Open markodjukic opened 2 years ago
As far as I'm aware, enabling the SSL for a custom domain is a limitation of the upstream Azure API. This problem also exists for ARM templates too. Here is a similar question on Stackoverflow about ARM templates.
Until Azure manage to resolve this in their underlying API, I would suggest using either the CLI or REST API to enable custom HTTPS after creating the resource.
Interesting, thanks for the link. Yes, I've worked around it by having a "sweep up" CLI script at the end of the Pulumi run which does all these types of calls which don't work natively.
What I'm failing to understand is what is the limitation stopping the same REST API call being implemented within the Azure native Pulumi?
With a little more digging into the specification, the issue is that the enabling and disabling of the SSL support is not modelled as an enabled
property on the resource, but rather a separate POST
action. Therefore, because Pulumi is modelled around the idea of a desired state for each resource, we only interact with the parts of the API which are GET
, PUT
or DELETE
.
There is a customHttpsProvisioningState
property which is read-only and is therefore returned, but the metadata doesn't give us a way of tying together a way of changing this property via the POST methods. For this behaviour to be made available through Pulumi, we'd either need the customHttpsProvisioningState
property to be writable via the PUT
method, or have additional metadata on how to automatically using the POST requests indirectly to modify this property.
I have ran into this today too. reference: https://github.com/Azure/azure-rest-api-specs/issues/17498
Hello!
Issue details
I've deployed successfully a CDN endpoint with a custom domain using Azure native code. However, I can not find any support for enabling SSL on this custom domain, ideally the CDN managed certs.
Through the Azure portal I can enable it manually after the Pulumi deployment and there is a REST API call for it in the Azure docs: https://docs.microsoft.com/en-us/rest/api/cdn/custom-domains/enable-custom-https
Unless I'm missing it, the Pulumi interface does not seem to expose it: https://www.pulumi.com/registry/packages/azure-native/api-docs/cdn/endpoint/
If I manually kick off the SSL enablement, I can successfully query the deployment of this SSL through Pulumi.
If the enabling of SSL isn't exposed, any reason why it isn't? Or did I miss some other call that should be used instead?
Steps to reproduce
Set up a CDN custom domain:
Expected:
Actual: