sparse-intern-71089
09/19/2023, 8:05 PMfast-vr-6049
09/19/2023, 9:06 PMaz
CLI in a CI scenario is not recommended; have you tried using one of the alternatives?lemon-church-28946
09/19/2023, 9:49 PMaz
itself is used by the Azure Native library. I could be mistaken about that.
The following bash snippet is used to set the environment variables by reading them from a JSON document procured from HCP Vault:
SECRETS=/tmp/secrets.json
vault kv get -mount="$VAULT_SECRET_MOUNT" \
-format=json "$VAULT_SECRET_NAME" | jq ".data.data" > $SECRETS
for KEY in $(jq -r "keys[]" $SECRETS); do
echo "Setting Environment Variable: $KEY";
VALUE=$(jq -r ".${KEY}" $SECRETS);
eval "export ${KEY}=${VALUE@Q}";
done
rm $SECRETS
I can confirm this approach works and that the values are valid as has been consistently effective for other providers like AWS, Fastly, and DigitalOcean.lemon-church-28946
09/19/2023, 9:55 PMfast-vr-6049
09/19/2023, 10:00 PMeval
is creating those variables in a child process, which are not getting propagated to the parent and thus not propagated to subsequent CI steps. Perhaps you could try removing eval
? Maybe something as simple as export ${KEY}=${VALUE@Q}
? Or, if eval
must be present, you could try export ${KEY}=$(eval ${VALUE@Q})
fast-vr-6049
09/19/2023, 10:00 PMlemon-church-28946
09/19/2023, 10:03 PM. set_vars.sh
I actually have guard rails in the Pulumi program to ensure that the environment variables are present, otherwise it throws an error. They're definitely there šlemon-church-28946
09/19/2023, 10:07 PMpulumi_azure_native>=1.67.0
I'll bet that's the issue. Going to bump that and see if it does the thing š¤fast-vr-6049
09/19/2023, 10:08 PMlemon-church-28946
09/19/2023, 10:11 PM>=
.
2.6.0
is currently installed. Upgrading to 2.8.0
now. Maybe that'll help.fast-vr-6049
09/19/2023, 10:39 PMfast-vr-6049
09/19/2023, 10:40 PMfast-vr-6049
09/19/2023, 10:40 PMdo that
I mean using the pulumi config set azure-native:<key>
methodlemon-church-28946
09/19/2023, 10:50 PMaz account access
command runs fine after using az login
Starting to wonder if there's a misconfiguration with the service principal/app.fast-vr-6049
09/19/2023, 10:56 PMfast-vr-6049
09/19/2023, 10:57 PMlemon-church-28946
09/19/2023, 11:01 PMlemon-church-28946
09/19/2023, 11:03 PMlemon-church-28946
09/19/2023, 11:17 PMazure.identity.AzureCliCredential
object from when I was using CLI authentication
The system had been working for years, so it slipped my mind.
Thanks so much for your help!fast-vr-6049
09/19/2023, 11:18 PM