proud-dusk-33872
10/28/2021, 11:54 PMpowerful-football-81694
10/31/2021, 12:07 PMPulumi.AzureNative.Web.ListWebAppHostKeys
but I cannot seem to find how to create new one, neither during the initial deployment (using some options on WebAppArgs
or SiteConfigArgs
) nor as any kind of separate resource.
It seems very easy to do this using ARM (see https://blog.eldert.net/create-and-retrieve-azure-functions-function-keys-in-arm-template/) so I’m guessing there’s a simple way also through Pulumi and I’m just struggling to find it… thankful for any help!powerful-football-81694
10/31/2021, 6:25 PMApiManagementService
and configures it to have a system-assigned managed identity
2. must specify the custom hostname at creation time in the HostnameConfigurationArgs
property, which references a certificate in key vault
3. but APIM fails to create because to read the cert from key vault, it needs an access policy…
4. but the KeyVaultAccessPolicy
to give the APIM managed identity access to read secrets from key vault can only be created after the APIM service has been created, which can’t happen…
So, APIM resource creation depends on the key vault access policy, which depends on the APIM resource… deadlock. Any advice on what do do in this situation?powerful-football-81694
10/31/2021, 6:27 PMwooden-receptionist-75654
11/01/2021, 1:48 PMauthorization.RoleAssignment
. Is there any way to get roleDefinitionId
by the name?
For example I’d like to use DNS Zone Contributor. How can I get it can roleDefinitionId for my subscription?chilly-magazine-4507
11/01/2021, 2:40 PMbrainy-eve-42271
11/01/2021, 6:03 PMconst storageAccountName = `storage${pulumi.getStack()}`;
const storage = new azure.storage.Account(
storageAccountName,
{
resourceGroupName: resourceGroup.name,
accountTier: "standard",
accountReplicationType: "LRS",
accountKind: "BlobStorage",
},
{
deleteBeforeReplace: true,
}
);
const appInsightsContainer = new azure.storage.Container("appinsights", {
storageAccountName: storage.name,
containerAccessType: "private",
});
const exportConfiguration = new azure_native.insights.ExportConfiguration(`export-configuration`, {
destinationAccountId: storage.id,
destinationAddress: storage.primaryBlobEndpoint,
destinationType: "Blob",
isEnabled: "true",
notificationQueueEnabled: "false",
notificationQueueUri: "",
recordTypes: "Requests, Event, Exceptions, Metrics, PageViews, PageViewPerformance, Rdd, PerformanceCounters, Availability,Messages",
resourceGroupName: resourceGroup.name,
resourceName: appInsights.name,
});
powerful-football-81694
11/01/2021, 7:07 PMerror: autorest/azure: error response cannot be parsed: "" error: EOF
when Pulumi fails to create a resource?
I turned on verbose logging to file but it doesn’t reveal more that what’s already shown in the output.brash-quill-35776
11/02/2021, 2:07 AMKeyVault
module, the only thing I can find is the getSecret
but it shows as below, not sure how to get the actual value then
Do I have to call the data plane rest API myself manually?mysterious-piano-88140
11/02/2021, 2:34 PMgorgeous-match-99659
11/03/2021, 4:16 PMabundant-book-94104
11/04/2021, 3:55 AMchilly-magazine-4507
11/08/2021, 10:09 AMwooden-receptionist-75654
11/08/2021, 10:43 AMerror: Code="CustomKubeletIdentityMissingPermissionError" Message="The cluster user assigned identity must be given permission to assign kubelet identity...
even so I have dependency on it.
I have something like this in my code:
const cpIdentity = new managedidentity.UserAssignedIdentity("controlPlaneIdentity", {
location: `${location}`,
resourceGroupName: resourceGroup.name,
resourceName: `${controlPlaneIdentity}`,
});
const kubeletIdentity = new managedidentity.UserAssignedIdentity("kubeletIdentity", {
location: config.location,
resourceGroupName: resourceGroup.name,
resourceName: `${kubeletIdentity}`,
});
const identityRoleAssignment = new authorization.RoleAssignment("controlPlane-ManagedIdentityOperator", {
principalId: cpIdentity.principalId,
principalType: "ServicePrincipal",
roleDefinitionId: `/subscriptions/${config.subscriptionId}/providers/Microsoft.Authorization/roleDefinitions/${config.managedIdentityOperatorId}`,
scope: resourceGroup.id,
});
const cluster = new containerservice.ManagedCluster(
"aks-cluster",
{
...
identity: {
type: "UserAssigned",
userAssignedIdentities: cpIdentity.id.apply((id) => {
const dict: { [key: string]: any } = {};
dict[id] = {};
return dict;
}),
},
identityProfile: {
kubeletidentity: {
clientId: kubeletIdentity.clientId,
resourceId: kubeletIdentity.id,
objectId: kubeletIdentity.principalId,
},
},
....
},
{ dependsOn: [cpIdentity] }
);
Second re-run successfully deploy cluster.
Is there any wait to build a proper dependency on it?millions-candle-46687
11/09/2021, 7:51 AMfull-winter-70537
11/10/2021, 6:09 AMpolite-shoe-79877
11/10/2021, 10:05 AMbrash-quill-35776
11/11/2021, 12:27 AM*readonly* identity: pulumi.Output<outputs.web.ManagedServiceIdentityResponse | undefined>;
How do I put them into another Input
type? I would get
Type 'Output<string | undefined>' is not assignable to type 'Input<string>'.
Type 'OutputInstance<string | undefined>' is not assignable to type 'Input<string>'.
Type 'OutputInstance<string | undefined>' is not assignable to type 'OutputInstance<string>'.
Type 'string | undefined' is not assignable to type 'string'.
Type 'undefined' is not assignable to type 'string'.ts(2322)
wet-noon-14291
11/11/2021, 4:41 PMwet-noon-14291
11/12/2021, 11:21 AMrefined-tent-12187
11/12/2021, 11:33 AMabundant-book-94104
11/15/2021, 4:59 AMvirtual_network = azure_native.network.VirtualNetwork("My-Vnet-10-3-0-0",
address_space=azure_native.network.AddressSpaceArgs(
address_prefixes=["10.3.0.0/16"],
),
tags={
"Company": "Company Group",
"ENVCODE": "DEV",
"Environment": "Development",
"Owner": "PMM"
},
location="somewhere",
resource_group_name="DEV-ARG-Networks",
virtual_network_name="DEV-ADS-Vnet-001"),
subnets = [azure_native.network.SubnetArgs(
address_prefix="10.3.2.0/27",
name='DEV-ADS-Subnet-10-3-2-0',
service_endpoints=[azure_native.network.ServiceEndpointPropertiesFormatArgs(
service="Microsoft.Sql",
)]
)]
some-ram-70663
11/15/2021, 10:19 AMadorable-soccer-30455
11/16/2021, 3:13 PMimportant-book-47803
11/16/2021, 3:31 PMBackupPolicy = new PeriodicModeBackupPolicyArgs
{
PeriodicModeProperties = new PeriodicModePropertiesArgs
{
BackupIntervalInMinutes = 1440,
BackupRetentionIntervalInHours = 168
},
Type = "Periodic"
},
This is my code where I am setting it to be periodic but I want to have tests to check these values, however when getting the BackupPolicy.Value it is always of type ContinuousModeBackupPolicyResponse so I am unable to test minutes/hours values. These will change depending on environment.
It does deploy correctly to azure as periodic with those values but don't want to have a manual check around this. For Azure.Core it worked as expected.adorable-soccer-30455
11/19/2021, 11:50 AMelegant-stone-54832
11/21/2021, 8:13 PMvar sqlServerManagedIdentity = sqlServer.Identity.Apply(x => x.PrincipalId);
new AppRoleAssignment("SqlServerDirectoryReader", new AppRoleAssignmentArgs
{
AppRoleId = "88d8e3e3-8f55-4a1e-953a-9b9898b8876b",
PrincipalObjectId = sqlServerManagedIdentity,
ResourceObjectId = sqlServerManagedIdentity
});
I dont' know the difference between PrincipalObjectId and ResourceObjectId 😕 Does any one has an idea?faint-tiger-16075
11/22/2021, 5:48 PMancient-eve-13947
11/24/2021, 1:33 PMadamant-motherboard-21586
11/26/2021, 8:27 AMadamant-motherboard-21586
11/26/2021, 8:27 AMtall-librarian-49374
11/26/2021, 8:40 AMI want to configure the Functions Application with either the primary or secondary key from the Cosmos DB accountYou can set web app (function app) settings as a separate resource which would go the last in your program.
adamant-motherboard-21586
11/26/2021, 12:46 PMtall-librarian-49374
11/26/2021, 1:11 PMadamant-motherboard-21586
11/26/2021, 4:58 PMtall-librarian-49374
11/26/2021, 8:51 PMadamant-motherboard-21586
11/27/2021, 6:04 AM