupName \ --enable-oidc-issuer Thanks!
    r
    • 2
    • 3
  • s

    straight-restaurant-537

    09/04/2022, 10:42 PM
    Does anyone know how I set the App Settings of a Static Site? I can't see the option in the docs.. https://www.pulumi.com/registry/packages/azure-native/api-docs/web/staticsite/#properties
    t
    • 2
    • 2
  • m

    most-mouse-38002

    09/05/2022, 10:47 AM
    Trying to create a storage account, I end up with this error. Am I doing something very wrong here (code in thread)?
    azure-native:storage:StorageAccount (prometheus):
        error: resource partially created but read failed autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account xfgewrprometheus was not found.": autorest/azure: Service returned an error. Status=404 Code="StorageAccountNotFound" Message="The storage account xfgewrprometheus was not found."
    c
    • 2
    • 3
  • l

    lively-mouse-58570

    09/06/2022, 7:41 AM
    Hi there. I faced with an issue related to kubernetes provider. I have ManagedCluster configured and deployed to Azure. This cluster is used for Provider creation:
    var aksProvider = new K8s.Provider("k8s-provider-dev", new ProviderArgs
                {
                    KubeConfig = kubeConfig,
                    Cluster = kubernetesCluster.Name,
                });
    which I use for creation of kubernetes dashboard:
    var kubeDashboard = new ConfigFile("my-kubernetes-dashboard", new ConfigFileArgs
                {
                    File = "<https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml>"
                },
                new ComponentResourceOptions
                {
                    Provider = aksProvider,
                    DependsOn = aksProvider!
                });
    It works fine when deployment of cluster happens for the first time but if I'm trying to change Virtual Machine size (which requires recreation of cluster) and deploy this update I get an error:
    error: resource complete event returned an error: failed to verify snapshot: resource urn:pulumi:dev::MyProject::kubernetes:yaml:ConfigFile$kubernetes:core/v1:Namespace::kubernetes-dashboard refers to unknown provider urn:pulumi:dev::MyProject::pulumi:providers:kubernetes::k8s-provider-dev::650f67b5-a3be-423f-81be-5e8453bf9c4f
        error: update failed
    Is there any workaround how to fix this issue or maybe I'm doing something wrong? Thank you!
  • c

    chilly-analyst-14900

    09/07/2022, 8:01 PM
    Q about azure-native: KeyVault & Certificates. I’ve created a cert in a KeyVault, which I can fetch via
    GetSecret.Invoke()
    . But I don’t see any function to retrieve the Certificate (I need the thumbprint, for example. Any ideas?
    m
    • 2
    • 5
  • i

    icy-doctor-13719

    09/09/2022, 4:11 PM
    Does anyone else use
    AzureNative.Cache.Redis
    ? And if so … does it always take 25 minutes to deploy via commandline but is actually created in a few seconds in ARM? Not sure if this is a Pulumi problem or on MSFT side
    a
    f
    • 3
    • 6
Powered by Linen
Title
i

icy-doctor-13719

09/09/2022, 4:11 PM
Does anyone else use
AzureNative.Cache.Redis
? And if so … does it always take 25 minutes to deploy via commandline but is actually created in a few seconds in ARM? Not sure if this is a Pulumi problem or on MSFT side
it’s pretty consistent
a

ancient-megabyte-79588

09/10/2022, 5:31 PM
I don't know what the ARM templates (and process) are doing but provisioning a RedisCache via the portal takes a long time too
i

icy-doctor-13719

09/10/2022, 5:31 PM
25mins+?
a

ancient-megabyte-79588

09/10/2022, 5:32 PM
Not in my region, but usually 10-15 minutes iirc
👍 1
f

fast-vr-6049

09/12/2022, 5:07 PM
I definitely see this happen when I create redis caches too
🙌 2
i

icy-doctor-13719

09/12/2022, 5:07 PM
thanks! wanted to make sure i wasn’t crazy. much appreciated
View count: 4