https://pulumi.com logo
#azure
Title
# azure
w

wet-noon-14291

03/09/2020, 10:45 PM
I have some problem destroy my stack that I have set up. The problem is when I try to delete my Service Principal Password and Assignment. For some reason it seems like the actual Service Principal was deleted before those resources and I think that is what caused the issue. If I use some value from one resource as input to another resource I thought I would have a dependency between the two. So in my case simplified: * Service principal - X * Service Principal Password - Y, it has an input reference to X.Id When I destroy a stack like this I expected Y to first be deleted and then X, can I expect that to be the case?
t

tall-librarian-49374

03/09/2020, 10:52 PM
Yes, this should be the case, and it worked for me in the past. Would love to see a repro.
w

wet-noon-14291

03/10/2020, 1:43 PM
I’ll see what I can do.
I think I know what the problem was. It was probably me playing around and testing too many things at once. I thought I would switch to use a service principal instead, but some of the resources was created with my user and now the service principal didn't have enough resources. Is it right to assume that if one are to use a Service Principal you almost need to give the Service Principal god like access to Azure?
t

tall-librarian-49374

03/11/2020, 6:35 AM
Yeah, if I need to create resource groups from SP, I ended up giving Contributor role to it. Otherwise, you could limit the scope to a resource group.
w

wet-noon-14291

03/11/2020, 8:12 PM
are there any recommendation on how to do it? If you want to create an "Application" you need Active Directory role.
t

tall-librarian-49374

03/11/2020, 9:21 PM
Somewhat embarrassingly, I don’t have enough experience here
3 Views