hello, question on Pulumi handling for Azure Government. we are trying to deploy a Pulumi stack to Azure Government, but we're finding

azure-native:keyvault:AccessPolicy

seems to be targeting the Commercial Cloud endpoint even though the parent resources are properly deployed in Azure Government

error: PUT <https://management.azure.com/subscriptions/-/resourceGroups/-/providers/Microsoft.KeyVault/vaults/-/accessPolicies/replace>

this leads to a 404 error likely because it is targeting the wrong cloud. i am unable to find a documented way to ensure the Pulumi keyvault:AccessPolicy resource targets the right cloud. Any suggestions?

RESPONSE 404: 404 Not Found
    ERROR CODE: SubscriptionNotFound

Azure docs indicate it should be calling

<http://management.usgovcloudapi.net|management.usgovcloudapi.net>

instead

And you have the provider

environment

configuration set for the provider in your stack?

azure-native:environment: usgovernment

Alternatively does setting

ARM_ENVIRONMENT=usgovernment

env variable work as a workaround? If not I'd file an issue in pulumi-azure-native.

yeah it was set in the environment configuration. other resources were properly deploying inside our Government tenant, only the Key Vault Access Policy was hard-locked to Azure Commercial Cloud I managed to solve it by setting the access policy within the initial Key Vault resource rather than trying to provision it as a separate resource, which seems to indicate it's a provider bug particularly for the Access Policy

Hi @average-school-37053, would you be able to file an issue at https://github.com/pulumi/pulumi-azure-native/issues? I’m the author of the access policies support and should be able to take a look soon.