https://pulumi.com logo
Join Slack
Powered by
Hi Guys, Love Pulumi trying to setup an environmen...
# azure
c
Hi Guys, Love Pulumi trying to setup an environment but I don’t know how to add a directory (or multiple) to an BlobContainer of a StorageAccount where SFTP is enabled. I know this is possible from the Azure Portal … but I don’t know how to do this with pulumi …
Just for the people who are interested why in hell I would like to have this: I’m setting up an SFTP environment for multiple tenants and everytime a new tenant is created it needs to automaticaly setup a certain directory structure, so each container is a tenant
Just as extra information, I’ve enabled the Azure Data Lage Storage Gen2 hierarchical feature on the StorageAccount, this enabled the feature to be able to create directories. Azure Data Lake Storage Gen2 Hierarchical Namespace | Microsoft Learn
m
Hi Nick, Thanks for the love! 🫶 I think it is not possible currently in Pulumi and neither in ARM. What people are using is a 
Deployment Script
or AzureCLiScript with our azure-native provider to execute cli calls. In your case 
az storage fs
-> https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-directory-file-acl-cli
c
Hi Engin, this was exactly what I was looking at 🙂
Thanks for confirming!
m
Me too, as I have to call 
az acr task run
😄 and I did it before with Pulumi Command
c
Can you provide me an working example of
Copy code
AzureCliScript
Because when I try to create AzureCliScript it’s complaining that it needs to “kind” parameter in typescript … but in the documentation it does not exist …
m
Ok
on moment
My one, in Golang, looks like this:
Copy code
azureCliScript, err := resources.NewAzureCliScript(ctx, "create-registry-credentials", &resources.AzureCliScriptArgs{
			Location:          resourceGroup.Location,
			ResourceGroupName: resourceGroup.Name,
			Identity: resources.ManagedServiceIdentityArgs{
				Type:                   pulumi.String(resources.ManagedServiceIdentityTypeUserAssigned),
				UserAssignedIdentities: scriptUserIdentityMapOutput,
			},
			RetentionInterval: pulumi.String("P1D"),
			AzCliVersion:      pulumi.String("2.41.0"),
			Kind:              pulumi.String("AzureCLI"),
			ScriptContent: pulumi.Sprintf(`az acr task create \
    --registry %s \
    --name goapp \
    --image go-app:latest \
    --context <https://github.com/dirien/infrastructure-as-code-workshop.git#main:pulumi-azure-container-apps/app> \
    --file Dockerfile --commit-trigger-enabled false && \
	az acr task run --registry %s --name goapp --only-show-errors`, registry.Name, registry.Name),
		})
		if err != nil {
			return err
		}
Two things: Kind = AzureCLI
And I use a managed-idenity
c
ok thx I think ill manage with this, much appreciated
m
to not do az login
The managed identity has Role contributor on scope Resourcegroup
I am sure you can nerf it down
c
I hope so 🙂
Sorry to bug you again … but I get the following “Cannot call ‘.get’ during update or preview”
is there some sort of way i can add an if(preview !== true) { then perform this}
m
you may need to share a GitHub gist with the code
I never saw this message, but maybe it's down to nodejs way of getting valus
values*
c
Copy code
const azureCliEnableSftp = new resources.AzureCliScript("enable-sftp-storage-account", {
    location: foodResourceGroup.location,
    resourceGroupName: foodResourceGroup.name,
    azCliVersion: "2020-10-01",
    kind: "AzureCLI",
    retentionInterval: "P1D",
    scriptContent: `az storage account update --resource-group="${foodResourceGroup.name.get()}" --name="${foodSftpStorageAccount.name.get()}" --enable-sftp=true`
});
m
CLi versio must be like this 2.41.0
c
in the scriptContent: i’m calling resourceGroup.name.get()
hmm looks like it works fine if I remove the .get()
m
and script conntent should be pulumi.interpolate
to resolve the values
c
Ofcourse that makes sense
m
like
Copy code
pulumi.interpolate`az storage account update --resource-group="${foodResourceGroup.name}" --name="${foodSftpStorageAccount.name}" --enable-sftp=true`
but without quotes
c
you are my hero 😉
m
let's hope it works 🙂
FYI: if you need to pass secrets, use the environment variables
c
You one of the devs ? Really like pulumi much easier to understand than terraform 🙂
m
I am in the Customer Engineering team and not in the core engineering team but I will let them know for sure your feedback!
c
Now i’m getting Message=“The provided script failed with the following error\r\nERROR Please run ‘az login’ to setup account.
Probably something to do with the missing identity
m
yessss
I would prefer this
c
Copy code
identity: new resources.ManagedServiceIdentityArgs({
    
}),
For some reason this does not work … I feel so stupid at the moment 😞
m
Copy code
NewUserAssignedIdentity
on the package managedidentiy
c
Ok, ok, I already have an app registration used for pulumi should I use the same here ?
this is creating a new one
m
Depends on you
c
Copy code
identity: new UserAssignedIdentity("pulumi-iac-test", {
    resourceGroupName: foodResourceGroup.name,
    resourceName: "pulumi-iac-test"
}),
Doing this creates a new one I guess and I get azure-nativeresourcesAzureCliScript resource ‘enable-sftp-storage-account’ has a problem: ‘identity’ should be of type ‘object’ but got a string
m
And then give it the role
Copy code
Identity: resources.ManagedServiceIdentityArgs{
   Type:                   pulumi.String(resources.ManagedServiceIdentityTypeUserAssigned),
   UserAssignedIdentities: scriptUserIdentityMapOutput,
},
And i created a mapout put this way:
Copy code
scriptUserIdentityMapOutput := script.ID().ToIDOutput().ToStringOutput().ApplyT(func(v string) map[string]interface{} {
			m := make(map[string]interface{})
			m[v] = pulumi.ToStringMap(map[string]string{})
			return m
		}).(pulumi.MapOutput)
Not sure how to translate the last part into typescript
but in go, it needed to be a Map where the key is the id of the identity and the value is empty
c
Is there someone in your team who can help me with this in typescript ? I’m not a GO dude and it’s quite hard for me to read
m
Have to see if someone else in the community slack joins this thread. This is fully community driven
c
Yeah I understand I really appreciate your help!
5 Views
Open in Slack
PreviousNext
Powered by