with azure native python how can i add a dns zone in a resou Pulumi Community #azure

with azure-native (python), how can i add a dns zo...

handsome-state-59775

04/05/2021, 2:27 PM

with azure-native (python), how can i add a dns zone in a resource group that is to be a child zone of a pre-existing, unmanaged zone from another pre-existing, unmanaged resource group?

✅ 1

handsome-state-59775

04/06/2021, 3:43 AM

Any insights, please?

✅ 1

better-shampoo-48884

04/06/2021, 6:15 AM

I too am interested in hearing if there's going to be a response to this, I'm wanting to do the same thing 😉 But as it stands, the ARM representation of dns zones is ridiculous already, so best bet imho is to wait until Mikhail manages to push through his proposed changes to naming and then see if we can't get something like this exposed.

tall-librarian-49374

04/06/2021, 6:32 AM

The name change will only propagate the versioned resource to the top-level module, no functional changes beyond that.

tall-librarian-49374

04/06/2021, 6:32 AM

To the OP - how do you do that with an ARM template?

handsome-state-59775

04/06/2021, 6:41 AM

Copy code

{
  "$schema": "<http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#>",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "dnsZonesName": {
      "type": "string"
    }
  },
  "resources": [
    {
      "apiVersion": "2016-04-01",
      "type": "Microsoft.Network/dnsZones",
      "name": "[parameters('dnsZonesName')]",
      "location": "global",
      "dependsOn": [],
      "tags": {},
      "properties": {}
    },
    {
      "apiVersion": "2018-05-01",
      "name": "NameServerDelegation-****",
      "type": "Microsoft.Resources/deployments",
      "resourceGroup": "<parent-DNS-zone-resource-group>",
      "subscriptionId": "****",
      "properties": {
        "mode": "Incremental",
        "templateLink": {
          "uri": "<https://dns.hosting.portal.azure.net/dns/Content/4.12.0.1628/Dns/Templates/NSDelegationLinkedTemplate.json>",
          "contentVersion": "1.0.0.0"
        },
        "parameters": {
          "nsServers": {
            "value": "[reference(parameters('dnsZonesName')).nameServers]"
          },
          "parentDnsZoneName": {
            "value": "azure.****.com"
          },
          "dnsZoneName": {
            "value": "[parameters('dnsZonesName')]"
          }
        }
      },
      "dependsOn": [
        "[parameters('dnsZonesName')]"
      ]
    }
  ]
}

@tall-librarian-49374 this is the template automation download offered to me via azure portal for child zone creation

tall-librarian-49374

04/06/2021, 6:48 AM

So it looks like you need a

network.v20180501.RecordSet

better-shampoo-48884

04/06/2021, 7:03 AM

throwing that into arm2pulumi gives a

azure_native.network.v20160401.Zone

and a

azure_native.resources.v20180501.Deployment

for typescript (`azure_native.resources.v20180501.DeploymentAtSubscriptionScope`and `azure_native.resources.v20180501.DeploymentPropertiesArgs`for python)

tall-librarian-49374

04/06/2021, 7:16 AM

arm2pulumi doesn’t parse linked templates yet

handsome-state-59775

04/06/2021, 8:55 AM

the ARM template uses

azure_native.network.v20160401.RecordSet

which doesn't have a

name_servers

property (at least via pulumi python), but one that is referenced anyway via arm2pulumi.

v20180501

doesn't either. not sure if i'm missing something - just copy pasted arm2pulumi's python output directly.

handsome-state-59775

04/06/2021, 8:58 AM

another thing i don't understand is that in the ARM template I pasted above,

dnsZoneNames

has type

string

, but then is later expected to have

[reference(parameters('dnsZonesName')).nameServers]

. again, could be a failure in my understanding, seeing as it works via azure portal web UI

tall-librarian-49374

04/06/2021, 9:05 AM

nameServers is a property of the Zone resource

tall-librarian-49374

04/06/2021, 9:06 AM

Your top-level template defines a Zone resource and passes its name servers to the linked template that defines a RecordSet resource

👍 1

handsome-state-59775

04/06/2021, 10:13 AM

i've almost gotten it to work (i think). but am running into this error:

Copy code

azure-native:resources:DeploymentAtSubscriptionScope (nameServerDelegation):
    error: Code="DeploymentFailed" Message="At least one resource deployment operation failed. Please list deployment operations for details. Please see <https://aka.ms/DeployOperations> for usage details." Details=[{"code":"NotFound","message":"{\r\n  \"error\": {\r\n    \"code\": \"ParentResourceNotFound\",\r\n    \"message\": \"Can not perform requested operation on nested resource. Parent resource 'azure.****.com' not found.\"\r\n  }\r\n}"}]

looking at the ARM template vs the arm2pulumi's output, the reference to the parent resource group seems to be missing in the translation.

DeploymentAtSubscriptionScope

doesn't have a top-level param for resource group either in the pulumi API. any insights?

tall-librarian-49374

04/06/2021, 10:17 AM

Why are you using DeploymentAtSubscriptionScope and not the native resource RecordSet?

handsome-state-59775

04/06/2021, 10:42 AM

i'm using

Zone

instead of

RecordSet

for the first resource (for the second resource, the choice has been between

Deployment

and

DeploymentAtSubscriptionScope

) because: 1. RecordSet doesn't have

name_servers

, but Zone does (see my second last message above) 2. arm2pulumi suggested it in the 3rd or 4th run! i wouldn't even have known about Zone otherwise. i swear arm2pulumi's output changes, because across runs I've only made changes to the source ARM template's values across these runs

handsome-state-59775

04/06/2021, 10:43 AM

here's what has finally worked _phew_:

Copy code

# Set up DNS zone
DNS_ZONE_NAME = f'{STACK_SAFE}.{PROJECT_SAFE}.{PARENT_DNS_ZONE_NAME}'
dns_zone = az.network.Zone(
    resource_name='dnsZone',
    resource_group_name=resource_group.name,
    zone_name=DNS_ZONE_NAME,
    zone_type=az.network.ZoneType.PUBLIC,
    location='global',
    opts=p.ResourceOptions(
        delete_before_replace=True,
        depends_on=[
            resource_group,
        ],
        parent=resource_group,
    ),
    tags=TAGS,
)
name_server_delegation = az.resources.Deployment(
    resource_name='nameServerDelegation',
    resource_group_name=PARENT_DNS_ZONE_RESOURCE_GROUP,
    properties=az.resources.DeploymentPropertiesArgs(
        mode=az.resources.DeploymentMode.INCREMENTAL,
        parameters={
            'dnsZoneName': {
                'value': DNS_ZONE_NAME,
            },
            'nsServers': {
                'value': dns_zone.name_servers,
            },
            'parentDnsZoneName': {
                'value': PARENT_DNS_ZONE_NAME,
            },
        },
        template_link=az.resources.TemplateLinkArgs(
            content_version='1.0.0.0',
            uri='<https://dns.hosting.portal.azure.net/dns/Content/4.12.0>'
                '.1628/Dns/Templates/NSDelegationLinkedTemplate.json',
        ),
    ),
    opts=p.ResourceOptions(
        depends_on=[
            dns_zone,
        ],
        parent=dns_zone,
    ),
    tags=TAGS,
)

tall-librarian-49374

04/06/2021, 10:44 AM

I suggest you using Zone and RecordSet

tall-librarian-49374

04/06/2021, 10:44 AM

Zone to replace the first template - RecordSet for the second one

👍 1

6 Views

Open in Slack

Previous Next