aq17
commented
1 year ago Hi @zbuchheit , thanks for opening this issue – would you be able to provide a code snippet/ example so we can try to reproduce this?
Closed zbuchheit closed 1 year ago
aq17
commented
1 year ago Hi @zbuchheit , thanks for opening this issue – would you be able to provide a code snippet/ example so we can try to reproduce this?
phillipedwards
commented
1 year ago @aq17 This ask is related to this code block. Specifically, a management group scoped service connection does not have a single subscriptionId (it can have multiple).
The problem becomes subscriptionId is marked as required so, if a subscriptionId is not present in the ADO task, an error occurs.
phillipedwards
commented
1 year ago What I'm proposing is we set the subscriptionId to optional so instead of:
subscriptionId: tl.getEndpointDataParameter(
connectedServiceName,
"subscriptionid",
false // optional == false
),we end up with:
subscriptionId: tl.getEndpointDataParameter(
connectedServiceName,
"subscriptionid",
true // optional == true
),Thanks for clarifying @phillipedwards , that makes sense. Would you like to open a PR or shall I?
phillipedwards
commented
1 year ago @aq17 PR is up, although it looks like some CI failures are occurring... https://github.com/pulumi/pulumi-az-pipelines-task/pull/123
aq17
commented
1 year ago @phillipedwards on second glance it looks like a subscription ID is required (https://arinco.com.au/blog/azure-done-right-series-azure-devops-and-management-group-service-connections/) – need to find a way to resolve this when a mgmt group is used
phillipedwards
commented
1 year ago I think for this particular case subscriptionId is required due to the fact the task is directly using the data point, however, I don't think (could be wrong) it should be required with the Pulumi ADO task. Ultimately, the subscriptionId will have to be specified in a Pulumi stack configuration, if a customer wants to use Management Group Service Connection and we will have to make that known.
phillipedwards
commented
1 year ago @aq17 can you take a look and approve if we're good to go?
aq17
commented
1 year ago @phillipedwards CI is still failing likely due to the subscriptionId requirement to establish the service endpoint. The link above ^ uses a PowerShell script to select a subscription from the management group
Describe the bug When using the task, the task goes and grabs the subscriptionid off of the passed in service connection via getEndpointDataParameter. If using a management group scoped service connection the subscriptionid does not exist on the service connections metadata so it causes it to throw an error and the task to fail.
To Reproduce Steps to reproduce the behavior: Pass in a management group scoped service connection as the azureSubscription parameter for the task. The task will fail.
Expected behavior Expect the task to continue to run pulumi as expected as the azure subscription can be provided in the stack yaml for the provider.