adventurous-mechanic-24805
10/24/2022, 9:07 AMKey Vault Crypto Officer
and Key Vault Secrets Officer
to the objectId, but I cannot set it somehow.
After running Pulumi using azure-pipelines, everytime I go to Secrets tab in Key vault, I see the following error:
The operation is not allowed by RBAC. If role assignments were recently changed, please wait several minutes for role assignments to become effective.
How can I make it visible with the objectId?most-mouse-38002
10/24/2022, 3:14 PMgorgeous-accountant-60580
10/25/2022, 9:03 AMmost-mouse-38002
10/26/2022, 1:29 PMnumerous-country-59137
11/01/2022, 4:55 PMService returned an error. Status=404 Code="ResourceGroupNotFound" Message="Resource group '{resourceGroupName}' could not be found."
code:
kube_creds = Output.all(
resource_group_name=networking.resource_group,
aks_name=aks_cluster.aks_cluster).apply(
lambda args: containerservice.list_managed_cluster_admin_credentials(
resource_group_name=args['resource_group_name'].name,
resource_name=args['aks_name'].name))
bored-activity-40468
11/02/2022, 2:09 PMManagedEnvironment
for ContainerApp? Using AzureNative
, basically example from the docs. The env gets created but pulumi hangs.icy-doctor-13719
11/03/2022, 5:05 PMbetter-agent-38563
11/07/2022, 3:42 PMstraight-sunset-92336
11/08/2022, 8:44 AMaz network application-gateway create -n myApplicationGateway -l eastus -g myResourceGroup --sku Standard_v2 --public-ip-address myPublicIp --vnet-name myVnet --subnet mySubnet --priority 100
This doesn't work through pulumi. This is the code I'm trying to use:
export class itssappgw extends ComponentResource {
constructor(
name: string,
args: appgwArgs,
options?: ComponentResourceOptions,
) {
super(`pkg:ITSS:appgw`, `ITSS:appgw`)
const AppGateway = new ApplicationGateway(name, {
applicationGatewayName: name,
resourceGroupName: args.resgrp,
sku: {
capacity: 3,
name: "Standard_v2",
tier: "Standard_v2"
},
frontendIPConfigurations: [{
name: "appGatewayFrontendIP",
publicIPAddress: {
id: args.publicip
},
}],
gatewayIPConfigurations: [{
name: "appGatewayFrontendIP",
subnet: {
id: args.subnet
},
}],
}, { deleteBeforeReplace: true, parent: this }
);
}
}
But I get error that it's missing frontendport:
error: Code="ApplicationGatewayMustHaveAtleastOneResourceOfType" Message="At least one FrontendPort resource must be specified for the Application Gateway /subscriptions/xxxxxxxxxxx/resourceGroups/RG-Name/providers/Microsoft.Network/applicationGateways/GitHubActionRunnersAppGW." Details=[]
Shouldn't this be possible through pulumi too?bulky-kite-69343
11/09/2022, 3:11 PMPulumi.AzureNative.Sql.Server
any help would be appreciated as this is something we have to change from default to proxy.rhythmic-crowd-40243
11/11/2022, 2:04 PM"<http://black-walnut-0f9d0590f-stg.eastus2.2.azurestaticapps.net|black-walnut-0f9d0590f-stg.eastus2.2.azurestaticapps.net>"
Using the following code:
Output.Tuple(staticSite.DefaultHostname, resourceGroup.Location)
.Apply(x => x.Item1.ToSlotUrlWithEnvironment(env, x.Item2))
But the result is:
"black-walnut-0f9d0590f-stg.Pulumi.Input`1[System.String].<http://2.azurestaticapps.net|2.azurestaticapps.net>"
The staticSite.DefaultHostname
is handled as expected, but resourceGroup.Location
is using the object name instead of the expected value “eastus2”
Am I doing something wrong?rhythmic-crowd-40243
11/12/2022, 8:06 AMDefaultHostName
to be the value of a JWT based setting. Prior to this requirement, we’re injecting the app settings into the WebApp
resource:
var apiAppService = new WebApp($"{appNamePart}-api-{_stackName}", new WebAppArgs
{
Location = resourceGroup.Location,
ResourceGroupName = resourceGroup.Name,
ServerFarmId = Output.Format($"{appServicePLan}"),
HttpsOnly = true,
SiteConfig = new SiteConfigArgs
{
AppSettings = appSettings,
// 64 Bit not available on "Free" and "Shared" tiers only on "Basic," "Standard" and above.
// Change app service plan to enable
Use32BitWorkerProcess = false,
// az webapp list-runtimes --os-type linux
LinuxFxVersion = "DOTNETCORE|6.0",
MinTlsVersion = SupportedTlsVersions.SupportedTlsVersions_1_2,
FtpsState = FtpsState.FtpsOnly,
// Only support for the Basic and Standard plans disabled for now.
AlwaysOn = true,
VnetRouteAllEnabled = true
},
Identity = new ManagedServiceIdentityArgs
{
Type = ManagedServiceIdentityType.UserAssigned,
UserAssignedIdentities = Helpers.GetManagedIdentity(_managedIdentities[_stackName])
},
Tags = standardTags
});
However, because the DefaultHostname
is a late arriving value, we’ll need to change how we push the app settings using the `WebAppApplicationSettings`:
var appServiceSetting = new WebAppApplicationSettings(
$"{appNamePart}-api-{_stackName}-app-settings-jwt",
new WebAppApplicationSettingsArgs
{
ResourceGroupName = resourceGroup.Name,
Name = apiAppService.Name,
Properties = appSettings.ToInputMap()
},
new CustomResourceOptions
{
Parent = apiAppService,
DependsOn = apiAppService
});
But it appears it’s not as simple as it sounds. SiteConfigArgs.AppSettings
expects the type InputList<NameValuePairArgs>
but WebApplicationSettingsArgs.Properties
expects InputMap<string>
. At first I tried to convert appSettings
to the required input map with an extension method, but haven’t had success. This is my non working attempt:
public static InputMap<string> ToInputMap(this InputList<NameValuePairArgs> inputList)
{
var inputMap = inputList
.Apply(list => Output
.All(list.Select(s => Output.Tuple(s.Name!, s.Value!))))
.Apply(list =>
{
var map = new InputMap<string>();
foreach (var (key, value) in list)
{
map.Add(key, value);
}
return map;
});
return inputMap;
}
The problem with my implementation is the returned result is <Output<InputMap<string>>
instead of the expected InputMap<string>
so I’m wondering, is it possible to convert a InputList
to an InputMap
? Also curious, what’s the reason for the two different types representing app settings between the WebApp
and WebAppApplicationSettings
?limited-rainbow-51650
11/14/2022, 6:23 AMambitious-alligator-62127
11/14/2022, 2:32 PMbetter-shampoo-48884
11/15/2022, 9:06 AMdeployment
itself is run from, not where the resources are). I do not see any option of setting deploymentLocation
anywhere - I would think this could be a provider level command. In Bicep or throgh powershell/az-cli you can run stuff like this:
az deployment sub create --location <region> ---template file....
where the <region>
is the region of the `deployment`NOT the actually deployed resources. I would very much like to know if a similar parameter is possible in pulumi.
Source of limitation:
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/azure-subscription-service-limits#management-group-limitsambitious-alligator-62127
11/15/2022, 8:01 PMdeployment_resources_container_sas = storage.list_storage_account_sas(
account_name=storage_account.name,
resource_group_name=resource_group,
...
However, account_name only excepts str | none. Is that a bug? Certainly, you would want to know that the storage account needs to be available first in the Pulumi background orchestration. Anyone else run into this? How did you get around it? Thanks.powerful-lock-28175
11/16/2022, 6:38 PMpowerful-lock-28175
11/16/2022, 6:38 PMpowerful-lock-28175
11/16/2022, 6:39 PMbillowy-tiger-6272
11/17/2022, 3:08 AMmost-mouse-38002
11/17/2022, 6:07 PMPulumi,<stack>.yaml
in a way that you can encrypt secrets, but not decrypt them? Apparently having Microsoft.KeyVault/vaults/keys/encrypt/action
is not enough, one also needs decrypt?great-mouse-52242
11/18/2022, 5:44 PMManagedCluster.IdentityProfile
, I want to get the nested kubeletidentity.clientId
from the map. It seems like I use some variation of ApplyT
but I'm not sure if it is idiomatic, see thread. Any tips?witty-pharmacist-42636
11/19/2022, 4:52 PMsb_namespace = ServiceBusNamespace("playlist-357", resource_group)
main_topic = ServiceBusTopic("main", sb_namespace)
new_track_queue = ServiceBusQueue("new-track", sb_namespace)
track_play_queue = ServiceBusQueue("track-play", sb_namespace)
find_track_queue = ServiceBusQueue("find-track", sb_namespace)
main_topic.subscribe(new_track_queue),
main_topic.subscribe(track_play_queue)
main_topic.subscribe(find_track_queue)
The weird thing that happens is that Queues, Topics i Subscribe are created in parallel to Service Bus Namespace, but they cannot be created if there is no namespace.
CLI Output:
❯ pulumi up
Previewing update (prod)
View Live: <https://app.pulumi.com/macieyng/playlist-357/prod/previews/bbd5b50d-4515-4f2b-a9a4-c34285b216f8>
Type Name Plan
pulumi:pulumi:Stack playlist-357-prod
+ ├─ azure-native:servicebus:Topic main-sbt create
+ ├─ azure-native:servicebus:Namespace playlist-357-sbns create
+ ├─ azure-native:servicebus:Queue track-play-sbq create
+ ├─ azure-native:servicebus:Queue new-track-sbq create
+ ├─ azure-native:servicebus:Queue find-track-sbq create
+ ├─ azure-native:servicebus:Subscription track-play-sbsub create
+ ├─ azure-native:servicebus:Subscription new-track-sbsub create
+ └─ azure-native:servicebus:Subscription find-track-sbsub create
Resources:
+ 8 to create
1 unchanged
Do you want to perform this update? yes
Updating (prod)
View Live: <https://app.pulumi.com/macieyng/playlist-357/prod/updates/19>
Type Name Status Info
pulumi:pulumi:Stack playlist-357-prod **failed** 1 error
+ ├─ azure-native:servicebus:Topic main-sbt **creating failed** 1 error
+ ├─ azure-native:servicebus:Namespace playlist-357-sbns created (65s)
+ ├─ azure-native:servicebus:Queue track-play-sbq **creating failed** 1 error
+ ├─ azure-native:servicebus:Queue new-track-sbq **creating failed** 1 error
+ ├─ azure-native:servicebus:Subscription track-play-sbsub **creating failed** 1 error
+ ├─ azure-native:servicebus:Queue find-track-sbq **creating failed** 1 error
+ ├─ azure-native:servicebus:Subscription find-track-sbsub **creating failed** 1 error
+ └─ azure-native:servicebus:Subscription new-track-sbsub **creating failed** 1 error
Diagnostics:
azure-native:servicebus:Queue (new-track-sbq):
error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
azure-native:servicebus:Subscription (track-play-sbsub):
error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
azure-native:servicebus:Subscription (new-track-sbsub):
error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
pulumi:pulumi:Stack (playlist-357-prod):
error: update failed
azure-native:servicebus:Topic (main-sbt):
error: autorest/azure: Service returned an error. Status=404 Code="ParentResourceNotFound" Message="Can not perform requested operation on nested resource. Parent resource 'playlist-357-sbns' not found."
azure-native:servicebus:Queue (track-play-sbq):
error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
azure-native:servicebus:Queue (find-track-sbq):
error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
azure-native:servicebus:Subscription (find-track-sbsub):
error: autorest/azure: Service returned an error. Status=404 Code="NamespaceNotFound" Message="Namespace 'playlist-357-sbns' already deleted"
Resources:
+ 1 created
1 unchanged
Duration: 1m11s
So other resources should be created after the Namespace exist, because it’s a parent resource and I had to run that two times to create resources.
Is it possible to define resource creation steps?flaky-school-82490
11/19/2022, 7:13 PMhundreds-jackal-10148
11/21/2022, 2:25 AMearly-yak-11036
11/25/2022, 10:21 AMrefined-guitar-81055
11/25/2022, 8:28 PMrefined-guitar-81055
11/25/2022, 8:28 PMrefined-guitar-81055
11/25/2022, 8:29 PMrefined-guitar-81055
11/25/2022, 8:30 PM