This message was deleted Pulumi Community #azure

Join Slack

This message was deleted.

# azure

sparse-intern-71089

06/26/2021, 7:26 PM

This message was deleted.

tall-librarian-49374

06/26/2021, 8:08 PM

This post suggests it’s called “certificate” in ARM (and thus Azure-Native): https://dotnetdevlife.wordpress.com/2019/11/12/arm-app-service-managed-certificate/

tall-librarian-49374

06/26/2021, 8:10 PM

The classic provider uses the same: https://github.com/terraform-providers/terraform-provider-azurerm/blob/master/azur[…]ternal/services/web/app_service_managed_certificate_resource.go

white-match-80969

06/27/2021, 5:13 AM

Thanks Mikhail, this got me a bit closer, though now I'm struggling with what seems to be a chicken and an egg problem. As pointed out in the first link you provided, it seems like the binding needs to be created prior to the certificate, making it a challenge to assign the bindings Thumbprint. In the article, they recommend using 'nested ARM templates' to get around the issue. Does anyone know how this might work in Pulumi? How would I update a resource created earlier in the stack?

Copy code

var hostNameBinding = new WebAppHostNameBinding(
    $"{stackName}-webapp-hostname-binding",
    new WebAppHostNameBindingArgs
    {
        HostName = "<http://mysub.mydomain.com|mysub.mydomain.com>",
        Name = webApp.Name,
        ResourceGroupName = resourceGroup.Name,
        // SslState = SslState.SniEnabled,
        // Thumbprint = certificate.Thumbprint // <-- This needs to be set but I'm not sure how
    });

var certificate = new Certificate(
    $"{stackName}-webapp-certificate",
    new CertificateArgs
    {
        CanonicalName = "<http://mysub.mydomain.com|mysub.mydomain.com>",
        Kind = "ManagedCertificate",
        ResourceGroupName = resourceGroup.Name,
        ServerFarmId = appServicePlan.Id
    });

tall-librarian-49374

06/27/2021, 3:41 PM

Why does

WebAppHostNameBinding

have to be before

Certificate

white-match-80969

06/27/2021, 3:52 PM

It appears to be a dependency in Azure. Creating the

Certificate

first results in the following error: "Properties.CanonicalName is invalid. Certificate creation requires hostname mysub.mydomain.com added to an App Service in the serverFarm ...."

white-match-80969

06/27/2021, 3:55 PM

The only way I've been able to make this work is by calling pulumi up 2 times. On the first run I return the certificate Thumbprint as an Output, and on the second run I pass the Thumbprint in as a config value. It seems kind of janky, but it works.

tall-librarian-49374

06/27/2021, 4:33 PM

Right… now I remember that we have an issue tracking this https://github.com/pulumi/pulumi-azure-native/issues/578

white-match-80969

06/28/2021, 5:02 AM

Thanks Mikhail, I really appreciate your help on this, you've been a huge help! Any idea if/when a fix might be coming? The ticket you link is now >7 months old.

tall-librarian-49374

06/28/2021, 6:25 AM

Unfortunately, I don’t know. A fix is non-trivial: we either need a new feature in the engine allowing to define cyclic references or create a new “link” resource which isn’t really present in the API.

tall-librarian-49374

06/28/2021, 6:26 AM

The latter is a bit against our design goals for the native provider but may be more realistic

tall-librarian-49374

06/28/2021, 6:26 AM

In any case - please upvote the issue, that gives it more visibility

white-match-80969

06/28/2021, 6:45 AM

Will do, again thank you greatly for your help!

79 Views

Open in Slack

Previous Next