search

pulumi / pulumi-azure-native

Azure Native Provider
Apache License 2.0
125 stars 33 forks source link

C# Azure-Native KeyVault example doesn't work #1180

Open xtellurian opened 3 years ago

xtellurian commented 3 years ago

I'm trying to create a Key Vault using the Azure-Native Provider in C#

I used the KeyVault example as a guide.

There is a problem caused by the UnionType of string and CertificatePermission (and also for Keys and Secrets).

image

code from screenshot above

var kv = new Vault("vault", new VaultArgs
{
    ResourceGroupName = rg.Name,
    Tags = tags,
    Properties = new VaultPropertiesArgs
    {
        TenantId = tenantId,
        AccessPolicies = {
            new AccessPolicyEntryArgs{
                ObjectId = deployer.ObjectId,
                ApplicationId = deployer.ClientId,
                TenantId = tenantId,
                Permissions = new PermissionsArgs
                {
                    Certificates =
                    {
                        "get",
                    },

                }
            }
        },
        Sku = new Pulumi.AzureNative.KeyVault.Inputs.SkuArgs
        {
            Family = "A",
            Name = SkuName.Standard,
        },
    },
});

Expected: There is some way to set the Permissions object Actual: There is no way to set permissions, and the create fails.

xtellurian commented 3 years ago

This seems like a workaround:

var kv = new Vault("vault", new VaultArgs
{
    ResourceGroupName = rg.Name,
    Tags = tags,
    Properties = new VaultPropertiesArgs
    {
        TenantId = tenantId,
        AccessPolicies = {
            new AccessPolicyEntryArgs{
                ObjectId = deployer.ObjectId,
                ApplicationId = deployer.ClientId,
                TenantId = tenantId,
                Permissions = new PermissionsArgs
                {
                    Certificates =
                    {
                        Pulumi.Union<string, CertificatePermissions>.FromT1(CertificatePermissions.All)
                    },
                    Secrets =
                    {
                        Pulumi.Union<string, SecretPermissions>.FromT1(SecretPermissions.All)
                    },
                    Keys =
                    {
                        Pulumi.Union<string, KeyPermissions>.FromT1(KeyPermissions.All)
                    }
                }
            }
        },
        Sku = new Pulumi.AzureNative.KeyVault.Inputs.SkuArgs
        {
            Family = "A",
            Name = SkuName.Standard,
        },
    },
});
mikhailshilkov commented 3 years ago

Related to https://github.com/pulumi/pulumi-dotnet/issues/43

I'll leave this open to track the bug in our generated example.

thomas11 commented 5 months ago

Now tracked by https://github.com/pulumi/pulumi/issues/16084 upstream.