Seeing some issues reproducible from scratch when creating A Pulumi Community #typescript

Seeing some issues (reproducible from scratch) whe...

rhythmic-finland-36256

10/18/2019, 1:49 PM

Seeing some issues (reproducible from scratch) when creating Azure app registration, service principal and some assignments/aks cluster. The

ServicePrincipal

is reported as a successful creation but all depending items (assignments, aks cluster) fail due to not finding the ServicePrincipal. Tried that several times. I’m on node10 and the latest versions of pulumi and the provider packages.

rhythmic-finland-36256

10/18/2019, 1:54 PM

Copy code

Diagnostics:
  azure:role:Assignment (neotest-acr-push-assignment):
    error: Plan apply failed: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal 502e6df59f0544e5811f5ae557d37008 does not exist in the directory xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a."

  azure:role:Assignment (neotest-acr-assignment):
    error: Plan apply failed: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal 93e857e926904364879967bc644e292e does not exist in the directory xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a."

  pulumi:pulumi:Stack (azure-infra-eval-test):
    error: update failed

  azure:role:Assignment (neotest-aks-network-assignment):
    error: Plan apply failed: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal 93e857e926904364879967bc644e292e does not exist in the directory xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a."

  azure:containerservice:KubernetesCluster (neo-pulumi-aks):
    error: Plan apply failed: Error creating Managed Kubernetes Cluster "neo-pulumi-aksea35a28e" (Resource Group "pulumi-azure-eval3cf986d6"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ServicePrincipalNotFound" Message="Service principal clientID: 8b2376e1-ba19-41b6-a945-d4f075a003ab not found in Active Directory tenant xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a, Please see <https://aka.ms/aks-sp-help> for more details."

rhythmic-finland-36256

10/18/2019, 1:56 PM

Just noticed I posted that to #typescript but maybe this is a general issue.

tall-librarian-49374

10/18/2019, 2:08 PM

Sounds similar to https://github.com/terraform-providers/terraform-provider-azuread/issues/4 but that one is supposed to be fixed. I assume you are on the latest version of

azuread

tall-librarian-49374

10/18/2019, 2:09 PM

Ah, probably https://github.com/terraform-providers/terraform-provider-azuread/issues/156

tall-librarian-49374

10/18/2019, 2:37 PM

Also https://github.com/pulumi/pulumi-azure/issues/391

rhythmic-finland-36256

10/18/2019, 3:36 PM

I’m on azuread 1.0.0 and

npm outdated

reports no newer release.

rhythmic-finland-36256

10/18/2019, 3:37 PM

The issues sound familiar. Problem is that running pulumi up a second time won’t work either and I cannot find the

app registration

and

service principal

even though they were

created

in the first run and some ids are stored in the pulumi state.

rhythmic-finland-36256

10/18/2019, 3:46 PM

If I start with a clean state and in the first run remove all objects that rely on the service principal / the app then

pulumi up

runs without errors. Still if I re-enable the things using the service principal (assignment, aks cluster) in a later run (waiting some minutes) I still get the errors. Strange thing is that I also cannot find the objects in the azure portal.

rhythmic-finland-36256

10/21/2019, 6:51 AM

It’s really strange that I cannot see any

App Registration

even if pulumi reports them as created successfully. The code is the most basic one like

const adApp = new azuread.Application("aks");

Is there anything that could cause this super basic line to not work? This code worked before and now stopped when I upgraded to the latest pulumi cli and node dependencies.

rhythmic-finland-36256

10/21/2019, 6:54 AM

The provider must be set up correctly as I can see the resource group, acr, dns zone and so on created correctly. I’m using the ambient azure provider and not passing a specific one down to any resource. This is super weird.

rhythmic-finland-36256

10/21/2019, 7:09 AM

Copy code

$ npm list --depth=0
azure-typescript@ /Users/ajaegle/dev/evals/pulumi-tests/azure-infra-eval
├── @pulumi/azure@1.2.0
├── @pulumi/azuread@1.0.0
├── @pulumi/kubernetes@1.2.3
├── @pulumi/pulumi@1.3.4
├── @pulumi/random@1.1.0
└── @types/node@12.11.1

$ az --version
azure-cli                         2.0.75

command-modules-nspkg              2.0.3
core                              2.0.75
nspkg                              3.0.4
telemetry                          1.0.4

Extensions:
aks-preview                       0.4.12

Python location '/usr/local/Cellar/azure-cli/2.0.75/libexec/bin/python'
Extensions directory '/Users/ajaegle/.azure/cliextensions'

Python (Darwin) 3.7.4 (default, Sep  7 2019, 18:27:02)
[Clang 10.0.1 (clang-1001.0.46.4)]

Legal docs and information: <http://aka.ms/AzureCliLegal|aka.ms/AzureCliLegal>


Your CLI is up-to-date.

26 Views

Open in Slack

Previous Next