This message was deleted.
# getting-starteds
sparse-intern-71089
11/28/2022, 12:02 AMThis message was deleted.
f
future-analyst-18745
11/28/2022, 12:09 AM[Update: this does not work "error: Authenticating using the Azure CLI is only supported as a User (not a Service Principal)."]
One difference so far:
Copy code
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}future-analyst-18745
11/28/2022, 2:18 PM[Update: encountered auth error]
This worked:
Copy code
name: Pulumi
on:
push:
branches:
- main
jobs:
update:
name: Update
runs-on: ubuntu-latest
defaults:
run:
working-directory: <path/to/go.mod>
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: 1.19.x
- name: Azure Login
uses: azure/login@v1
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- run: go mod download
- uses: pulumi/actions@v3
with:
work-dir: <path/to/go.mod>
command: up
stack-name: org-name/stack-name # When using an individual account, only use stack-name.
env:
PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}future-analyst-18745
11/28/2022, 2:56 PMSide note:
https://github.com/Azure/login#configure-a-service-principal-with-a-secret
Note: The abovecommand will give you theaz ad sp create-for-rbacdeprecation warning. As we are working with CLI for this deprecation process, we strongly recommend users to use this--sdk-authflag as the result dictionary output changes and not accepted by login action if--sdk-authis not used.--sdk-auth
future-analyst-18745
11/28/2022, 3:32 PMTrying to follow this old guide:
https://nvd.codes/post/deploying-to-azure-with-pulumi-from-github-actions/
future-analyst-18745
11/28/2022, 5:08 PMCurrent problem:
Copy code
Could not create application: graphrbac.ApplicationsClient#Create: Failure responding to request: StatusCode=403 -- Original Error: autorest/azure: Service returned an error. Status=403 Code="Unknown" Message="Unknown service error" Details=[{"odata.error":{"code":"Authorization_RequestDenied","date":"2022-11-28T16:57:29","message":{"lang":"en","value":"Insufficient privileges to complete the operation."},"requestId":"c25989a6-dfb0-4e49-ad1a-0ce14dac8758"}}]future-analyst-18745
11/29/2022, 1:09 AMfuture-analyst-18745
11/29/2022, 10:28 PMI found a solution...
tl;dr
az role assignment create --assignee "servicePrincipalIdPlaceholder" --role "Owner" --subscription "subscriptionIdPlaceholder"az rest --method post --uri <https://graph.microsoft.com/v1.0/servicePrincipals/60b3f8d5-92c6-4f51-93f0-8d0f0825cf9d/appRoleAssignedTo> --body '{ "principalId": "servicePrincipalIdPlaceholder", "resourceId": "subscriptionIdPlaceholder", "appRoleId": "1cda74f2-2616-4834-b122-5cb1b07f8a59" }'az rest --method post --uri <https://graph.microsoft.com/v1.0/servicePrincipals/60b3f8d5-92c6-4f51-93f0-8d0f0825cf9d/appRoleAssignedTo> --body '{ "principalId": "servicePrincipalIdPlaceholder", "resourceId": "subscriptionIdPlaceholder", "appRoleId": "78c8a3c8-a07e-4b9e-af1b-b5ccab50a175" }'future-analyst-18745
11/30/2022, 6:41 PMfuture-analyst-18745
12/12/2022, 4:52 PMThis is somewhat relevant:
https://www.pulumi.com/docs/guides/crosswalk/kubernetes/identity/
12 Views