Hi Pulumian I have a unique scenario and I am going crazy wi Pulumi Community #python

Hi Pulumian, I have a unique scenario and I am go...

faint-pager-13674

02/17/2025, 4:21 PM

Hi Pulumian, I have a unique scenario and I am going crazy with the issue. We are using pulumi (python) to provision infrastructure in Azure cloud and use SP based authentication. The client secret is added as pulumi config. It was working fine until the secret expired. Now we have updated the new secret and running pulumi preview with refresh fails complaining client secret is expired. Then remove the refresh flag and applied the changes where we got.

Copy code

-- azure-native:containerinstance:ContainerGroup dataloader-container-group deleting original (1s) error: ClientSecretCredential authentication failed. 
   -- azure-native:containerinstance:ContainerGroup dataloader-container-group **deleting failed** error: ClientSecretCredential authentication failed.

Now the question is does pulumi cache the old secret somewhere. How to refresh this secret? Any clue?

faint-pager-13674

02/19/2025, 10:30 AM

Fixed the issue by following below steps 1. I updated the pulumi

azure-native:clientSecret

with the new secret 2. Purposefully downgraded the

azure-native

provider version and did a

pulumi preview

This updated the state with a new default azure-native provider. 3. Export the state using

pulumi stack export

and manually updated all

azure-native

resources to use the new default provider reference. Then imported it and applied the changes. This basically swapped the provider config with the new secrets and preview with refresh started working.

Open in Slack

Previous Next