search

pulumi / pulumi-aws

An Amazon Web Services (AWS) Pulumi resource package, providing multi-language access to AWS
Apache License 2.0
446 stars 154 forks source link

acm.CertificateValidation example does not work #4349

Open t0yv0 opened 1 month ago

t0yv0 commented 1 month ago

Describe what happened

Per @pierskarsenbarg the example in https://www.pulumi.com/registry/packages/aws/api-docs/acm/certificatevalidation/#dns-validation-with-route-53 does not work.

Sample program


import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const exampleCertificate = new aws.acm.Certificate("example", {
    domainName: "example.com",
    validationMethod: "DNS",
});
const example = aws.route53.getZone({
    name: "example.com",
    privateZone: false,
});
const exampleRecord: aws.route53.Record[] = [];
exampleCertificate.domainValidationOptions.apply(domainValidationOptions => {
    for (const range of Object.entries(domainValidationOptions.reduce((__obj, dvo) => ({ ...__obj, [dvo.domainName]: {
        name: dvo.resourceRecordName,
        record: dvo.resourceRecordValue,
        type: dvo.resourceRecordType,
    } }))).map(([k, v]) => ({key: k, value: v}))) {
        exampleRecord.push(new aws.route53.Record(`example-${range.key}`, {
            allowOverwrite: true,
            name: range.value.name,
            records: [range.value.record],
            ttl: 60,
            type: aws.route53.RecordType[range.value.type],
            zoneId: example.then(example => example.zoneId),
        }));
    }
});
const exampleCertificateValidation = new aws.acm.CertificateValidation("example", {
    certificateArn: exampleCertificate.arn,
    validationRecordFqdns: exampleRecord.apply(exampleRecord => exampleRecord.map(record => (record.fqdn))),
});
const exampleListener = new aws.lb.Listener("example", {certificateArn: exampleCertificateValidation.certificateArn});

Compiling with TypeScript generates errors:

index.ts:24:19 - error TS7053: Element implicitly has an 'any' type because exprex type '{ readonly A: "A"; readonly AAAA: "AAAA"; readonly CNAME: "CNAME"; readnly NAPTR: "NAPTR"; readonly NS: "NS"; readonly PTR: "PTR"; readonly SOA: "SOA";; readonly TXT: "TXT"; }'.

24             type: aws.route53.RecordType[range.value.type],
                     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

index.ts:31:42 - error TS2339: Property 'apply' does not exist on type 'Record[]
31     validationRecordFqdns: exampleRecord.apply(exampleRecord => exampleRecord                                            ~~~~~

index.ts:31:48 - error TS7006: Parameter 'exampleRecord' implicitly has an 'any'
31     validationRecordFqdns: exampleRecord.apply(exampleRecord => exampleRecord                                                  ~~~~~~~~~~~~~

index.ts:31:83 - error TS7006: Parameter 'record' implicitly has an 'any' type.

31     validationRecordFqdns: exampleRecord.apply(exampleRecord => exampleRecord
index.ts:33:56 - error TS2345: Argument of type '{ certificateArn: pulumi.Outputer of type 'ListenerArgs'.
  Type '{ certificateArn: Output<string>; }' is missing the following properties, loadBalancerArn

33 const exampleListener = new aws.lb.Listener("example", {certificateArn: examp                                                          ~~~~~~~~~~~~~~~~~~~~~~

Found 5 errors in the same file, starting at: index.ts:24

The original HCL does provision with minor corrections.

resource "aws_acm_certificate" "example" {
  domain_name       = "example.com"
  validation_method = "DNS"
}

data "aws_route53_zone" "example" {
  name         = "example.com"
  private_zone = false
}

resource "aws_route53_record" "example" {
  for_each = {
    for dvo in aws_acm_certificate.example.domain_validation_options : dvo.domain_name => {
      name   = dvo.resource_record_name
      record = dvo.resource_record_value
      type   = dvo.resource_record_type
    }
  }

  allow_overwrite = true
  name            = each.value.name
  records         = [each.value.record]
  ttl             = 60
  type            = each.value.type
  zone_id         = data.aws_route53_zone.example.zone_id
}

resource "aws_acm_certificate_validation" "example" {
  certificate_arn         = aws_acm_certificate.example.arn
  validation_record_fqdns = [for record in aws_route53_record.example : record.fqdn]
}

resource "aws_lb_listener" "example" {
  # ... other configuration ...

  certificate_arn = aws_acm_certificate_validation.example.certificate_arn
}

Log output

TBD

Affected Resource(s)

TBD

Output of pulumi about

CLI          
Version      3.124.0
Go Version   go1.22.5
Go Compiler  gc

Plugins
KIND      NAME    VERSION
resource  aws     6.48.0
resource  awsx    2.13.0
resource  docker  4.5.5
resource  docker  3.6.1
language  nodejs  unknown

Host     
OS       darwin
Version  14.5
Arch     arm64

This project is written in nodejs: executable='/Users/anton/bin/node' version='v18.18.2'

Current Stack: anton-pulumi-corp/repropu/dev

Found no resources associated with dev

Found no pending operations associated with dev

Backend        
Name           pulumi.com
URL            https://app.pulumi.com/anton-pulumi-corp
User           anton-pulumi-corp
Organizations  anton-pulumi-corp, moolumi, demo, pulumi
Token type     personal

Dependencies:
NAME            VERSION
@types/node     18.19.43
typescript      5.5.4
@pulumi/aws     6.48.0
@pulumi/awsx    2.13.0
@pulumi/pulumi  3.128.0

Pulumi locates its logs in /var/folders/gd/3ncjb1lj5ljgk8xl5ssn_gvc0000gn/T/com.apple.shortcuts.mac-helper// by default

Additional context

TBD

Contributing

Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

t0yv0 commented 1 month ago

This uses 1.0.17 of pulumi terraform converter.