https://pulumi.com logo
Powered by
#general
Title
# general
w

white-cat-90296

08/27/2021, 8:30 AM
I'm using Pulumi with GitHub actions. To authenticate with Azure I'm using a service principal. Locally it works great (I'm using my own user to login to the CLI locally), however when it executes in the GitHub Action it throws a Terraform Error related to the 
skip_provider_registration
flag. Any ideas why this behaviour occurs and what is a workaround in Pulumi? Note: This only occurs when I am using a method for Getting an existing registry by name and resource group. If I am creating resources, I am experiencing no issues.
Copy code
Error: invocation of azure:containerservice/getRegistry:getRegistry returned an error: 1 error occurred:
      	* Error ensuring Resource Providers are registered.
      
      Terraform automatically attempts to register the Resource Providers it supports to
      ensure it's able to provision resources.
      
      If you don't have permission to register Resource Providers you may wish to use the
      "skip_provider_registration" flag in the Provider block to disable this functionality.
      
      Please note that if you opt out of Resource Provider Registration and Terraform tries
      to provision a resource from a Resource Provider which is unregistered, then the errors
      may appear misleading - for example:
      
      > API version 2019-XX-XX was not found for Microsoft.Foo
a

acoustic-alarm-43219

08/27/2021, 8:40 AM
Maybe the service principle doesn't have correct permissions?
w

white-cat-90296

08/27/2021, 8:43 AM
That was my first thought as well, but it seems like it has contributor access across the board.
a

acoustic-alarm-43219

08/27/2021, 8:52 AM
HHmmm...i would double check that the SP has "register/action" rights on the sub. I mean yes, i believe the Contributor role should have that, but worth checking. I had some simliar issue with Contributor & Storage Account Contributor roles a few weeks back as MSFT had made some changes.
w

white-cat-90296

08/27/2021, 8:57 AM
Thanks for the input John, I actually found a solution - I'll detail it below for anybody who bumps into this issue in the future 🆘
👍 1
The solution is pretty simple: Instead of using the 
@pulumi/azure
npm package, make sure you're using the 
@pulumi/azure_native
package. So a simple change to the code.
Copy code
// Instead of something like this
import * as azure from '@pulumi/azure';

const registry = azure.containerservice.getRegistry({
  name: "myregistryname",
  resourceGroupName: "myresourcegroupname",
});

//====================================================

// Use something like THIS instead (Notice: different package)
import * as containerregistry from '@pulumi/azure-native/containerregistry';

const registry = containerregistry.getRegistry({
    registryName: "myregistryname",
    resourceGroupName "myresourcegroupname"
});
🙌 1
Can't explain the underlying issue, but this is a solution that worked for me 👍
b

boundless-car-60268

08/27/2021, 9:35 AM
The other solution is to set the 
SkipProviderRegistration
flag to true in the Azure config. This can be done by adding the following to the 
config
section in the yaml: 
azure:skip_provider_registration: "true"
👍 1
For various reasons we've found some things that the azure_native package doesn't support as well as the azure package, and vice versa, so we're currently using a mixture of the two.
👍 1
It's Terraform's fault that you need to skip provider registration if you don't have the sufficient permissions. I think it tries to register the providers for anything you're trying to use, even if they're already registered. I had the same issue when using Terraform directly, and the 
azure
provider uses Terraform under the covers.
w

white-cat-90296

08/27/2021, 9:41 AM
My sense was that Terraform actually tries to register providers for everything that it supports, not just what you're trying to use. I've seen some errors for services completely unrelated to what I'm working with e.g. machine learning.
Either way thanks for the heads up, the config tip is very useful
2 Views
Powered by