I am getting the below error while trying to creat...
# general
I am getting the below error while trying to create/update infrastructure using Pulumi in CircleCI CI/CD pipelines but not on my local environment and it seems to be an intermittent issue happening more times and also it works after multiple attempts.
Copy code
error: failed to load checkpoint: blob (key ".pulumi/stacks/identity-test.json") (code=Unknown): -> <http://github.com/Azure/azure-storage-blob-go/azblob.newStorageError|github.com/Azure/azure-storage-blob-go/azblob.newStorageError>, /Users/runner/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationFailure) =====
Description=This request is not authorized to perform this operation.
Time:2021-04-30T03:09:34.4679001Z, Details: 
   Code: AuthorizationFailure
   GET https://**************.<http://blob.core.windows.net/*********/.pulumi/stacks/identity-test.json?timeout=61|blob.core.windows.net/*********/.pulumi/stacks/identity-test.json?timeout=61>
   Authorization: REDACTED
   User-Agent: [go-cloud/blob/0.1.0 Azure-Storage/0.13 (go1.16.3; linux)]
   X-Ms-Client-Request-Id: [80971ac2-1589-4582-4251-041bdeb5f1da]
   X-Ms-Date: [Fri, 30 Apr 2021 03:09:34 GMT]
   X-Ms-Version: [2019-12-12]
   RESPONSE Status: 403 This request is not authorized to perform this operation.
   Content-Length: [246]
   Content-Type: [application/xml]
   Date: [Fri, 30 Apr 2021 03:09:33 GMT]
   Server: [Microsoft-HTTPAPI/2.0]
   X-Ms-Client-Request-Id: [80971ac2-1589-4582-4251-041bdeb5f1da]
   X-Ms-Error-Code: [AuthorizationFailure]
   X-Ms-Request-Id: [83e63fd7-e01e-0005-0c6e-3d938c000000]
Any help would be much appreciated.
Hi @bumpy-agent-19616
This was fixed in Pulumi v2.25.2 - what version of Pulumi CLI are you using?
I actually use pulumi: pulumi/pulumi@2.0.0 orb which installs v3.1.0 as far as I see from the CircleCI logs.
I am not sure if the order of adding firewall rules to storage matters. I moved firewall rule addition step a bit up before Pulumi Login step which seems to have worked. However, do you think this would have made any difference?
Oh, sorry! Problem seems to occur again unfortunately!
What are you setting any azure environment variables to allow interaction with azure?
I set up azure credentials for Pulumi stacks using pulumi config set way and am not using environment variables for the interaction.
So I think there’s some missing information here
Are you trying to store your state in an azure blob or is this an issue when creating a resource in azure?
I am actually trying to update my infrastructure with already creating stacks having cloud storage as backend after logging in via pulumi login --cloud-url. So, it is problem while Pulumi trying to connect state or checkpoint file to know about the current state of infrastructure and then perform create/update operation on it.
Ok, when connecting to an Azure blob self-managed backend, you need to set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_SAS_TOKEN
those are requirements for interacting with the backend
notice they are different from the Pulumi provider configurations
AZURE_STORAGE_ACCOUNT, AZURE_STORAGE_KEY and AZURE_KEYVAULT_AUTH_VIA_CLI are env variables that we set atm. Maybe, I will try adding AZURE_STORAGE_SAS_TOKEN but AZURE_STORAGE_KEY could be used in place of AZURE_STORAGE_SAS_TOKEN. Is that correct?
That is correct
If those env vars are set and you get that error then I suggest checking you can use the same values locally and talk to the storage accounts
I will check that one and see what happens. Thanks, Paul!
no worries at all!