https://pulumi.com logo
Join Slack
Powered by
Hello Team :wave:, I am trying to setup Pulumi wi...
# general
p
Hello Team 👋, I am trying to setup Pulumi with Azure devops build pipeline to do pulumi preview and then do pulumi up may be from release pipeline. I am using Workload Identity Federation service connection and Manage Identity have the required permissions. This is how my yaml looks 
trigger: none
pool:
vmImage: ubuntu-latest
variables:
- name: storage_account_key
value: ""
steps:
- task: Npm@1
inputs:
command: 'install'
workingDir: 'deployment/pulumi/lib/'
- task: Npm@1
inputs:
command: 'install'
workingDir: 'deployment/pulumi/backend/'
- task: AzureCLI@2
inputs:
azureSubscription: 'DeployInfrastructure-NonProd'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
Write-Host ("##vso[task.setvariable variable=storage_account_key]$(az storage account keys list -n storagename -g 'rg' -o tsv --query '[0].value')")
Write-Host Key- $(storage_account_key)
env:
AZURE_STORAGE_KEY: $(storage_account_key)
- task: AzureCLI@2
inputs:
azureSubscription: 'DeployInfrastructure-NonProd'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
inlineScript: |
$test=az storage account keys list -n storagename  -g 'rg' -o tsv --query '[0].value'
Write-Host Key- $test
- task: AzureCLI@2
displayName: Setup pulumi
inputs:
scriptType: pscore
scriptLocation: inlineScript
workingDirectory: 'deployment/pulumi/backend/'
addSpnToEnvironment: true
azureSubscription:  'DeployInfrastructure-NonProd'
inlineScript: |
pulumi version
$env:ARM_CLIENT_ID=$servicePrincipalId
$env:ARM_CLIENT_SECRET=$servicePrincipalKey
$env:ARM_TENANT_ID=$tenantId
$env:ARM_SUBSCRIPTION_ID='***'
pulumi login --cloud-url <azblob://container?storage_account=storagename>
pulumi stack select <http://backend.dev|backend.dev>
pulumi preview
env:
AZURE_STORAGE_ACCOUNT: storagename
AZURE_STORAGE_KEY: $(storage_account_key)
ARM_USE_MSI : true
I have no idea why it is giving below error 
azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to ..../stroageacccountname/listKeys?api-version=2022-09-01: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_request","error_description":"Identity not found"} Endpoint <http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&client_id=***&resource=https%3A%2F%2Fmanagement.azure.com%2F>
Is it working for any of you? I do not see anything on repo for Workload Identity for pulumi extension as well. Which do not need Client Secrets. Any help is appreciated, thanks in advance 🙂 🙏
12 Views
Open in Slack
PreviousNext
Powered by