https://pulumi.com logo
Join SlackCommunities
Powered by
This message was deleted.
# azure
s
This message was deleted.
b
Hi, what command did you use to log into the az cli?
m
az login --use-device-code
b
may I ask why you are 
--use-device-code
?
I am not aware of what it does so am trying to replicate
and when you logged in, did you get the list of subscriptions you are allowed to access showing in your terminal?
This works for me:
Copy code
Code/pulumi-testing/azure-get-resources
▶ az login --use-device-code
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code XXXXXXX to authenticate.
[
  {
    "cloudName": "AzureCloud",
    <redacted>
  }
]

Code/pulumi-testing/azure-get-resources
▶ pulumi up
Previewing update (dev):

     Type                         Name                     Plan
 +   pulumi:pulumi:Stack          azure-get-resources-dev  create
 +   └─ azure:core:ResourceGroup  resourceGroup            create

Resources:
    + 2 to create

Do you want to perform this update? yes
Updating (dev):

     Type                         Name                     Status
 +   pulumi:pulumi:Stack          azure-get-resources-dev  created
 +   └─ azure:core:ResourceGroup  resourceGroup            created

Resources:
    + 2 created

Duration: 12s
m
In the pulumi docs it recommends this type of login if the normal login doesn’t seem to work. I tried both in my case.
Yes I get my subscriptions
in the az cli
and can switch between
I can create a resource group from the azure-cli
b
but yet pulumi can't create one for you?
can you show me your pulumi code (without any secrets)
m
Yeah it’s just the starter app
I didn’t do any modifications to the azure-typescript
Copy code
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("resourceGroup");

// Create an Azure resource (Storage Account)
const account = new azure.storage.Account("storage", {
    // The location for the storage account will be derived automatically from the resource group.
    resourceGroupName: resourceGroup.name,
    accountTier: "Standard",
    accountReplicationType: "LRS",
});

// Export the connection string for the storage account
export const connectionString = account.primaryConnectionString;
config
Copy code
config:
  azure:environment: public
  azure:location: WestUS
  pulumi:template: azure-typescript
b
That's exactly what I ran as well
is this windows? linux / macOS?
what version of Pulumi?
m
This is on MacOs
version v1.7.1
az-cli v2.0.78
b
Can you run a Pulumi up with “-v=9 —log-to-stderr” and DM the output? You will need to redirect the output to a file to capture it
Do you have any other AZURE* env vars set right now?
w
In particular the 
when authenticating as a service principal using a Client Secret
part of the error message means you are somehow trying to use a client secret and are not actually using the 
az login
credentials. The most likely cause of that would be some environment variable you have set which is getting picked up.
m
Awesome ok I had AZURE_CLIENT_SECRET set
once removed it is now working
Thank yuou
b
Nps glad it’s working!
8 Views
Open in Slack
PreviousNext
Powered by