Azure 'WebApp' => How to set 'WebApp - DiagnosticSettings' => Hi all! I need to set the Diagnostic Settings of my azure webapp via Pulumi/TypeScript. For this I have identified the resource type 'WebAppDiagnosticLogsConfiguration'. I need to set the following Diagnostic Settings available in Azure Portal: - HTTP Logs - App Service Console Logs - App Service Application Logs But unfortunately there is no property in 'WebAppDiagnosticLogsConfiguration' for these settings (e.g. for 'App Service Console Logs'). What am I doing wrong or which resource should I use to set the Diagnostic Settings?

Update: seems to be the same issue as this one: https://github.com/pulumi/pulumi-azure-native/issues/1751 Hi pulumiers! Noob question coming your way... I'm creating an Azure File share - it's about as simple as I can get it, yet each time I run the code I end up with a series of changes being detected on the file share which causes the thing to be re-deployed - and presumably due to the way Azure takes "some time" to do this I get errors during the up (due to the share being deleted by Azure): here's the wonderful code to get a storage account + share

Storage = new StorageAccount($"{InputArgs.DevOpsProjectShortName}store", new StorageAccountArgs()
{
    EnableHttpsTrafficOnly = true,
    EnableNfsV3 = false,
    Kind = "StorageV2",
    ResourceGroupName = Runtime.InfraResGroupName,
    Location = InputArgs.Location,
    Sku = new Pulumi.AzureNative.Storage.Inputs.SkuArgs()
    {
        Name = "Standard_LRS"
    },
    AllowBlobPublicAccess = false
});

StorageFileShare = new FileShare($"{InputArgs.DevOpsProjectName}share", new()
{
    AccountName = Storage.Name,
    ResourceGroupName = Runtime.InfraResGroupName,
    ShareName = "migration"
});

I am a little confused... I don't know why the pulumi system thinks that the file share is worth replacing... this is the partial output from a subsequent pulumi up (with refresh and diff): [provider=urnpulumicreditor-test:projectspulumiprovidersazure nativedefault 1 73 0:bb23b3b0-c386-4ed9-8f78-0f5c59555be7] - accessTier: "TransactionOptimized" - shareQuota: 5120 --outputs:-- - accessTier : "TransactionOptimized" - accessTierChangeTime: "2022-09-15T123340.0000000Z" - etag : "\"0x8DA971685991300\"" - lastModifiedTime : "2022-09-15T123341.0000000Z" - shareQuota : 5120 --outputs:-- Help appreciated and thank you!

Curious if anyone has gotten Managed (Preview) certificates to work in Azure APIM. https://github.com/pulumi/pulumi-azure-native/blob/28e21fd728e80fdc2878c760a6e6f4c[…]Management/V20211201Preview/Inputs/HostnameConfigurationArgs.cs

Hi. I hope someone can help me. I am using

azure-native

on pulumi and am trying to import an existing blobcontainer to my pulumi stack. My issue is that I can't figure out how to get the

ID

for the blobcontainer. I have gotten the storage account imported but am not able to find the ID for the container as provided in the example here. Does anyone know what azure cli command I can run to get the ID? I have tried

storage container show

but that does not return an ID in the format as shown in the example import statement.

Is it possible to directly zip deploy a package to an App Service/ Azure Function without having to use an external package stored in a blob? I have seen this issue in the classic provider that has been closed, but I was wondering if the azure native provider supports that. I guess I could write some custom C# code to directly call the zipdeploy endpoint in an Apply method but it was buil-in Pulumi I think it would be better.

I’m having some trouble looking up a VirtualNetwork. I have the name of the AKS cluster it is used by, and I’m getting the cluster.NodeResourceGroup property. That gives me the ResourceGroup that the VirtualNetwork is in. I know the VirtualNetwork has a name that matches “aks-vnet-12345678”, but I don’t know the exact name. Is it possible to do it this way? Is there a better way? My end goal is to create a VirtualNetworkLink from a new PrivateZone to the cluster’s VirtualNetwork

General Question: For the Azure Native provider it doesn't seem to support the ability to set up Sql Server or Database Audit Policies with Log Analytics Work Spaces, however its available via the CLI this also appears to be the case for the Azure Classic Provider as well. Am I correct here, or am I missing a version that supports this?

Hi, We have an existing azure container registry in different subscription (sub1) and we try to add this registry when create an azure container app in different subscription (sub2)

var containerApp= new ContainerApp(appName, new ContainerAppArgs
            {
                Configuration = new ConfigurationArgs
                {
                    Dapr = new DaprArgs
                   {
                     AppPort = 80,
                     AppProtocol = "http",
                     Enabled = true,
                   },
                    Ingress = new IngressArgs
                    {
                        External = false,
                        TargetPort = 80
                    },
                    Secrets = new InputList<SecretArgs>
                    {
                        new SecretArgs { Name = "registry-password", Value = "testpassword"}
                    },
                    Registries = new InputList<RegistryCredentialsArgs>   // From other subscription
                    {
                        new RegistryCredentialsArgs
                        {
                            Server ="<http://testacr.azurecr.io|testacr.azurecr.io>",
                            Username = "testacr",
                            PasswordSecretRef = "registry-password"
                        }
                    }
                }
}

but get ERROR: The resource with name 'testacr' and type 'Microsoft.ContainerRegistry/registries' could not be found in subscription 'sub2'. In workaround I have tried following CLI command to add registry from other subscription to container app and it works az containerapp registry set -n MyContainerapp -g MyResourceGroup --server MyExistingContainerappRegistry.azurecr.io --username MyRegistryUsername --password MyRegistryPassword Do we have any similar workaround in Pulumi?

I'm seeing an issue with deploying changes to an already running App Service, and the application files being completed wiped post deploy. Just experienced it, where the Pulumi changes were simply adding some diagnostic settings to the app service and adding some app settings for a Application Insights instance. I would expect to see the ap p service restart due to the app setting changes, but not a wipe of the application code completely.. Has anyone else experienced anything similar?

I have worked around this by authenticating with a service principal. Any ideas why az login way does not work?

Has anyone had any success deploying new subscriptions with Pulumi (

Pulumi.AzureNative.Subscription.Alias

)? I'm trying to achieve this in line with the "Landing Zones" architecture, but Pulumi just hangs during the

preview

operation 😕

Hello, team! Does Pulumi have the functionality to manage users for MSSQL database (not the server admin user)? If not, do you have any ideas to implement it on your own?

I recently updated to v3.40.2 and am migrating my resources to use azure-native. While attempting to import, I received the below error. I am not able to find any related issue through GitHub.

error: Preview failed: autorest/azure: Service returned an error. Status=400 Code="MissingApiVersionParameter" Message="The api-version query parameter (?api-version=) is required for all requests."

How can I use Pulumi to create a host key for a web app configured to run azure functions? Thanks Alan

Hello Im creating a simple Virtual Network using the Azure Native library which works fine. I then create 3 Subnets using the same library and it connects onto the VNET no problem. When I go to do a simple pulumi refresh after all resources have been created it will remove it from the VNET causing my next pulumi up command to fully delete the subnet. Has anyone experienced this issue before? This is my first time using this library am I just missing something simple?

With 3.42.0, messaging is now coming through by default on every cli command for azureblob backend. Any way to suppress these?

2022/10/10 10:12:39 azureblob: constructed service URL: <azure storage account url>
2022/10/10 10:12:39 azureblob.URLOpener: using shared key credentials

Hi Guys,

I’m creating a DB with the azure-native provider, and setting some configuration flags on the database. If I add more than a handful of flags, I see errors which I believe are due to rate limiting from the Azure API. We have had this problem using Terraform, as well. Is it possible to restrict how often Pulumi calls out to the API, to avoid this? I’m creating a dbforpostgresql.Server and about 20 flags using dbforpostgresql.Configuration. Alternatively, is there some better way to do this? Using the GCP API, the equivalent of this is to include a list of flags when creating the server. The way this works in Azure feels very clumsy.

Is there any plan to support creation of Cognitive Search Indexes in the azure-native plugin? Azure REST calls: https://learn.microsoft.com/en-us/rest/api/searchservice/create-index Pulumi Search (service only): https://www.pulumi.com/registry/packages/azure-native/api-docs/search/

I was trying to configure public network access settings for storage accounts using the

pulumi-azure-native

Python SDK (seems to apply to all languages though) and there seems to be a missing property. The property is

public_network_access

which sets network access configurations for a storage account (see screenshot from Azure Portal). This property was introduced in the Azure API spec for storage accounts in

2021-06-01

but the provider seems to be generating the SDK based on a very old spec

2021-02-01

with 5 newer versions available, the newest being

2022-05-01

and Azure using

2021-09-01

in their docs. Azure REST API docs, showing version 2021-09-01, with the property available: https://learn.microsoft.com/en-us/rest/api/storagerp/storage-accounts/create?tabs=HTTP Pulumi’s storage.StorageAccount where the property was first available: https://github.com/pulumi/pulumi-azure-native/blob/master/sdk/python/pulumi_azure_native/storage/v20210601/storage_account.py#L43 Current storage.StorageAccount: https://github.com/pulumi/pulumi-azure-native/blob/master/sdk/python/pulumi_azure_native/storage/storage_account.py Questions • How come the SDK is based on such an old spec for storage accounts? • Is it considered okay to use other versions of the spec in code? Like referencing:

storage.v20220501.storage_account

Is it possible to spin up the new Postgres cosmos db with pulumi yet?

Morning all. Anyone know if the new Log Compaction feature in Azure Event Hubs is available in Pulumi yet?

Has anyone had success creating/deploying a private AKS from an Az Hosted agent?

I'm trying to create an azure Redis instance at the Basic SKU. When I execute pulumi up, it fails because

"Code="InvalidRequestBody" Message="The value of the parameter 'properties.subnetId' is invalid."

However specifying a subnet ID is only available at the Premium SKU and gives this error if specified:

Message="Feature properties.subnetId requires a Premium sku to be set.

I'm not really sure how to get this to work at the basic tier. I've tired setting

PublicNetworkAccess: "Enabled"

, but still get the same issue

Nevermind I figured it out, I had to remove the StaticIP property

Is there a recommended way to include a file as a dependency to a Pulumi Command and trigger an update if that file changes? I have a Command that uploads a file to a filestore by calling

az storage file upload

but would like an update to be triggered if the file contents changes. I could possibly hack around this by changing the filename each time, but that’s not ideal and easily forgotten. Unfortunately this doesn’t look like it’s supported in the spec even though it was in az classic: https://pulumi-community.slack.com/archives/C84L4E3N1/p1648163487694929?thread_ts=1648066957.732819&cid=C84L4E3N1 I briefly looked into a Dynamic Provider but that’s not supported in dotnet. Any suggestions welcome 🙂

Hello, trying to setup and AKS cluster with a public ip as load-balancer and a domain name. I tried several options using the following project : https://github.com/hostettler/pulumi-az-test I end up with a working AKS cluster (great!) , that has a load-balancer (amazing!), on a public ip (fantastic!), but with an fqdn that is not linked to the public ip of the load-balancer (huh!). I tried to 1) extract the public ip to force the domain but I did not manage to do it. I get the resource id of the public id created but I cannot cast it as a public ip object to set the domain. Meaning how to load a public ip object from a public ip resource-id. "/subscriptions/XXXXXX-XXX-XX-XXXx-XXXXXXXXXXXX/resourceGroups/MC_XXXXX_XXXXX_aksCluster5632b82_eastus/providers/Microsoft.Network/publicIPAddresses/XXXXX-XXXX-XXX-XXX-XXXXXXXXX" 2) tries to add a public ip to the cluster but that ip, while having a good fqdn is not used by the load-balancer Any idea on how to address. Solving either would be ok with me? Thanks a lot in advance

Hi all, has anyone had any luck registering ARM resource providers using Pulumi? The API is published (e.g. here), but I haven't been able to find the corresponding resource(s) in the azure-native SDK

I am using an

AzureNative.Sql.Server

database. I want to make a small configuration change to the DB server, but pulumi wants to delete and replace the entire database server, all of the databases, etc. Is there a way to avoid this? I’ve tried making the change manually and

pulumi refresh

as well with same results.

Hi, does someone has a good example of integration of the cert-manager using letsencrypt ? The cert-manager keeps complaining about unsupported hooks.