https://pulumi.com logo
#azure
Title
# azure
a

average-school-37053

04/02/2024, 6:40 PM
hello, question on Pulumi handling for Azure Government. we are trying to deploy a Pulumi stack to Azure Government, but we're finding
azure-native:keyvault:AccessPolicy
seems to be targeting the Commercial Cloud endpoint even though the parent resources are properly deployed in Azure Government
Copy code
error: PUT <https://management.azure.com/subscriptions/-/resourceGroups/-/providers/Microsoft.KeyVault/vaults/-/accessPolicies/replace>
this leads to a 404 error likely because it is targeting the wrong cloud. i am unable to find a documented way to ensure the Pulumi keyvault:AccessPolicy resource targets the right cloud. Any suggestions?
Copy code
RESPONSE 404: 404 Not Found
    ERROR CODE: SubscriptionNotFound
Azure docs indicate it should be calling
<http://management.usgovcloudapi.net|management.usgovcloudapi.net>
instead
a

adventurous-butcher-54166

04/03/2024, 4:22 PM
And you have the provider
environment
configuration set for the provider in your stack?
azure-native:environment: usgovernment
Alternatively does setting
ARM_ENVIRONMENT=usgovernment
env variable work as a workaround? If not I'd file an issue in pulumi-azure-native.
a

average-school-37053

04/03/2024, 8:40 PM
yeah it was set in the environment configuration. other resources were properly deploying inside our Government tenant, only the Key Vault Access Policy was hard-locked to Azure Commercial Cloud I managed to solve it by setting the access policy within the initial Key Vault resource rather than trying to provision it as a separate resource, which seems to indicate it's a provider bug particularly for the Access Policy
m

melodic-tomato-39005

04/08/2024, 5:28 PM
Hi @average-school-37053, would you be able to file an issue at https://github.com/pulumi/pulumi-azure-native/issues? I’m the author of the access policies support and should be able to take a look soon.
2 Views