Channels
#general
Title
w
white-cat-90296
08/27/2021, 8:30 AMI'm using Pulumi with GitHub actions. To authenticate with Azure I'm using a service principal. Locally it works great (I'm using my own user to login to the CLI locally), however when it executes in the GitHub Action it throws a Terraform Error related to the
skip_provider_registration Copy code
Error: invocation of azure:containerservice/getRegistry:getRegistry returned an error: 1 error occurred:
* Error ensuring Resource Providers are registered.
Terraform automatically attempts to register the Resource Providers it supports to
ensure it's able to provision resources.
If you don't have permission to register Resource Providers you may wish to use the
"skip_provider_registration" flag in the Provider block to disable this functionality.
Please note that if you opt out of Resource Provider Registration and Terraform tries
to provision a resource from a Resource Provider which is unregistered, then the errors
may appear misleading - for example:
> API version 2019-XX-XX was not found for Microsoft.Fooa
acoustic-alarm-43219
08/27/2021, 8:40 AMMaybe the service principle doesn't have correct permissions?
w
white-cat-90296
08/27/2021, 8:43 AMThat was my first thought as well, but it seems like it has contributor access across the board.
a
acoustic-alarm-43219
08/27/2021, 8:52 AMHHmmm...i would double check that the SP has "register/action" rights on the sub. I mean yes, i believe the Contributor role should have that, but worth checking. I had some simliar issue with Contributor & Storage Account Contributor roles a few weeks back as MSFT had made some changes.
w
white-cat-90296
08/27/2021, 8:57 AMThanks for the input John, I actually found a solution - I'll detail it below for anybody who bumps into this issue in the future 🆘
👍 1
The solution is pretty simple:
Instead of using the
@pulumi/azure@pulumi/azure_native Copy code
// Instead of something like this
import * as azure from '@pulumi/azure';
const registry = azure.containerservice.getRegistry({
name: "myregistryname",
resourceGroupName: "myresourcegroupname",
});
//====================================================
// Use something like THIS instead (Notice: different package)
import * as containerregistry from '@pulumi/azure-native/containerregistry';
const registry = containerregistry.getRegistry({
registryName: "myregistryname",
resourceGroupName "myresourcegroupname"
});🙌 1
Can't explain the underlying issue, but this is a solution that worked for me 👍
b
boundless-car-60268
08/27/2021, 9:35 AMThe other solution is to set the
SkipProviderRegistrationconfigazure:skip_provider_registration: "true"👍 1
For various reasons we've found some things that the azure_native package doesn't support as well as the azure package, and vice versa, so we're currently using a mixture of the two.
👍 1
It's Terraform's fault that you need to skip provider registration if you don't have the sufficient permissions. I think it tries to register the providers for anything you're trying to use, even if they're already registered. I had the same issue when using Terraform directly, and the
azurew
white-cat-90296
08/27/2021, 9:41 AMMy sense was that Terraform actually tries to register providers for everything that it supports, not just what you're trying to use. I've seen some errors for services completely unrelated to what I'm working with e.g. machine learning.
Either way thanks for the heads up, the config tip is very useful
2 Views