Hello Everyone, I am trying to use Pulumi with Yaml file and when I try to do

pulumi preview

, I get the following error:

Previewing update (shared.shared):
     Type                                     Name                       Plan       Info
 +   pulumi:pulumi:Stack                      svcmeshdemo-shared.shared  create
     └─ azure-native:resources:ResourceGroup  resourceGroup                         1 error


Diagnostics:
  azure-native:resources:ResourceGroup (resourceGroup):
    error: azure-native:resources:ResourceGroup resource 'resourceGroup' has a problem: 'resourceGroupName' does not match expression '^[-\w\._\(\)]+$'

My

Pulumi.yaml

file is as follows:

name: svcmeshdemo
runtime: yaml
description: A minimal Azure Native Pulumi YAML program
config:
  env:
    type: string
    default: ${env}
  project:
    type: string
    default: ${project}
  projectShort:
    type: string
    default: ${projectShort}
  customer:
    type: string
    default: ${customer}
  customerShort:
    type: string
    default: ${customerShort}
  namePrefix:
    type: string
    default: ${customerShort}-${projectShort}
  namePrefixCleaned:
    type: string
    default: ${customerShort}${projectShort}

resources:
  # Create an Azure Resource Group
  resourceGroup:
    type: azure-native:resources:ResourceGroup
    properties:
      resourceGroupName: ${namePrefix}-${env}
      tags:
        Project: ${project}
        Environment: ${env}
        Source: Pulumi
        Customer: ${customer}
        Creator: ${customer}

Does anyone know what the problem is and how to fix it? Thanks 🙂

I'm creating an AKS cluster and I want to change the SKU to standard only if its in the production environment. I have a variable "environment" passed in so I basically want the conditional to be if (environment == "production") { loadbalancersku = "standard" } under the cluster network profile arguments. However, I'm not sure the best way to handle that in pulumi? Do I use two completely different cluster constructs with an if statement in front, or is there a way to just apply the conditional to the one property? I'm using C# for context.

I guess the weird thing about it is the property doesn't exist at all in the other environments

Hi all! I want to deploy a resource that is currently not in pulumi_azure_native since the API is not publicly exposed yet. Is there any way to override the api-version and provide custom parameters to a resource creation call?

Using Azure-Native how are Pulumi.AzureNative.Network.Inputs.LoadBalancingRuleArgs added to an existing Pulumi deployed AzureNative.Network.LoadBalancer? Adding AzureNative.Network.Inputs.LoadBalancingRuleArgs to AzureNative.Network.LoadBalancer on initial provisioning results in incorrectly provisioned BackendPools. (Possible bug) The crux of that misconfiguration is inability to configure backendIPConfigurations. The behavior we are looking for is akin to "az network lb address-pool create"

Hi all, I'm trying to create a synapse work space and have the managed private endpoint + linked service configured in pulumi, however I wasnt able to find any related resource for synapse managed private endpoint or synapse linked service. Does anyone know if there is existing resource that could shed me some light ?

Hello! Quick question... I am looking for this, https://www.pulumi.com/registry/packages/azure/api-docs/storage/sharefile/, but then for Azure Native. It looks like it is not there yet, correct?

I am using @pulumi/azure-native to create three different resources... a) VirtualNetwork, b) Subnet and c) VirtualNetworkPeering. I am not defining the subnet or peerings in the VirtualNetwork resource and they are rather three separate resources. It deploys fine, no issue. If I run another

pulumi up

after the successful deployment, Pulumi wants to update the VirtualNetwork resource to delete the subnet and peerings. Obviously, I dont want it to do that. This is strange behavior. How can I resolve it? Thanks!

Hello, when using Azure postgres db, anyone know how I would go about replicating this in Pulumi?

GRANT azure_pg_admin TO <new_user>;

I'm very new to Pulumi and ran into a question when authenticating using a service principal. Short-version, I'm doing a basic proof of concept just looking to create a management group hierarchy within Azure. When running this locally, I had no problems at all. However, now that i'm trying to incorporate that into an Azure DevOps pipeline (using a service principal), it's tossing out an error that: "A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret." In the documentation, I see one of the required tokens that must be made available to Pulumi is the ARM_SUBSCRIPTION_ID. However, since I am provisioning management groups, there is no subscription per se... Is there any way around this? Something along the lines of the Azure CLI --allow-no-subscriptions flag that provides tenant level access.

Hi. Could it be that it impossible to enable sftp on a storage account via Pulumi? Referring to the flag

isSftpEnabled

here https://learn.microsoft.com/en-us/azure/templates/microsoft.storage/2022-09-01/storageaccounts?pivots=deployment-language-arm-template#stora[…]acc-1 I can't find anything in the current documentation https://www.pulumi.com/registry/packages/azure-native/api-docs/storage/storageaccount/

Ah, ok. I can use the corresponding RMApi Spec https://github.com/pulumi/pulumi-azure-native/blob/master/sdk/nodejs/storage/v20220901/storageAccount.ts

Does anyone know how to create subpartitions in C# for CosmosDb if I do this I get an error returned: Too many partition key paths (2) specified. A maximum of 1 is allowed

new SqlContainerResourceArgs
{
  Id = "questionnaireResponses",
  PartitionKey = new ContainerPartitionKeyArgs { Paths = { "/domain", "/contractType" }, Kind = "Hash" },
}

Is there a way to add a new version to a Secret in KeyVault? If I use azure-native.keyvault.Secret it throughs an error saying "cannot create already existing resource". Can't see anything that allows me to just add a new version

var secret = new Secret($"keyname", new SecretArgs
        {
            Properties = new SecretPropertiesArgs
            {
                Attributes = new SecretAttributesArgs
                {
                    Enabled = true,
                },
                Value = "SecretValue",
            },
            SecretName = "keyname",
            ResourceGroupName = configResourceGroup.Name,
            VaultName = vault.Name,
        });

I have a question regarding configuring Pulumi CI/CD with Azure DevOps Given this

azure-pipeline.yaml

what value should the

azureSubscription

property be? Seems to me that it should be the

guid

of the Service Connection but that won't work and neither does the A*zure Subscription* id... 🤷‍♂️

jobs:
  - job: deploy_infrastructure
    displayName: Deploy Infrastructure
    condition: or(eq(variables['Build.Reason'], 'Manual'),or(eq(variables['Build.Reason'], 'PullRequest'),eq(variables['Build.Reason'], 'IndividualCI')))
    pool:
      vmImage: ubuntu-latest
    variables:
      - group: Infrastructure
    steps:
      - checkout: self
        submodules: true
      - task: Npm@1
        displayName: Install dependencies
        inputs:
          command: "install"
          workingDir: "./Infrastructure/"
      - task: Pulumi@1
        displayName: Deploy Infrastructure
        env:
          PULUMI_ACCESS_TOKEN: $(PULUMI_ACCESS_TOKEN)
        inputs:
          command: "up"
          args: "--yes --diff --refresh --non-interactive --skip-preview"
          cwd: "./Infrastructure/"
          stack: "dev"
          createStack: true
          azureSubscription: "???"

Hi Team, Is there any plan to support Workload Identity for authentication in Pulumi?

is cosmos db for postgres supported by azure-native library?

Hey folks! I'm looking at setting up an Event Hubs Namespace, and I noticed that it only lists

Basic

and

Standard

as sku options. You can make a

Dedicated

Event Hubs sku using the Cluster resource. The one that's missing is the Premium sku, and I'm not sure how to create an Event Hub Namespace on that sku. Is it as simple as setting the

sku

strings to

Premium

, even though that's not listed as valid inputs for the

sku

object?

Trying to create a certificate using Azure Classic, but can't get my code to compile policy is an object created from CertificateCertificatePolicyArgs. Have also tried wrapping it in an Output.Create Cannot implicitly convert type 'Pulumi.Output<Pulumi.Azure.KeyVault.Inputs.CertificateCertificatePolicyArgs>' to 'Pulumi.Input<Pulumi.Azure.KeyVault.Inputs.CertifiateCertificatePolicyArgs>' I'm using the C# .NET SDK

var certificate = new Certifiate($"cer-{platform}-sp-{stackName}", new CertifiateArgs
        {
            KeyVaultId = vault.Id,
            CertificatePolicy = policy
        });

Hi How do you define paramaters for resources in yaml file?

config:
  azure-native:location: westeurope
  azure:skipProviderRegistration: "true"
  rdpd-dft:FunctionApp:
    FunctionAppServicePlan: asp-dft-weeu-ingest-dev-02
    FunctionApps:
      - FunctionAppName: func-dft-weeu-ingest-dev-02
        FunctionAppStorageAccount: strdftingestweeudev02
      - FunctionAppName: func-dft-weeu-ingest-logging-dev-02
        FunctionAppStorageAccount: strdftingestweeudev02
      - FunctionAppName: func-dft-weeu-persist-dev-02
        FunctionAppStorageAccount: strdftpersistweeudev2
  rdpd-dft:StorageAccounts:
    StorageAccounts:
      - strdftassetsvcweeudev2
      - strdftdevicevcweeudev2
      - strdftdatavcweeudev2
      - strdftuservcweeudev2
      - strdftpersistweeudev2
  rdpd-dft:FunctionAppServicePlans:
    FunctionAppServicePlans:
      - asp-dft-weeu-ingest-dev-02
      - asp-dft-weeu-persist-dev-02

I have this config, but I need to be more precise regarding parameters(like storage account, service plan based on each env). Do I need to create a block per each function name? like this:

rdpd-dft:FunctionApp:func-dft-weeu-ingest-dev-02:
    FunctionAppServicePlan: asp-dft-weeu-ingest-dev-02
    FunctionAppName: func-dft-weeu-ingest-dev-02

👋 I believe there's an issue with the the Go github.com/pulumi/pulumi-azure-native-sdk and

pulumi plugin install

. When running

pulumi plugin install

, it fails with:

error: [resource plugin azure-native-sdk-1.95.0] downloading from : failed to download plugin: azure-native-sdk-1.95.0: 403 HTTP error fetching plugin from <https://get.pulumi.com/releases/plugins/pulumi-resource-azure-native-sdk-v1.95.0-darwin-arm64.tar.gz>

Which is expected as the plugin name is

azure-native

, not

azure-native-sdk

. I had a look at Pulumi code, and if I'm not mistaken, the issue is the following one:

go list -m -json -mod=mod all
....
....
{
        "Path": "<http://github.com/pulumi/pulumi-azure-native-sdk|github.com/pulumi/pulumi-azure-native-sdk>",
        "Version": "v1.95.0",
        "Time": "2023-02-13T15:33:12Z",
        "Dir": "/Users/vincent.boulineau/Documents/Dev/Go/pkg/mod/github.com/pulumi/pulumi-azure-native-sdk@v1.95.0",
        "GoMod": "/Users/vincent.boulineau/Documents/Dev/Go/pkg/mod/cache/download/github.com/pulumi/pulumi-azure-native-sdk/@v/v1.95.0.mod",
        "GoVersion": "1.17"
}
{
        "Path": "<http://github.com/pulumi/pulumi-azure-native-sdk/compute|github.com/pulumi/pulumi-azure-native-sdk/compute>",
        "Version": "v1.95.0",
        "Time": "2023-02-13T15:33:12Z",
        "Dir": "/Users/vincent.boulineau/Documents/Dev/Go/pkg/mod/github.com/pulumi/pulumi-azure-native-sdk/compute@v1.95.0",
        "GoMod": "/Users/vincent.boulineau/Documents/Dev/Go/pkg/mod/cache/download/github.com/pulumi/pulumi-azure-native-sdk/compute/@v/v1.95.0.mod",
        "GoVersion": "1.17"
}
....
....

There's a

pulumi-plugin.json

giving the name

azure-native

at

Go/pkg/mod/github.com/pulumi/pulumi-azure-native-sdk@v1.95.0/pulumi-plugin.json

But there isn't any at

Go/pkg/mod/github.com/pulumi/pulumi-azure-native-sdk/compute@v1.95.0/pulumi-plugin.json

Hence, it returns

azure-native-sdk

as a plugin name, which, in fact, does not exist (Still the same with `1.97.0`: https://github.com/pulumi/pulumi-azure-native-sdk/tree/master/compute) I believe the fix is to emit a

pulumi-plugin.json

for all generated split package, which implies modifying this function: https://github.com/pulumi/pulumi-azure-native/blob/master/provider/cmd/pulumi-gen-azure-native/main.go#L257-L270 I can open a PR for that but I'd like to check that is the preferred way to fix, as I can also see some other ways to fix it.

Hey! Is there a way to get the virtual network id for a given AKS cluster using the azure native provider? The networks have randomly generated names and I can't figure out how to list/filter them.

How do you set the Identity of an Event Topic, there's no Identity property in the TopicArgs class. This can be set through the Azure Portal. I'm using the C# SDK

Hello, Is there is a reason why the default API version for ACR is so old? https://www.pulumi.com/registry/packages/azure-native/api-docs/containerregistry/registry/#create API Version: 2019-05-01. Seems that this version does not support encryption.

Hello #azure I have an issue where I am trying to use Pulumi.AzureNative.Authorization.RoleAssignment to assign microsoft built rbac. I need to assign one rbac to many roles for instance a group of developers and a group of testers. However when I have the same rbac in succession during a pulumi up I get a duplicate URN error. It looks like the URN is generated automatically and there isn't much I can do about that. It appears that for role assignment it is pulumi:urn:<stack>:&lt;project&gt;:azure-native:authorization:RoleAssignment::<roleassignmentName> which means that the two urns end up being the same. is there any suggestion here?

I am trying to set up a WebAppSlot for a WebApp resource (created in the same script). I am getting the following error

azure-native:web/v20181101:WebAppSlot (slotResource):
    error: autorest/azure: Service returned an error. Status=<nil> <nil>

which is not helpful at all. The pulumi github issues with similar errors say to search the Azure logs for that resource, but the problem is that the resource does not exist on Azure since the creation failed. The provisioning script for the WebAppSlot looks like this (TypeScript):

const slotResource = new web.v20181101.WebAppSlot(
    "slotResource",
    {
      name: siteResource.name,
      resourceGroupName: resourceGroupVar.name,
      location: locationParam,
      slot: pulumi.interpolate`${siteResource.name}-deployment`,
      serverFarmId: appServicePlan?.name ?? serverFarmIdParam,
    },
    {
      dependsOn: dependencies,
    }
  );

resourceGroupVar is used in the WebApp, so that works. siteResource is the WebApp itself, and the resource exist. It is also added to the dependencies list (which WebAppSlot relies depends on). locationParam is the same as for the WebApp. slot is uncertain if it works or not. The intention is to dynamically create the slot naming based on the WebApp name. serverFarmId is the same logic as for the WebApp. Are there any "next steps" for troubleshooting this in a systematic or coherent way, that allows me to read the specific error message in more detail and work from there?

Hi .. has any one tried creating virtual network gateway, its seems like Azure doesn’t like the api.

p_vnet_gateway[vnet][p_gw_name] = azure_native.network.v20220901.VirtualNetworkGateway(p_gw_name,
                                                                active_active=active_active_mode,
                                                                enable_bgp=True,
                                                                enable_dns_forwarding=True,
                                                                enable_private_ip_address=True,
                                                                gateway_type="Vpn",
                                                                ip_configurations=[config for config in ip_config_data],
                                                                location=location,
                                                                resource_group_name=rg[vnet].id,
                                                                sku=azure_native.network.VirtualNetworkGatewaySkuArgs(
                                                                    name=sku,
                                                                    tier=sku,
                                                                ),
                                                                virtual_network_gateway_name=p_gw_name,
                                                                vpn_type="RouteBased",
                                                                vpn_gateway_generation="Generation2",
                                                                tags=tags
                                                                )

azure-native:network/v20220901:VirtualNetworkGateway (system_test_west_us_2_vnet_1_brownfield_vnet_gw):
    error: Code="Failed" Message="The async operation failed." AdditionalInfo=[{"message":"No HTTP resource was found that matches the request URI '<https://management.azure.com/subscriptions/1804e4de-f4f1-4306-a60a-b932d5e8d90b/resourceGroups/subscriptions/1804e4de-f4f1-4306-a60a-b932d5e8d90b/resourceGroups/system_test_west_us_2_vnet_1_westus2_rg517fbff6/providers/Microsoft.Network/virtualNetworkGateways/system_test_west_us_2_vnet_1_brownfield_vnet_gw?api-version=2022-09-01>'."}]

Hi, I’m trying to specify a specific user-assigned managed identity (that has KV rights) when creating an AKS cluster. I know to use the azureKeyvaultSecretsProvider settings (via ManagedClusterAddonProfileArgs), but that only lets me set the Enabled and Config values - which results in the cluster creating its own managed identity for the secrets provider. I want to provide my own where the RBAC in Azure is already set up. Is it possible in to specify my own user assigned managed identity client id / object id during cluster creation time for the secrets store provider?

Anyone have any thoughts about deploying containers to Azure Container Instances via Pulumi? They're in that weird intersection of "infrastructure" and "runtime" that I'm not sure if Pulumi is a good fit or not.