https://pulumi.com logo
Join Slack
Powered by
<newIssue/> Trying to execute a Pulumi progr...
# general
p
<newIssue/> Trying to execute a Pulumi program in a CI/CD context on Azure DevOps. I'm using a service principal to authenticate to Azure, and all the relevant credentials are passed in as environment variables, i.e. ARM_TENANT_ID, ARM_CLIENT_ID, ARM_CLIENT_SECRET. However, Pulumi complains that a subscription ID must be selected:
Copy code
2019-01-20T21:10:36.7285438Z ++ pulumi stack select retrospect-svcReplika-dev
2019-01-20T21:10:36.8068556Z Logging in using access token from PULUMI_ACCESS_TOKEN
2019-01-20T21:10:37.6949041Z ++ pulumi up --yes
2019-01-20T21:10:38.3934068Z Previewing update (retrospect-svcReplika-dev):
2019-01-20T21:10:39.1496598Z 
2019-01-20T21:10:39.9270466Z     pulumi:pulumi:Stack RetrospectSvcReplika-retrospect-svcReplika-dev running 
2019-01-20T21:10:41.8484053Z     azure:core:ResourceGroup retrospect-dev-svcReplika  error: Error building AzureRM Client: 1 error(s) occurred:
2019-01-20T21:10:41.8590405Z     azure:core:ResourceGroup retrospect-dev-svcReplika  1 error
2019-01-20T21:10:41.8592885Z  
2019-01-20T21:10:41.8598421Z Diagnostics:
2019-01-20T21:10:41.8629164Z   azure:core:ResourceGroup (retrospect-dev-svcReplika):
2019-01-20T21:10:41.8629332Z     error: Error building AzureRM Client: 1 error(s) occurred:
2019-01-20T21:10:41.8629385Z     
2019-01-20T21:10:41.8629475Z     * A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret.
2019-01-20T21:10:41.8629532Z  
2019-01-20T21:10:42.1712727Z error: an error occurred while advancing the preview
It makes sense that I would need to specify a subscription ID somewhere, but I just can't figure out where. Is there a separate environment variable that should be set for that? Setting it using Azure CLI doesn't seem like a viable option in this case, because Pulumi is doing the authentication itself as part of the 
up/preview
commands, and the subscription would need to be selected after that...
s
You can set ARM_SUBSCRIPTION_ID for that
(That is inherited from the Terraform provider)
p
Thank you @stocky-spoon-28903 I will try that!
That should really be documented on https://pulumi.io/quickstart/azure/setup.html
s
Interesting, I didn’t realise it wasn’t. I’ll open an issue for this
Thanks for sticking with it
p
Do you work at Pulumi?
Great, thanks!
s
I do, yes
And previously on Terraform :-)
p
🙂
That worked fine! First successful CI/CD deployment with Pulumi+Azure+Azure DevOps. The dawn of a new era for us.
s
Great! Do you have it configured with the github app?
p
No, we do the version control in Azure DevOps too.
s
Ah cool - did you have to do anything else to get it all working?
Btw I’ll come back to your other questions, just can’t easily answer them right now on my phone
p
No rush on the other one, whenever you get a chance. 🙂
Yeah I had to do a fair amount of tweaking to get it all working... maybe I should blog about it.
h
It would be great if you could blog about it.
Open in Slack
PreviousNext
Powered by