https://pulumi.com logo
Join Slack
Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-cdk
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumi-service
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Powered by Linen
Title
m

melodic-easter-82419

12/20/2019, 5:07 PM
Hello I am currently trying to setup a dev environment for deploying a resource group in Azure using Pulumi. I have setup the starter project and logged into azure using the az-cli. It seems that pulumi is not using my credentials when running 
pulumi up
. So I get the following error 
error: Error building AzureRM Client: 3 errors occurred:
        * A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
        * A Client ID must be configured when authenticating as a Service Principal using a Client Secret.
        * A Tenant ID must be configured when authenticating as a Service Principal using a Client Secret.
Anyone know why this wouldn't use my credentials on my local dev machine?
b

broad-dog-22463

12/20/2019, 5:08 PM
Hi, what command did you use to log into the az cli?
m

melodic-easter-82419

12/20/2019, 5:08 PM
az login --use-device-code
b

broad-dog-22463

12/20/2019, 5:11 PM
may I ask why you are 
--use-device-code
?
I am not aware of what it does so am trying to replicate
and when you logged in, did you get the list of subscriptions you are allowed to access showing in your terminal?
This works for me: 
Code/pulumi-testing/azure-get-resources
▶ az login --use-device-code
To sign in, use a web browser to open the page <https://microsoft.com/devicelogin> and enter the code XXXXXXX to authenticate.
[
  {
    "cloudName": "AzureCloud",
    <redacted>
  }
]

Code/pulumi-testing/azure-get-resources
▶ pulumi up
Previewing update (dev):

     Type                         Name                     Plan
 +   pulumi:pulumi:Stack          azure-get-resources-dev  create
 +   └─ azure:core:ResourceGroup  resourceGroup            create

Resources:
    + 2 to create

Do you want to perform this update? yes
Updating (dev):

     Type                         Name                     Status
 +   pulumi:pulumi:Stack          azure-get-resources-dev  created
 +   └─ azure:core:ResourceGroup  resourceGroup            created

Resources:
    + 2 created

Duration: 12s
m

melodic-easter-82419

12/20/2019, 5:17 PM
In the pulumi docs it recommends this type of login if the normal login doesn’t seem to work. I tried both in my case.
Yes I get my subscriptions
in the az cli
and can switch between
I can create a resource group from the azure-cli
b

broad-dog-22463

12/20/2019, 5:21 PM
but yet pulumi can't create one for you?
can you show me your pulumi code (without any secrets)
m

melodic-easter-82419

12/20/2019, 5:24 PM
Yeah it’s just the starter app
I didn’t do any modifications to the azure-typescript
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

// Create an Azure Resource Group
const resourceGroup = new azure.core.ResourceGroup("resourceGroup");

// Create an Azure resource (Storage Account)
const account = new azure.storage.Account("storage", {
    // The location for the storage account will be derived automatically from the resource group.
    resourceGroupName: resourceGroup.name,
    accountTier: "Standard",
    accountReplicationType: "LRS",
});

// Export the connection string for the storage account
export const connectionString = account.primaryConnectionString;
config 
config:
  azure:environment: public
  azure:location: WestUS
  pulumi:template: azure-typescript
b

broad-dog-22463

12/20/2019, 5:36 PM
That's exactly what I ran as well
is this windows? linux / macOS?
what version of Pulumi?
m

melodic-easter-82419

12/20/2019, 5:48 PM
This is on MacOs
version v1.7.1
az-cli v2.0.78
b

broad-dog-22463

12/20/2019, 5:55 PM
Can you run a Pulumi up with “-v=9 —log-to-stderr” and DM the output? You will need to redirect the output to a file to capture it
m

melodic-easter-82419

12/20/2019, 6:02 PM
PulumiOutput
b

broad-dog-22463

12/20/2019, 6:11 PM
Do you have any other AZURE* env vars set right now?
w

white-balloon-205

12/20/2019, 6:32 PM
In particular the 
when authenticating as a service principal using a Client Secret
part of the error message means you are somehow trying to use a client secret and are not actually using the 
az login
credentials. The most likely cause of that would be some environment variable you have set which is getting picked up.
m

melodic-easter-82419

12/20/2019, 6:42 PM
Awesome ok I had AZURE_CLIENT_SECRET set
once removed it is now working
Thank yuou
b

broad-dog-22463

12/20/2019, 6:50 PM
Nps glad it’s working!
View count: 5
Back to #azureJoin thread in Slack