Any idea how to deal with circular dependencies like these T Pulumi Community #azure

Any idea how to deal with circular dependencies li...

chilly-analyst-14900

08/31/2022, 12:20 PM

Any idea how to deal with circular dependencies like these? • The domain cert requires a binding to exist for the domain, or else cannot create the cert. • The binding cannot set the thumbprint at creation time because of the above If there was a way of updating the binding with thumbprint after cert has been created, I would be all set.

Copy code

var binding = new WebAppHostNameBinding($"binding.api{stack}.<http://domain.app|domain.app>", new WebAppHostNameBindingArgs
{
    Name = app.Name,
    ResourceGroupName = resourceGroup.Name,
    CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
    HostName = fulldomain,
    SiteName = app.Name,
    // Thumbprint = certificate.Thumbprint // Cannot set, need to create the managed domain cert first
    // SslState = SslState.SniEnabled // Cannot set, need to create the managed domain cert first
    
}, new CustomResourceOptions{ DependsOn = new CustomResource[] { txtRecord, cnameRecord }});

var certificate = new Certificate($"domain-app-cert-{stack}", new CertificateArgs
{
    ServerFarmId = appServicePlan.Id,
    ResourceGroupName = resourceGroup.Name,
    CanonicalName = fulldomain,
    HostNames = new[] { fulldomain }
}, new CustomResourceOptions {  DependsOn = binding}); // requires a hostname binding to exist for the domain

tall-librarian-49374

08/31/2022, 12:20 PM

There are some ideas in https://www.pulumi.com/blog/exploring-circular-dependencies/

chilly-analyst-14900

08/31/2022, 12:22 PM

Yeah, ideas…

chilly-analyst-14900

08/31/2022, 12:22 PM

read it

chilly-analyst-14900

08/31/2022, 12:23 PM

Is there a way of patching a resource?

chilly-analyst-14900

08/31/2022, 12:24 PM

I’ve see hacks involving flags and running pulumi up twice.. Feels so dirty

chilly-analyst-14900

08/31/2022, 12:39 PM

Looks like I can patch it using the

az

CLI: az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI --name $webapp --resource-group $resourceGroup

microscopic-furniture-52860

08/31/2022, 3:47 PM

Can confirm it’s possible to work around the circular dep by using a

Pulumi.Command

immediately after creation of the cert. Note that it also needs a

delete

command, else a destroy can’t tear down the cert.

Copy code

var command = new Command("apply-cert-binding", new CommandArgs
    {
        Create = "az webapp config ssl bind --certificate-thumbprint $THUMBPRINT --ssl-type SNI --name $APP_NAME --resource-group $RESOURCE_GROUP_NAME",
        
        Delete = "az webapp config ssl unbind --certificate-thumbprint $THUMBPRINT --name $APP_NAME --resource-group $RESOURCE_GROUP_NAME",

        Environment =
        {
            { "THUMBPRINT", cert.Thumbprint },
            { "APP_NAME", app.Name },
            { "RESOURCE_GROUP_NAME", resourceGroup.Name }
        }
    }, new CustomResourceOptions
    {
        DependsOn = cert
    });

chilly-analyst-14900

08/31/2022, 3:48 PM

😮 nice!

chilly-analyst-14900

08/31/2022, 4:19 PM

cc @microscopic-furniture-52860. Seems to work 🙂

🎉 1

chilly-analyst-14900

08/31/2022, 4:20 PM

thx!

4 Views

Open in Slack

Previous Next