You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Thank you for your response in the previous in issue #81 but we created this new issue to get to the root of the problem.
I have the credentials in my config Pulumi.dev.yml which were added as follows:
pulumi config set azure:clientId "00000000000000000000000"
pulumi config set azure:clientSecret "00000000000000000000000"--secret
pulumi config set azure:tenantId "00000000000000000000000"
pulumi config set azure:subscriptionId "00000000000000000000000"
The thing that's bugging me is that the service principal credentials are initially recognized by pulumi as I can see in the debug entries. Running:
$ pulumi preview --debug
Presents us with the following:
Line 55.
debug: 2020/06/0910:31:16 Testing if Service Principal / Client Certificate is applicable for Authentication..
debug: 2020/06/0910:31:16 Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
debug: 2020/06/0910:31:16 Testing if Service Principal / Client Secret is applicable for Authentication..
debug: 2020/06/0910:31:16 Using Service Principal / Client Secret for Authentication
debug: 2020/06/0910:31:16 Getting OAuth config for endpoint https://login.microsoftonline.com/ with tenant....
^^^ This shows that the service principal and the client secret configs were recognized.
Line 94.
debug: 2020/06/0910:31:17 Testing if Service Principal / Client Certificate is applicable for Authentication..
debug: 2020/06/0910:31:17 Testing if Multi Tenant Service Principal / Client Secret is applicable for Authentication..
debug: 2020/06/0910:31:17 Testing if Service Principal / Client Secret is applicable for Authentication..
debug: 2020/06/0910:31:17 Testing if Managed Service Identity is applicable for Authentication..
debug: 2020/06/0910:31:17 Testing if Obtaining a token from the Azure CLI is applicable for Authentication..
debug: 2020/06/0910:31:17 Using Obtaining a token from the Azure CLI for Authentication
^^^ And then Pulumi forgets about the service principal...
And, at the end, it's as if the service principal crendentials were never presented.
Grpc.Core.RpcException: Status(StatusCode=Unknown, Detail="invocation of azuread:index/getGroup:getGroup returned an error: Error building AzureAD Client: Authenticating using the Azure CLI is only supported as a User (not a Service Principal). To authenticate to Azure using a Service Principal, you can use the separate 'Authenticate using a Service Principal' auth method - instructions for which can be found here: **** There's no link presented here. Alternatively you can authenticate using the Azure CLI by using a User Account.")
However, adding the service principal credentials as environment variables worked.
This has forced me to place the credentials in two places. The Pulumi.dev.yml and the environment variables. Not ideal.
After several hours on this, it seems that possibly the feedback to help the devops may be improved in some way to help us get to the source of the problem faster.
Ah -- I think this is totally my mistake and I didn't realize what repo I was reading when I commented on the previous issue. Because you're trying to configure the azuread provider, it's going to try to read the configuration from the azuread namespace in your config. However, in your above, you're configuring it in the azure namespace. Can you please try setting those and see if that fixes your issue?
Hi @leezen,
Thank you for your response in the previous in issue #81 but we created this new issue to get to the root of the problem.
I have the credentials in my config
Pulumi.dev.yml
which were added as follows:The thing that's bugging me is that the service principal credentials are initially recognized by pulumi as I can see in the debug entries. Running:
$ pulumi preview --debug
Presents us with the following:
^^^ This shows that the service principal and the client secret configs were recognized.
^^^ And then Pulumi forgets about the service principal...
And, at the end, it's as if the service principal crendentials were never presented.
However, adding the service principal credentials as environment variables worked.
This has forced me to place the credentials in two places. The
Pulumi.dev.yml
and the environment variables. Not ideal.After several hours on this, it seems that possibly the feedback to help the devops may be improved in some way to help us get to the source of the problem faster.
Can you help with this please?
Thanks
Originally posted by @fabiomilheiro in #81 (comment)
The text was updated successfully, but these errors were encountered: