https://pulumi.com logo
Title
c

curved-alarm-76356

06/17/2020, 1:54 PM
Hello again, I am having problems in using Pulumi (Python) with an SP in conjunction with a KeyVault as a secret provider and a Blob Storage Account. Everything works fine when using my personal azure account. However when I move to the SP I have the following problems: 1. The
pulumi preview
command hangs (more than 20min). I have tried to add the
--debug
option but there is no output. 2. While I run the same command on the Azure Pipeline Task of Pulumi (using the same SP) I get a weird error:`error: getting secrets manager: secrets (code=InvalidArgument): azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to ********/decrypt?api-version=7.0: StatusCode=400 -- Original Error: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_request","error_description":"Identity not found"}.` I have triple checked and the SP has the correct rights on the KeyVault. 3. In the pipeline (using the Azure Pipeline Task of Pulumi) the
stack select
command fails almost 50% of the time to find my stack. What am I doing wrong?
After some time (I did not timed it) I get the following error running
pulumi preview --debug
using the SP on my laptop:
error: getting secrets manager: secrets (code=Unknown): azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to ***/decrypt?api-version=7.0: StatusCode=0 -- Original Error: adal: Failed to execute the refresh request. Error = 'Get "<http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fvault.azure.net>": dial tcp 169.254.169.254:80: connect: connection refused'
.
I see that there is an issue open with the same problem. https://github.com/pulumi/pulumi/issues/4072