0

I am trying to create a simple azure devops pipeline to execute a pulumi preview, however, I am getting a

error: obtain subscription() from Azure CLI: parsing json result from the Azure CLI: waiting for the Azure CLI: exit status 1: ERROR: Please run 'az login' to setup account.

I only have one subscription but tried to still set it just to be sure.

I have setup a service connection azure subscription. Also added two variables; PULUMI_ACCESS_TOKEN and pulumi.access.token

enter image description here

Below is my yaml

trigger:
- main

variables:
- name: one
  value: initialValue 

pool:
  vmImage: ubuntu-latest


steps:
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3.12.1'
  displayName: 'set Python version'

- script: |
    python -m pip install --upgrade pip
    pip install -r requirements.txt
  displayName: 'Install dependencies'


- script: 'curl -fsSL https://get.pulumi.com | sh'
  displayName: 'Installing pulumi'

- script: 'pulumi login'
  displayName: 'Authenticating pulumi'
  env:
    PULUMI_ACCESS_TOKEN: $(PULUMI_ACCESS_TOKEN)

- task: AzureCLI@2
  inputs:
    azureSubscription: '<subscription from service connection>'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: 'az account list'

- task: AzureCLI@2
  inputs:
    azureSubscription: '<subscription from service connection>'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    inlineScript: 'az account set --subscription <sub id>'


- task: Pulumi@1
  inputs:
    command: 'preview'
    stack: 'dev'

Not sure what else I am missing. Appreciate any help. Thank you.

Improve this question

1 Answer 1

Reset to default
0

You are using the Using the Pulumi task from the Marketplace. In the extension Prerequisites, it mentions

You'll need an Azure subscription if you plan on creating resources in Azure.

The name of this service connection is what you will use in the Pulumi task for the input azureSubscription if you are using the YAML configuration.

You can also refer this official document Pulumi CI/CD & Azure DevOps for more details. It says if the service connection (azureSubscription) is not used, environment variables can be configured with the credentials needed for the applicable Pulumi providers.

pulumi requires a few environment variables in order to work in a CI/CD environment. More specifically, PULUMI_ACCESS_TOKEN is required to allow the pulumi CLI to perform an unattended login. In addition to this, you will also need to set the cloud provider-specific variables.

If you are using the Pulumi task extension for Azure Pipelines, you don’t need to manually configure the environment variables in your pipeline builds. You can use Service Connections to centralize access to your Azure subscription(s).

So you can add a service connection in your Pulumi@1 task.

If you choose to configure the environment variables manually, you can add addSpnToEnvironment: true to your Azure CLI task, then you can get the servicePrincipalId, servicePrincipalKey, and tenantId variables in your script to set configuration using environment variables. You can refer this answer for the usage of addSpnToEnvironment.

- task: AzureCLI@2
  inputs:
    azureSubscription: 'your service connection name'
    scriptType: 'bash'
    scriptLocation: 'inlineScript'
    addSpnToEnvironment: true
    inlineScript: |
      export ARM_CLIENT_ID=$servicePrincipalId
      export ARM_CLIENT_SECRET=$servicePrincipalKey
      export ARM_TENANT_ID=$tenantId
      export ARM_SUBSCRIPTION_ID=<YOUR_SUBSCRIPTION_ID>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.