https://pulumi.com logo
Docs
Join the conversationJoin Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
azure
  • r

    ripe-russia-4239

    10/20/2022, 7:46 AM
    Hi all, has anyone had any luck registering ARM resource providers using Pulumi? The API is published (e.g. here), but I haven't been able to find the corresponding resource(s) in the azure-native SDK
    m
    • 2
    • 2
  • i

    icy-doctor-13719

    10/21/2022, 1:56 PM
    I am using an
    AzureNative.Sql.Server
    database. I want to make a small configuration change to the DB server, but pulumi wants to delete and replace the entire database server, all of the databases, etc. Is there a way to avoid this? I’ve tried making the change manually and
    pulumi refresh
    as well with same results.
    c
    • 2
    • 9
  • w

    white-helicopter-55877

    10/23/2022, 10:29 AM
    Hi, does someone has a good example of integration of the cert-manager using letsencrypt ? The cert-manager keeps complaining about unsupported hooks.
  • a

    adventurous-mechanic-24805

    10/24/2022, 9:07 AM
    Hi all, I have created a key vault with default access policy as mentioned in https://www.pulumi.com/registry/packages/azure-native/api-docs/keyvault/vault and I have even changed the permissions based on https://www.pulumi.com/registry/packages/azure/api-docs/keyvault/keyvault/#keyvaultaccesspolicy, I want to add the roles
    Key Vault Crypto Officer
    and
    Key Vault Secrets Officer
    to the objectId, but I cannot set it somehow. After running Pulumi using azure-pipelines, everytime I go to Secrets tab in Key vault, I see the following error:
    The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.
    How can I make it visible with the objectId?
    r
    • 2
    • 3
  • m

    most-mouse-38002

    10/24/2022, 3:14 PM
    As far as I understand, the pulumi backend for Azure blog storage not support authenticating this way? https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
    b
    m
    • 3
    • 5
  • g

    gorgeous-accountant-60580

    10/25/2022, 9:03 AM
    When creating Postgresql instances in Azure, we’ve found that some Configuration settings require that the instance is rebooted after applying the setting. I suspect we’ll have to use the SDK directly to do the restart, but is there a natural way to do this in our Pulumi program?
  • m

    most-mouse-38002

    10/26/2022, 1:29 PM
    Is it possible to do this using azure-native, or do I need to use azure-classic? https://learn.microsoft.com/en-us/azure/key-vault/secrets/overview-storage-keys#create-a-key-vault-managed-storage-account
  • n

    numerous-country-59137

    11/01/2022, 4:55 PM
    Hi! Anyone know what's going on here? I'm trying to build a my provider; however, it's yelling at me that it can't find the resource group (almost as if it's trying to build the kubeconfig/provider before the resource group is even created). error:
    Service returned an error. Status=404 Code="ResourceGroupNotFound" Message="Resource group '{resourceGroupName}' could not be found."
    code:
    kube_creds = Output.all(
        resource_group_name=networking.resource_group,
        aks_name=aks_cluster.aks_cluster).apply(
            lambda args: containerservice.list_managed_cluster_admin_credentials(
                resource_group_name=args['resource_group_name'].name,
                resource_name=args['aks_name'].name))
    s
    • 2
    • 2
  • b

    bored-activity-40468

    11/02/2022, 2:09 PM
    Anyone have issues with hanging when trying to create a
    ManagedEnvironment
    for ContainerApp? Using
    AzureNative
    , basically example from the docs. The env gets created but pulumi hangs.
    c
    • 2
    • 18
  • i

    icy-doctor-13719

    11/03/2022, 5:05 PM
    looks like this is known issue: https://github.com/pulumi/pulumi-azure-native/issues/1738
  • b

    better-agent-38563

    11/07/2022, 3:42 PM
    How do I create a "Deployment Slot Setting" in configuration when creating a function app using Pulumi? (I'm using C#). I can add configuration settings, but they are typed as a NameValuePairArgs, so there's not an opportunity to set a Boolean for the deployment slot setting.
    m
    • 2
    • 2
  • s

    straight-sunset-92336

    11/08/2022, 8:44 AM
    Hi! I'm having some issues creating a Application Gateway for AKS ingress. According to the documentation from MS; https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing It's possible to create the App gateway without specifying frontendport and backendpool:
    az network application-gateway create -n myApplicationGateway -l eastus -g myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100
    This doesn't work through pulumi. This is the code I'm trying to use:
    export class itssappgw extends ComponentResource {
        constructor(
            name: string,
            args: appgwArgs,
            options?: ComponentResourceOptions,
        ) {
            super(`pkg:ITSS:appgw`, `ITSS:appgw`)
            const AppGateway = new ApplicationGateway(name, {
                applicationGatewayName: name,
                resourceGroupName: args.resgrp,
                sku: {
                    capacity: 3,
                    name: "Standard_v2",
                    tier: "Standard_v2"
                },
                frontendIPConfigurations: [{
                    name: "appGatewayFrontendIP",
                    publicIPAddress: {
                        id: args.publicip
                    },
                }],
                gatewayIPConfigurations: [{
                    name: "appGatewayFrontendIP",
                    subnet: {
                        id: args.subnet
                    },
                }],
            }, { deleteBeforeReplace: true, parent: this }
            );
        }
    }
    But I get error that it's missing frontendport:
    error: Code="ApplicationGatewayMustHaveAtleastOneResourceOfType" Message="At least one FrontendPort resource must be specified for the Application Gateway /subscriptions/xxxxxxxxxxx/resourceGroups/RG-Name/providers/Microsoft.Network/applicationGateways/GitHubActionRunnersAppGW." Details=[]
    Shouldn't this be possible through pulumi too?
  • b

    bulky-kite-69343

    11/09/2022, 3:11 PM
    Hello, I am trying to set the Azure SQL Server Connection Policy. Is there any way to do this in pulumi? It doesn't seem to be an option in C#
    Pulumi.AzureNative.Sql.Server
    any help would be appreciated as this is something we have to change from default to proxy.
    c
    • 2
    • 1
  • r

    rhythmic-crowd-40243

    11/11/2022, 2:04 PM
    Hello All. I’m trying to create a string like this:
    "<http://black-walnut-0f9d0590f-stg.eastus2.2.azurestaticapps.net|black-walnut-0f9d0590f-stg.eastus2.2.azurestaticapps.net>"
    Using the following code:
    Output.Tuple(staticSite.DefaultHostname, resourceGroup.Location)
          .Apply(x => x.Item1.ToSlotUrlWithEnvironment(env, x.Item2))
    But the result is:
    "black-walnut-0f9d0590f-stg.Pulumi.Input`1[System.String].<http://2.azurestaticapps.net|2.azurestaticapps.net>"
    The
    staticSite.DefaultHostname
    is handled as expected, but
    resourceGroup.Location
    is using the object name instead of the expected value “eastus2” Am I doing something wrong?
    • 1
    • 1
  • r

    rhythmic-crowd-40243

    11/12/2022, 8:06 AM
    Hello, All. I have a web app service that requires the
    DefaultHostName
    to be the value of a JWT based setting. Prior to this requirement, we’re injecting the app settings into the
    WebApp
    resource:
    var apiAppService = new WebApp($"{appNamePart}-api-{_stackName}", new WebAppArgs
                {
                    Location = resourceGroup.Location,
                    ResourceGroupName = resourceGroup.Name,
                    ServerFarmId = Output.Format($"{appServicePLan}"),
                    HttpsOnly = true,
                    
                    SiteConfig = new SiteConfigArgs
                    {
                        AppSettings = appSettings,
                        // 64 Bit not available on "Free" and "Shared" tiers only on "Basic," "Standard" and above.
                        // Change app service plan to enable
                        Use32BitWorkerProcess = false,
                        // az webapp list-runtimes --os-type linux
                        LinuxFxVersion = "DOTNETCORE|6.0",
                        MinTlsVersion = SupportedTlsVersions.SupportedTlsVersions_1_2,
                        FtpsState = FtpsState.FtpsOnly,
                        // Only support for the Basic and Standard plans disabled for now.
                        AlwaysOn = true,
                        VnetRouteAllEnabled = true
                    },
                    Identity = new ManagedServiceIdentityArgs
                    {
                        Type = ManagedServiceIdentityType.UserAssigned,
                        UserAssignedIdentities = Helpers.GetManagedIdentity(_managedIdentities[_stackName])
                    },
                    Tags = standardTags
                });
    However, because the
    DefaultHostname
    is a late arriving value, we’ll need to change how we push the app settings using the `WebAppApplicationSettings`:
    var appServiceSetting = new WebAppApplicationSettings(
                    $"{appNamePart}-api-{_stackName}-app-settings-jwt", 
                    new WebAppApplicationSettingsArgs
                    {
                        ResourceGroupName = resourceGroup.Name,
                        Name = apiAppService.Name,
                        Properties = appSettings.ToInputMap()
                    },
                    new CustomResourceOptions
                    {
                        Parent = apiAppService,
                        DependsOn = apiAppService
                    });
    But it appears it’s not as simple as it sounds.
    SiteConfigArgs.AppSettings
    expects the type
    InputList<NameValuePairArgs>
    but
    WebApplicationSettingsArgs.Properties
    expects
    InputMap<string>
    . At first I tried to convert
    appSettings
    to the required input map with an extension method, but haven’t had success. This is my non working attempt:
    public static InputMap<string> ToInputMap(this InputList<NameValuePairArgs> inputList)
            {
                var inputMap = inputList
                    .Apply(list => Output
                        .All(list.Select(s => Output.Tuple(s.Name!, s.Value!))))
                    .Apply(list =>
                    {
                        var map = new InputMap<string>();
                        foreach (var (key, value) in list) 
                        {
                            map.Add(key, value);
                        }
    
                        return map;
                    });
    
                return inputMap;
            }
    The problem with my implementation is the returned result is
    <Output<InputMap<string>>
    instead of the expected
    InputMap<string>
    so I’m wondering, is it possible to convert a
    InputList
    to an
    InputMap
    ? Also curious, what’s the reason for the two different types representing app settings between the
    WebApp
    and
    WebAppApplicationSettings
    ?
  • l

    limited-rainbow-51650

    11/14/2022, 6:23 AM
    If you are using our Azure Native provider with the Go SDK, please read the Go SDK deprecation and migration discussion on Github. Please provide any feedback you might have! 🙏🏼
  • a

    ambitious-alligator-62127

    11/14/2022, 2:32 PM
    Anyone successfully deploy HDInsights-kafka with the pulumi azure native? If so, could you share your pulumi code? I'm getting the error: "Internal error. Errors:The request payload is invalid.". Looking at the pulumi details and comparing it to an ARM export of an existing HDInsights-kafka cluster, I am not seeing a difference. Thanks
    • 1
    • 2
  • b

    better-shampoo-48884

    11/15/2022, 9:06 AM
    Tried searching a bit here, but couldn't really find it. We're hitting a bug (or well, documented limit) in azure - it is not possible to have more than 10 deployment locations (i.e. where the
    deployment
    itself is run from, not where the resources are). I do not see any option of setting
    deploymentLocation
    anywhere - I would think this could be a provider level command. In Bicep or throgh powershell/az-cli you can run stuff like this:
    az deployment sub create --location <region> ---template file....
    where the
    <region>
    is the region of the `deployment`NOT the actually deployed resources. I would very much like to know if a similar parameter is possible in pulumi. Source of limitation: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#management-group-limits
    • 1
    • 2
  • a

    ambitious-alligator-62127

    11/15/2022, 8:01 PM
    Hello, working on creating a SAS token for my Azure storage and using:
    deployment_resources_container_sas = storage.list_storage_account_sas(
        account_name=storage_account.name,
        resource_group_name=resource_group,
    ...
    However, account_name only excepts str | none. Is that a bug? Certainly, you would want to know that the storage account needs to be available first in the Pulumi background orchestration. Anyone else run into this? How did you get around it? Thanks.
    • 1
    • 1
  • p

    powerful-lock-28175

    11/16/2022, 6:38 PM
    hi. a little help request: how do I deploy an Azure Function using a Docker image with Pulumi Native?
  • p

    powerful-lock-28175

    11/16/2022, 6:38 PM
    thanks.
  • p

    powerful-lock-28175

    11/16/2022, 6:39 PM
    (I'm using Python - but I imagine no major changes across different languages)
  • b

    billowy-tiger-6272

    11/17/2022, 3:08 AM
    Is there anu example of the Azure Native Provider resouce about how it is used in a Pulumi project? https://www.pulumi.com/registry/packages/azure-native/installation-configuration/#create-your-service-principal-and-get-your-tokens
    i
    • 2
    • 5
  • m

    most-mouse-38002

    11/17/2022, 6:07 PM
    Is it not possible to lock down
    Pulumi,<stack>.yaml
    in a way that you can encrypt secrets, but not decrypt them? Apparently having
    Microsoft.KeyVault/vaults/keys/encrypt/action
    is not enough, one also needs decrypt?
    b
    • 2
    • 9
  • g

    great-mouse-52242

    11/18/2022, 5:44 PM
    Hi all! New to pulumi, question for you all on getting access to nested map output. Hopefully an easy one. Using azure go. For a
    ManagedCluster.IdentityProfile
    , I want to get the nested
    kubeletidentity.clientId
    from the map. It seems like I use some variation of
    ApplyT
    but I'm not sure if it is idiomatic, see thread. Any tips?
    f
    • 2
    • 2
  • w

    witty-pharmacist-42636

    11/19/2022, 4:52 PM
    Hi guys. I have a question or improvement suggestion. I have Python abstraction layer over Azure resources that looks like this:
    sb_namespace = ServiceBusNamespace("playlist-357", resource_group)
    main_topic = ServiceBusTopic("main", sb_namespace)
    
    new_track_queue = ServiceBusQueue("new-track", sb_namespace)
    track_play_queue = ServiceBusQueue("track-play", sb_namespace)
    find_track_queue = ServiceBusQueue("find-track", sb_namespace)
    
    main_topic.subscribe(new_track_queue),
    main_topic.subscribe(track_play_queue)
    main_topic.subscribe(find_track_queue)
    The weird thing that happens is that Queues, Topics i Subscribe are created in parallel to Service Bus Namespace, but they cannot be created if there is no namespace. CLI Output:
    ❯ pulumi up
    Previewing update (prod)
    
    View Live: <https://app.pulumi.com/macieyng/playlist-357/prod/previews/bbd5b50d-4515-4f2b-a9a4-c34285b216f8>
    
         Type                                     Name               Plan       
         pulumi:pulumi:Stack                      playlist-357-prod             
     +   ├─ azure-native:servicebus:Topic         main-sbt           create     
     +   ├─ azure-native:servicebus:Namespace     playlist-357-sbns  create     
     +   ├─ azure-native:servicebus:Queue         track-play-sbq     create     
     +   ├─ azure-native:servicebus:Queue         new-track-sbq      create     
     +   ├─ azure-native:servicebus:Queue         find-track-sbq     create     
     +   ├─ azure-native:servicebus:Subscription  track-play-sbsub   create     
     +   ├─ azure-native:servicebus:Subscription  new-track-sbsub    create     
     +   └─ azure-native:servicebus:Subscription  find-track-sbsub   create     
    
    
    Resources:
        + 8 to create
        1 unchanged
    
    Do you want to perform this update? yes
    Updating (prod)
    
    View Live: <https://app.pulumi.com/macieyng/playlist-357/prod/updates/19>
    
         Type                                     Name               Status                  Info
         pulumi:pulumi:Stack                      playlist-357-prod  **failed**              1 error
     +   ├─ azure-native:servicebus:Topic         main-sbt           **creating failed**     1 error
     +   ├─ azure-native:servicebus:Namespace     playlist-357-sbns  created (65s)           
     +   ├─ azure-native:servicebus:Queue         track-play-sbq     **creating failed**     1 error
     +   ├─ azure-native:servicebus:Queue         new-track-sbq      **creating failed**     1 error
     +   ├─ azure-native:servicebus:Subscription  track-play-sbsub   **creating failed**     1 error
     +   ├─ azure-native:servicebus:Queue         find-track-sbq     **creating failed**     1 error
     +   ├─ azure-native:servicebus:Subscription  find-track-sbsub   **creating failed**     1 error
     +   └─ azure-native:servicebus:Subscription  new-track-sbsub    **creating failed**     1 error
    
    
    Diagnostics:
      azure-native:servicebus:Queue (new-track-sbq):
        error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
    
      azure-native:servicebus:Subscription (track-play-sbsub):
        error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
    
      azure-native:servicebus:Subscription (new-track-sbsub):
        error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
    
      pulumi:pulumi:Stack (playlist-357-prod):
        error: update failed
    
      azure-native:servicebus:Topic (main-sbt):
        error: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'playlist-357-sbns' not found."
    
      azure-native:servicebus:Queue (track-play-sbq):
        error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
    
      azure-native:servicebus:Queue (find-track-sbq):
        error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
    
      azure-native:servicebus:Subscription (find-track-sbsub):
        error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
    
    Resources:
        + 1 created
        1 unchanged
    
    Duration: 1m11s
    So other resources should be created after the Namespace exist, because it’s a parent resource and I had to run that two times to create resources. Is it possible to define resource creation steps?
    m
    • 2
    • 1
  • f

    flaky-school-82490

    11/19/2022, 7:13 PM
    Hi #azure! Is there a way to retrieve an Azure AppConfiguration Store access keys when creating it using Pulumi? I could not find it in the doc. Something along those lines: https://learn.microsoft.com/en-us/powershell/module/az.appconfiguration/get-azappconfigurationstorekey?view=azps-9.1.0
    c
    • 2
    • 1
  • h

    hundreds-jackal-10148

    11/21/2022, 2:25 AM
    Can Azure App Service webjobs be configured/deployed with Pulumi? If so, how?
    b
    • 2
    • 4
  • e

    early-yak-11036

    11/25/2022, 10:21 AM
    Hello all! Is it possible to create a "Child DNS Zone" from Pulumi?
    i
    • 2
    • 4
Powered by Linen
Title
e

early-yak-11036

11/25/2022, 10:21 AM
Hello all! Is it possible to create a "Child DNS Zone" from Pulumi?
i

icy-doctor-13719

11/25/2022, 3:28 PM
i think you would use the standard zone resource type for this:
https://www.pulumi.com/registry/packages/azure-native/api-docs/network/zone/
and then create SOA record indicating that it’s a child zone
e

early-yak-11036

11/28/2022, 10:46 AM
I didnt read this! thanks for the response! 🙂
View count: 3