-
Notifications
You must be signed in to change notification settings - Fork 5
Accessing Identity output #115
Accessing Identity output #115
Comments
Your
|
Yes, it might be related. The issue I mentioned above was fixed for output flow for the Azure provider. I guess something is still missing for Azure NextGen. You can work around the issue with this:
|
Workaround worked. Thank you.
…________________________________
From: Mikhail Shilkov <notifications@github.com>
Sent: Friday, November 6, 2020 2:10:29 PM
To: pulumi/pulumi-azure-nextgen <pulumi-azure-nextgen@noreply.github.com>
Cc: Jakub Konecki <jakub@techfabric.co>; Author <author@noreply.github.com>
Subject: Re: [pulumi/pulumi-azure-nextgen] Accessing Identity output (#115)
Although, on the second thought, it is related. The issue I mentioned above was fixed for output flow for the Azure provider. I guess something is still missing for Azure NextGen. You can work around the issue with this:
ObjectId = scaleSet.Identity.Apply(x => x.PrincipalId ?? Guid.Empty.ToString()),
TenantId = scaleSet.Identity.Apply(x => x.TenantId ?? Guid.Empty.ToString()),
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_pulumi_pulumi-2Dazure-2Dnextgen_issues_115-23issuecomment-2D723100304&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=J5xwzqk2JV6JmMQ8LmNyE6cRZCpM-ICHZBNHSFKl9k8&m=JAgdnv6oS5O5AJa9oU0tRvTi5FC9rQAHyy7FBWyNHSA&s=KpIMfD19VXyOwaUUr_HzqSRaMyTll7KEDrnbRnNfuvU&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ANYCISJ4Q24MTM73XEJJVH3SOP7VLANCNFSM4TMT3GKQ&d=DwMCaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=J5xwzqk2JV6JmMQ8LmNyE6cRZCpM-ICHZBNHSFKl9k8&m=JAgdnv6oS5O5AJa9oU0tRvTi5FC9rQAHyy7FBWyNHSA&s=3Z7mMZdN4QGAQ4tbGzE9-kO31l-FB8rgjzyPqAGUJJY&e=>.
|
@jkonecki-techfabric Which |
It doesn't seem pulumi/pulumi-azure#192 has fixed the issue completely, seeing a very similar issue trying to create a new
This is with Pulumi 2.13.2 and Pulumi.Azure v3.30.0 Edit: I've just realised this is the nextgen provider repo, whereas I'm using the regular provider. The issue seems to be the same however. |
@mikhailshilkov 3.28.0 |
@scp-mb Could you add a repro to pulumi/pulumi-azure#192? Maybe we should reopen it. |
I reopened pulumi/pulumi-azure#192 let's track there |
Encountered this issue also with The following workaround recommended above worked.
|
@andrewdmoreno I closed this 10 seconds before your comment :) Could you add your code snippet here? |
@mikhailshilkov Just want to confirm I'm understanding you correctly: Are you asking me to post the above comment in pulumi/pulumi-azure#192? Or were you wanting me to provide more info here re: |
I'm gonna assume in the meantime that you wanted additional code snippet for var app = new WebApp("api", new WebAppArgs
{
Name = ResourceName("api"),
Location = _location,
ResourceGroupName = _resourceGroup,
ServerFarmId = plan.Id,
ClientAffinityEnabled = false,
Identity = ManagedIdentity(),
SiteConfig = siteConfigArgs,
Tags = Tags
});
var accessPolicies = new InputList<AccessPolicyEntryArgs>
{
DefaultSecretsAccessPolicy(servicePrincipalId),
DefaultSecretsAccessPolicy(app.Identity.Apply(i => i?.PrincipalId ?? Guid.Empty.ToString())),
DefaultSecretsAccessPolicy(slot.Identity.Apply(i => i?.PrincipalId ?? Guid.Empty.ToString()))
};
var vault = CreateKeyVault(accessPolicies);
...
private Vault CreateKeyVault(InputList<AccessPolicyEntryArgs> accessPolicies)
{
return new Vault("vault", new VaultArgs
{
ResourceGroupName = _resourceGroup,
Location = _location,
Properties = new VaultPropertiesArgs
{
Sku = new SkuArgs
{
Family = "A",
Name = "standard",
},
TenantId = _azureAdTenantId,
AccessPolicies = accessPolicies
},
VaultName = _keyVaultName
});
}
private AccessPolicyEntryArgs DefaultSecretsAccessPolicy(Input<string> objectId) => new AccessPolicyEntryArgs
{
ObjectId = objectId,
Permissions = new PermissionsArgs
{
Secrets = _secretPermissions,
},
TenantId = _azureAdTenantId,
}; I don't have the exact error message this moment, but it was complaining about the access policies with index |
The fix will be released in version 0.3.2 |
While this error doesn't happen during the initial preview, it does happen during an update. For instance, if |
I'm trying to create a new VM ScaleSet with system-assigned identity and than create KeyVault access policy for this identity:
When running
pulumi up
I'm getting the following error:Am I using
Output.Apply
correctly?The text was updated successfully, but these errors were encountered: