many-pager-46142
03/15/2024, 2:53 PMfrom pulumi_azure_native import storage, resources
from pulumi_azure_native.authorization import RoleAssignment
from pulumi_azure_native.storage import StorageAccount, FileShare
from pulumi_azure_native.containerinstance import ContainerGroup, VolumeMountArgs, ContainerArgs
SUBSCRIPTION_ID = "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
STORAGE_BLOB_DATA_CONTRIBUTOR = "ba92f5b4-2d11-453d-a403-e96b0029c9fe"
resource_group = resources.ResourceGroup("ResourceGroup")
storage_account = StorageAccount(
"Storage",
minimum_tls_version="TLS1_2",
account_name="storageacct",
allow_blob_public_access=False,
allow_shared_key_access=False,
resource_group_name=resource_group.name,
sku=storage.SkuArgs(name=storage.SkuName.STANDARD_LRS),
kind=storage.Kind.STORAGE_V2,
azure_files_identity_based_authentication={
"directory_service_options": "AADDS",
"default_share_permission": "StorageFileDataSmbShareContributor"
}
)
fileshare = FileShare(
"Fileshare",
share_name="fileshare",
account_name=storage_account.name,
resource_group_name=resource_group.name,
share_quota=1
)
caddy_container = ContainerArgs(
name="caddy",
image="caddy",
resources={"requests": {"memory_in_gb": .5, "cpu": .5}},
ports=[{"port": 80}, {"port": 443}],
volume_mounts=[
VolumeMountArgs(mount_path="/config", name="caddy-config", read_only=False),
],
)
container_group = ContainerGroup(
"ContainerGroup",
container_group_name="container-group",
containers=[caddy_container],
ip_address={
"ports": [{"port": 80}, {"port": 443}],
"type": "Public",
"dns_name_label": "label",
"auto_generated_domain_name_label_scope": "unsecure"
},
os_type="Linux",
resource_group_name=resource_group.name,
location=resource_group.location,
restart_policy="OnFailure",
volumes=[{
"name": "caddy-config",
"azure_file": {
"share_name": fileshare.name,
"storage_account_name": storage_account.name,
"read_only": False,
}
}],
identity={"type": "SystemAssigned"},
)
role_assignment = RoleAssignment(
"RoleAssignment",
scope=storage_account.id,
role_definition_id=f"/subscriptions/{SUBSCRIPTION_ID}/providers/Microsoft.Authorization/roleDefinitions/{STORAGE_BLOB_DATA_CONTRIBUTOR}",
principal_id=container_group.identity.apply(lambda identity: identity.principal_id),
principal_type="ServicePrincipal"
)
The above code gives the error
Diagnostics:
pulumi:pulumi:Stack (test):
error: update failed
azure-native:containerinstance:ContainerGroup (TestContainerGroup):
error: Code="InvalidStorageAccountKey" Message="The Azure storage account key in volume 'caddy-config' is invalid."
adventurous-butcher-54166
03/21/2024, 3:13 PMadventurous-butcher-54166
03/21/2024, 3:14 PMmany-pager-46142
03/21/2024, 8:11 PMStorage File Data SMB Share Contributor
then.adventurous-butcher-54166
03/21/2024, 8:11 PMmany-pager-46142
03/21/2024, 8:15 PM