https://pulumi.com logo
Title
c

chilly-analyst-14900

08/31/2022, 12:20 PM
Any idea how to deal with circular dependencies like these? • The domain cert requires a binding to exist for the domain, or else cannot create the cert. • The binding cannot set the thumbprint at creation time because of the above If there was a way of updating the binding with thumbprint after cert has been created, I would be all set.
var binding = new WebAppHostNameBinding($"binding.api{stack}.<http://domain.app|domain.app>", new WebAppHostNameBindingArgs
{
    Name = app.Name,
    ResourceGroupName = resourceGroup.Name,
    CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
    HostName = fulldomain,
    SiteName = app.Name,
    // Thumbprint = certificate.Thumbprint // Cannot set, need to create the managed domain cert first
    // SslState = SslState.SniEnabled // Cannot set, need to create the managed domain cert first
    
}, new CustomResourceOptions{ DependsOn = new CustomResource[] { txtRecord, cnameRecord }});

var certificate = new Certificate($"domain-app-cert-{stack}", new CertificateArgs
{
    ServerFarmId = appServicePlan.Id,
    ResourceGroupName = resourceGroup.Name,
    CanonicalName = fulldomain,
    HostNames = new[] { fulldomain }
}, new CustomResourceOptions {  DependsOn = binding}); // requires a hostname binding to exist for the domain
t

tall-librarian-49374

08/31/2022, 12:20 PM
c

chilly-analyst-14900

08/31/2022, 12:22 PM
Yeah, ideas…
read it
Is there a way of patching a resource?
I’ve see hacks involving flags and running pulumi up twice.. Feels so dirty
Looks like I can patch it using the
az
CLI: az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI --name $webapp --resource-group $resourceGroup
m

microscopic-furniture-52860

08/31/2022, 3:47 PM
Can confirm it’s possible to work around the circular dep by using a
Pulumi.Command
immediately after creation of the cert. Note that it also needs a
delete
command, else a destroy can’t tear down the cert.
var command = new Command("apply-cert-binding", new CommandArgs
    {
        Create = "az webapp config ssl bind --certificate-thumbprint $THUMBPRINT --ssl-type SNI --name $APP_NAME --resource-group $RESOURCE_GROUP_NAME",
        
        Delete = "az webapp config ssl unbind --certificate-thumbprint $THUMBPRINT --name $APP_NAME --resource-group $RESOURCE_GROUP_NAME",

        Environment =
        {
            { "THUMBPRINT", cert.Thumbprint },
            { "APP_NAME", app.Name },
            { "RESOURCE_GROUP_NAME", resourceGroup.Name }
        }
    }, new CustomResourceOptions
    {
        DependsOn = cert
    });
c

chilly-analyst-14900

08/31/2022, 3:48 PM
😮 nice!
cc @microscopic-furniture-52860. Seems to work 🙂
🎉 1
thx!