lukehoban
commented
3 years ago What property does the update say has changed, and from what to what? Can you share the preview --diff output?
Closed mark-bixler closed 1 month ago
lukehoban
commented
3 years ago What property does the update say has changed, and from what to what? Can you share the preview --diff output?
mark-bixler
commented
3 years ago For sure!...some names have been replaced with generic.
╰─❯ pulumi preview --diff
Previewing update (dev)
View Live: https://app.pulumi.com/mark-bixler/example.io/dev/previews/88331707-f555-441f-860a-aa709eb8cf20
pulumi:pulumi:Stack: (same)
[urn=urn:pulumi:dev::example.io::pulumi:pulumi:Stack::example.io-dev]
+-aws:acm/certificate:Certificate: (replace)
[id=arn:aws:acm:us-east-1:208123456789:certificate/678536c4-2b68-4dc4-a74c-5239ef541758]
[urn=urn:pulumi:dev::example.io::aws:acm/certificate:Certificate::example.io-cert]
[provider=urn:pulumi:dev::example.io::pulumi:providers:aws::secondary::9ce33a40-5ee3-4c1c-afa4-36bcec07fe0e]
~ subjectAlternativeNames: [
+ [0]: "example.io"
]
--outputs:--
~ certArn : "arn:aws:acm:us-east-1:208123456789:certificate/678536c4-2b68-4dc4-a74c-5239ef541758" => output<string>
+ aws:s3/bucketPolicy:BucketPolicy: (create)
[urn=urn:pulumi:dev::example.io::aws:s3/bucketPolicy:BucketPolicy::bucketPolicy]
[provider=urn:pulumi:dev::example.io::pulumi:providers:aws::default_3_32_0::948060e5-ede3-4862-bf87-e2bfbc26d127]
bucket : "example.io"
policy : "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":\"*\",\"Action\":[\"s3:GetObject\"],\"Resource\":[\"arn:aws:s3:::example.io/*\"]}]}"
~ aws:cloudfront/distribution:Distribution: (update)
[id=EBBYHAD0APXL8]
[urn=urn:pulumi:dev::example.io::aws:cloudfront/distribution:Distribution::example.io-cf-distro]
[provider=urn:pulumi:dev::example.io::pulumi:providers:aws::primary::ac20fd92-9f83-422c-8c3c-c947763de93b]
~ viewerCertificate: {
~ acmCertificateArn : "arn:aws:acm:us-east-1:208123456789:certificate/678536c4-2b68-4dc4-a74c-5239ef541758" => output<string>
~ cloudfrontDefaultCertificate: false => true
}
- aws:acm/certificateValidation:CertificateValidation: (delete)
[id=2021-03-09 00:33:06 +0000 UTC]
[urn=urn:pulumi:dev::example.io::aws:acm/certificateValidation:CertificateValidation::example.io-cert-validation]
[provider=urn:pulumi:dev::example.io::pulumi:providers:aws::secondary::9ce33a40-5ee3-4c1c-afa4-36bcec07fe0e]
certificateArn : "arn:aws:acm:us-east-1:208123456789:certificate/678536c4-2b68-4dc4-a74c-5239ef541758"
validationRecordFqdns: [
[0]: "_9ca52926eee1c50c11627e3f8f6a2746.example.io"
]
- aws:route53/record:Record: (delete)
[id=Z065202617WF6N3Z5GA22__9ca52926eee1c50c11627e3f8f6a2746.example.io._CNAME]
[urn=urn:pulumi:dev::example.io::aws:route53/record:Record::example.io-validation-record]
[provider=urn:pulumi:dev::example.io::pulumi:providers:aws::secondary::9ce33a40-5ee3-4c1c-afa4-36bcec07fe0e]
name : "_9ca52926eee1c50c11627e3f8f6a2746.example.io."
records : [
[0]: "_8b6c64a336a9f5a2b9770f3b007f0a0c.nfyddsqlcy.acm-validations.aws."
]
ttl : 60
type : "CNAME"
zoneId : "Z065202617WF6N3Z5GA22"
Resources:
+ 1 to create
~ 1 to update
- 2 to delete
+-1 to replace
5 changes. 6 unchanged The code block for cert (did not change..was just adding a new bucket policy)..
const cert = new aws.acm.Certificate(
`${bucketName}-cert`,
{
domainName: bucketName,
subjectAlternativeNames: [
bucketName, `*.${bucketName}`
],
tags,
validationMethod: 'DNS',
},
{
provider: secondary,
},
);
flo-kn
commented
2 years ago Experiencing the same. Issues still seems to exist on pulumi version v3.36.0. Any updates on a solution / workaround?
Type Name Plan Info
pulumi:pulumi:Stack whatever 2 messages
+- ├─ aws:acm:Certificate myservice-certificate replace [diff: ~subjectAlternativeNames]
+- ├─ aws:acm:CertificateValidation myservice-certificate-validation replace [diff: ~certificateArn]
+- └─ aws:route53:Record myservice-certificate-validation-record replace [diff: ~name,records]Even get it when just feeding in one value into the subjectAlternativeNames array.
t0yv0
commented
7 months ago If anyone has an example program here to reproduce, that would make it much easier. Thank you!
flo-kn
commented
6 months ago Not 100% sure anymore. Would have a hard time to repro the scenario again today. But don't want to leave it unanswered:
It must have been in the broader context of providing certs to pulumi-helm (very vague, I know). As said not sure but hope that it helps, must have been something similar to this that produced the issue:
const cert = new aws.acm.Certificate(`myservice-certificate`, {
domainName: `myService.myDomainName`,
validationMethod: "DNS",
subjectAlternativeNames: [`${config.targetDomain}`]
});
const validationRecord = new aws.route53.Record(
`myservice-certificate-validation-record`,
{
type: aws.route53.RecordType.CNAME,
name: recordName,
records: [recordValue],
zoneId,
ttl: 1800,
});
const configCertValidation = new aws.acm.CertificateValidation(
`myservice-certificate-validation`,
{
certificateArn: cert.arn,
}
);
Closing this as stale as we still couldn't quite reproduce. If you're experiencing something similar, opening a new issue with a self-contained repro would be very helpful!
Running a new
pulumi previewagainst my 2 SAN's results in Pulumi wanting to replace my Certificate.I've noticed a past issue https://github.com/pulumi/pulumi-aws/issues/1022 but that was closed and resolved.
I'm on the latest versions:
v2.22.0@pulumi/aws@3.32.0Expected behavior
Expected behavior is to not detect any changes. List has stayed static. No changes between up / preview
Current behavior
Pulumi tries to replace resource.