Hi < C01PF3E1B8V|getting started> < CRVK66N5U|azure> I am tr Pulumi Community #getting-started

Hi <#C01PF3E1B8V|getting-started> <#CRVK66N5U|azur...

delightful-fireman-31689

10/08/2021, 2:51 AM

Hi #getting-started #azure! I am trying to automate Azure ADB2C tenant create in my personal subscription with a single resource group where I have all the admin access. Unfortunately this gives me error 404 - appreciate any ideas how to fix it! Cheers This is the code:

Copy code

import * as azure_native from "@pulumi/azure-native";

const b2cTenant = new azure_native.azureactivedirectory.B2CTenant("b2c", {
  location: "Australia",
  properties: {
    countryCode: "AU",
    displayName: "My Tenant",
  },
  resourceGroupName: "my-rg",
  resourceName: "<http://mytenant123451234234523456456756789876.onmicrosoft.com|mytenant123451234234523456456756789876.onmicrosoft.com>",
  sku: {
    name: "PremiumP1",
    tier: "A0",
  },
});

and here is the log:

Copy code

192-168-0-1:pulumi tuatara$ pulumi up --yes --skip-preview --debug --logflow --logtostderr
Please choose a stack, or create a new one: dev
Updating (dev)

View Live: <https://app.pulumi.com/[REDACTED]/myPulumiProject/dev/updates/2>

     Type                                            Name                 Status                  Info
     pulumi:pulumi:Stack                             myPulumiProject-dev  **failed**              1 error; 16 debugs
 +   └─ azure-native:azureactivedirectory:B2CTenant  b2c                  **creating failed**     1 error
 
Diagnostics:
  azure-native:azureactivedirectory:B2CTenant (b2c):
    error: resource partially created but read failed autorest/azure: Service returned an error. Status=404 Code="NotFound" Message="Resource with ID '[REDACTED]/my-rg/mytenant123451234234523456456756789876.onmicrosoft.com' does not exist." Target="resource": autorest/azure: Service returned an error. Status=404 Code="NotFound" Message="Resource with ID '[REDACTED]/my-rg/mytenant123451234234523456456756789876.onmicrosoft.com' does not exist." Target="resource"
 
  pulumi:pulumi:Stack (myPulumiProject-dev):
    debug: 2021/10/08 13:24:33 Testing if Service Principal / Client Certificate is applicable for Authentication..
    debug: 2021/10/08 13:24:33 Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
    debug: 2021/10/08 13:24:33 Testing if Service Principal / Client Secret is applicable for Authentication..
    debug: 2021/10/08 13:24:33 Testing if Managed Service Identity is applicable for Authentication..
    debug: 2021/10/08 13:24:33 Testing if Obtaining a token from the Azure CLI is applicable for Authentication..
    debug: 2021/10/08 13:24:33 Using Obtaining a token from the Azure CLI for Authentication
    debug: 2021/10/08 13:24:33 Getting OAuth config for endpoint <https://login.microsoftonline.com/> with  tenant [REDACTED]
    debug: Registering resource: t=pulumi:pulumi:Stack, name=myPulumiProject-dev, custom=false, remote=false
    debug: RegisterResource RPC prepared: t=pulumi:pulumi:Stack, name=myPulumiProject-dev
    debug: RegisterResource RPC finished: resource:myPulumiProject-dev[pulumi:pulumi:Stack]; err: null, resp: urn:pulumi:dev::myPulumiProject::pulumi:pulumi:Stack::myPulumiProject-dev,,,,
    debug: Running program '[REDACTED]' in pwd '[REDACTED]' w/ args: 
    debug: Registering resource: t=azure-native:azureactivedirectory:B2CTenant, name=b2c, custom=true, remote=false
    debug: RegisterResourceOutputs RPC prepared: urn=urn:pulumi:dev::myPulumiProject::pulumi:pulumi:Stack::myPulumiProject-dev
    debug: RegisterResource RPC prepared: t=azure-native:azureactivedirectory:B2CTenant, name=b2c
    debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:dev::myPulumiProject::pulumi:pulumi:Stack::myPulumiProject-dev; err: null, resp: 
    debug: RegisterResourceOutputs RPC finished: urn=urn:pulumi:dev::myPulumiProject::pulumi:pulumi:Stack::myPulumiProject-dev; err: null, resp: 
    error: update failed
 
Resources:
    1 unchanged

Duration: 1m12s

witty-candle-66007

10/08/2021, 4:09 PM

Since it’s a 404 error, that means the failure is happening in Azure. The error message appears to be saying the resourceName is not found:

Status=404 Code=“NotFound” Message=“Resource with ID ‘[REDACTED]/my-rg/mytenant123451234234523456456756789876.onmicrosoft.com’ does not exist.”

So, I would double/triple check that resource exists and is accessible.

👍 1

delightful-fireman-31689

10/08/2021, 9:43 PM

Hey @witty-candle-66007, thanks for looking into it! Yeah the tricky part is the resource that’s not found is the resource that’s being created here. So it doesn’t exist before we create it using Pulumi. I guess this error also looks like an async issue when Pulumi tries to access the tenant before it’s fully created - is there a way to maybe extend the waiting time before Pulumi access the new tenant? Cheers!

witty-candle-66007

10/12/2021, 1:14 PM

To make sure I’m not misunderstanding and since I’m not familiar with this resource, somewhere else in the code,

<http://mytenant123451234234523456456756789876.onmicrosoft.com|mytenant123451234234523456456756789876.onmicrosoft.com>

, is created and then referenced here. Is that correct?

delightful-fireman-31689

10/14/2021, 8:41 AM

Hey @witty-candle-66007 my understanding is slightly different. This whole code only creates the tenant and does nothing else. This code is pretty much a copy from the official Pulumi documentation here https://www.pulumi.com/docs/reference/pkg/azure-native/azureactivedirectory/b2ctenant/ and this is why I found it strange that it is not working out of the box 🤔

delightful-fireman-31689

10/14/2021, 9:27 AM

I think I finally made it work (though not very stable) by creating another tenant manually in the same Azure subscription - so I believe this is not really about the above Pulumi code here but rather Pulumi/Azure integration.

delightful-fireman-31689

10/14/2021, 9:37 AM

My assumption is, there is an issue with Azure API in some versions that might affect Pulumi. If you try it here in Microsoft sandbox https://docs.microsoft.com/en-us/rest/api/activedirectory/b2c-tenants/create with the API version

2019-01-01-preview

as they suggest, you will get response 201. Digging deeper into error I found there is an undocumented property required in the payload:

properties.tenantId

. Now if you add this property to the payload, and change the API version to

2017-01-30

(the only non-preview version), it results in response 200 and a successfully created B2C tenant.

delightful-fireman-31689

10/14/2021, 9:40 AM

I am not sure if these 2 issues are related though. My goal was to create a POC of creating B2C tenant using Pulumi and I reached it. But I still wonder why it had to be so complicated and not working out of the box. I hope this helps someone looking to automate this. Cheers!

witty-candle-66007

10/14/2021, 2:34 PM

I’m curious if you keep the 2019-01-01-preview version and include the

properties.tenantId

input, does it work?

delightful-fireman-31689

10/14/2021, 4:58 PM

It didn’t - the API returned 500 error

3 Views

Open in Slack

Previous Next