https://pulumi.com logo
#dotnet
Title
# dotnet
a

adorable-airline-89422

08/24/2023, 6:41 AM
Hey, I have a problem where I locally set up the WorkspaceStack object for an existing stack, then run RefreshAsync() on it with both ARM_CLIENT_ID and ARM_CLIENT_SECRET set then LocalWorkspace.CreateOrSelectStackAsync(args) - and in addition this is done:
await stack.SetAllConfigAsync(new Dictionary<string, ConfigValue>
{
{ "azure-native:location", new ConfigValue(environment.CloudLocation) },
{ "azure-native:subscriptionId", new ConfigValue(environment.AzureSubscriptionId.ToString()) },
{ "azure-native:clientId", new ConfigValue(_settings.ServicePrincipal.ClientId) },
{ "azure-native:clientSecret", new ConfigValue(_settings.ServicePrincipal.ClientSecret, true) },
{ "azure-native:tenantId", new ConfigValue(_settings.AzureSubscriptions.First().TenantId) }
});
This has worked great until now when the service principal secret has expired, and a new secret is to be used. Then it became apparent that neither of the two methods used seem to actually work. stack.RefreshAsync() will freeze for minutes before failing:
~  azure-native:app:ManagedEnvironmentsStorage STACKNAME refreshing (450s) error: autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app '(servicePrincipal.Id)'.\r\nTrace ID (…)\r\nCorrelation ID: (...)\r\nTimestamp: 2023-08-23 14:20:49Z","error_codes":[7000215],"timestamp":"2023-08-23 14:20:49Z","trace_id":"(…)","correlation_id":"(…)","error_uri":"<https://login.microsoftonline.com/error?code=7000215>"}
So it apparently ignores the settings I give it when setting up the WorkspaceStack object, only referring to the existing settings. If I run
pulumi stack export --stack mystack --show-secrets --file mystack.yml
I see the secret is listed under resources input and outputs for the azure-stuff. I can then manually edit
mystack.yml
and run stack import on that file, and then my code will work again. .. but how can I do this programatically?
2 Views