https://pulumi.com logo
Powered by
r

rhythmic-finland-36256

10/18/2019, 1:49 PM
Seeing some issues (reproducible from scratch) when creating Azure app registration, service principal and some assignments/aks cluster. The 
ServicePrincipal
is reported as a successful creation but all depending items (assignments, aks cluster) fail due to not finding the ServicePrincipal. Tried that several times. I’m on node10 and the latest versions of pulumi and the provider packages.
Copy code
Diagnostics:
  azure:role:Assignment (neotest-acr-push-assignment):
    error: Plan apply failed: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal 502e6df59f0544e5811f5ae557d37008 does not exist in the directory xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a."

  azure:role:Assignment (neotest-acr-assignment):
    error: Plan apply failed: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal 93e857e926904364879967bc644e292e does not exist in the directory xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a."

  pulumi:pulumi:Stack (azure-infra-eval-test):
    error: update failed

  azure:role:Assignment (neotest-aks-network-assignment):
    error: Plan apply failed: authorization.RoleAssignmentsClient#Create: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="PrincipalNotFound" Message="Principal 93e857e926904364879967bc644e292e does not exist in the directory xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a."

  azure:containerservice:KubernetesCluster (neo-pulumi-aks):
    error: Plan apply failed: Error creating Managed Kubernetes Cluster "neo-pulumi-aksea35a28e" (Resource Group "pulumi-azure-eval3cf986d6"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ServicePrincipalNotFound" Message="Service principal clientID: 8b2376e1-ba19-41b6-a945-d4f075a003ab not found in Active Directory tenant xxxxxxxx-xxxx-4bdf-b4e0-b60b193ad28a, Please see <https://aka.ms/aks-sp-help> for more details."
Just noticed I posted that to #typescript but maybe this is a general issue.
t

tall-librarian-49374

10/18/2019, 2:08 PM
Sounds similar to https://github.com/terraform-providers/terraform-provider-azuread/issues/4 but that one is supposed to be fixed. I assume you are on the latest version of 
azuread
?
r

rhythmic-finland-36256

10/18/2019, 3:36 PM
I’m on azuread 1.0.0 and 
npm outdated
reports no newer release.
The issues sound familiar. Problem is that running pulumi up a second time won’t work either and I cannot find the 
app registration
and 
service principal
even though they were 
created
in the first run and some ids are stored in the pulumi state.
If I start with a clean state and in the first run remove all objects that rely on the service principal / the app then 
pulumi up
runs without errors. Still if I re-enable the things using the service principal (assignment, aks cluster) in a later run (waiting some minutes) I still get the errors. Strange thing is that I also cannot find the objects in the azure portal.
It’s really strange that I cannot see any 
App Registration
even if pulumi reports them as created successfully. The code is the most basic one like 
const adApp = new azuread.Application("aks");
Is there anything that could cause this super basic line to not work? This code worked before and now stopped when I upgraded to the latest pulumi cli and node dependencies.
The provider must be set up correctly as I can see the resource group, acr, dns zone and so on created correctly. I’m using the ambient azure provider and not passing a specific one down to any resource. This is super weird.
Copy code
$ npm list --depth=0
azure-typescript@ /Users/ajaegle/dev/evals/pulumi-tests/azure-infra-eval
├── @pulumi/azure@1.2.0
├── @pulumi/azuread@1.0.0
├── @pulumi/kubernetes@1.2.3
├── @pulumi/pulumi@1.3.4
├── @pulumi/random@1.1.0
└── @types/node@12.11.1

$ az --version
azure-cli                         2.0.75

command-modules-nspkg              2.0.3
core                              2.0.75
nspkg                              3.0.4
telemetry                          1.0.4

Extensions:
aks-preview                       0.4.12

Python location '/usr/local/Cellar/azure-cli/2.0.75/libexec/bin/python'
Extensions directory '/Users/ajaegle/.azure/cliextensions'

Python (Darwin) 3.7.4 (default, Sep  7 2019, 18:27:02)
[Clang 10.0.1 (clang-1001.0.46.4)]

Legal docs and information: <http://aka.ms/AzureCliLegal|aka.ms/AzureCliLegal>


Your CLI is up-to-date.
2 Views
Powered by