• a

    acoustic-dress-83560

    2 months ago
    Hi, I am having trouble with some Azure permissions for Pulumi. I have a python script which executes in two subscriptions, accessing the second subscription fails despite the app registration having contributor access to both subs. This is the error:
    Exception: invoke of azure-native:storage:listStorageAccountKeys failed: invocation of azure-native:storage:listStorageAccountKeys returned an error: request failed /subscriptions/#######-####-####-####-##########/resourceGroups/rg-core-westeurope-management-81fc415a/providers/Microsoft.Storage/storageAccounts/filesad2a48ab/listKeys: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '<mailto:my.email@domain.com|my.email@domain.com>' with object id 'dd9058c3-b6eb-4368-9a1c-3572f102d292' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope '/subscriptions/#######-####-####-####-##########/resourceGroups/rg-core-westeurope-management-81fc415a/providers/Microsoft.Storage/storageAccounts/filesad2a48ab' or the scope is invalid. If access was recently granted, please refresh your credentials."
    I've tried refreshing credentials as it says. I'm sure it has the right permissions. The client is my Azure account, which only had read access over these resources. If I provide myself with full access, then this works, but is not the solution. Does anyone know where to go from here?
  • h

    happy-parrot-60128

    2 months ago
    Hello Azure users! We're planning a V2 release in the near future and can share this advanced plan with you https://github.com/pulumi/pulumi-azure-native/discussions/1834
  • w

    wet-noon-14291

    2 months ago
    If I have set all the
    azure-native
    properties in my
    Pulumi.<stack>.yaml
    file, I thought they would be used if I do
    new azure.Provider(<name>)
    in the code, but that doesn't seem to be the case in my case.... or maybe I've got it wrong?
    w
    h
    24 replies
    Copy to Clipboard
  • a

    ancient-solstice-53934

    2 months ago
    Hi, I am creating Azure Container Registry using Pulumi Native 'new AzureNative.ContainerRegistry.Registry()'. but i don't see any Identity property to create service principal. My requirement is not to pass Container Registry Admin Password when pulling images here az containerapp up --name [--registry-password] [--registry-server] [--registry-username] Any work around?
    a
    1 replies
    Copy to Clipboard
  • b

    bored-airplane-19518

    2 months ago
    Hey there, I'm trying to define an App Service (Linux) with an Azure Premium Files storage mount, but I can't seem to find anything in the documentation for Web App that will allow me to configure this.. Is there something I'm missing? 🤔
  • a

    ancient-solstice-53934

    2 months ago
    I am suddenly started getting this issue. Earlier it was working 2022-07-19T08:00:31.6135610Z Diagnostics: 2022-07-19T08:00:31.6136187Z azure:keyvault:KeyVault (vault): 2022-07-19T08:00:31.6138404Z error: Error reading resource group: resources.GroupsClient#Get: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailed" Message="The client '63f4427e-993c-4160-9dd6-e5731454b566' with object id '63f4427e-993c-4160-9dd6-e5731454b566' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/c4ef5634-9b63-482c-9c5a-8a19aa8b47a6/resourcegroups/RG-CL-US-AppleServices-Dev' or the scope is invalid. If access was recently granted, please refresh your credentials." Microsoft.Resources/subscriptions/resourcegroups/read permissions already there. It works for same resource group from other stack
    a
    b
    6 replies
    Copy to Clipboard
  • a

    able-engineer-79880

    2 months ago
    I'm importing a couple of large functioning subscriptions into pulumi then generalising the code so I can control all of my environments as stacks within the same project. I'm having a bit of trouble with ApplicationGateway as it is a huge resource with massive amounts of custom configuration. I've found that by using Azure Classic for the VirtualNetwork I can effectively break subnets out into separate pulumi resources even though they are really part of a big monolithic Azure Resource. I'm hoping there is some way to do something similar with ApplicationGateway to break it down into smaller pulumi resources to make it more manageable. Has anyone done something similar or know if it's possible? Thanks.
  • i

    icy-jordan-58549

    2 months ago
    Diagnostics:
      azure-native:network:VirtualNetworkLink (registry-dns-link):
        error: building auth config: obtain subscription(905952ee-ddfb-4ede-9fb3-cf768804753e) from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1
    i
    t
    +1
    8 replies
    Copy to Clipboard
  • w

    wet-noon-14291

    2 months ago
    Anyone that has provisioned an aks cluster and then want to update the node pools? I thought changing the kubernetes version on the
    ManagedCluster
    would do, but apparently the node pools has their own version set somewhere else. I configure the node pools in the
    agentPoolProfiles
    property, but I can't see anything with version there.
    w
    c
    5 replies
    Copy to Clipboard
  • a

    ancient-solstice-53934

    2 months ago
    Hi Team, Env- .Net Core and Pulumi What is role back mechanism for Partially created resources if application breaks with some exception. If we run again with same names it fails (using Key Vault)https://www.pulumi.com/docs/support/faq/ Is there any other way apart from manually deleting them?