Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
w
white-match-80969
06/26/2021, 7:26 PMHi All! I can't seem to find a way to create App Service Managed Certificates using the newer Azure-Native API's (specifically in C#). In the older Azure API's there is a ManagedCertificate class, but it does not seem to exist in the new Azure-Native API's. I have found Certificate and WebAppPublicCertificate, but neither of these seem support the same use case. Can anyone provide any guidance on how to create App Service Managed Certificates on Azure-Native?
t
tall-librarian-49374
06/26/2021, 8:08 PMThis post suggests it’s called “certificate” in ARM (and thus Azure-Native): https://dotnetdevlife.wordpress.com/2019/11/12/arm-app-service-managed-certificate/
w
white-match-80969
06/27/2021, 5:13 AMThanks Mikhail, this got me a bit closer, though now I'm struggling with what seems to be a chicken and an egg problem. As pointed out in the first link you provided, it seems like the binding needs to be created prior to the certificate, making it a challenge to assign the bindings Thumbprint. In the article, they recommend using 'nested ARM templates' to get around the issue.
Does anyone know how this might work in Pulumi? How would I update a resource created earlier in the stack?
var hostNameBinding = new WebAppHostNameBinding(
$"{stackName}-webapp-hostname-binding",
new WebAppHostNameBindingArgs
{
HostName = "<http://mysub.mydomain.com|mysub.mydomain.com>",
Name = webApp.Name,
ResourceGroupName = resourceGroup.Name,
// SslState = SslState.SniEnabled,
// Thumbprint = certificate.Thumbprint // <-- This needs to be set but I'm not sure how
});
var certificate = new Certificate(
$"{stackName}-webapp-certificate",
new CertificateArgs
{
CanonicalName = "<http://mysub.mydomain.com|mysub.mydomain.com>",
Kind = "ManagedCertificate",
ResourceGroupName = resourceGroup.Name,
ServerFarmId = appServicePlan.Id
});t
tall-librarian-49374
06/27/2021, 3:41 PMWhy does
WebAppHostNameBindingCertificatew
white-match-80969
06/27/2021, 3:52 PMIt appears to be a dependency in Azure. Creating the
CertificateThe only way I've been able to make this work is by calling pulumi up 2 times. On the first run I return the certificate Thumbprint as an Output, and on the second run I pass the Thumbprint in as a config value. It seems kind of janky, but it works.
t
tall-librarian-49374
06/27/2021, 4:33 PMRight… now I remember that we have an issue tracking this https://github.com/pulumi/pulumi-azure-native/issues/578
w
white-match-80969
06/28/2021, 5:02 AMThanks Mikhail, I really appreciate your help on this, you've been a huge help! Any idea if/when a fix might be coming? The ticket you link is now >7 months old.
t
tall-librarian-49374
06/28/2021, 6:25 AMUnfortunately, I don’t know. A fix is non-trivial: we either need a new feature in the engine allowing to define cyclic references or create a new “link” resource which isn’t really present in the API.
The latter is a bit against our design goals for the native provider but may be more realistic
In any case - please upvote the issue, that gives it more visibility
w
white-match-80969
06/28/2021, 6:45 AMWill do, again thank you greatly for your help!