https://pulumi.com logo
Join Slack
Powered by
Hi All! I can't seem to find a way to create App S...
# azure
w
Hi All! I can't seem to find a way to create App Service Managed Certificates using the newer Azure-Native API's (specifically in C#). In the older Azure API's there is a ManagedCertificate class, but it does not seem to exist in the new Azure-Native API's. I have found Certificate and WebAppPublicCertificate, but neither of these seem support the same use case. Can anyone provide any guidance on how to create App Service Managed Certificates on Azure-Native?
t
This post suggests it’s called “certificate” in ARM (and thus Azure-Native): https://dotnetdevlife.wordpress.com/2019/11/12/arm-app-service-managed-certificate/
w
Thanks Mikhail, this got me a bit closer, though now I'm struggling with what seems to be a chicken and an egg problem. As pointed out in the first link you provided, it seems like the binding needs to be created prior to the certificate, making it a challenge to assign the bindings Thumbprint. In the article, they recommend using 'nested ARM templates' to get around the issue. Does anyone know how this might work in Pulumi? How would I update a resource created earlier in the stack?
Copy code
var hostNameBinding = new WebAppHostNameBinding(
    $"{stackName}-webapp-hostname-binding",
    new WebAppHostNameBindingArgs
    {
        HostName = "<http://mysub.mydomain.com|mysub.mydomain.com>",
        Name = webApp.Name,
        ResourceGroupName = resourceGroup.Name,
        // SslState = SslState.SniEnabled,
        // Thumbprint = certificate.Thumbprint // <-- This needs to be set but I'm not sure how
    });

var certificate = new Certificate(
    $"{stackName}-webapp-certificate",
    new CertificateArgs
    {
        CanonicalName = "<http://mysub.mydomain.com|mysub.mydomain.com>",
        Kind = "ManagedCertificate",
        ResourceGroupName = resourceGroup.Name,
        ServerFarmId = appServicePlan.Id
    });
t
Why does 
WebAppHostNameBinding
have to be before 
Certificate
?
w
It appears to be a dependency in Azure. Creating the 
Certificate
first results in the following error: "Properties.CanonicalName is invalid. Certificate creation requires hostname mysub.mydomain.com added to an App Service in the serverFarm ...."
The only way I've been able to make this work is by calling pulumi up 2 times. On the first run I return the certificate Thumbprint as an Output, and on the second run I pass the Thumbprint in as a config value. It seems kind of janky, but it works.
t
Right… now I remember that we have an issue tracking this https://github.com/pulumi/pulumi-azure-native/issues/578
w
Thanks Mikhail, I really appreciate your help on this, you've been a huge help! Any idea if/when a fix might be coming? The ticket you link is now >7 months old.
t
Unfortunately, I don’t know. A fix is non-trivial: we either need a new feature in the engine allowing to define cyclic references or create a new “link” resource which isn’t really present in the API.
The latter is a bit against our design goals for the native provider but may be more realistic
In any case - please upvote the issue, that gives it more visibility
w
Will do, again thank you greatly for your help!
52 Views
Open in Slack
PreviousNext
Powered by