将服务主体登录与Pulumi配置中的连接信息一起使用时出现pulumi错误

Question

我正在使用GitHub操作来运行pulumi-pr.yml

我希望能够基于堆栈部署到不同的订阅。

我创建了一个az ad服务原理，并使用以下内容将信息放入Pulumi配置中：

pulumi config set azure:clientId <clientID>
pulumi config set azure:clientSecret <clientSecret> --secret
pulumi config set azure:tenantId <tenantID>
pulumi config set azure:subscriptionId <subscriptionId>

当GitHub操作运行时，我得到以下错误：

error: building auth config: obtain subscription() from Azure CLI: Error parsing json result from the Azure CLI: Error waiting for the Azure CLI: exit status 1

以下是整个yaml：

name: Pulumi Preview

on:
  pull_request:
    branches:
      - main
  workflow_dispatch:

jobs:
  preview:
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v2
        with:
          fetch-depth: 1
      - name: Install Pulumi CLI
        uses: pulumi/action-install-pulumi-cli@v1
      - uses: pulumi/actions@v3
        with:
          command: preview
          stack-name: trinsic/Cramer
          work-dir: infrastructure/Source/Trinsic.Okapi
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}

Answer 1

下面的堆栈配置文件(例如Pulumi.dev.yaml)和github操作工作流文件应该可以工作。

配置文件(基于https://www.pulumi.com/docs/intro/cloud-providers/azure/setup/#service-principal-authentication)

config:
  azure-native:clientId:
    secure: AAABAJ....BDFDSFSD
  azure-native:clientSecret:
    secure: AAABABebOGe5....BDSFDS
  azure-native:location: CentralUS
  azure-native:subscriptionId:
    secure: AAABAEgNKrTHhf....SFDFSDFSD
  azure-native:tenantId:
    secure: AAABAIoNQ...GDEFSFDSfs

和如下所示的工作流文件：

name: Update:Windows - Config Vars - Manual Trigger

on:
  workflow_dispatch:
    branches:
      - main
jobs:
  up:
    name: Update
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v2
      - uses: actions/setup-node@v2
        with:
          node-version: 14.x
      - run: npm install
      - uses: pulumi/actions@v3
        with:
          command: update
          stack-name: dev
        env:
          PULUMI_ACCESS_TOKEN: ${{ secrets.PULUMI_ACCESS_TOKEN }}