Is there a better way of handling azuread calls? We end up having to run Pulumi twice; once to create the resource and then once again to have azuread call resolve to the right objectId correctly. We have used a placeholder of ‘11111111-1111-1111-1111-111111111111’ temporarily to allow the first run through but that’s an issue when creating multiple resources you get a collision with multiple resources getting the all 1s placeholder.

You should try running

getServicePrincipal

inside an

apply

on the output of the resource that you create. Something like https://github.com/pulumi/templates/blob/master/azure-typescript/index.ts#L19

When we tried that we got an error that the service principal didn’t yet exist in azure ad. I’ve seen examples of people in terraform doing a timeout or sleep to wait to make the getServicePrincipal call

Ah, that could be. You could do retries with sleeps, too. Not pretty but should work.

Yeah that’s what I was thinking as well. Thanks!

The closest example I can think of: https://github.com/pulumi/pulumi-azure/blob/master/sdk/nodejs/eventgrid/zMixins.ts#L134

Awesome, thanks for the reference. That’s very helpful.