We are getting an error creating a privateLink across subscr Pulumi Community #general

We are getting an error creating a privateLink acr...

straight-insurance-27894

09/25/2020, 7:31 PM

We are getting an error creating a privateLink across subscriptions. (typescript) azureprivatelinkEndpoint (sql-link): September 25th 2020 134932 Info error: Preview failed: Error building AzureRM Client: Azure CLI Authorization Profile was not found. Please ensure the Azure CLI is installed and then log-in with

az login

. This is an octopus deploy job using a service principal. The job uses the variables

Copy code

$env:ARM_CLIENT_ID = $AzAccountClient
$env:ARM_CLIENT_SECRET = $AzAccountPassword
$env:ARM_TENANT_ID = $AzAccountTenantId
$env:ARM_SUBSCRIPTION_ID = $AzAccountSubscriptionNumber

We have dozens of deployments per week across 20 stacks that has been using this process. Its stable. We are trying something new, creating privatelinks from subscription A to a vnet in subscription B. Since most of the code executes in subscription A, the env variable ARM_SUBSCRIPTION_ID is set to "A". However, when we get to the privatelink, we build a new provider and pass into the service principal the credentials, tenant, secret and subscription B. But when we use this new provider in the private link, we still get the same error. We know we have to pass in subscription B to privatelink. Older versions of the pulumi azure provider would default the credenatials, secret and tenant, but the newer version seems to require them. @pulumi 2.1 @pulumi/azure 3.20.1

Copy code

//Provider Code
const Sub = new vznaz.azure.Provider("subscription B", { //TODO
  subscriptionId: "subscription B",
  metadataHost: '<http://management.azure.com|management.azure.com>',
  clientId: process.env["ARM_CLIENT_ID"],
  clientSecret: process.env["ARM_CLIENT_SECRET"],
  tenantId: vznaz.AADTenantId,
});
vznpulumi.pulumi.ProviderResource.register(Sub).then(p => p);




//PrivateLink Code that is failing with above error message
const privateLinkTags = TAGS;

const PrivateLinkSubnet = vznpulumi.pulumi.output(vznaz.azure.network.getSubnet({
    resourceGroupName: 'vznz-net_rg',
    virtualNetworkName: 'vznz-net_vnet',
    name: 'private-link-hub01',
}, {
    provider: Sub,
    async: true,
}));

//sqlServer
const SqlPrivateLink = new vznaz.azure.privatelink.Endpoint('sql-link', { //was vznaz.azure.privatelink.Endpoint but was getting an error below that privateIpAddress didn't exist on SqlPrivateLink.privateServiceConnection.privateIpAddress
    resourceGroupName: '_prod-rg-01',
    privateServiceConnection: {
        privateConnectionResourceId: sqlServer.id,
        isManualConnection: false,
        name: sqlServer.name,
        subresourceNames: [ 'sqlServer' ],
    },
    subnetId: PrivateLinkSubnet.id,
    name: sqlServer.name,
    tags: privateLinkTags,
},{
    provider: Sub,
});

We are stumped. Any help would be greatly appreciated.

3 Views

Open in Slack

Previous Next