https://pulumi.com logo
#python
Title
# python
f

few-pillow-1133

04/14/2021, 6:23 PM
Any idea how to use azure native to create azure data factory with encryption enabled, as well as user manged identity
Copy code
adf_uai = azure_native.managedidentity.UserAssignedIdentity(
        adf_config['encryption']['user_assigned_identity']['name'],
        resource_name_=adf_config['encryption']['user_assigned_identity']['name'],
        location=config_data['location'],
        resource_group_name=config_mmazzargxx['name'],
        tags=adf_config['tags']
    )

data_factory = azure_native.datafactory.Factory(
    adf_config['factory']['name'],
    factory_name=adf_config['factory']['name'],
    encryption=azure_native.datafactory.EncryptionConfigurationArgs(
        key_name=adf_k.name,
        key_version=pulumi.Output.all(adf_k.key_uri_with_version) \
            .apply(lambda args: urlparse(args[0]).path.rpartition('/')[2]),
        vault_base_url=pulumi.Output.all(adf_k.key_uri_with_version).apply(lambda args: f'{urlparse(args[0]).scheme}://{urlparse(args[0]).netloc}'),
        identity=azure_native.datafactory.CMKIdentityDefinitionArgs(
            user_assigned_identity=adf_uai.id
        )
    ),
    public_network_access=adf_config['networking']['public_network_access'],
    global_parameters=adf_config['factory']['global_parameters'],
    identity=azure_native.datafactory.FactoryIdentityArgs(
        type=adf_config['encryption']['user_assigned_identity']['type'],
        user_assigned_identities={
            adf_config['encryption']['user_assigned_identity']['name']: adf_uai.id
        }
    ),
    ....
)
Getting below error....the issue is how do one apply output of keyvault as well as using assigned identity
error: autorest/azure: Service returned an error. Status=400 Code="LinkedInvalidPropertyId" Message="Property id 'mmazzadwsnduai-dls' at path '' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'."
w

witty-candle-66007

04/14/2021, 6:56 PM
The error is coming from Azure - the Status=400 indicates it’s coming back from Azure. And it looks to me that you are passing a property that contains the string
mmazzadwsnduai-dls
but Azure expects that property to contain a full ARN type of string like
/subscriptsion/…
or
/providers/….
I don’t see the “mmazz..” string in the code so I’m assuming it’s coming from a reference. So I think you just need to make sure you are passing the full string and not just the name.
f

few-pillow-1133

04/15/2021, 1:10 AM
Thanks @witty-candle-66007 value
mmazzadwsnduai-dls
is from adf_config['encryption']['user_assigned_identity']['name'] user_assigned_identities suppose to take in Map(Str, Any).....so what would you advise as the correct way to populate
user_assigned_identities
using
adf_uai
couldn't find a usable reference....
type inference also seems not to be working correctly...this affects dependency hierarchy resolution. If we hard-code the resource group name without referencing it, then the factory might be created before the resource group name
Copy code
File "/usr/lib/python3.8/runpy.py", line 282, in run_path
        return _run_code(code, mod_globals, init_globals,
      File "/usr/lib/python3.8/runpy.py", line 87, in _run_code
        exec(code, run_globals)
      File "./__main__.py", line 4, in <module>
        resources = infra.create_resources()
      File "./__infra__.py", line 281, in create_resources
        data_factory = create_data_factory(mmazzargxx, adf_kv, adf_k, adf_uai, adf_config, config_mmazzargxx)
      File "./__infra__.py", line 253, in create_data_factory
        resource_group_name=mmazzargxx.name,
    AttributeError: 'tuple' object has no attribute 'name'
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
ok...sorted out the dependency hierarchy resolution....now back to using
user_assigned_identities
when creating data factory....would appreciate further guidance
Thinking of using
Copy code
user_assigned_identities={
   adf_uai.id: {}
}

it however fails with

TypeError: <pulumi.output.Output object at 0x7f7e6f2b2ee0> has type Output, but expected one of: bytes, unicode
    error: an unhandled error occurred: Program exited with non-zero exit code: 1
So, how do one get id for user_assigned_identity given that Pulumi returns Output type
w

witty-candle-66007

04/15/2021, 1:35 PM
I’m not sure I’m following all the details, but you may have to put the code inside an
.apply()
block to use the base type. https://www.pulumi.com/docs/intro/concepts/inputs-outputs/#inputs-and-outputs
👍 1