farmer icon indicating copy to clipboard operation
farmer copied to clipboard
verified publisher icon CompositionalIT

Some documentation is expired

Open Thorium opened this issue 4 years ago • 3 comments

I'm trying to follow the tutorial of https://compositionalit.github.io/farmer/tutorials/keyvault-certs/#the-imperative-part-creating-the-certificate

deploymentScript {
    name "create-certificate"
    ...

This is not captured to any variable? Probably it should be let createCertificate = as that is used later without definition.

But my tutorial following fails on deployment error:

The client '(appIdentity's guid)' with object id '(appIdentity's guid)' does not have authorization to perform action 'Microsoft.ContainerInstance/register/action' over scope '/subscriptions/(my subscription id)' or the scope is invalid.

I don't know what is a container here, I don't have any containers yet, I just try to first get the keyvault part working...

So I imagine that the deployment script needs some permissions, but I don't know what.

Heading to the deployment script API documentation, but there that part, role_assignment on documentation is also expired: https://compositionalit.github.io/farmer/api-overview/resources/deployment-script/#example Probably should be Farmer.Roles.SomeNiceRole from here

https://github.com/CompositionalIT/farmer/blob/a230e06c1fc0002e788b55651974a073bdafac84/src/Farmer/IdentityExtensions.fs#L18

Thorium avatar Aug 03 '21 18:08 Thorium

I could try to replace let scriptRole = role_assignment with something like

let scriptRole =
    let roleName = Guid.NewGuid().ToString() |> ResourceName
    let keyvaultResourceId = Farmer.ResourceId.create(Farmer.Arm.KeyVault.vaults, (ResourceName keyVaultName))
    let roleAssignment =
        {  Name = roleName
            RoleDefinitionId = Roles.Contributor
            PrincipalId = scriptIdentity.PrincipalId
            PrincipalType = Farmer.Arm.RoleAssignment.PrincipalType.ServicePrincipal
            Scope = Farmer.Arm.RoleAssignment.AssignmentScope.ResourceGroup
            Dependencies = Set.empty.Add keyvaultResourceId
            } : Farmer.Arm.RoleAssignment.RoleAssignment
    { new Farmer.IBuilder with
            member _.ResourceId = ResourceId.create(Farmer.Arm.RoleAssignment.roleAssignments, roleName)
            member _.BuildResources _ = [ roleAssignment ] }

and add depends_on scriptRole to deploymentScript, the role is deployed, but the error stays the same.

Thorium avatar Aug 04 '21 08:08 Thorium

@ninjarobot this is one for you

isaacabraham avatar Aug 13 '21 18:08 isaacabraham

Meanwhile the docs are still not up-to-date, this solved my original issue.

Thorium avatar Oct 13 '21 13:10 Thorium