https://pulumi.com logo
Title
w

white-architect-1595

01/05/2023, 3:32 PM
Hi all - I created a key vault with Pulumi in Azure and in order to get the tenant ID I have the following code
var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
    var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
    {
        var data = x.TenantId;
        return Output.Create(data);
    });
Then in my keyvault definition I say TenantId = tenantID When I run pulumi up I get the following error
error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
    Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
       at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
       at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
       at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
       at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
       at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)
m

melodic-tomato-39005

01/05/2023, 4:31 PM
I haven’t seen that error before. I assume you ran
az login
before?
i

icy-doctor-13719

01/05/2023, 4:37 PM
or create a provider object for the whole transaction:
var provider = new Pulumi.AzureNative.Provider("provider", new Pulumi.AzureNative.ProviderArgs()
        {
            SubscriptionId = p.subscriptionId,
            ClientId = p.servicePrincipalId,
            ClientSecret = p.servicePrincipalSecret,
            TenantId = p.tenantId,
            PartnerId = p.partnerId
        });
and attach it to the rg managing the kv
// Azure Resource Group
        var rg = new Pulumi.AzureNative.Resources.ResourceGroup("rg", new()
        {
            ResourceGroupName = $"rg-{p.projectName}-{p.env}",
            Location = p.location,
            Tags = { { "env", p.env } }
        }, new CustomResourceOptions() { Provider = provider });
w

white-architect-1595

01/05/2023, 4:40 PM
Yep we are all authenticated via azure CLI using azure logim
Patrick what is p in the context of your code>
i

icy-doctor-13719

01/05/2023, 4:44 PM
settings i’ve defined locally
w

white-architect-1595

01/05/2023, 4:56 PM
so in your case p.tenantID contains the tenant ID or is becoming the tenant ID? p.tenant ID must contain your tenant ID and your setting it equal to TenantID?
i

icy-doctor-13719

01/05/2023, 4:56 PM
is the tenant ID
i have set the tenant ID via stack config
w

white-architect-1595

01/05/2023, 4:57 PM
can you show how that is done? Because thats my prob I need to get the tenant ID
i

icy-doctor-13719

01/05/2023, 4:57 PM
pulumi config set tenantId VALUE
w

white-architect-1595

01/05/2023, 4:57 PM
ok
i

icy-doctor-13719

01/05/2023, 4:57 PM
then you can do like: tenantId = config.Get(“tenantId”);
w

white-architect-1595

01/05/2023, 4:58 PM
cool ok
@icy-doctor-13719 tenantId = config.Get(“tenantId”); has this method changed because it doesnt worjk
i

icy-doctor-13719

01/05/2023, 5:05 PM
are you taking what I’m saying literally?
im showing you concepts
add a config
retrieve a config
w

white-architect-1595

01/05/2023, 5:08 PM
I got it
thanks
i

icy-doctor-13719

01/05/2023, 5:09 PM
try something like this:
var provider = new Pulumi.AzureNative.Provider("provider", new Pulumi.AzureNative.ProviderArgs()
        {
            SubscriptionId = p.subscriptionId,
            ClientId = p.servicePrincipalId,
            ClientSecret = p.servicePrincipalSecret,
            TenantId = config.Get("tenantId"),
            PartnerId = p.partnerId
        });
and same for other properties
can exclude partnerid
w

white-architect-1595

01/05/2023, 5:13 PM
ok so if the ID is in the yaml file if you do var tenantID = new Config().Get("AUS-Instanda:tenantId") ?? 0; you can get the tenant ID
thanks you for pointing me in the right direction!
i

icy-doctor-13719

01/05/2023, 5:14 PM
you bet
yes, will appear in the stack YAML file
and if you have different environments, you can create separate stacks with separate YAML files
w

white-architect-1595

01/05/2023, 5:15 PM
yep
m

mysterious-australia-14256

01/20/2023, 11:19 AM
I was getting a similar error today caused by Continuous Access Evaluation having being turned on in our tenant. To fix it I had to do an az logout followed by an az login as seen at https://www.jlaundry.nz/2022/terraform_error_continuous_access_evaluation/