https://pulumi.com logo
Join Slack
Powered by
I am getting the below error while trying to creat...
# general
b
I am getting the below error while trying to create/update infrastructure using Pulumi in CircleCI CI/CD pipelines but not on my local environment and it seems to be an intermittent issue happening more times and also it works after multiple attempts.
Copy code
error: failed to load checkpoint: blob (key ".pulumi/stacks/identity-test.json") (code=Unknown): -> <http://github.com/Azure/azure-storage-blob-go/azblob.newStorageError|github.com/Azure/azure-storage-blob-go/azblob.newStorageError>, /Users/runner/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationFailure) =====
Description=This request is not authorized to perform this operation.
RequestId:83e63fd7-e01e-0005-0c6e-3d938c000000
Time:2021-04-30T03:09:34.4679001Z, Details: 
   Code: AuthorizationFailure
   GET https://**************.<http://blob.core.windows.net/*********/.pulumi/stacks/identity-test.json?timeout=61|blob.core.windows.net/*********/.pulumi/stacks/identity-test.json?timeout=61>
   Authorization: REDACTED
   User-Agent: [go-cloud/blob/0.1.0 Azure-Storage/0.13 (go1.16.3; linux)]
   X-Ms-Client-Request-Id: [80971ac2-1589-4582-4251-041bdeb5f1da]
   X-Ms-Date: [Fri, 30 Apr 2021 03:09:34 GMT]
   X-Ms-Version: [2019-12-12]
   --------------------------------------------------------------------------------
   RESPONSE Status: 403 This request is not authorized to perform this operation.
   Content-Length: [246]
   Content-Type: [application/xml]
   Date: [Fri, 30 Apr 2021 03:09:33 GMT]
   Server: [Microsoft-HTTPAPI/2.0]
   X-Ms-Client-Request-Id: [80971ac2-1589-4582-4251-041bdeb5f1da]
   X-Ms-Error-Code: [AuthorizationFailure]
   X-Ms-Request-Id: [83e63fd7-e01e-0005-0c6e-3d938c000000]
Any help would be much appreciated.
b
Hi @bumpy-agent-19616
This was fixed in Pulumi v2.25.2 - what version of Pulumi CLI are you using?
b
I actually use pulumi: pulumi/pulumi@2.0.0 orb which installs v3.1.0 as far as I see from the CircleCI logs.
I am not sure if the order of adding firewall rules to storage matters. I moved firewall rule addition step a bit up before Pulumi Login step which seems to have worked. However, do you think this would have made any difference?
Oh, sorry! Problem seems to occur again unfortunately!
b
What are you setting any azure environment variables to allow interaction with azure?
b
I set up azure credentials for Pulumi stacks using pulumi config set way and am not using environment variables for the interaction.
b
So I think there’s some missing information here
Are you trying to store your state in an azure blob or is this an issue when creating a resource in azure?
b
I am actually trying to update my infrastructure with already creating stacks having cloud storage as backend after logging in via pulumi login --cloud-url. So, it is problem while Pulumi trying to connect state or checkpoint file to know about the current state of infrastructure and then perform create/update operation on it.
b
Ok, when connecting to an Azure blob self-managed backend, you need to set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_SAS_TOKEN
those are requirements for interacting with the backend
notice they are different from the Pulumi provider configurations
b
AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_KEY and AZURE_KEYVAULT_AUTH_VIA_CLI are env variables that we set atm. Maybe, I will try adding AZURE_STORAGE_SAS_TOKEN but AZURE_STORAGE_KEY could be used in place of AZURE_STORAGE_SAS_TOKEN. Is that correct?
b
That is correct
If those env vars are set and you get that error then I suggest checking you can use the same values locally and talk to the storage accounts
b
I will check that one and see what happens. Thanks, Paul!
b
no worries at all!
3 Views
Open in Slack
PreviousNext
Powered by