This message was deleted Pulumi Community #azure

Join Slack

This message was deleted.

# azure

sparse-intern-71089

12/07/2022, 9:33 PM

This message was deleted.

cold-motherboard-88215

12/07/2022, 9:38 PM

I tries allot with depends on … but without success

cold-motherboard-88215

12/07/2022, 9:40 PM

Here’s the code

Copy code

import * as storage from "@pulumi/azure-native/storage";
import * as pulumi from "@pulumi/pulumi";
import * as cdn from "@pulumi/azure-native/cdn";
import * as network from "@pulumi/azure-native/network";
import * as resources from "@pulumi/azure-native/resources";
import {cdnProfile} from './food-cdn';
import {dnsZone} from './food-dns-zone';
import { resourceGroup, managedIdentity } from './food-resource-group'

const domain = 'food';
const stack = pulumi.getStack();
const subscriptionId = 'XXX';
const resourceName = 'frontend';

const getId = (id: string) => {
    const dict: { [key: string]: object } = {};
    dict[id] = {};
    return dict;
}

export const storageAccount = new storage.StorageAccount(`${stack}-sa-${resourceName}-${domain}`, {
    enableHttpsTrafficOnly: true,
    accountName: `${stack}${resourceName}${domain}`,
    resourceGroupName: resourceGroup.name,
    identity: {
        type: resources.ManagedServiceIdentityType.UserAssigned,
        userAssignedIdentities: managedIdentity.id.apply(id => getId(id))
    },
    kind: storage.Kind.StorageV2,
    sku: {
        name: storage.SkuName.Standard_LRS
    },
    tags: {
        environment: stack,
        domain
    }
}, {
    dependsOn: [resourceGroup, managedIdentity]
});

// enable static website support
export const staticWebsite = new storage.StorageAccountStaticWebsite(`${resourceName}${domain}${stack}`, {
    accountName: storageAccount.name,
    resourceGroupName: resourceGroup.name,
    indexDocument: "index.html",
    error404Document: "index.html",
}, {
    dependsOn: [storageAccount]
});

export const staticEndpoint = storageAccount.primaryEndpoints.web;

export const endpointOrigin = storageAccount.primaryEndpoints.apply(ep => ep.web.replace("https://", "").replace("/", ""));

export const endpoint = new cdn.Endpoint(`${stack}-cdn-${resourceName}-${domain}`, {
    endpointName: storageAccount.name.apply(sa => `${stack}-cdn-frontend-${domain}`),
    isHttpAllowed: false,
    isHttpsAllowed: true,
    originHostHeader: endpointOrigin,
    origins: [{
        hostName: endpointOrigin,
        httpsPort: 443,
        name: storageAccount.name,
    }],
    profileName: cdnProfile.name,
    queryStringCachingBehavior: cdn.QueryStringCachingBehavior.NotSet,
    resourceGroupName: resourceGroup.name,
    tags: {
        environment: stack,
        domain
    }
}, {
    dependsOn: [staticWebsite, cdnProfile]
});


const cNameRecord = new network.RecordSet(`${stack}-cname-${resourceName}-${domain}`, {
    cnameRecord: {
        cname: endpoint.hostName,
    },
    recordType: "CNAME",
    relativeRecordSetName: `${resourceName}-${domain}`, // frontend-test
    resourceGroupName: resourceGroup.name,
    ttl: 3600,
    zoneName: dnsZone.name,
}, {
    dependsOn: [dnsZone]
});

const customDomainFriendlyName = `${resourceName}-${domain}-${stack}-XXX-com`; 

// create custom domain
const customDomain = new cdn.CustomDomain(`${stack}-custom-domain-${domain}`, {
    customDomainName: customDomainFriendlyName,
    endpointName: endpoint.name,
    hostName: `${resourceName}-${domain}.${stack}.<http://XXX.com|XXX.com>`, 
    profileName: cdnProfile.name,
    resourceGroupName: resourceGroup.name,
}, {
    dependsOn: [],
});


// enable ssl certificate not working
export const azureCliScript = new resources.AzureCliScript(`${stack}-cli-enable-ssl-${resourceName}-${domain}`, {
    resourceGroupName: resourceGroup.name,
    identity: {
        type: resources.ManagedServiceIdentityType.UserAssigned,
        userAssignedIdentities: managedIdentity.id.apply(id => getId(id))
    },
    azCliVersion: "2.42.0",
    kind: "AzureCLI",
    retentionInterval: "P1D",
    scriptContent: pulumi.interpolate `az cdn custom-domain enable-https --resource-group="${resourceGroup.name}" --profile-name="${cdnProfile.name}" --endpoint-name="${endpoint.name}" --name="${customDomainFriendlyName}"`,
    tags: {
        environment: stack,
        domain
    }
}, {
    dependsOn: [storageAccount, customDomain]
});

icy-doctor-13719

12/07/2022, 10:04 PM

i do AFD + CDN … basically for endpoint I want to expose, I create on the AFD Profile (in order): • Endpoint • Origin Group • Origin • Custom Domain • CNAME • TXT • Route

icy-doctor-13719

12/07/2022, 10:05 PM

sounds like there is some sort of dependency on one of your DNS records?

cold-motherboard-88215

12/08/2022, 3:35 AM

Hi Patrick, thank you for replying! Could you please show me your example ? I got the feeling your using a different version of AFD ?

icy-doctor-13719

12/08/2022, 3:50 AM

I’m using azure front door CDN profile object… it’s a LOT of code

cold-motherboard-88215

12/08/2022, 3:59 AM

Ok I’m not using front door object I think I’m using the classic version I will try that out than .. although it’s much more expensive and a bit overkill when I only want to expose a static website with CDN capabilities

icy-doctor-13719

12/08/2022, 5:41 AM

I specifically use

AzureNative.Cdn.Profile

with the SKU

Standard_AzureFrontDoor

icy-doctor-13719

12/08/2022, 5:42 AM

The new Static Web Apps’s CDN uses this under the hood

cold-motherboard-88215

12/08/2022, 11:27 AM

Can you show me the peace of code you use to perform the validation of the custom domain with the CNAME, TXT and Route ?

cold-motherboard-88215

12/08/2022, 11:29 AM

Because I have no idea where to get the generated TXT value from …

cold-motherboard-88215

12/08/2022, 11:47 AM

Fuck I was using to CustomDomain and not the AFDCustomDomain … which has a output property “validationProperties” containing the “validationToken” …. 🙂

👍 1

icy-doctor-13719

12/08/2022, 4:57 PM

Copy code

AzureNative.Cdn.AFDEndpoint
AzureNative.Cdn.AFDOriginGroup
AzureNative.Cdn.AFDOrigin
AzureNative.Cdn.AFDCustomDomain
AzureNative.Cdn.Route
AzureNative.Network.RecordSet
AzureNative.Cdn.AFDCustomDomain (domain) -> domain.ValidationProperties.Apply(v=>v.ValidationToken)

icy-doctor-13719

12/08/2022, 4:57 PM

assign that last one to the TXT recordset

cold-motherboard-88215

12/08/2022, 4:59 PM

Thanks I already fixed it ! Really loving this pulumi 😄

icy-doctor-13719

12/08/2022, 5:00 PM

i came from Terraform and I’d never go back lol

cold-motherboard-88215

12/08/2022, 5:00 PM

I fully understand hehe

cold-motherboard-88215

12/09/2022, 9:32 AM

Hey Patrick, quick question … how would you sole this problem if I have multiple CustomDomains … which I need to verify for SSL ?

cold-motherboard-88215

12/09/2022, 9:32 AM

with the same route .., because both domains need to be verified with each there own TXT record …

icy-doctor-13719

12/09/2022, 3:04 PM

you can do multiple domains on the same route … you would create the `AFDCustomDomain`s, add the CNAME + TXT records, and then add them to the

CustomDomains

array when you create

AzureNative.Cdn.Route

18 Views

Open in Slack

Previous Next