Hi all I have a question and am in a bit of a import pickle

Question

Hi all I have a question and am in a bit of a import pickle I have three Azure App Services created functioning I have done the import of the App services as well as used Pulumi Secret Manager to export all secrets to yaml file I m using these for existing secrets and app service const config = new pulumi Config const appService = new azure appservice AppService Unfortunately every time I run pulumi preview diff to see what the index ts is needing for existing resources I get all sorts of attributes it wants to delete add including wanting to re add all secrets I can give more details but hoping for any type of help for best practice here when diffs seem to keep on coming

billowy-army-68599 · Answer

Hey Carissa Could you share the diff

narrow-ghost-95764 · Answer

absolutely on its way

narrow-ghost-95764 · Answer

```All of these secrets I did a secret command and verified they are correct and live in existing App service and in local Pulumi yaml file and looks to be trying to add with + and being in green ~ appSettings + ALLOWED ROLES secret + ALLOWED UPSTREAM REDIRECTS secret + DOCKER CUSTOM IMAGE NAME secret + ENCOMPASS BEARER secret + JWT SECRET secret + MEERKAT PORT secret + MSAL AUTHORITY secret + MSAL CLIENT ID secret + MSAL CLIENT SECRET secret + MSAL CLIENT SECRET OLD secret + PORT secret + REDIRECT URI secret + WEBSITES PORT secret ```

narrow-ghost-95764 · Answer

more to come

narrow-ghost-95764 · Answer

trying to deletes authSettings enabled false tokenRefreshExtensionHours 0 clientCertMode Required keyVaultReferenceIdentityId SystemAssigned linuxFxVersion DOCKER| secret managedPipelineMode Integrated minTlsVersion 1 2 numberOfWorkers 1

narrow-ghost-95764 · Answer

trying to add + clientAffinityEnabled false + clientCertEnabled false Identity block which will throw errors after being added

narrow-ghost-95764 · Answer

I would love to show screenshots and most everything is a secret so if this doesn t help I ll make whatevers left a secret that I need to and add here

narrow-ghost-95764 · Answer

I guess from my lack of knowledge specific to secrets If you have them living in the App Service on the console and you run the secret command verify they exist in the local yaml file does this mean Pulumi wants to add them and duplicate what already exists is matching Specific to imports vs building via Pulumi If you import a resource and it s having a bunch of diffs as it is here is there a known workaround outside of an ignore which I don t want to do to get it to play nice or do I just keep hacking away in index ts and try to get it to match and be happy

billowy-army-68599 · Answer

that does help but I m not sure why this behaviour is happening on import i wouldnt expect it Could you file an issue if you have a repro

billowy-army-68599 · Answer

gt is there a known workaround outside of an ignore yes you can use `ignoreChanges` <https www pulumi com docs intro concepts resources options ignorechanges > but this feels like it shouldn t be needed

billowy-army-68599 · Answer

did you use the `pulumi import` command or are you trying to manually import

narrow-ghost-95764 · Answer

Yeah I m with you on the IgnoreChanges I could totally file an issue I haven t pushed up my local changes yet to repo so what s your recommendation on filing the issue I did pulumi import on all resources it s complaining about Shown below without content pulumi import azure appservice appService AppService testing meerkat api subscriptions resourceGroups providers

billowy-army-68599 · Answer

it seems like the import isn t correctly filling out the types which is definitely an import issue for us sorry for the inconvenience To file an issue just state how you created the resource originally whether clickops or orther iac tool and how you ran `pulumi import` file it in <http github com pulumi pulumi azure native|github com pulumi pulumi azure native>

narrow-ghost-95764 · Answer

can do thank you very much