https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# getting-started
s
This message was deleted.
b
i
Hmm re. the tenantID, I used the value from the Azure Enterprise Application I set up via the dashboard. I do not recall giving the enterprise application authorization to access the Azure resource management API's and just hoped this would cascade through from my main subscription. I will keep digging, I had assumed the first successful automation run would take a day to debug.
Some progress, I had to grant the Enterprise Application role=owner within the pre existing ResourceGroup that should host the resources accessed during stack.UpAsync() in my automation code. This Microsoft doc describes how to assign roles within the Azure Dashboard https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal After successfully creating a SQL Database my automation function is now failing at a later stage because for some reason an additional resource group is being created then being removed on the next UpAsync() test run. I need to tame these spurious resource group creations and persuade Pulumi to work within a single existing resource group.
b
An you share some of your code?
i
@billowy-army-68599 Thanks for the offer to look at my code. I have resolved the problem myself, I had to add my automation program (Enterprise Application in Azure terminology) as an Access Control role for my main Azure subscription. This was done via the Azure Portal. Previously I had done the same for the fixed manually created resource-group used for all my Pulumi automation api deployments. This was a partial fix but the broader Pulumi resource api queries such as those issued by pulumi refresh failed without the role assignment to the main subscription.
69 Views
Open in Slack
PreviousNext
Powered by