Thread
#azure
    c

    chilly-analyst-14900

    3 weeks ago
    Any idea how to deal with circular dependencies like these? • The domain cert requires a binding to exist for the domain, or else cannot create the cert. • The binding cannot set the thumbprint at creation time because of the above If there was a way of updating the binding with thumbprint after cert has been created, I would be all set.
    var binding = new WebAppHostNameBinding($"binding.api{stack}.<http://domain.app|domain.app>", new WebAppHostNameBindingArgs
    {
        Name = app.Name,
        ResourceGroupName = resourceGroup.Name,
        CustomHostNameDnsRecordType = CustomHostNameDnsRecordType.CName,
        HostName = fulldomain,
        SiteName = app.Name,
        // Thumbprint = certificate.Thumbprint // Cannot set, need to create the managed domain cert first
        // SslState = SslState.SniEnabled // Cannot set, need to create the managed domain cert first
        
    }, new CustomResourceOptions{ DependsOn = new CustomResource[] { txtRecord, cnameRecord }});
    
    var certificate = new Certificate($"domain-app-cert-{stack}", new CertificateArgs
    {
        ServerFarmId = appServicePlan.Id,
        ResourceGroupName = resourceGroup.Name,
        CanonicalName = fulldomain,
        HostNames = new[] { fulldomain }
    }, new CustomResourceOptions {  DependsOn = binding}); // requires a hostname binding to exist for the domain
    t

    tall-librarian-49374

    3 weeks ago
    c

    chilly-analyst-14900

    3 weeks ago
    Yeah, ideas…
    read it
    Is there a way of patching a resource?
    I’ve see hacks involving flags and running pulumi up twice.. Feels so dirty
    Looks like I can patch it using the
    az
    CLI: az webapp config ssl bind --certificate-thumbprint $thumbprint --ssl-type SNI --name $webapp --resource-group $resourceGroup
    m

    microscopic-furniture-52860

    3 weeks ago
    Can confirm it’s possible to work around the circular dep by using a
    Pulumi.Command
    immediately after creation of the cert. Note that it also needs a
    delete
    command, else a destroy can’t tear down the cert.
    var command = new Command("apply-cert-binding", new CommandArgs
        {
            Create = "az webapp config ssl bind --certificate-thumbprint $THUMBPRINT --ssl-type SNI --name $APP_NAME --resource-group $RESOURCE_GROUP_NAME",
            
            Delete = "az webapp config ssl unbind --certificate-thumbprint $THUMBPRINT --name $APP_NAME --resource-group $RESOURCE_GROUP_NAME",
    
            Environment =
            {
                { "THUMBPRINT", cert.Thumbprint },
                { "APP_NAME", app.Name },
                { "RESOURCE_GROUP_NAME", resourceGroup.Name }
            }
        }, new CustomResourceOptions
        {
            DependsOn = cert
        });
    c

    chilly-analyst-14900

    3 weeks ago
    😮 nice!
    cc @microscopic-furniture-52860. Seems to work 🙂
    thx!