Using a new ManagedCluster's NodeResourceGroup fails on preview
smithrobs opened this issue · 4 comments
smithrobs commented
What happened?
- py 3.10
- pulumi-3.134.1
- pulumi-azure-native-2.64.1
On preview, when attempting to use the NodeResourceGroup output from a pulumi_azure_native.containerservice.ManagedCluster resource (that has yet to be created) in a pulumi_azure_native.managedidentity.get_user_assigned_identity_output call, the preview fails.
Expected
Making use of NodeResourceGroup of a not-yet-created pulumi_azure_native.containerservice.ManagedCluster does not fail the preview.
Actual
Preview fails with:
Diagnostics:
pulumi:pulumi:Stack (py-scratch-dev):
error: Program failed with an unhandled exception:
Traceback (most recent call last):
File "/opt/homebrew/bin/pulumi-language-python-exec", line 192, in <module>
loop.run_until_complete(coro)
File "/opt/homebrew/Cellar/python@3.10/3.10.15/Frameworks/Python.framework/Versions/3.10/lib/python3.10/asyncio/base_events.py", line 649, in run_until_complete
return future.result()
File "/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/lib/python3.10/site-packages/pulumi/runtime/stack.py", line 142, in run_in_stack
await run_pulumi_func(run)
File "/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/lib/python3.10/site-packages/pulumi/runtime/stack.py", line 56, in run_pulumi_func
await wait_for_rpcs()
File "/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/lib/python3.10/site-packages/pulumi/runtime/stack.py", line 118, in wait_for_rpcs
await task
File "/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/lib/python3.10/site-packages/pulumi/runtime/invoke.py", line 149, in do_invoke_output
invoke_result = await _invoke(
File "/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/lib/python3.10/site-packages/pulumi/runtime/invoke.py", line 306, in wait_for_fut
return await asyncio.ensure_future(do_rpc())
File "/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/lib/python3.10/site-packages/pulumi/runtime/invoke.py", line 302, in do_rpc
raise error
Exception: invoke of azure-native:managedidentity:getUserAssignedIdentity failed: invocation of azure-native:managedidentity:getUserAssignedIdentity returned an error: request failed /subscriptions/32b9cb2e-69be-4040-80a6-02cd6b2cc5ec/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/shared-dev-aks-identity50da53d1: autorest/azure: Service returned an error. Status=404 Code="ResourceGroupNotFound" Message="Resource group '{resourceGroupName}' could not be found."
If he preview is skipped via pulumi up -yf, the program completes successfully.
Example
import pulumi
import pulumi_azure_native as azure_native
from pulumi_azure_native import managedidentity
# create RG
rg = azure_native.resources.ResourceGroup("rg-mc-rs", location="centralus")
# create user
msiuser = azure_native.managedidentity.UserAssignedIdentity("msiu-mc-rs", location="centralus", resource_group_name=rg.name)
# create a "simple" cluster
my_cluster = azure_native.containerservice.ManagedCluster("managedCluster-rs",
addon_profiles={},
agent_pool_profiles=[{
"count": 3,
"enable_encryption_at_host": True,
"enable_node_public_ip": True,
"mode": azure_native.containerservice.AgentPoolMode.SYSTEM,
"name": "nodepool1rs",
"os_type": azure_native.containerservice.OSType.LINUX,
"type": azure_native.containerservice.AgentPoolType.VIRTUAL_MACHINE_SCALE_SETS,
"vm_size": "Standard_DS2_v2",
}],
api_server_access_profile={
"disable_run_command": True,
},
auto_scaler_profile={
"scale_down_delay_after_add": "15m",
"scan_interval": "20s",
},
dns_prefix="dnsprefix1rs",
enable_rbac=True,
kubernetes_version="",
linux_profile={
"admin_username": "azureuser",
"ssh": {
"public_keys": [{
# note: throwaway key
"key_data": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDp1Z9NOXuJw2a9zGAaTYvlNNbtQ1vsYXS/baAY65bMSdN8UudVl9y+ZDliYmlHvlce7eOxHq3JML5msnHxSwS2RiYbtoyApKdJdKLnla0X0Au62XqHLCCl2N5nVnqNpNNGvjsWbnNWlIs5KMZ8Ri9OX0lv7dttI8cZuYjiUsdkEwAMzZWF1qzyyghFhxi02AO52Cl0ZPLRZt1Hihu5Y8+K29Fg1sfLu6ArvEj4eI3RS9fCtN5eCic8rskVGw/AmM3y9c9692xIWZuL23djIIlt/mkvY8UtmlrnZq5UBtBNC6G0zCsCCXBR7osuQenV88TCkwHydX0c7aoqrvLP6NwBoIOaQc0V+A7AuyHBzMJf44BbLKI3x1s882q0p5xm39uUjxHR9R9Mu1Oj8lXR+lLXKIJ56h1bU2dScEIIEzgsirQnPgFy6bz7ajRaLPMGe6cBFthb6y3xwl7SIoZPeC4rFHhUvSEZztpQE9eoleK2SI5EqUOMP9kA2ws/UHfgoBk= generated-by-azure"
}],
},
},
location="centralus",
network_profile={
"network_plugin": "azure",
"load_balancer_profile": {
"managed_outbound_ips": {
"count": 2,
},
},
"load_balancer_sku": azure_native.containerservice.LoadBalancerSku.STANDARD,
"outbound_type": azure_native.containerservice.OutboundType.LOAD_BALANCER,
},
resource_group_name=rg.name,
identity={
"type": azure_native.containerservice.ResourceIdentityType.USER_ASSIGNED,
"user_assigned_identities": [
msiuser.id
]
},
sku={
"name": "Base",
"tier": azure_native.containerservice.ManagedClusterSKUTier.FREE,
},
tags={
"tier": "dev",
},
windows_profile={
"admin_password": "hasrt-sdgsd-2322d-2gugs",
"admin_username": "azureuser-rs",
})
tempResourceGroupName = my_cluster.node_resource_group
# fails preview here
autoIdentity = managedidentity.get_user_assigned_identity_output(resource_group_name=tempResourceGroupName,
resource_name="shared-dev-aks-whatever")
pulumi.export('autoIdentityId', autoIdentity.id)Output of pulumi about
pulumi about
CLI
Version 3.134.1
Go Version go1.23.1
Go Compiler gc
Plugins
KIND NAME VERSION
resource aws 6.54.1
resource azure-native 2.64.1
resource command 1.0.1
language python unknown
resource random 4.16.6
Host
OS darwin
Version 14.6.1
Arch arm64
This project is written in python: executable='/Users/rsmith/Documents/scratch/aws-py-scratch/venv310/bin/python' version='3.10.15'
Current Stack: rsmith-pulumi-corp/py-scratch/dev
Found no resources associated with dev
Found no pending operations associated with dev
Backend
Name pulumi.com
URL https://app.pulumi.com/rsmith-pulumi-corp
User rsmith-pulumi-corp
Organizations rsmith-pulumi-corp
Token type personal
Dependencies:
NAME VERSION
pip 24.2
pulumi_aws 6.54.1
pulumi_azure_native 2.64.1
pulumi_command 1.0.1
pulumi_random 4.16.6
setuptools 75.1.0
wheel 0.44.0
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
mikhailshilkov commented
Likely related to pulumi/pulumi#9593, although it looks like an empty value is passed to the invoke from my_cluster.node_resource_group, which I assumed shouldn't happen. It'd be nice to understand why and to see if we can catch this situation earlier than making the erroneous HTTP call.
smithrobs commented
Additional findings:
# errors preview - "Resource group '{resourceGroupName}' could not be found."
pulumi-azure-native==2.64.2
# errors preview - "Resource group '{resourceGroupName}' could not be found."
pulumi-azure-native==2.64.1
# hangs preview - eventsink.go:59] waiting for quiescence; 4 outputs outstanding
pulumi-azure-native==2.64.0
# good
pulumi-azure-native==2.63.0
# good
pulumi-azure-native==2.62.0
# good
pulumi-azure-native==2.61.0
# good
pulumi-azure-native==2.60.1
# good
pulumi-azure-native==2.60.0
justinvp commented
Upstream issue: pulumi/pulumi#17459
pulumi-bot commented
This issue has been addressed in PR #3623 and shipped in release v2.64.3.