I have a strange issue which i do not know how to handle:
```package cmd
import (
"fmt"
"s...
b
bored-island-35238
11/28/2024, 11:13 AMI have a strange issue which i do not know how to handle:
Copy code
package cmd
import (
"fmt"
"strings"
"<http://github.com/google/uuid|github.com/google/uuid>"
"<http://github.com/pulumi/pulumi-azure-native-sdk/managedidentity/v2|github.com/pulumi/pulumi-azure-native-sdk/managedidentity/v2>"
"<http://github.com/pulumi/pulumi-azure-native/sdk/go/azure|github.com/pulumi/pulumi-azure-native/sdk/go/azure>"
"<http://github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization|github.com/pulumi/pulumi-azure-native/sdk/go/azure/authorization>"
"<http://github.com/pulumi/pulumi-azure-native/sdk/go/azure/network|github.com/pulumi/pulumi-azure-native/sdk/go/azure/network>"
"<http://github.com/pulumi/pulumi/sdk/v3/go/pulumi|github.com/pulumi/pulumi/sdk/v3/go/pulumi>"
)
const DNSNamespaceUUID = "e4bbfaee-5e45-4fc8-8be2-37c4d317c83e" // Example namespace UUID
func (r *Azure) CreateIdentityAzure(ctx *pulumi.Context) error {
clientConfig, err := authorization.GetClientConfig(ctx, nil)
if err != nil {
return err
}
otherSubscriptionID := r.Subscription
betterProvider, err := azure.NewProvider(ctx, "otherSubscription", &azure.ProviderArgs{
SubscriptionId: pulumi.String(otherSubscriptionID),
})
if err != nil {
return err
}
var identities []*managedidentity.UserAssignedIdentity
if r.Domains.Enable {
<http://ctx.Log.Info|ctx.Log.Info>("Creating identities and zones...", nil)
identityNames := []string{"certmanager-identity"}
identities, err = r.createUserAssignedIdentities(ctx, identityNames)
if err != nil {
return err
}
err = r.createNewZonesAndRoles(ctx, betterProvider, clientConfig, identities)
if err != nil {
return err
}
}
return nil
}
func (r *Azure) createUserAssignedIdentities(ctx *pulumi.Context, identityNames []string) ([]*managedidentity.UserAssignedIdentity, error) {
identities := make([]*managedidentity.UserAssignedIdentity, len(identityNames))
for i, idName := range identityNames {
identity, err := managedidentity.NewUserAssignedIdentity(ctx, idName, &managedidentity.UserAssignedIdentityArgs{
Location: pulumi.String(r.Location),
ResourceGroupName: r.RgResponse.Name,
ResourceName: pulumi.String(fmt.Sprintf("%s-%v", idName, i)),
}, pulumi.DependsOn([]pulumi.Resource{r.AksResponse}))
if err != nil {
return nil, err
}
identities[i] = identity
}
return identities, nil
}
func (r *Azure) createNewZonesAndRoles(ctx *pulumi.Context, provider *azure.Provider, clientConfig *authorization.GetClientConfigResult, identities []*managedidentity.UserAssignedIdentity) error {
for _, domain := range r.Domains.Zones {
zone, err := network.NewZone(ctx, fmt.Sprintf("%s-zone", domain.Name), &network.ZoneArgs{
ResourceGroupName: pulumi.String("Better"),
ZoneName: pulumi.String(domain.Zone),
Location: pulumi.String("global"),
}, pulumi.Provider(provider), pulumi.DependsOn([]pulumi.Resource{r.AksResponse}))
if err != nil {
return err
}
uuidNamespace := uuid.MustParse(DNSNamespaceUUID) // Use a fixed namespace UUID
for _, identity := range identities {
roleDefinitionId := pulumi.String(fmt.Sprintf(
"/subscriptions/%s/providers/Microsoft.Authorization/roleDefinitions/befefa01-2a29-4197-83a8-272ff33ce314",
clientConfig.SubscriptionId,
))
nameUUID := identity.Name.ToStringOutput().ApplyT(func(name string) string {
uuid := uuid.NewSHA1(uuidNamespace, []byte(name)).String()
fmt.Printf("Generated nameUUID for %s: %s\n", name, uuid)
return uuid
}).(pulumi.StringOutput)
pulumi.All(zone.ID(), nameUUID).ApplyT(func(args []interface{}) error {
zoneID := args[0].(pulumi.ID) // zone.ID() returns a pulumi.ID
uuidString := args[1].(string) // nameUUID is already a string
fmt.Printf("Zone ID: %s, Generated nameUUID: %s\n", zoneID, uuidString)
fmt.Println("Test1231231231221")
// Convert pulumi.ID to string
zoneIDStr := string(zoneID)
// Perform the LookupRoleAssignment
_, err := authorization.LookupRoleAssignment(ctx, &authorization.LookupRoleAssignmentArgs{
Scope: zoneIDStr,
RoleAssignmentName: uuidString,
}, pulumi.Provider(provider))
if err != nil {
if strings.Contains(err.Error(), "RoleAssignmentNotFound") {
fmt.Printf("Role assignment not found for scope: %s, name: %s\n", zoneIDStr, uuidString)
// Create the role assignment if it does not exist
_, err = authorization.NewRoleAssignment(ctx, fmt.Sprintf("%s-roleAssignment", identity.Name), &authorization.RoleAssignmentArgs{
PrincipalId: identity.PrincipalId,
PrincipalType: pulumi.String(authorization.PrincipalTypeServicePrincipal),
RoleAssignmentName: pulumi.String(uuidString), // Pass uuidString directly
RoleDefinitionId: roleDefinitionId,
Scope: pulumi.String(zoneIDStr),
}, pulumi.Provider(provider), pulumi.DependsOn([]pulumi.Resource{identity, zone}))
if err != nil {
return fmt.Errorf("failed to create role assignment: %w", err)
}
} else {
return err
}
}
return nil
})
}
}
return nil
}2 Views
Pulumi Community
No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.
Powered by