https://pulumi.com logo
Powered by
Title
h

handsome-state-59775

04/05/2021, 2:27 PM
with azure-native (python), how can i add a dns zone in a resource group that is to be a child zone of a pre-existing, unmanaged zone from another pre-existing, unmanaged resource group?
โœ… 1
Any insights, please?
โœ… 1
b

better-shampoo-48884

04/06/2021, 6:15 AM
I too am interested in hearing if there's going to be a response to this, I'm wanting to do the same thing ๐Ÿ˜‰ But as it stands, the ARM representation of dns zones is ridiculous already, so best bet imho is to wait until Mikhail manages to push through his proposed changes to naming and then see if we can't get something like this exposed.
t

tall-librarian-49374

04/06/2021, 6:32 AM
The name change will only propagate the versioned resource to the top-level module, no functional changes beyond that.
To the OP - how do you do that with an ARM template?
h

handsome-state-59775

04/06/2021, 6:41 AM
{
  "$schema": "<http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#>",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "dnsZonesName": {
      "type": "string"
    }
  },
  "resources": [
    {
      "apiVersion": "2016-04-01",
      "type": "Microsoft.Network/dnsZones",
      "name": "[parameters('dnsZonesName')]",
      "location": "global",
      "dependsOn": [],
      "tags": {},
      "properties": {}
    },
    {
      "apiVersion": "2018-05-01",
      "name": "NameServerDelegation-****",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "<parent-DNS-zone-resource-group>",
      "subscriptionId": "****",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "<https://dns.hosting.portal.azure.net/dns/Content/4.12.0.1628/Dns/Templates/NSDelegationLinkedTemplate.json>",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "nsServers": {
            "value": "[reference(parameters('dnsZonesName')).nameServers]"
          },
          "parentDnsZoneName": {
            "value": "azure.****.com"
          },
          "dnsZoneName": {
            "value": "[parameters('dnsZonesName')]"
          }
        }
      },
      "dependsOn": [
        "[parameters('dnsZonesName')]"
      ]
    }
  ]
}
@tall-librarian-49374 this is the template automation download offered to me via azure portal for child zone creation
t

tall-librarian-49374

04/06/2021, 6:48 AM
So it looks like you need a 
network.v20180501.RecordSet
?
b

better-shampoo-48884

04/06/2021, 7:03 AM
throwing that into arm2pulumi gives a 
azure_native.network.v20160401.Zone
and a 
azure_native.resources.v20180501.Deployment
for typescript (`azure_native.resources.v20180501.DeploymentAtSubscriptionScope`and `azure_native.resources.v20180501.DeploymentPropertiesArgs`for python)
t

tall-librarian-49374

04/06/2021, 7:16 AM
arm2pulumi doesnโ€™t parse linked templates yet
h

handsome-state-59775

04/06/2021, 8:55 AM
the ARM template uses 
azure_native.network.v20160401.RecordSet
which doesn't have a 
name_servers
property (at least via pulumi python), but one that is referenced anyway via arm2pulumi. 
v20180501
doesn't either. not sure if i'm missing something - just copy pasted arm2pulumi's python output directly.
another thing i don't understand is that in the ARM template I pasted above, 
dnsZoneNames
has type 
string
, but then is later expected to have 
[reference(parameters('dnsZonesName')).nameServers]
. again, could be a failure in my understanding, seeing as it works via azure portal web UI
t

tall-librarian-49374

04/06/2021, 9:05 AM
nameServers is a property of the Zone resource
Your top-level template defines a Zone resource and passes its name servers to the linked template that defines a RecordSet resource
๐Ÿ‘ 1
h

handsome-state-59775

04/06/2021, 10:13 AM
i've almost gotten it to work (i think). but am running into this error: 
azure-native:resources:DeploymentAtSubscriptionScope (nameServerDelegation):
    error: Code="DeploymentFailed" Message="At least one resource deployment operation failed. Please list deployment operations for details. Please see <https://aka.ms/DeployOperations> for usage details." Details=[{"code":"NotFound","message":"{\r\n  \"error\": {\r\n    \"code\": \"ParentResourceNotFound\",\r\n    \"message\": \"Can not perform requested operation on nested resource. Parent resource 'azure.****.com' not found.\"\r\n  }\r\n}"}]
looking at the ARM template vs the arm2pulumi's output, the reference to the parent resource group seems to be missing in the translation. 
DeploymentAtSubscriptionScope
doesn't have a top-level param for resource group either in the pulumi API. any insights?
t

tall-librarian-49374

04/06/2021, 10:17 AM
Why are you using DeploymentAtSubscriptionScope and not the native resource RecordSet?
h

handsome-state-59775

04/06/2021, 10:42 AM
i'm using 
Zone
instead of 
RecordSet
for the first resource (for the second resource, the choice has been between 
Deployment
and 
DeploymentAtSubscriptionScope
) because: 1. RecordSet doesn't have 
name_servers
, but Zone does (see my second last message above) 2. arm2pulumi suggested it in the 3rd or 4th run! i wouldn't even have known about Zone otherwise. i swear arm2pulumi's output changes, because across runs I've only made changes to the source ARM template's values across these runs
here's what has finally worked _phew_: 
# Set up DNS zone
DNS_ZONE_NAME = f'{STACK_SAFE}.{PROJECT_SAFE}.{PARENT_DNS_ZONE_NAME}'
dns_zone = az.network.Zone(
    resource_name='dnsZone',
    resource_group_name=resource_group.name,
    zone_name=DNS_ZONE_NAME,
    zone_type=az.network.ZoneType.PUBLIC,
    location='global',
    opts=p.ResourceOptions(
        delete_before_replace=True,
        depends_on=[
            resource_group,
        ],
        parent=resource_group,
    ),
    tags=TAGS,
)
name_server_delegation = az.resources.Deployment(
    resource_name='nameServerDelegation',
    resource_group_name=PARENT_DNS_ZONE_RESOURCE_GROUP,
    properties=az.resources.DeploymentPropertiesArgs(
        mode=az.resources.DeploymentMode.INCREMENTAL,
        parameters={
            'dnsZoneName': {
                'value': DNS_ZONE_NAME,
            },
            'nsServers': {
                'value': dns_zone.name_servers,
            },
            'parentDnsZoneName': {
                'value': PARENT_DNS_ZONE_NAME,
            },
        },
        template_link=az.resources.TemplateLinkArgs(
            content_version='1.0.0.0',
            uri='<https://dns.hosting.portal.azure.net/dns/Content/4.12.0>'
                '.1628/Dns/Templates/NSDelegationLinkedTemplate.json',
        ),
    ),
    opts=p.ResourceOptions(
        depends_on=[
            dns_zone,
        ],
        parent=dns_zone,
    ),
    tags=TAGS,
)
t

tall-librarian-49374

04/06/2021, 10:44 AM
I suggest you using Zone and RecordSet
Zone to replace the first template - RecordSet for the second one
๐Ÿ‘ 1
3 Views
#azureJoin Slack
Powered by