Hi only when running in Azure DevOps I get an error on `pulu Pulumi Community #azure

Hi, only when running in Azure DevOps, I get an e...

ancient-eve-13947

08/11/2021, 10:49 AM

Hi, only when running in Azure DevOps, I get an error on `pulumi up --yes --stack Development`:

Copy code

azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request

I'm using the method with custom scripts (lots of reasons, I cannot change to the task). For this I have the following

Dockerfile

Copy code

FROM <http://mcr.microsoft.com/dotnet/sdk:5.0|mcr.microsoft.com/dotnet/sdk:5.0> AS base
USER root
RUN apt-get update -y
RUN apt-get install -y
RUN curl -sL <https://deb.nodesource.com/setup_14.x> | bash -
RUN apt-get install -y nodejs
RUN npm i -g yarn
RUN curl -sL <https://aka.ms/InstallAzureCLIDeb> | bash

a `setupPulumi.sh`:

Copy code

#!/bin/bash

# exit if a command returns a non-zero exit code and also print the commands and their args as they are executed
set -e -x
# Download and install pulumi
curl -fsSL <https://get.pulumi.com/> | bash
export PATH=$PATH:$HOME/.pulumi/bin
# Login into pulumi. This will require the PULUMI_ACCESS_TOKEN environment variable
pulumi login

and the following pipeline definition:

Copy code

pool:
  vmImage: 'ubuntu-latest'

container: 'justanoldman/devops:net5-nodejs14-yarn-azcli'

// ...

- task: Bash@3
  displayName: Install pulumi
  inputs:
    workingDirectory: $(Build.SourcesDirectory)
    targetType: inline
    script: |
      chmod +x ./Infrastructure/pipelines/*.sh
      ./Infrastructure/pipelines/setupPulumi.sh
  env:
    PULUMI_ACCESS_TOKEN: $(PulumiToken)
    ARM_CLIENT_SECRET: $(DeploymentClientAppSecret)
    ARM_SUBSCRIPTION_ID: $(DeploymentTargetSubscriptionId)
    ARM_CLIENT_ID: $(DeploymentClientAppId)
    ARM_TENANT_ID: $(DeploymentClientTenantId)

- task: CmdLine@2
  displayName: Installing node packages
  inputs:
    workingDirectory: $(Build.SourcesDirectory)/Infrastructure/azureresources
    script: |
      yarn install
	  
// ...

- task: CmdLine@2
  displayName: Update Azure resources excluding B2C
  inputs:
    workingDirectory: $(Build.SourcesDirectory)/Infrastructure/azureresources
    script: |
      /home/vsts_azpcontainer/.pulumi/bin/pulumi up --yes --stack Development
  env:
    PULUMI_ACCESS_TOKEN: $(PulumiToken)
    ARM_CLIENT_SECRET: $(DeploymentClientAppSecret)
    ARM_SUBSCRIPTION_ID: $(DeploymentTargetSubscriptionId)
    ARM_CLIENT_ID: $(DeploymentClientAppId)
    ARM_TENANT_ID: $(DeploymentClientTenantId)

I'm using Typescript as the host language for Pulumi. When I run the steps manually in the same docker image locally, I do not get this error. Any idea, anyone?

ancient-eve-13947

08/11/2021, 12:10 PM

I solved this. there were two issues: a) for some reason, it was not okay to use yarn to install the packages, it had to be npm b) one variable (tenant id) was not set correctly

ancient-eve-13947

08/11/2021, 12:14 PM

the dockerfile might of interest to anyone else doing devops with scripts: a) by using a docker image that installs the dependencies you save some time in the build (pulumi is not part of the image because it updates fairly often) b) the nodeversion referenced in the documentation is out-dated, the dockerfile corrects that c) the script example in the documentation doesn't install az-cli, but you need it - the dockerfile does this, too d) the script example in the documentation assumes every container image can sudo. but if you use MS images for NET, you cannot because sudo is not installed; the dockerfile circumvents this by just setting the root user

3 Views

Open in Slack

Previous Next