https://pulumi.com logo
Join Slack
Powered by
Hello I am currently trying to setup a dev environ...
# azure
m
Hello I am currently trying to setup a dev environment for deploying a resource group in Azure using Pulumi. I have setup the starter project and logged into azure using the az-cli. It seems that pulumi is not using my credentials when running 
pulumi up
. So I get the following error
Copy code
error: Error building AzureRM Client: 3 errors occurred:
        * A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
        * A Client ID must be configured when authenticating as a Service Principal using a Client Secret.
        * A Tenant ID must be configured when authenticating as a Service Principal using a Client Secret.
Anyone know why this wouldn't use my credentials on my local dev machine?
b
Hi, what command did you use to log into the az cli?
m
az login --use-device-code
b
may I ask why you are 
--use-device-code
?
I am not aware of what it does so am trying to replicate
and when you logged in, did you get the list of subscriptions you are allowed to access showing in your terminal?
This works for me:
Copy code
Code/pulumi-testing/azure-get-resources
▶ az login --use-device-code
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code XXXXXXX to authenticate.
[
  {
    "cloudName": "AzureCloud",
    <redacted>
  }
]

Code/pulumi-testing/azure-get-resources
▶ pulumi up
Previewing update (dev):

     Type                         Name                     Plan
 +   pulumi:pulumi:Stack          azure-get-resources-dev  create
 +   └─ azure:core:ResourceGroup  resourceGroup            create

Resources:
    + 2 to create

Do you want to perform this update? yes
Updating (dev):

     Type                         Name                     Status
 +   pulumi:pulumi:Stack          azure-get-resources-dev  created
 +   └─ azure:core:ResourceGroup  resourceGroup            created

Resources:
    + 2 created

Duration: 12s
m
In the pulumi docs it recommends this type of login if the normal login doesn’t seem to work. I tried both in my case.
Yes I get my subscriptions
in the az cli
and can switch between
I can create a resource group from the azure-cli
b
but yet pulumi can't create one for you?
can you show me your pulumi code (without any secrets)
m
Yeah it’s just the starter app
I didn’t do any modifications to the azure-typescript
Copy code
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("resourceGroup");

// Create an Azure resource (Storage Account)
const account = new azure.storage.Account("storage", {
    // The location for the storage account will be derived automatically from the resource group.
    resourceGroupName: resourceGroup.name,
    accountTier: "Standard",
    accountReplicationType: "LRS",
});

// Export the connection string for the storage account
export const connectionString = account.primaryConnectionString;
config
Copy code
config:
  azure:environment: public
  azure:location: WestUS
  pulumi:template: azure-typescript
b
That's exactly what I ran as well
is this windows? linux / macOS?
what version of Pulumi?
m
This is on MacOs
version v1.7.1
az-cli v2.0.78
b
Can you run a Pulumi up with “-v=9 —log-to-stderr” and DM the output? You will need to redirect the output to a file to capture it
m
b
Do you have any other AZURE* env vars set right now?
w
In particular the 
when authenticating as a service principal using a Client Secret
part of the error message means you are somehow trying to use a client secret and are not actually using the 
az login
credentials. The most likely cause of that would be some environment variable you have set which is getting picked up.
m
Awesome ok I had AZURE_CLIENT_SECRET set
once removed it is now working
Thank yuou
b
Nps glad it’s working!
7 Views
Open in Slack
PreviousNext
Powered by