Ok, it's official - I'm stuck on the azure provider (again). I want to simply make use of whatever account I'm logged into the az cli with. In my case this is an admin account, and I expect to be able to do anything with it within the Azure tenant. The only azure-native configuration I have in my pulumi stack configuration is for the location. When I run pulumi up, I get this: Diagnostics: pulumipulumiStack (soxes-infra-bootstrapper): error: Running program 'G:\src\src_x25_exploration\global\bootstrapping\bin\Debug\netcoreapp3.1\bootstrapping.dll' failed with an unhandled exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. at object RuntimeTypeHandle.CreateInstance(RuntimeType type, bool publicOnly, bool wrapExceptions, ref bool canBeCached, ref RuntimeMethodHandleInternal ctor, ref bool h asNoDefaultCtor) at object RuntimeType.CreateInstanceDefaultCtorSlow(bool publicOnly, bool wrapExceptions, bool fillCache) at object RuntimeType.CreateInstanceDefaultCtor(bool publicOnly, bool skipCheckThis, bool fillCache, bool wrapExceptions) at T Activator.CreateInstance<T>() at Task<int> Pulumi.Deployment+Runner.Pulumi.IRunner.RunAsync<TStack>(IServiceProvider serviceProvider)+() => { } at Task<int> Pulumi.Deployment+Runner.RunAsync<TStack>(Func<TStack> stackFactory) ---> Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-n ativeauthorizationgetClientConfig returned an error: getting authenticated object ID: Error parsing json result from the Azure CLI: Error retrieving running Azure CLI: WARNIN G: The underlying Active Directory Graph API will be replaced by Microsoft Graph API in Azure CLI 2.37.0. Please carefully review all breaking changes introduced during this mi gration: https://docs.microsoft.com/cli/azure/microsoft-graph-migration") at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request) at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2 at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult) at async Task<string> ComponentLibrary.Util.GetSubscriptionScopeIdAsync() in G/src/src x25 exploration/ComponentLibrary/Util.csline 13 at string ComponentLibrary.Util.get_SubscriptionId() in G/src/src x25 exploration/ComponentLibrary/Util.csline 8 at new BootstrappingStack() in G/src/src x25 exploration/global/bootstrapping/BootstrappingStack.csline 31 --- End of inner exception stack trace --- Any pointers?

Is this with the azure provider (not azure-native)? Can you try running

az account get-access-token

?

it shows me stuff 🙂

Ok not its not hitting that path then

lotsa stuff, obviously in json - seems to work. No errors at least. It did print the same warning but that's an az cli API thing I'm guessing.

hah well that will be the issue then

I wonder if I can suppress that.

yeh it's actually using some terraform auth helper code from https://github.com/hashicorp/go-azure-helpers

or, for now I'm happy to go any other path to get it working. My next step would be to create an SP by hand

I don't know az auth methods enough to help out more here. I'd suggest raising an issue about this at https://github.com/pulumi/pulumi-azure-native/issues our providers team might have an answer for now and they'll need to fix this issue properly at some point

downgrading az command line to 2.32.0 solves this problem.