https://pulumi.com logo
Title
n

narrow-ghost-95764

02/15/2023, 6:29 PM
Hi all, I have a question and am in a bit of a import pickle. I have three Azure App Services created/functioning. I have done the import of the App services as well as used Pulumi Secret Manager to export all secrets to yaml file. I'm using these for existing secrets and app service: const config = new pulumi.Config(); const appService = new azure.appservice.AppService Unfortunately every time I run pulumi preview --diff to see what the index.ts is needing for existing resources, I get all sorts of attributes it wants to delete/add including wanting to re-add all secrets. I can give more details but hoping for any type of help for best practice here when diffs seem to keep on coming
b

billowy-army-68599

02/15/2023, 6:49 PM
Hey Carissa. Could you share the diff?
n

narrow-ghost-95764

02/15/2023, 7:01 PM
absolutely on its way
All of these secrets I did a --secret command and verified they are correct and live in existing App service and in local Pulumi yaml file and looks to be trying to add with + and being in green:

~ appSettings                : {
          + ALLOWED_ROLES                      : [secret]
          + ALLOWED_UPSTREAM_REDIRECTS         : [secret]
          + DOCKER_CUSTOM_IMAGE_NAME           : [secret]
          + ENCOMPASS_BEARER                   : [secret]
          + JWT_SECRET                         : [secret]
          + MEERKAT_PORT                       : [secret]
          + MSAL_AUTHORITY                     : [secret]
          + MSAL_CLIENT_ID                     : [secret]
          + MSAL_CLIENT_SECRET                 : [secret]
          + MSAL_CLIENT_SECRET_OLD             : [secret]
          + PORT                               : [secret]
          + REDIRECT_URI                       : [secret]

          + WEBSITES_PORT                      : [secret]
more to come....
trying to deletes: - authSettings : { - enabled : false - tokenRefreshExtensionHours: 0 } - clientCertMode : "Required" - keyVaultReferenceIdentityId: "SystemAssigned" - linuxFxVersion : "DOCKER|[secret]" - managedPipelineMode : "Integrated" - minTlsVersion : "1.2" - numberOfWorkers : 1
trying to add: } + clientAffinityEnabled : false + clientCertEnabled : false Identity block (which will throw errors after being added)
I would love to show screenshots and most everything is a secret so if this doesn't help I'll make whatevers left a secret that I need to and add here
I guess from my lack of knowledge specific to secrets: If you have them living in the App Service on the console and you run the --secret command, verify they exist in the local yaml file, does this mean Pulumi wants to add them and duplicate what already exists/is matching? Specific to imports vs building via Pulumi: If you import a resource and it's having a bunch of diffs as it is here, is there a known workaround outside of an ignore (which I don't want to do) to get it to play nice or do I just keep hacking away in index.ts and try to get it to match and be happy?
b

billowy-army-68599

02/15/2023, 7:40 PM
that does help, but I’m not sure why this behaviour is happening on import, i wouldnt expect it. Could you file an issue if you have a repro?
is there a known workaround outside of an ignore
yes, you can use
ignoreChanges
(https://www.pulumi.com/docs/intro/concepts/resources/options/ignorechanges/) but this feels like it shouldn’t be needed
did you use the
pulumi import
command or are you trying to manually import?
n

narrow-ghost-95764

02/15/2023, 7:52 PM
Yeah I'm with you on the IgnoreChanges. I could totally file an issue. I haven't pushed up my local changes yet to repo so what's your recommendation on filing the issue? I did pulumi import on all resources it's complaining about. Shown below without content: pulumi import azure:appservice/appService:AppService testing-meerkat-api /subscriptions/#####/resourceGroups/#####/providers/####
b

billowy-army-68599

02/15/2023, 8:07 PM
it seems like the import isn’t correctly filling out the types which is definitely an import issue for us, sorry for the inconvenience. To file an issue, just state how you created the resource originally (whether clickops or orther iac tool) and how you ran
pulumi import
file it in github.com/pulumi/pulumi-azure-native
n

narrow-ghost-95764

02/15/2023, 8:08 PM
can do thank you very much!