fast-midnight-78448
06/09/2023, 2:31 PMbillowy-army-68599
fast-midnight-78448
06/09/2023, 3:09 PM- task: AzureCLI@2
inputs:
azureSubscription: 'entcu-Operations-Development'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$env:AZURE_STORAGE_KEY=$(az storage account keys list --account-name "$(storageAccountName)" -g "$(resourceGroupName)" -o tsv --query '[0].value')
$env:AZURE_STORAGE_ACCOUNT="$(storageAccountName)"
$env:PULUMI_CONFIG_PASSPHRASE="$env:Mapped_pulumiPassphrase"
#pulumi login azblob://$containerName <-- this does not work because pulumi is not installed at this point
env:
Mapped_pulumiPassphrase: $(pulumiPassphrase)
- task: Pulumi@1
inputs:
azureSubscription: 'entcu-Operations-Development'
command: 'preview'
cwd: './pulumi/aci-agent/csharp'
stack: 'dev'
loginArgs: 'azblob://$(containerName)?storage_account=$(storageAccountName)' <-- This request is not authorized to perform this operation.
billowy-army-68599
fast-midnight-78448
06/09/2023, 4:02 PMerror: problem logging in: read ".pulumi\\meta.yaml": blob (key ".pulumi/meta.yaml") (code=Unknown): ===== RESPONSE ERROR (ErrorCode=AuthorizationFailure) =====
billowy-army-68599
Set-Item -Path env:AZURE_STORAGE_ACCOUNT -Value {storage account}
Set-Item -Path env:AZURE_STORAGE_SAS_TOKEN -Value "{SAS token}"
Set-Item -Path env:AZURE_KEYVAULT_AUTH_VIA_CLI -Value $true
fast-midnight-78448
06/09/2023, 7:43 PM$env:AZURE_STORAGE_ACCOUNT="$(storageAccountName)"
...
pulumi login azblob://$containerName
billowy-army-68599
fast-midnight-78448
06/09/2023, 7:45 PM$env:AZURE_STORAGE_KEY=$(az storage account keys list --account-name $saName -g $rgName -o tsv --query '[0].value')
$env:AZURE_STORAGE_ACCOUNT=$saName
$env:PULUMI_CONFIG_PASSPHRASE='...'
pulumi login azblob://$containerName
I run this before I do any other pulumi commandsbillowy-army-68599
az storage account keys list
to work, you need to have authenticated to azure first? How are you getting credentials locally, and what are you doing in the azure pipelines task to get credentials?fast-midnight-78448
06/09/2023, 7:49 PMaz login
. In Azure DevOps the cli task is logged in a service principalbillowy-army-68599
fast-midnight-78448
06/13/2023, 8:05 PM- task: AzureCLI@2
displayName: "Pulumi Setup"
inputs:
azureSubscription: ''
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$accountKey = $(az storage account keys list --account-name "$(storageAccountName)" -g "$(resourceGroupName)" -o tsv --query '[0].value')
Write-Host "##vso[task.setvariable variable=AZURE_STORAGE_KEY;]$accountKey"
- task: Pulumi@1
inputs:
azureSubscription: ''
command: 'preview'
loginArgs: 'azblob://$(containerName)'
stack: 'dev'
createStack: true
env:
AZURE_STORAGE_KEY: $(AZURE_STORAGE_KEY)
AZURE_STORAGE_ACCOUNT: $(storageAccountName)
PULUMI_CONFIG_PASSPHRASE: $(pulumiPassphrase) #this is a pipeline secret variable
- task: Pulumi@1
inputs:
azureSubscription: ''
command: 'up'
args: '--yes'
loginArgs: 'azblob://$(containerName)'
stack: 'dev'
env:
AZURE_STORAGE_KEY: $(AZURE_STORAGE_KEY)
AZURE_STORAGE_ACCOUNT: $(storageAccountName)
PULUMI_CONFIG_PASSPHRASE: $(pulumiPassphrase)