Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pulumi script(s) #113

Closed
3 tasks done
rchan26 opened this issue Sep 26, 2023 · 3 comments
Closed
3 tasks done

Update pulumi script(s) #113

rchan26 opened this issue Sep 26, 2023 · 3 comments
Assignees
@rchan26 @rwood-97
Labels
priority Issue needs to be prioritised

Comments

@rchan26
Copy link
Collaborator

rchan26 commented Sep 26, 2023
edited
Loading

  • Full slack bot
  • Slack bot
  • Optional: VM for LLM
@rchan26 rchan26 changed the title Update pulumi script Update pulumi script(s) Sep 26, 2023
@rwood-97
Copy link
Contributor

  • Ensure you have azure CLI set up and are logged in, I had to re-login since it thought I was logged in but actually didn't seem to have sync-ed to know I had the Reginald subscription so maybe do this.
  • I had to set up "access policies" on our Azure key vault. Don't know if this link will work but did it here. Have already done this for you.
  • I keep getting this error:
Logging in with Pulumi...
error: problem logging in: read ".pulumi/meta.yaml": blob (key ".pulumi/meta.yaml") (code=Unknown): ===== RESPONSE ERROR (ErrorCode=AuthorizationPermissionMismatch) =====
Description=This request is not authorized to perform this operation using this permission.
RequestId:1bc516ad-001e-00a9-0b3e-f19e7f000000
Time:2023-09-27T12:31:46.4507379Z, Details: (none)

This is basically because to use pulumi login azblob://.... you need "Storage Blob Data Contributor" access. See here and here.
I think there might be something wrong with the current code because I do get "✅ User has 'Storage Blob Data Contributor' permissions on this subscription" but actually when I run az role assignment list --include-inherited --assignee "$USER_ID" --role "Storage Blob Data Contributor" then it just gives me [] as output.
Whereas for az role assignment list --include-inherited --assignee "$USER_ID" --role "Contributor" (a role I do have) I get a json kind of output.

I think once that works it should get through the setup.sh script fine and then all you need to do is the second part which is:
AZURE_KEYVAULT_AUTH_VIA_CLI=true pulumi up -y. And hopefully it will work?

Thats where I've got to

@rchan26 rchan26 added the priority Issue needs to be prioritised label Sep 27, 2023
@rchan26 rchan26 self-assigned this Sep 27, 2023
@rwood-97 rwood-97 self-assigned this Nov 1, 2023
@rchan26 rchan26 mentioned this issue Nov 1, 2023
Open
6 tasks
@rwood-97
Copy link
Contributor

rwood-97 commented Nov 2, 2023

Pulumi scripts now work for both full slack bot and api bot. See #132

I've broken something in the hack_week set up so we might need to delete and recreate in order to regain access but have asked for help in a relevant issue on the pulumi repo so hopefully I can fix this.

Things we still want to deal with are:

  • Better error handling in the api bot if the VM is off, this should return an 'out of office' message but at the moment just hangs and you need to restart the container.
  • Reggie (handbook) is broken at the moment but we just need to get the app/bot tokens again and should be fixed

This was referenced Jan 4, 2024
Merged
Merged
@rchan26
Copy link
Collaborator Author

rchan26 commented Jun 15, 2024

Did in #196

@rchan26 rchan26 closed this as completed Jun 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rchan26 rchan26

@rwood-97 rwood-97

Labels
priority Issue needs to be prioritised
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rchan26 @rwood-97