Channels
pulumi-ai
package-authoring
pulumi-cdk
oracle-cloud-infrastructure
learn-pulumi-events
linen
registry
built-with-pulumi
pulumi-cloud
contribex
testingtesting321
hacktoberfest
cloudengineering
yaml
pulumi-crosscode
content-share
finops
multi-language-hackathon
office-hours
workshops
blog-posts
localstack
welcome
gitlab
pulumi-kubernetes-operator
jobs
aws
pulumi-deployments
dotnet
golang
announcements
java
pulumiverse
python
install
getting-started
cloudengineering-support
testingtesting123
hackathon-03-19-2020
typescript
google-cloud
contribute
azure
kubernetes
docs
automation-api
status
general
Title
b
bumpy-agent-19616
04/30/2021, 10:22 AMI am getting the below error while trying to create/update infrastructure using Pulumi in CircleCI CI/CD pipelines but not on my local environment and it seems to be an intermittent issue happening more times and also it works after multiple attempts.
error: failed to load checkpoint: blob (key ".pulumi/stacks/identity-test.json") (code=Unknown): -> <http://github.com/Azure/azure-storage-blob-go/azblob.newStorageError|github.com/Azure/azure-storage-blob-go/azblob.newStorageError>, /Users/runner/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationFailure) =====
Description=This request is not authorized to perform this operation.
RequestId:83e63fd7-e01e-0005-0c6e-3d938c000000
Time:2021-04-30T03:09:34.4679001Z, Details:
Code: AuthorizationFailure
GET https://**************.<http://blob.core.windows.net/*********/.pulumi/stacks/identity-test.json?timeout=61|blob.core.windows.net/*********/.pulumi/stacks/identity-test.json?timeout=61>
Authorization: REDACTED
User-Agent: [go-cloud/blob/0.1.0 Azure-Storage/0.13 (go1.16.3; linux)]
X-Ms-Client-Request-Id: [80971ac2-1589-4582-4251-041bdeb5f1da]
X-Ms-Date: [Fri, 30 Apr 2021 03:09:34 GMT]
X-Ms-Version: [2019-12-12]
--------------------------------------------------------------------------------
RESPONSE Status: 403 This request is not authorized to perform this operation.
Content-Length: [246]
Content-Type: [application/xml]
Date: [Fri, 30 Apr 2021 03:09:33 GMT]
Server: [Microsoft-HTTPAPI/2.0]
X-Ms-Client-Request-Id: [80971ac2-1589-4582-4251-041bdeb5f1da]
X-Ms-Error-Code: [AuthorizationFailure]
X-Ms-Request-Id: [83e63fd7-e01e-0005-0c6e-3d938c000000]b
broad-dog-22463
04/30/2021, 11:31 AMHi @bumpy-agent-19616
This was fixed in Pulumi v2.25.2 - what version of Pulumi CLI are you using?
b
bumpy-agent-19616
04/30/2021, 11:34 AMI actually use pulumi: pulumi/pulumi@2.0.0 orb which installs v3.1.0 as far as I see from the CircleCI logs.
I am not sure if the order of adding firewall rules to storage matters. I moved firewall rule addition step a bit up before Pulumi Login step which seems to have worked. However, do you think this would have made any difference?
Oh, sorry! Problem seems to occur again unfortunately!
b
broad-dog-22463
04/30/2021, 12:57 PMWhat are you setting any azure environment variables to allow interaction with azure?
b
bumpy-agent-19616
04/30/2021, 1:14 PMI set up azure credentials for Pulumi stacks using pulumi config set way and am not using environment variables for the interaction.
b
broad-dog-22463
04/30/2021, 1:38 PMSo I think there’s some missing information here
Are you trying to store your state in an azure blob or is this an issue when creating a resource in azure?
b
bumpy-agent-19616
04/30/2021, 1:46 PMI am actually trying to update my infrastructure with already creating stacks having cloud storage as backend after logging in via pulumi login --cloud-url. So, it is problem while Pulumi trying to connect state or checkpoint file to know about the current state of infrastructure and then perform create/update operation on it.
b
broad-dog-22463
04/30/2021, 1:53 PMOk, when connecting to an Azure blob self-managed backend, you need to set AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_SAS_TOKEN
those are requirements for interacting with the backend
notice they are different from the Pulumi provider configurations
b
bumpy-agent-19616
04/30/2021, 2:02 PMAZURE_STORAGE_ACCOUNT, AZURE_STORAGE_KEY and AZURE_KEYVAULT_AUTH_VIA_CLI are env variables that we set atm. Maybe, I will try adding AZURE_STORAGE_SAS_TOKEN but AZURE_STORAGE_KEY could be used in place of AZURE_STORAGE_SAS_TOKEN. Is that correct?
b
broad-dog-22463
04/30/2021, 2:24 PMThat is correct
If those env vars are set and you get that error then I suggest checking you can use the same values locally and talk to the storage accounts
b
bumpy-agent-19616
04/30/2021, 2:29 PMI will check that one and see what happens. Thanks, Paul!
b
broad-dog-22463
04/30/2021, 2:36 PMno worries at all!