I m very new to Pulumi and ran into a question when authenti

Question

I m very new to Pulumi and ran into a question when authenticating using a service principal Short version I m doing a basic proof of concept just looking to create a management group hierarchy within Azure When running this locally I had no problems at all However now that i m trying to incorporate that into an Azure DevOps pipeline using a service principal it s tossing out an error that A Subscription ID must be configured when authenticating as a Service Principal using a Client Secret In the documentation I see one of the required tokens that must be made available to Pulumi is the ARM SUBSCRIPTION ID However since I am provisioning management groups there is no subscription per se Is there any way around this Something along the lines of the Azure CLI allow no subscriptions flag that provides tenant level access

busy-flower-16072 · Answer

Welp sure enough as long as I specify anything for the ARM SUBSCRIPTION ID e g gibberish it works

icy-doctor-13719 · Answer

try using a pulumi AzureNative resource store those values for example in your

icy-doctor-13719 · Answer

pulumi runs self contained in this case and should act the same locally and in CI runner this way you wont have to add those environment variables to your CLI manually each time you open a new terminal too

busy-flower-16072 · Answer

Thanks Patrick will def check this out

icy-doctor-13719 · Answer

service principals will need to still be added to the subscription with minimum contributor role

icy-doctor-13719 · Answer

otherwise how would they write to ARM sweat smile