https://pulumi.com logo
Join Slack
Powered by
Hi, i'm trying to setup App Services with Managed ...
# azure
m
Hi, i'm trying to setup App Services with Managed Identity and Create a AAD Group with all the Apps as Members. The Problem is that it fails directly whi the preview when nothing exists.
Copy code
Diagnostics:
  azuread:index:GroupMember (app3Member):
    error: azuread:index/groupMember:GroupMember resource 'app3Member' has a problem: Missing required property 'memberObjectId'
On the other hand, it works when I comment out the GroupMember generation, run 
pulumi up
and deploy the appServices first, the comment the group member generation in and run 
pulumi up
again. So with two round trips in works. I also checked doing forcing an Output<string> with
Copy code
memberObjectId: pulimi.output(app1Service).apply(app=>app.identity.principalId)
This does not help, also playing around with setting dependsOn does also not helps. Any Ideas? Running the Script twice (first without the GroupMember generation) seems not a good option. Here is the complete sample (extract of a longer script)
Copy code
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuread from "@pulumi/azuread";
import { Kinds } from "@pulumi/azure/appservice";
import { Locations } from "@pulumi/azure";

const appName = 'testapp';

const env = 'dev-';

const rgName = `rg-${env}${appName}`;
const planName = `${env}${appName}`;
const serviceName = `${env}${appName}`;

const resourceGroup = new azure.core.ResourceGroup(rgName, {
    location: Locations.WestEurope
});

const resourceGroupArgs = {
    resourceGroupName: resourceGroup.name,
    location: resourceGroup.location
};

const servicePlan = new azure.appservice.Plan(planName, {
    ...resourceGroupArgs,
    kind: <http://Kinds.App|Kinds.App>,
    sku: {
        capacity: 1,
        size: 'B1',
        tier: 'Basic'
    }
})

const app1Service = new azure.appservice.AppService('app1' + serviceName, {
    ...resourceGroupArgs,
    appServicePlanId: servicePlan.id,
    appSettings: {
        "ASPNETCORE_ENVIRONMENT": env.startsWith('dev') ? 'development' : 'production'
    },
    identity: {
        type: 'SystemAssigned'
    }
})

const app2Service = new azure.appservice.AppService('app2-' + serviceName, {
    ...resourceGroupArgs,
    appServicePlanId: servicePlan.id,
    appSettings: {
        "ASPNETCORE_ENVIRONMENT": env.startsWith('dev') ? 'development' : 'production'
    },
    identity: {
        type: 'SystemAssigned'
    }
})

const app3Service = new azure.appservice.AppService('app3-' + serviceName, {
    ...resourceGroupArgs,
    appServicePlanId: servicePlan.id,
    appSettings: {
        "ASPNETCORE_ENVIRONMENT": env.startsWith('dev') ? 'development' : 'production'
    },
    identity: {
        type: 'SystemAssigned'
    }
})

const appGroupName = `${appName}-App`;

const appGroup = new azuread.Group(appGroupName, {
});

new azuread.GroupMember('app1Member', {
    groupObjectId: appGroup.id,
    memberObjectId: app1Service.identity.principalId
}, { dependsOn: [appGroup, app1Service] })

new azuread.GroupMember('app2Member', {
    groupObjectId: appGroup.id,
    memberObjectId: app2Service.identity.principalId
}, { dependsOn: [appGroup, app2Service] })

new azuread.GroupMember('app3Member', {
    groupObjectId: appGroup.id,
    memberObjectId: app3Service.identity.principalId
}, { dependsOn: [appGroup, app3Service] })
t
m
@tall-librarian-49374 yes, that helped. What a shame ;)
I needed this more than once, so i came up with a helper.
Copy code
function principalId(appService: AppService): Output<string> {
    // Work around a preview issue <https://github.com/pulumi/pulumi-azure/issues/192>
    return appService.identity.principalId.apply(id => id || '11111111-1111-1111-1111-111111111111');
}
3 Views
Open in Slack
PreviousNext
Powered by