adorable-airline-89422
08/24/2023, 6:41 AMawait stack.SetAllConfigAsync(new Dictionary<string, ConfigValue>
{
{ "azure-native:location", new ConfigValue(environment.CloudLocation) },
{ "azure-native:subscriptionId", new ConfigValue(environment.AzureSubscriptionId.ToString()) },
{ "azure-native:clientId", new ConfigValue(_settings.ServicePrincipal.ClientId) },
{ "azure-native:clientSecret", new ConfigValue(_settings.ServicePrincipal.ClientSecret, true) },
{ "azure-native:tenantId", new ConfigValue(_settings.AzureSubscriptions.First().TenantId) }
});
This has worked great until now when the service principal secret has expired, and a new secret is to be used.
Then it became apparent that neither of the two methods used seem to actually work.
stack.RefreshAsync() will freeze for minutes before failing:
~ azure-native:app:ManagedEnvironmentsStorage STACKNAME refreshing (450s) error: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '(servicePrincipal.Id)'.\r\nTrace ID (…)\r\nCorrelation ID: (...)\r\nTimestamp: 2023-08-23 14:20:49Z","error_codes":[7000215],"timestamp":"2023-08-23 14:20:49Z","trace_id":"(…)","correlation_id":"(…)","error_uri":"<https://login.microsoftonline.com/error?code=7000215>"}
So it apparently ignores the settings I give it when setting up the WorkspaceStack object, only referring to the existing settings.
If I run pulumi stack export --stack mystack --show-secrets --file mystack.yml
I see the secret is listed under resources input and outputs for the azure-stuff.
I can then manually edit mystack.yml
and run stack import on that file, and then my code will work again.
.. but how can I do this programatically?bright-hydrogen-2039
09/14/2023, 2:51 AMconfig.RequireSecret()
calls.
I saw mention in the docs and a reply to another thread to use the .Apply()
method to unwrap the values but the return values from all options for the Apply()
method return `Output`s.
I am using the latest versions available from NuGet:
• Pulumi v3.56.2
• Pulumi.AzureNative v2.6.0
Does anyone have advice on how to solve this issue?abundant-knife-92318
09/15/2023, 11:17 AMprogram.cs
witty-vegetable-61961
09/15/2023, 3:11 PMabundant-knife-92318
09/19/2023, 2:33 PMARM_
environment variables to configure the Azure Native provider to use a Service Principal. I'm doing a quick and dirty check before my Program runs to check that the environment variables are all set...
foreach (DictionaryEntry e in Environment.GetEnvironmentVariables())
{
if (e.Key.ToString()!.StartsWith("ARM")) Console.WriteLine(e.Key + ":" + e.Value);
}
And this returns exactly what I would expect to see...
ARM_CLIENT_ID:xxxxxxxxxxxxxxxxx
ARM_TENANT_ID:xxxxxxxxxxxxxxxxx
ARM_CLIENT_SECRET:xxxxxxxxxxxxxxxxx
ARM_SUBSCRIPTION_ID:xxxxxxxxxxxxxxxxx
Yet when the Program runs it is still trying to use the Azure CLI:
error: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: No subscription found. Run 'az account set' to select a subscription.
Am I missing something?abundant-knife-92318
09/27/2023, 4:46 PMWebAppComponent
is a simple wrapper that constructs a WebApp
, AppServicePlan
, and WebAppSlot
)
public void UpdateAccessList(WebAppComponent webApp)
{
_ = webApp.Resource.PossibleOutboundIpAddresses.Apply(
outboundIps => outboundIps.Split(",").Select(
outboundIp => new ProjectIpAccessList(NameGenerator.MongoIpAccessRule(outboundIp), new ProjectIpAccessListArgs
{
Comment = webApp.Resource.Name.Apply(x => $"Azure AppService - {x}"),
IpAddress = outboundIp,
ProjectId = Resource.ProjectId,
}, new CustomResourceOptions
{
Provider = MongoProvider.Provider,
DependsOn = { webApp.Resource, Resource }
})
).ToList());
}
Which is super, until at some point Pulumi (arguably, reasonably) decides that all these resources need to be deleted because subsequent previews don't include them 😄
EDIT: It seems that if you go through with the update pulumi doesn't actually delete the ProjectIpAccessList
resources - presumably because the value of the .apply
becomes available during the run, but this is not available at preview
time. I wonder if this could be solved by making the PossibleOutboundIpAddresses
property an output so that it is available for subsequent runs of up
?brash-solstice-49151
10/09/2023, 3:44 PMbrash-solstice-49151
10/13/2023, 9:17 AMbrash-solstice-49151
10/13/2023, 11:32 AMUpAsync
with the following error:
stderr: panic: fatal: An assertion has failed: cannot complete a resource 'urn:pulumi:staging::crezco::pulumi:pulumi:Stack::crezco-staging' whose registration isn't pending
goroutine 92 [running]:
<http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.failfast(...)>
/home/runner/work/pulumi/pulumi/sdk/go/common/util/contract/failfast.go:23
<http://github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assertf|github.com/pulumi/pulumi/sdk/v3/go/common/util/contract.Assertf>(0xc0?, {0x233c766?, 0xc0015458e8?}, {0xc0015458f8?, 0xc000580000?, 0xc000dd6780?})
/home/runner/work/pulumi/pulumi/sdk/go/common/util/contract/assert.go:35 +0xed
<http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepExecutor).ExecuteRegisterResourceOutputs(0xc0010802a0|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*stepExecutor).ExecuteRegisterResourceOutputs(0xc0010802a0>, {0x25c57215458, 0xc000b03920})
/home/runner/work/pulumi/pulumi/pkg/resource/deploy/step_executor.go:153 +0x105
<http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).handleSingleEvent(0xc001152480|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).handleSingleEvent(0xc001152480>, {0x283b8c0?, 0xc000b03920})
/home/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment_executor.go:405 +0x20d
<http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute.func3(0xc0000bb1a0|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute.func3(0xc0000bb1a0>, 0xc001152480, 0xc0003ae9e0, {{0x25c575733e0, 0xc000a08f20}, 0x7fffffff, 0x0, 0x0, {{0x3a53d48, 0x0, ...}, ...}, ...}, ...)
/home/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment_executor.go:250 +0x21e
<http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute(0xc001152480|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*deploymentExecutor).Execute(0xc001152480>, {0x28569b0?, 0xc000f7f230}, {{0x25c575733e0, 0xc000a08f20}, 0x7fffffff, 0x0, 0x0, {{0x3a53d48, 0x0, ...}, ...}, ...}, ...)
/home/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment_executor.go:266 +0x839
<http://github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*Deployment).Execute(0xc00115a0b0|github.com/pulumi/pulumi/pkg/v3/resource/deploy.(*Deployment).Execute(0xc00115a0b0>, {0x28569b0, 0xc000f7f230}, {{0x25c575733e0, 0xc000a08f20}, 0x7fffffff, 0x0, 0x0, {{0x3a53d48, 0x0, ...}, ...}, ...}, ...)
/home/runner/work/pulumi/pulumi/pkg/resource/deploy/deployment.go:564 +0xd0
<http://github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run.func1()|github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run.func1()>
/home/runner/work/pulumi/pulumi/pkg/engine/deployment.go:298 +0x214
created by <http://github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run|github.com/pulumi/pulumi/pkg/v3/engine.(*deployment).run>
/home/runner/work/pulumi/pulumi/pkg/engine/deployment.go:283 +0x365
at Pulumi.Automation.Commands.LocalPulumiCmd.RunAsyncInner(IList`1 args, String workingDir, IDictionary`2 additionalEnv, Action`1 onStandardOutput, Action`1 onStandardError, EventLogFile eventLogFile, CancellationToken cancellationToken)
at Pulumi.Automation.Commands.LocalPulumiCmd.RunAsync(IList`1 args, String workingDir, IDictionary`2 additionalEnv, Action`1 onStandardOutput, Action`1 onStandardError, Action`1 onEngineEvent, CancellationToken cancellationToken)
at Pulumi.Automation.Workspace.RunStackCommandAsync(String stackName, IList`1 args, Action`1 onStandardOutput, Action`1 onStandardError, Action`1 onEngineEvent, CancellationToken cancellationToken)
at Pulumi.Automation.WorkspaceStack.RunCommandAsync(IList`1 args, Action`1 onStandardOutput, Action`1 onStandardError, Action`1 onEngineEvent, CancellationToken cancellationToken)
at Pulumi.Automation.WorkspaceStack.UpAsync(UpOptions options, CancellationToken cancellationToken)
at Pulumi.Automation.WorkspaceStack.UpAsync(UpOptions options, CancellationToken cancellationToken)
at Program.<Main>$(String[] args) in C:\dev\Crezco-App\infrastructure\<http://Automation.App|Automation.App>\Program.cs:line 120
at Program.<Main>(String[] args)
I've confirmed the stack is fine by running the inline program through a normal CLI driven program. Any ideas? 😖fast-vr-6049
10/23/2023, 10:47 PMRights
property's types are misbehaving. Its requirements are pretty nested: Pulumi.InputList<Pulumi.Union<string,Pulumi.AzureNative.ServiceBus.AccessRights>>
. If I provide the input shown in the docs, I get this issue in response:
var serviceBusAuthorizationRule = new QueueAuthorizationRule("p4-ado-sync-queue-auth", new ()
{
ResourceGroupName = resourceGroup.Name,
NamespaceName = serviceBusNamespace.Name,
QueueName = serviceBusQueue.Name,
# Using strings
Rights = new[] # => Cannot convert source type 'string[]' to target type 'Pulumi.InputList<Pulumi.Union<string,Pulumi.AzureNative.ServiceBus.AccessRights>>'
{
"Listen",
"Send"
}
# Using the struct
Rights = new[] # => Cannot convert source type 'Pulumi.AzureNative.ServiceBus.AccessRights[]' to target type 'Pulumi.InputList<Pulumi.Union<string,Pulumi.AzureNative.ServiceBus.AccessRights>>'
{
AccessRights.Listen,
AccessRights.Send
}
}
);
I ran into a similar situation in the past, where the type inheritance was a little too deep for .Net to figure out on its own (Slack thread and Github issue). While that was able to be fixed with a cast, I'm struggling to figure out how I might coerce or cast this one. As-is, I fear this resource type is unusable. Does anyone know how I might resolve this, or should I be filing an issue on Github?brash-solstice-49151
11/06/2023, 9:35 AMbrash-solstice-49151
11/15/2023, 9:29 AMpulumi new
uses .NET 6, I've tested out .NET 7 and not seen any issues. But would be good to get things on the latest LTS version.millions-journalist-34868
11/19/2023, 10:44 PMmillions-journalist-34868
11/21/2023, 10:19 AMglamorous-teacher-20849
12/02/2023, 10:27 AMNamespace
to an Output<string> it fails preview with
Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="setting args: copying input "helmOptions": expected destination type to implement pulumi.Input or pulumi.Output, got helmbase.ReleaseType")
var certmanns = new Namespace("cert-manager", new NamespaceArgs()
{
Metadata = new ObjectMetaArgs()
{
Name = "cert-manager"
}
});
var certman = new CertManager("cert-manager", new()
{
HelmOptions = new Pulumi.KubernetesCertManager.Inputs.ReleaseArgs
{
Namespace = certmanns.Metadata.Apply(x=>x.Namespace)
}
});
A plain string works finebillowy-tiger-6272
01/24/2024, 6:29 PMbillowy-tiger-6272
01/24/2024, 10:00 PMancient-solstice-53934
02/05/2024, 7:30 PMimportant-market-91978
02/07/2024, 9:42 AMgreen-waiter-1566
02/14/2024, 3:45 AMimportant-book-47803
02/14/2024, 4:09 PMrefined-plastic-19043
02/16/2024, 10:52 AMEmailIdentity
and DomainIdentity
but in native this is the only type and it says: _EmailIdentityValue This property is required. The email address or domain to verify_ so I assumed that it can be used to create both (automagically?) but the created emailIdentity object does not contain any verification token that I could use for creating new Route53.Record to verify my domain…anyone got any ideas? The classic provider when I create DomainIdentity return a verification token..average-nightfall-8153
02/23/2024, 11:21 AMastonishing-cpu-1506
02/29/2024, 1:00 PMelegant-ram-48460
03/04/2024, 3:01 PMbest-greece-22530
03/04/2024, 11:01 PMbest-greece-22530
03/04/2024, 11:01 PMboundless-tailor-35598
03/12/2024, 5:56 PMbrash-solstice-49151
03/18/2024, 11:44 AMpulumi refresh
within the context of the Automation API, but if anyone has any experience in the more general sense of how they incorporate it into their workflows I'd be all ears! We're struggling to understand the best process to follow with auto updates/managing out of sync state.nutritious-air-21788
03/18/2024, 3:33 PMOutput
can be an Input
to some other resource).
In particular, I was testing creating a VPC with pre-existing IPs (eg IPs that are allowlisted for various things far outside of my control)
var allocatedIps = new List<Eip>
{
Eip.Get(...)
...
}
var eksVpc = new Ec2.Vpc("eks-vpc", new()
{
...
NatGateways = new Ec2.Inputs.NatGatewayConfigurationArgs
{
Strategy = Ec2.NatGatewayStrategy.OnePerAz,
ElasticIpAllocationIds = allocatedIps.Select(x => (Input<string>) x.AllocationId).ToList()
}
}
This feels very weird, but it works. Is there a better way? Am I missing something?