https://pulumi.com logo
Title
i

important-carpet-93412

10/05/2020, 9:26 PM
Hi guys, I have an error with Azure Next gen and Azure Firewall. I receive the follow error but I don't have any idea. Everything it looks good to me, I have created a public static standard IP and I still receive this error: Code="AzureFirewallPublicIPNotProvided" Message="AzureFirewall azurefirewall references subnet /subscriptions/xxxxxxxxxxxxxxxxxxxxxxxxxxxx/resourceGroups/test-rg/providers/Microsoft.Network/virtualNetworks/vnethub936acd5b/subnets/AzureFirewallSubnet, but does not provide a PublicIP Address." Details=[] Any hint? This is part of the code: pip = azure_nextgen.network.latest.PublicIPAddress(         "fwpip",          public_ip_address_name="fwpip",          resource_group_name=rg_name,         public_ip_allocation_method="Static",         location=location,         sku = {             "name": "Standard"             }         )     azure_firewall = azure_nextgen.network.latest.AzureFirewall("azureFirewall",         application_rule_collections=[{             "name": "apprulecoll",         }],         azure_firewall_name="azurefirewall",         ip_configurations=[{             "name": "azureFirewallIpConfiguration",             "subnet": vnet.subnets[1],             "public_ip_address": pip,         }],         location=location,         nat_rule_collections=[{             "name": "natrulecoll",         }],         network_rule_collections=[{             "name": "netrulecoll",         }],         resource_group_name=rg_name,         sku={             "name": "AZFW_VNet",             "tier": "Standard",         },         tags={             "key1": "value1",         },         threat_intel_mode="Alert",         zones=[])
s

sparse-park-68967

10/06/2020, 5:36 AM
My understanding is that the public_ip_address is actually expecting a subresource reference, i.e. the resource id of the pip: https://github.com/pulumi/pulumi-azure-nextgen/blob/master/sdk/python/pulumi_azure_nextgen/network/latest/_inputs.py#L15917.
t

tall-librarian-49374

10/06/2020, 5:43 AM
Yes, something like
"public_ip_address": {
   "id": pip.id,
},
i

important-carpet-93412

10/06/2020, 7:47 AM
Same error :-(
This is the definition of VNET vnet = azure.network.VirtualNetwork(vnet_name,         location=location,         resource_group_name=rg_name,         address_spaces=[vnet_addr],         subnets=[             azure.network.VirtualNetworkSubnetArgs(                 name=vnet_gw_subnet,                 address_prefix=vnet_gw_subnet_addr,             ),             azure.network.VirtualNetworkSubnetArgs(                 name=vnet_fw_subnet,                 address_prefix=vnet_fw_subnet_addr,             ),             azure.network.VirtualNetworkSubnetArgs(                 name=vnet_core_subnet,                 address_prefix=vnet_core_subnet_addr,                 #security_group=nsg.id,             ),         ],         tags={             "environment": env,         })
t

tall-librarian-49374

10/06/2020, 7:54 AM
Hmm, it looks like it should be named
publicIPAddress
although I don’t know why, see https://github.com/pulumi/examples/pull/806/files#diff-2e88f2a7288ea9a06f8a0e48d2d3c1e8R134
i

important-carpet-93412

10/06/2020, 10:35 AM
I will confirm to you that you are right, this is the right configuration: ip_configurations=[{             "name": "azureFirewallIpConfiguration",             "subnet": {                  "id": vnet.subnets[1].id                 },             "publicIPAddress": {                 "id": pip.id             },         }], Then the documentation is wrong, it needs to fix it because it report wrong property
t

tall-librarian-49374

10/06/2020, 10:37 AM
Discussed in https://github.com/pulumi/pulumi-azure-nextgen/issues/49 I will take a look
👍 1
i

important-carpet-93412

10/06/2020, 10:51 AM
I have raised in github as well