search

pulumi / pulumi-az-pipelines-task

Azure Pipelines task extension for running Pulumi apps.
https://marketplace.visualstudio.com/publishers/pulumi
Apache License 2.0
27 stars 19 forks source link

Deploying Azure AD B2C Tenant fails with "Unauthenticated" message. #112

Open erikthedog opened 2 years ago

erikthedog commented 2 years ago

I have a dotnet project containing an Azure AD B2C Tenant.

I can successfully deploy the stack with pulumi up from my machine logged in to Azure as my personal user.

When trying to deploy the stack from Azure Devops using the Pulumi@1 task it fails with Unauthenticated error code:

Diagnostics:
2022-08-22T14:03:57.4210655Z   pulumi:pulumi:Stack (MyB2CStack-dev):
2022-08-22T14:03:57.4213464Z     error: update failed
2022-08-22T14:03:57.4213774Z  
2022-08-22T14:03:57.4215416Z   azure-native:azureactivedirectory:B2CTenant ([mycompanyb2cdev].onmicrosoft.com):
2022-08-22T14:03:57.4216032Z     error: Code="Unauthenticated" Message="Unauthenticated" Target="Authentication"

The service principal used as the azureSubscription is assigned the owner role in the subscription I am deploying to. I am able to deploy a resource group using the same stack and service principal.

Eonasdan commented 1 year ago

Apparently, MS in their infinity wisdom, made it impossible to deploy b2c tenants from a service account as the tenant needs a "real" user to own the tenant. This fails in bicep, the cli, and ARM with the same error, so it's not a Pulumi issue.