Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
plugin-framework
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
w
white-architect-1595
01/05/2023, 3:32 PMHi all - I created a key vault with Pulumi in Azure and in order to get the tenant ID I have the following code
var clientConfig = Output.Create(GetClientConfig.InvokeAsync());
var tenantID = clientConfig.Apply(x => //tenant ID: The Azure Active Directory tenant ID that should be used for authenticating requests to the key vault.
{
var data = x.TenantId;
return Output.Create(data);
});error: Running program 'C:\Users\xxxx\Source\Repos\xxxxx\bin\Debug\netx.0\xxxx.dll' failed with an unhandled exception:
Grpc.Core.RpcException: Status(StatusCode="Unknown", Detail="invocation of azure-native:authorization:getClientConfig returned an error: getting authenticated object ID: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Continuous access evaluation resulted in claims challenge with result: InteractionRequired and code: LocationConditionEvaluationSatisfied")
at async Task<InvokeResponse> Pulumi.GrpcMonitor.InvokeAsync(ResourceInvokeRequest request)
at async Task<SerializationResult> Pulumi.Deployment.InvokeRawAsync(string token, SerializationResult argsSerializationResult, InvokeOptions options) x 2
at async Task<T> Pulumi.Deployment.InvokeAsync<T>(string token, InvokeArgs args, InvokeOptions options, bool convertResult)
at async Task<OutputData<T>> Pulumi.Output<T>+<>c__DisplayClass12_0.<Create>g__GetData|0(?)+GetData(?)
at async Task<OutputData<U>> Pulumi.Output<T>.ApplyHelperAsync<U>(Task<OutputData<T>> dataTask, Func<T, Output<U>> func)m
melodic-tomato-39005
01/05/2023, 4:31 PMI haven’t seen that error before. I assume you ran
az logini
icy-doctor-13719
01/05/2023, 4:37 PMor create a provider object for the whole transaction:
var provider = new Pulumi.AzureNative.Provider("provider", new Pulumi.AzureNative.ProviderArgs()
{
SubscriptionId = p.subscriptionId,
ClientId = p.servicePrincipalId,
ClientSecret = p.servicePrincipalSecret,
TenantId = p.tenantId,
PartnerId = p.partnerId
});and attach it to the rg managing the kv
// Azure Resource Group
var rg = new Pulumi.AzureNative.Resources.ResourceGroup("rg", new()
{
ResourceGroupName = $"rg-{p.projectName}-{p.env}",
Location = p.location,
Tags = { { "env", p.env } }
}, new CustomResourceOptions() { Provider = provider });w
white-architect-1595
01/05/2023, 4:40 PMYep we are all authenticated via azure CLI using azure logim
Patrick what is p in the context of your code>
i
icy-doctor-13719
01/05/2023, 4:44 PMsettings i’ve defined locally
w
white-architect-1595
01/05/2023, 4:56 PMso in your case p.tenantID contains the tenant ID or is becoming the tenant ID? p.tenant ID must contain your tenant ID and your setting it equal to TenantID?
i
icy-doctor-13719
01/05/2023, 4:56 PMis the tenant ID
i have set the tenant ID via stack config
w
white-architect-1595
01/05/2023, 4:57 PMcan you show how that is done? Because thats my prob I need to get the tenant ID
i
icy-doctor-13719
01/05/2023, 4:57 PMpulumi config set tenantId VALUE
w
white-architect-1595
01/05/2023, 4:57 PMok
i
icy-doctor-13719
01/05/2023, 4:57 PMthen you can do like: tenantId = config.Get(“tenantId”);
w
white-architect-1595
01/05/2023, 4:58 PMcool ok
@icy-doctor-13719 tenantId = config.Get(“tenantId”); has this method changed because it doesnt worjk
i
icy-doctor-13719
01/05/2023, 5:05 PMare you taking what I’m saying literally?
im showing you concepts
add a config
retrieve a config
w
white-architect-1595
01/05/2023, 5:08 PMI got it
thanks
i
icy-doctor-13719
01/05/2023, 5:09 PMtry something like this:
var provider = new Pulumi.AzureNative.Provider("provider", new Pulumi.AzureNative.ProviderArgs()
{
SubscriptionId = p.subscriptionId,
ClientId = p.servicePrincipalId,
ClientSecret = p.servicePrincipalSecret,
TenantId = config.Get("tenantId"),
PartnerId = p.partnerId
});and same for other properties
can exclude partnerid
w
white-architect-1595
01/05/2023, 5:13 PMok so if the ID is in the yaml file if you do var tenantID = new Config().Get("AUS-Instanda:tenantId") ?? 0;
you can get the tenant ID
thanks you for pointing me in the right direction!
i
icy-doctor-13719
01/05/2023, 5:14 PMyou bet
yes, will appear in the stack YAML file
and if you have different environments, you can create separate stacks with separate YAML files
w
white-architect-1595
01/05/2023, 5:15 PMyep
m
mysterious-australia-14256
01/20/2023, 11:19 AMI was getting a similar error today caused by Continuous Access Evaluation having being turned on in our tenant. To fix it I had to do an az logout followed by an az login as seen at https://www.jlaundry.nz/2022/terraform_error_continuous_access_evaluation/